
FBI tells lawmakers it can't access Dayton gunman's phone - miles
https://thehill.com/homenews/administration/456742-fbi-tells-lawmakers-it-cant-access-phone-of-dayton-gunman
======
pdkl95
> Attorney General William Barr said in a speech last month that encrypted
> messaging services allow "criminals to operate with impunity." The cost of
> encryption is “ultimately measured in a mounting number of victims — men,
> women and children who are the victims of crimes, crimes that could have
> been prevented if law enforcement had been given lawful access to encrypted
> evidence,"

This disgraceful, emotionally manipulative statement is an obvious lie.
Police/FBI/etc have have access to far more information about criminals than
any point in history. The average person (criminals included) leaves behind an
incredible amount of "digital exhaust". They should be able to build a
complete pattern-of-life easily with 3rd party data (e.g. ad tracking),
various side channels, and the massive amount of metadata[1] recorded every
time criminals used their phone.

Of course, using all of that data to find a criminal requires actual detective
work specific to each case. Encryption (especially on a phone examined _after_
a crime) isn't preventing law enforcement from investigating crimes; it is,
however, harder to _automate_. This anti-encryption argument is really about
_automated mass surveillance_ , not finding specific criminals.

[1] "We kill people based on metadata"
[https://www.youtube.com/watch?v=UdQiz0Vavmc](https://www.youtube.com/watch?v=UdQiz0Vavmc)

~~~
bredren
It isn’t just detective work, it is personnel with the skills to identify and
pursue likely evidence.

Digital forensics is way outside typical leo training and believe it or not
you can make a lot more money in the private sector with IT training.

Local, state and federal case loads get backlogged behind, leaving the highest
priority cases to get staffed.

~~~
weberc2
What stops LEO from contracting with a digital forensic company or
consultancy?

~~~
bredren
They do this at the federal level a lot and there is a lot of money in it.

------
ben_w
Is the American government position “Guns don’t kill people, encryption kills
people”, or am I just combining the personal opinions of a bunch of unrelated
people who work for the government?

~~~
randallsquared
In the US, there are more firearms than people. About one-third of all
households have at least one firearm [0]. The vast majority of these people
have never had a serious brush with law enforcement, but some significant
portion would refuse to part with their guns if a ban were enacted tomorrow.
While it is said that nearly all Americans are felons [1], most Americans do
not intentionally commit felonies or think of themselves as being on the
opposite side of things from law enforcement. That would suddenly change for
millions of ban-defying US citizens, and it's hard for me to imagine a likely
scenario where that decreases violence in the US.

[0] [https://www.npr.org/2016/01/05/462017461/guns-in-america-
by-...](https://www.npr.org/2016/01/05/462017461/guns-in-america-by-the-
numbers) [1] [https://ips-dc.org/three-felonies-day/](https://ips-
dc.org/three-felonies-day/)

~~~
tootie
America has vast and currently unimpeachable rights to weaponry. There is a
huge swath of policy space between that and banning gun ownership. We can
reduce gun ownership, trafficking and weapon deadliness a thousand different
ways while not adversely impacting legitimate usage. Universal background
checks, limiting purchase frequency, banning 100-round barrels, increasing
liability for dealers.

~~~
solidsnack9000
_...banning 100-round barrels..._

Not sure if you're joking there -- maybe you meant magazines?

Like so many other gun regulation ideas, it seems superficially reasonable
based on "danger" but it's almost never the case that items like that
contributed measurably to gun deaths. They don't need to be banned -- they are
niche items. Mass shooters who have access to them rarely use them. They
rarely use 40 or 50 round magazines. Indeed, people rarely purchase magazines
larger than the standard 30 rounds.

 _We can reduce gun ownership..._

That is not a legitimate policy goal. The earlier poster points out that gun
ownership is not correlated with crime at all. We shouldn't set policy goals
that are merely about partisanship -- trying to cut down on gun owners because
we don't like them -- rather than a clear public benefit.

 _...increasing liability for dealers._

I would like to better understand what you have in mind here. In general,
modern legal systems reject holding one person responsible for the crime of
another. If a mass shooter lawfully purchases a firearm, what possible
liability could a dealer have?

~~~
dodobirdlord
> That is not a legitimate policy goal. The earlier poster points out that gun
> ownership is not correlated with crime at all. We shouldn't set policy goals
> that are merely about partisanship -- trying to cut down on gun owners
> because we don't like them -- rather than a clear public benefit.

A 2014 review in the Annals of Internal Medicine concluded having a firearm in
the home, even when it’s properly stored, doubles your risk of becoming a
victim of homicide and triples the risk of suicide. [0]

Guns are intrinsically dangerous, in much the same way as certain aggressive
dog breeds and industrial explosives. While many/most people can safely raise
rottweilers, store dynamite, and keep guns, some will not. Is there a marginal
benefit associated with the removal of each marginal gun? Obviously. Is gun
ownership reduction a legitimate policy goal? Obviously. It's strange that you
think otherwise.

> In general, modern legal systems reject holding one person responsible for
> the crime of another. If a mass shooter lawfully purchases a firearm, what
> possible liability could a dealer have?

Part of a more involved system of background checks would necessarily involve
more action by dealers to verify that the customer's purchase is legal.
Prosecuting and holding liable individuals who fail to follow established
precautions when selling dangerous products is not unusual.

[0] [https://annals.org/aim/fullarticle/1814426/accessibility-
fir...](https://annals.org/aim/fullarticle/1814426/accessibility-firearms-
risk-suicide-homicide-victimization-among-household-members-systematic)

~~~
solidsnack9000
_A 2014 review in the Annals of Internal Medicine concluded having a firearm
in the home, even when it’s properly stored, doubles your risk of becoming a
victim of homicide and triples the risk of suicide._

It doesn't say that, exactly, since it doesn't distinguish between properly
stored and not properly stored cases. It is a meta-analysis; they took a bunch
of papers and did the best they could. We can't say that if they're properly
stored it's about the same, or worse, or better.

It also acknowledged some methodological limitations, including studying
overall death rates, and not specifically deaths due to guns:

 _...we considered studies of suicide and homicide victimization by any means,
and firearm-specific outcomes may differ._

Another issue the study encountered, was that gun ownership rates were not
directly available to many of the aggregated studies, which therefore relied
on various proxies.

What makes relying on a study like this to initiate a policy of reducing gun
ownership not premature?

 _Part of a more involved system of background checks would necessarily
involve more action by dealers to verify that the customer 's purchase is
legal. Prosecuting and holding liable individuals who fail to follow
established precautions when selling dangerous products is not unusual._

We do have laws like this already -- FFLs do background checks for every
purchase and if they fail to do so, they can lose their license. What are the
expansions that you'd like to see?

------
01100011
_We_ (HN commenters) all know that the demonization of encryption is bullshit.
What we need to do is to figure out how to communicate that effectively to the
public.

~~~
bo1024
"Authorities want every house in America to be remodeled to include a second
front door with a special government lock. They promise to only give police
departments, contractors, and/or federal employees access to the single master
key that can be instantly and easily copied and shared over the internet and
opens every single house and business in America. Even if we trusted the
government with this power, how could that go wrong?"

~~~
baddox
I think most Americans know that the government can quite easily enter
anyone’s home if they want to.

~~~
nixpulvis
Generally, not legally without a warrant, which can be a good enough
deterrent. Or at least should be if our legal process is working at all.

~~~
comex
You could say the same about a hypothetical encryption backdoor. The question
is whether consumers should be allowed to use encryption the FBI can’t crack
even _with_ a warrant. I think the answer is “yes”, but…

~~~
nixpulvis
Right, which is why the locked door is the _wrong_ analogy.

It's more like burying treasure. The location is a secret map (key) that only
you know. The critical distinction here, I believe, is between "having" and
"knowing".

And I like to believe we have even stronger rights to what we know than to
what we have.

All that said, this is assuming use of working cryptography. With the
exception of the technically savvy (those who know how to hid things properly)
asking for backdoors into encryption is akin to registering your treasure with
the feds, something I'd assume gold miners wouldn't have put up with, for
example.

------
SimeVidas
Why is it important that the FBI can access that person’s phone?

~~~
djsumdog
I'm wondering this too. The person already killed a bunch of people. The
person is dead. What more to they hope to gain? Some secret cell of others?
Unlikely .. and if there is, why not regular warrants, wiretaps, e-mail
searches, etc.

They already have sooo many tools they can use, both with a warrant and
bypassing it via FISA. They had all this domestic spying stuff and still
couldn't prevent the shooting!

They get nothing with phone access, so why even bother brining up compromising
everyone else's security just because they failed to use all their current
surveillance means to detect and prevent the shooting to being with?! You want
more access? Why? That's fucking unbelievable.

~~~
mikejb
Probably to understand motive, and check for potential involvement of others.

And whilst they have a metric shit-ton of spying capabilities on US civilians,
those are not really intended to avoid crime. (Maybe the shift of perception
of what is terrorism might change that, though)

~~~
kennywinker
He posted a manifesto online. Think his motive was pretty clearly outlined in
it.

~~~
iamnotacrook
You're thinking of mass shooting 2019/247, not mass shooting 2019/248\. (Yes,
we're up to more than one a day on average now)

[https://en.m.wikipedia.org/wiki/List_of_mass_shootings_in_th...](https://en.m.wikipedia.org/wiki/List_of_mass_shootings_in_the_United_States_in_2019)

~~~
janOsch
This list gives me shivers...is the USA a scary, uncivilized country?

~~~
rayiner
Yes, _and it always has been._ The murder rate per capita in the US has
consistently been 5-10x higher than in Europe _for the entire 20th century._
Long before gun control, social safety nets, the drug war, or any other
difference you might want to blame. The US is a low cohesion, high violence
society.

~~~
djsumdog
As someone who grew up in the US, lived in the EU, Australia and NZ for a
number of years, I can say on a day to day basis, it's still pretty much
nothing.

The average American rarely ever has to directly confront violence. I've even
spent years in major metropolitan areas and the majority of people don't walk
around each day anticipating violence. My sister got mugged once, in our small
home city, like 20 years ago. I've never personally been mugged or assaulted,
but I did have one break in while in NZ (they took all my electronics) and I
had a bicycle stolen in Australia.

I haven't lived in "bad parts of town" through (although friends told me I
lived in a bad part of town in two places I lived in; but I really feel they
were exaggerating) and in high crime areas I'm sure it's different.

But the portrayal the rest of the world sees of America is through a very
limited lens. And German or Irish or Chinese person who comes to visit the US
will see kids playing in parks, people in the cities walking to work or lunch,
others browsing through stores or pumping petrol into their cars and it will
generally looks pretty much like every other part of the mid/high income
industrialized world.

------
CPLX
They also can’t access his brain. Neither of these situations are ones I feel
compelled to fix.

~~~
mentos
I think this is a great analogy and easy for the layman to understand.

~~~
nlh
I agree. BUT - the response will be: “well even if we wanted to, we don’t have
the technology to read his brain. we DO have the technology to read his phone,
but you nerds are keeping it from us.”

(Disclaimer: I don’t agree with this position but I have a lot of friends who
think the government can do no wrong)

~~~
andrerm
And if we had the technology to read the brain we would demand to read
everyones brain 24/7

------
studentrob
Law enforcement needs to go back to old-school detective techniques if they
really need that phone data. Encryption is code, code is speech. Encryption
keeps banks safe from criminals.

Are we going to go through this for every administration now?

Even if you do not have a problem with giving government keys to, say, the
iPhone, then you have to deal with every piece of software someone writes to
enable encryption.

You'd literally have to convince every person in the world to not write or use
encryption software in "the wrong" ways. And, that's impossible because
encryption exists to protect society from criminals. I don't see another way
around this.

~~~
iamnotacrook
"Are we going to go through this for every administration now?"

No. Nobody cares about this or that shooter (there'll be another one next
week) but the next time there's a 9/11 you can be sure encryption will feature
in the news and in a subsequent law.

------
sehugg
“It is prudent to anticipate that a major incident may well occur at any time
that will galvanize public opinion on these issues ... Whether we end up with
legislation or not, the best course for everyone involved is to work soberly
and in good faith together to craft appropriate solutions, rather than have
outcomes dictated during a crisis.” -- AG William Barr, July 23 2019

"Never let a good crisis go to waste" \-- Winston Churchill, probably

~~~
lph
> "...best course for everyone involved is to work soberly and in good
> faith..."

Well, AG Barr is probably sober. I'll give him that.

~~~
mirimir
Maybe so. Except perhaps for some prescribed pharmaceuticals. Plus endogenous
neurotransmitters, and chemical mediators.

------
olliej
Of course. The FBI always claims this shit because in their opinion no longer
having access to everyone’s data is “going dark” and throughout history they
have always had complete access to everyone and everything.

They don’t stand here saying “we need to deal with white supremecists”, they
say “we need the ability to violate everyone’s rights”. They already have a
public track record of mass illegal surveillance.

------
Zhenya
“ultimately measured in a mounting number of victims — men, women and children
who are the victims of crimes, crimes that could have been prevented if law
enforcement had been given lawful access to encrypted evidence,"

I don't understand this. How would getting into his phone post facto stop the
shooting? Do they have a time machine?

~~~
onion2k
Maybe they believe that he was communicating with other people who are
planning similar attacks, and they believe they could stop those attacks
before they happen if they had access to the Dayton guy's phone.

------
squarefoot
FTA: "The cost of encryption is “ultimately measured in a mounting number of
victims — men, women and children who are the victims of crimes, crimes that
could have been prevented if law enforcement had been given lawful access to
encrypted evidence,".

By the same reasoning, had the shooter ran away because he drove a car faster
than police ones, we should ban all sports cars then?

------
merpnderp
If the NSA can’t keep foreign intelligence from stealing its encryption keys,
how can we expect the government to protect any backdoor into our devices? I’m
not willing to trade ownership of my phone and my bank accounts to the
government on some promise they’ll use it to keep me safe. Only an idiot would
take that bargain.

------
coldtea
> FBI tells lawmakers it can't access Dayton gunman's phone

Lawmakers tell FBI it's too late the dead don't come back to life, and ask
what the fuck were they all doing before the massacre given all the warning
signs (regarding both the shooter and the readily availability of firearms for
purchase)...

------
docbrown
I want to know what changed between 2016, when the FBI bought a tool to hack
the San Bernardino shooters iPhone[1] for $900,000[2] and now — with
presumably an up-to-date iPhone running 2019 iOS — that forced them to come to
this conclusion.

1: [https://www.engadget.com/2016/04/07/fbi-iphone-third-
party-t...](https://www.engadget.com/2016/04/07/fbi-iphone-third-party-tool/)

2: [https://www.engadget.com/2017/05/08/fbi-paid-900000-to-
unloc...](https://www.engadget.com/2017/05/08/fbi-paid-900000-to-unlock-san-
bernardino-iphone/)

~~~
matthew-wegner
That was an iPhone 5C, which did not have a Secure Enclave. Apparently it
is/was easier to image the device to brute force passcode attempts at high
speed.

There are technical articles out there explaining it in more detail. On my
phone now or would paste some URLs.

~~~
ghostpepper
The apple security whitepaper is actually a decent place to start
[https://www.apple.com/business/docs/site/iOS_Security_Guide....](https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf)

There is also a blackhat talk from Ivan Krstic (one of the top security people
at apple) where he goes surprisingly deep
[https://www.youtube.com/watch?v=BLGFriOKz6U](https://www.youtube.com/watch?v=BLGFriOKz6U)

------
bro25
50 years from now: AG Joe Bare said in a speech last month that FBI couldn't
access recordings of the felons thoughts because the opted out from brain chip
implant; he further said that the practice of letting some individuals hiding
their thoughts from authorities has a high cost of mounting number of victims,
some of whom are kids. He added that the 1st amendment gives far too much
freedom and needs to be rethought in the changed society.

------
fnord77
this will escalate quickly. figure 5 years or fewer until we see laws that
have insanely harsh penalties (20 years in prison) for using non-backdoored
encryption.

------
oneplane
Here we go again.

This will not work for many reasons, most importantly:

\- Key escrow or government-enabled crypto doesn't work

\- Creating classes of encryption doesn't work (Excluding a group and not
allowing them to use the same crypto as another group)

\- If someone is going to do something unlawful, they will use something else
that isn't accessible by the government; take away phone encryption and they
will simply use something else

Unless those points are solved, the whole 'should we allow it' discussion is
pointless anyway.

Tacking on to that: most of that stuff doesn't work because you can't really
physically enforce it; it's an intellectual barrier which due to the way we
can simply talk to each other as humans is super easy to circumvent. This was
tried with export controls, but that didn't actually work for the information
itself; only for commercial products.

------
hedora
Is the argument that, without access to his phone, they can’t stop this guy
from killing more people?

Is it that they need the phone to tell them that white supremacy and assault
rifles are things that exist in the US?

Do they need the phone data for a conviction?

I don’t understand what they expect to do with whatever they find that they
can’t get from other sources.

They can get location history and a pretty good idea what and who he
communicated with from ISP and cell logs, etc.

~~~
neetdeth
The Dayton shooter was not a white supremacist. He was Antifa affiliated.

------
alistproducer2
To reframe the common argument against banning guns: when u ban encryption,
only criminals, computer geeks, and mathematicians will have encryption.

------
segmondy
If they got access but don't find anything of interest, it's of no use to them
to let folks know they can access the phone. It will only make the paranoid
more paranoid.

Access to the phone I think is overrated. Getting access to social media
accounts, email accounts, text message, chatting apps, and cloud backup
probably gives them more than 80% of what they need.

------
bjowen
Seems like the EFF’s analysis from when this happened last time is still
relevant.

[https://www.eff.org/deeplinks/2018/04/fbi-could-have-
gotten-...](https://www.eff.org/deeplinks/2018/04/fbi-could-have-gotten-san-
bernardino-shooters-iphone-leadership-didnt-say)

------
incompatible
I take it that without the phone data they can't prove that the "suspected
gunman" was the person who committed the crime? Perhaps the next suspected
gunman will destroy his phone before the crime, or maybe not own one in the
first place, so perhaps destroying or not owning phones needs to be made
illegal.

------
vmh1928
There was just a thread on here about the attack surfaces of an iPhone. While
the article didn't mention the brand of phone one wonders if it's possible to
access the phone or at least plant phone unlocking malware via an sms or mms
message.

------
exo762
Why is this even an FBI case? What exactly makes this an FBI case? Why we want
this to be an FBI case?

I don't know much about American law. I was under impression that things are
reserved to states unless important reason for them to be handled on federal
level.

~~~
kube-system
Terrorism is in the FBI’s jurisdiction to investigate, so it makes sense they
would be involved to determine whether or not terrorism was involved.

It also appears some federal legislation has been passed that directs the FBI
to provide assistance to state authorities in this cases:

[https://www.fbi.gov/about/partnerships/office-of-partner-
eng...](https://www.fbi.gov/about/partnerships/office-of-partner-
engagement/active-shooter-resources)

------
auslander
I'm curious about Macs. If I have Firmware Password and FileVault enabled, is
it same FBI-proof as iPhone? Does T1 and T2 chips or absent Tx chip (older
Macs) make difference? Is storing FileVault unlock key in iCloud makes
difference?

~~~
snazz
I’m not sure how FileVault is implemented, but so long as your key is derived
solely from your passphrase and not stored outside your brain (iCloud can be
subpoenaed) the strength of your encryption should be proportional to the
strength of your passphrase. Computers have less of a reason to use the baked-
in CPU or security chip data in deriving the encryption key because longer
passwords are more feasible on a laptop than a phone, so brute force attacks
are already not likely to succeed.

The only difference I can think of is the ease of an offline brute force
attack due to the fact that you can remove a hard drive somewhat easily and
then image it and use an entire datacenter’s power at attacking the
passphrase. But a strong passphrase (note, not a pass _word_ ) stored only in
your head should be quite secure.

~~~
auslander
FileVault 2 Recovery key is 120 bit, I guess not feasible to bruteforce?
Actual low level key is 256-bit XTS-AES. Still unsure what is the process of
converting typed login password to low level key.

------
brokenmachine
Yes, that encryption on phones is really a big problem.

No, definitely not the easy access to military weapons for any disillusioned
nutjob. That's nothing to worry about. Move along, nothing to see here.

------
shoes_for_thee
Okay, good. I'm glad that we've now tested out the security of our devices and
found that they are secure enough to vex government entities.

~~~
asdkhadsj
_Some_ government entities.

As with all strategic information, they could still possess the ability to
backdoor / crack this phone but deem that ability a strategic asset. Only
using it in private or when the stakes are much higher than an already
committed crime.

------
algaeontoast
This is maybe the only response to a heinous act like a mass shooting that is
more despicable and pathetic than wrapping an event like this around a
politically charged baseball bat.

More so than even using this event to claim that "guns are the problem" or the
sole factor in this issue.

We all know the FBI can access the information on this phone, they're just
playing into the hands of emotional trauma and emotionally driven people who
are ill informed to de-value the perceived sanctity of privacy and data
security...

------
unstatusthequo
Lies: [https://graykey.grayshift.com/](https://graykey.grayshift.com/)

------
newshorts
Now imagine if the gunman had been complaining about restricted access to
guns...

That would have been a more suitable situation, I’m sure.

------
mattio
If there was such a thing like gun control they wouldn't need to access his
phone. Just restrict access to guns.

~~~
kabdib
It is politically more feasible to ban encryption in the US than it is to ban
guns (or even significantly restrict them).

Wait, I'm wrong. Even essentially _insignificant_ changes to gun laws at the
federal level are harder than banning crypto.

~~~
samsonradu
Can you please elaborate on why guns are so sacred in the US? Is it for
cultural/historical reasons?

~~~
solidsnack9000
Roughly 30% of the population owns guns, and has everyday experience with
people owning assault rifles who aren't a harm to anyone. The gun culture is
the locus of a lot of important values in the US -- service to the country,
acceptance of danger, self control, precise and accountable behaviour -- and
gun owners are overall more law abiding than the general population. Gun
owners haven't done anything wrong and don't see why they need to be punished.

~~~
mattio
So gun owners feel punished when their guns are taken away, and they feel this
punishment is more severe than all the lives that are taken away because of
mass shootings? And all the families that are ripped apart? If my 'right'
harms so many people, I would not even want that 'right' in the first place.
Guns perhaps made sense in an era where you had to protect yourself agains
outlaws. Now we have governments to take take care of your daily security. Now
the freely available guns don't make any sense at all.

~~~
solidsnack9000
Guns don't need to make sense -- in a free country people don't need to
justify their actions. Rather, the government needs to be able to justify its
policies -- we need to be able to show that the trouble and expense we are
putting people to makes a real difference.

 _So gun owners feel punished when their guns are taken away, and they feel
this punishment is more severe than all the lives that are taken away because
of mass shootings?_

The underlying thinking here is a kind of collective punishment trading or
social bargaining; but that's not generally how regulating dangerous stuff
works. There are lots of things that kill comparable numbers of people to
guns. Do I need to list them? Generally with things that most people use
safely but some people use in a way that gets them or others killed, we don't
try to ban them but instead we:

(a) Criminalise misuse adjacent to death based on data (not based on emotion
or intuition about what seems "dangerous" to uninformed people). For example,
criminalising drunk driving because although it doesn't always kill people, it
certainly kills them all out of proportion to other driving.

(b) Introduce restrictions in venue that are conducive to safety.

(c) Try to educate the public and post warnings.

(d) Opportunistically encourage people to delegate responsibility to make
things safer, even if we don't change their rights overall. For example, Uber
seems to reduce drunk driving deaths; but that was not accomplished by either
taking people's cars away or preventing them from drinking.

With regards to guns, there simply is no data to support the idea that assault
rifles are more deadly than other weapons; or that other things which leftists
oppose -- open carry, 30 round magazines -- lead to much change in the overall
rate of gun deaths. Banning these kind of things makes about as much sense as
banning liquor that's "too strong" because you tried it and "no sane person
would like it".

Rifles are rarely a cause of murder, suicide or accidental death. Yes, they
are used in mass shootings -- they aren't used in much else. Do you know how
rare mass shootings actually are, and how small a cause of death mass
shootings actually are? If we took the same approach to other small causes of
death as you are proposing taking with regards to assault rifles, what are the
policies we might have?

What definition of mass shootings are you actually using? How frequently are
assault rifles used in them? There is a lot of variation in the way they are
counted so it's hard to talk about the real impact of what you're proposing.

------
berndi
Does that even make sense from a technical perspective? They are talking about
a PIN code to unlock the phone to access the data on the phone. Could they not
just remove the memory chip and access it directly? Even if the data on it is
encrypted using a 6-digit PIN, brute-forcing that should be a trivial task.

~~~
mikeash
If it’s an iPhone, the data is encrypted with a key derived from the PIN and a
random key that is baked into the phone’s CPU. The CPU has instructions for
encrypting and decrypting with this secret key but no instruction for reading
the key directly. Short of decapping the chip and going in with an electron
microscope to figure out what this key is, your only option is to brute force
on the phone’s own CPU. But that CPU won’t run software that isn’t signed by
the manufacturer, and that software imposes ever-increasing timeouts when
unlock attempts fail.

~~~
nradov
So why don't they decap the chip and go in with an electron microscope? Has
that type of exploit ever been successfully used against modern devices, or is
it only a theoretical vulnerability?

~~~
dogma1138
Because it’s highly unlikely to work in the first place, not to mention likely
cost as much as their annual operating budget.

~~~
kube-system
Mostly the former. There’s nothing expensive about decapping a chip and
tossing it under an electron microscope.

~~~
mikeash
How much time and effort would it take to go from a chip under an electron
microscope to the embedded crypto key, though? Seems like a substantial
reverse engineering effort. (Although only for the first time you do a
particular type of chip.)

~~~
dogma1138
An electron microscope alone won’t work not to mention you have a high
likelihood of damaging to chip as the voltage of the electrons deposited on
the sample can exceed what the IC can tolerate.

You need a cryo probing station of some sort I’m not sure if these even exist
for 12/10/7nm logic yet.

------
auslander
Must be iPhone then, not Android.

------
coldtea
> _In the US, there are more firearms than people. About one-third of all
> households have at least one firearm_

Nothing than

1) a total banning of sales,

2) a law that requires existing owners to return them for destruction,

3) 5 years jail minimum time for anybody even seen with one (and 20 years if
they were involved in any criminal act while carrying it, regardless of the
act),

4) and a mass confiscation campaign can't fix...

~~~
9HZZRfNlpR
Basically mass incarnation?

~~~
giardini
9HZZRfNlpR says> "Basically mass incarnation?"

"mass incarnation"?

Like

[https://www.bing.com/th?id=OIP.dL31G5Y3BQIg5Xv075saegHaHa&pi...](https://www.bing.com/th?id=OIP.dL31G5Y3BQIg5Xv075saegHaHa&pid=Api&rs=1)

??

Is this some new Internet meme (e.g., "spam") that I missed?

~~~
coldtea
Obviously means "mass incarceration" (throwing everybody to jail).

------
ericlewis
dead people is... the worst... arguing that we should give up freedom is
bad... what, do we do here?

~~~
solidsnack9000
If there were clear and transparent -- like public -- procedures -- by which
the FBI could get into an iPhone, it might be alright. Say that if they broke
into the iPhone it was indelibly marked -- it flipped a flag in the hardware
and there was no way to disguise it, and the OS would broadcast it over the
web and over BlueTooth and WiFi, making it easy to provide tools that caught
the message and published it. Then people lose their privacy, but only if the
government is willing to defend in a credible way the necessity of it.

~~~
wellyeah
No, it's not alright. I'm sick of giving up freedoms every time some violent
psycho/group of psychos decided to commit more violence.

~~~
devoply
Other than all the other psychos who kill a lot more people but are considered
legitimate in their doings... We need more access to their information, drug
companies making opiates that kill tens of thousands, various other
corporations, various world leaders... etc. If we can tolerate them, then we
can tolerate your run of the mill psycho doing things now and then and usually
immediately being stopped from doing anything else.

~~~
AmphibianTree
Please try to use a different example. I have CRPS, the most painful disease
known to man, and have not been prescribed any analgesics two years in because
of fear around opioids. You might think you’re excluding my ilk when examples
like this are used but you’re not in practice...Just trading tragedy you know
for tragedy I hope you never learn about. Almost exactly like the freedom from
unreasonable searches. Ty

------
wpdev_63
This is all a pony show - the fusion centers absolutely have access to
everything on your phone at any given time.

