The OP specifically said the login prompt was defeated by backspacing alone.
In fact, the same principle can be used to reset and extract windows user passwords. Something I did many times as an IT support technician.
The exception these days is leveraging secure boot and the tpm to ensure the kernel and initrd being booted and asking for your dmcrypt password can be trusted. That's our next challenge to make the standard.
Also since I own a Mac as my primary laptop, I've just always used filevault there and it helps me sleep a lot at night. Means I am not concerned if it gets stolen, my derpy photos won't be in someone elses hand. I don't care so much about the hardware.
"The installer no longer offers the encrypted home option using ecryptfs-utils. It is recommended to use full-disk encryption instead for this release." https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#Other_base...
FDE with LUKS/dmcrypt has been an out-of-box installer-supported mode in all the major distros for a long time now.
Huh? The norm? For what sorts of users?
I mean, that's best practice, sure. But hardly the norm. Even, I bet, among HN users.
Both boxes had fairly recent hardware and were running Windows 10 Pro.
I have three laptops on my desk right now, one HP Probook and two different Lenovo Ideapads. All three are running Windows 10 Enterprise (2x LTSB 2016, 1x 1803).
NONE of them have FDE enabled or have ever asked asked me about it.
Given the bold claim "[FDE is] on by default for (...) Windows users" - without mention of caveats re: login account types, domain memberships, or hardware requirements - it seems the counterexamples just keep coming.
I can't say the same for Windows and Mac users.
Last two employers recommended FDE but made no strict requirements because apparently it was non-trivial for non-Linux users.
It's a no-brainer feature for any sufficiently fast portable device. If the installer supports it why would you disable it? I haven't had to worry about the data on my laptops should they be stolen for what must be over a decade now, GNU/Linux has supported it that long.
Me, I've been talking about PC users, generally. Not just Linux, and not just technical people. Sadly enough, I doubt that FDE is very common, let alone the norm.
And even worse, for many it'd likely be a curse. Inexperienced people don't do well at keeping track of complex passphrases, keys and so on. I've seen that over the years in forums where people plead for help to access TrueCrypt volumes. After losing passphrases, accidentally formatting, and so on.
I am only speaking to the prevalence of FDE among Linux users; it's not uncommon.
You're correct in that these are technical people. Most people running a GNU/Linux distro on bare-metal in their possession are at least somewhat technical, wouldn't you agree?
You really can’t go down your line of argument without answering thar
That's an interesting technical problem. A lot of people dismiss it as impossible out of hand, but they are underestimating what you can do with modern cryptography.
You make it a distributed back door that requires several independent third parties to cooperate to use it.
You choose the third parties so that no particular warrant seeker will be able to get enough power or influence over enough of the third parties to force them to enable the back door unless they think the use is valid and just. (You can actually design it so that the warrant seeker does not know who the third parties are).
Some aspects of this may be too complicated to be practical, but it is not impossible.
All solution fundamentally boil down to someone has the keys required to decrypt all your content. This is ignoring the other technical costs (now your service has to record all ephemeral keys as well).
It doesn’t matter /who/ has that decryption key, the requirement is that access to the key is guarded only by policy.
You also resort to “with a warrant” but a NSL is effectively a warrant, and I’m fairly sure the DPRC has “warrants”. Who gets to request those keys? The position of the us government is that they have the right to access data from people in other countries, so can they provide a warrant to access that data? Can Germany ask for the data for someone in the US? What if someone travelled through another country - can that country now access those keys?
Note these all questions regarding /legitimate/ access, I’m completely ignoring police officers looking up people they stopped and stealing nudes, of people stealing the information and using that information to steal money, stalking, etc
I am sick and tired of people who say “modern cryptography is amazing, so it must be able to fulfill my unicorn dreams”. Either stop claiming nonsense or provide a prove that it is possible by designing a system that does what you say must be possible.
What happens when you’re investigating a criminal act sponsored by one of the governments you supposedly trust? What if they compel the lawyers in their countries to not provide the keys?
I generally dislike “what if” but given the problem space you do actually need to explain how your system works, and how it resolves these problems.
Remember there are plenty of countries with terrible human rights records, but they also still have regular crimes happen.
Then when people point out the problems, you don't answer. You make a lot of assertions that are flat out wrong.
Of course it matters. Apple already has nearly total power to modify their devices, and are clearly acting with caution. American courts are not going to give a warrant so an officer can steal nudes. There is no a priori reason that your phone should require a greater kind of warrant than your home or your bank account, and wanting zero access at all only makes sense if you think law enforcement has negative utility.
Personally I'd do something more like this: Print one code on the inside of each device, so as to make access strictly harder than physical access, store one code internally as per your other mission-critical keys, distribute one key each to choice governments, inside a physical module so as to prevent clumsy storage and reduce the chance of cloning (since singly-owned keys can just be revoked if stolen), perhaps with some protocol so multiple members are needed to agree, if you are particularly paranoid. That way you can only get access if Apple wills (either given a warrant or otherwise coerced), the court wills (either a genuine case or simply corrupt), and you had physical access to the device. Apple could not then backdate court keys, so can only be coerced by China into providing access for future phones exactly as they are already in the position to do, though of course OS updates means they already effectively have a backdoor.
Also: murderers and kidnappers don’t have to use broken cryptography. So again the only people who are harmed are people who aren’t criminals.
Also the statement from the Indiana police is extremely vague, and doesn’t make any details available about what they were doing.
Your foolishly conceived system does have any way to ensure that the several parties are not corrupt or evil. You would need to solve that problem first. Assuming it is solved does not work.
In the meantime, devices need to be designed to protect the human rights of users.
Aside from the many, many known cases where they are: http://legacydirs.umiacs.umd.edu/~tdumitra/papers/CCS-2017.p...
What does Apple do if they have this capability and China puts pressure on them to unencrypt some information on Chinese "dissidents"? China has incredible leverage over Apple, seeing as how all their devices are built there. Would Apple dare resist these requests from Chinese national law enforcement agencies?
Better to not have this ability at all, and thus never be put into this precarious situation.
Apple has this ability now, by installing an OS that allows bruteforcing the pin.
With this I agree completely.
Imagine the conversation if Veedrac was running the show at Apple.
Saudi Police: "We need the key to this user's phone because they are suspected of having a video of their own gay sex and we want to prove it and if they are guilty of gay sex, we will give the user 60 lashes and then execute them and their partner by chopping off their heads with a sword."
Veedrac: "Oh, OK, yes here you go, here is a single secure key on a one time basis so you can get the user's video and kill them."
Do you really think this is a great scenario, that Apple wants to actively enable by spending money and effort on their designs to make it happen?
Let’s hear your approach then. Don’t be coy.
And having more mechanisms by which they can access user data is not something that ever should be encouraged.
Doesn't this face the TSA Master Key problem?
"Last September, Apple said it had made changes to iCloud security and introduced a measure to stop software from making multiple automated guesses. While this is the case when trying to log in on a computer, unlimited guesses can be made using an iOS device, which is what this software pretends to be when accessing iCloud from a computer running it."
The problem is political, not technical. Apple can't be a fair intermediary for all the various governments and police departments of the world, so they use technology to cede control.
"For the children!" They can't think of a good reason to have access to all these phones so they blantantly use an idiom so tired that it's practically a joke.
> “If we go back to the situation where we again don’t have access, now we know directly all the evidence we’ve lost and all the kids we can’t put into a position of safety,” said Chuck Cohen, who leads an Indiana State Police task force on internet crimes against children.
There are two type of child abuse imagery: the new and original stuff that points to a kid currently being abused, the one can can be rescued, and the enormous mass of old material that forensic investigators have seen literally thousands of time before. Actual new abuse material that could lead to the rescue of a child is thankfully very rare. While these phones could lead to arrests, the likelihood of them leading to the rescue of a child is negligible.
Once upon a time the bulk of images on phones were originals taken by the phone. Now "phones" are really just internet machines and the images they are looking for are essentially browsing history and stuff saved from online sources.
I think you're ignoring some aspects of how the US criminal justice system works. Arresting a child abuser is one thing; they have to be tried in court and found guilty by a jury/judge. Criminal cases especially have a high requirements to prove guilt since they are very serious charges. So even if unlocking the phones may not help save actual children from abuse, I think what the guy means is that you can get more convictions for these child abusers who have been arrested and prevent future children from being abused.
Note that I'm not stating an opinion about the ethics of reducing security of phones, only pointing out what the person meant when he said that doing so prevents child abuse.
The technology to create digital images and videos has gotten cheaper. Securely transmitting and storing media, and securely communicats regarding it has become more accessible too.
I'm not advocating for or against iphone unlocks (or the generic abstract backdoor), but I think it is dangerous to think that serious crimes of this nature are extremely rare, or somehow far less common than they were in the past.
On the flipside, if you are right - and identifying material that saves children from this kind of crime is indeed a rare event - then isn't a possible reason the ready encryption of such devices? Food for thought.
She agrees with security experts that maintaining such lawful access, against pervasive "strong" encryption, would require the introduction of vulnerabilities, such as backdoors or key escrow. Which would expose users to malicious adversaries. She argues, basically, that law enforcement has become lazy.
She also raises the possibility of lawful hacking for smartphones, "infecting them with malware capable of capturing voice communications and keystrokes before they are encrypted." That brings to mind the FBI’s use of network investigative techniques. And of course, all those NSA tools.
This approach makes sense, since they do not know what this specific vulnerability is.
How do you know this? I'd be shocked if they don't have one or more of these devices themselves and have it completely figured out.
Apple would have to buy one on the grey market, which they may be unprepared to do
No, they would have to pay someone to do "research" for them and figure out the vulnerability. They would pay that person enough to buy one on the grey market and figure out how it works, keeping their hands clean.
The vulnerability may still be present in the allowed timeframe. This could just lead the investigators to carry around portable cracking devices to use at the earliest moment they can. A kind of technology arms race?
I understand a Law Enforcement point of view of having access to private data in order to prosecute criminals. I disagree with that point of view, but I would never say that point of view is a guise to implement a surveillance state.
Like, does he actually believe Apple is using "privacy for their clients" as an excuse to accomplish their true goal of protecting criminal activity?
I am not someone who assumes all NYT articles are slanted, but this one is bad.
When the story broke in 2016, only about 10% of Android phones were encrypted vs about 95% of iPhones.
At that time, Apple had included dedicated hardware in their SOC to handle device encryption for several generations, but enabling a software implementation of device encryption on Android caused performance penalties.
>there's a very significant performance penalty that comes with enabling FDE, with a 62.9% drop in random read performance, a 50.5% drop in random write performance, and a staggering 80.7% drop in sequential read performance.
FDE was pretty late and performed slow on early Android, among other issues.
The structure of Apple's revenue sources makes it a sure fire bet to do vs Google.
If everything you do in your daily life is recorded that is a significant privacy issue. More so than your private photos/text messages and GPS coordinates alone.
Apple is working on AR glasses, and is significantly promoting AR SDKs with their newest iOS releases. It's very easy to see why they take this privacy stance today.
And what were the results? How many people did those 96 iPhones allow Indiana to bring charges against? In how many of those cases did Indiana prevail? And in how many of those was the evidence on the phone necessary?
The question is can the government be trusted with a backdoor into our personal devices that "only they" can use? Should the people trust their government to only use that access lawfully, and can the people trust their government to protect that access from unlawful outsider access?
Since we've seen nothing but incontrovertible evidence, throughout history and to this day, that government cannot be trusted with this level of access to our personal devices (lives), then I can only hope that Apple and companies like it will fight to provide us with secure devices, and that our courts will protect our right to strong encryption to protect our personal data.
"Right" and "Wrong" are thrown out the window as soon as law enforcement makes the case that there is simply no time for the constitution. They're saving little tiny babies! but "OK, how many little tiny babies are you actually saving as opposed to blatant overreaches into the lives of private citizens" is the more effective point. The numbers will look bad, they can't help themselves once they get a whiff of some new power.
In this case, arguing for the _idea_ of liberty (incorrectly) labels you a pedant more concerned with red tape than being a hero.
Semantics, but I don't think it is necessarily the "power", so much as it is a new vector to get the evidence they feel that they need to perform their job with less effort. It is a lazy method that circumvents the laws that stand in their way for good reasons.
I am inclined to agree with you, but I have no evidence. Hence the questions. HN is well aware of the risks. But I've never seen any work done into the potential benefits. If the benefits are slim, then the discussion is moot. If there are cases that can be solved with phone data only, and if those cases are horrible or frequent enough, then there is a valid debate at hand.
This. Freedom isn't free.
"How many kids have to die before you give up your..."
"All of them you twat!"
I guess I'm doubting that. In any case, we're weighing costs and benefits in a limited context: access to a phone's data with a court order in hand. Framing an attempt to understand the benefits as "the wrong questions to ask" is counterproductive.
How can you weigh a cost against a benefit when you have no idea how big the benefit is?
One generalized answer to your question is:
"if the cost is unethical" then paying it really isn't on the table for ethical people.
So the cost of doing something unethical is infinite, assuming that you need to remain ethical, and any benefit is necessary smaller than the cost of losing your ethical status.
You might not agree that ethics are pragmatically important, but the point here is that it's possible to do a utilitarian calculus even if you don't know fully understand the possible upsides.
> Total surveillance would result in more crimes being solved
With perfect and total information how would fewer crimes be solved?
And what's really pathetic is that societies don't have discussions about unintended consequences of laws, and that prosecutors don't have checks-n-balances on their power/authority.
Fun conversation topic. A large proportion of people cannot comprehend such a concept.
If you have the same objections when using a safe, the answer to the problem has nothing to do with technology because you believer there is a fundamental flaw in the US criminal justice system. You aren't going to be able to consistently defeat the government by repeatedly trying to outpace them technologically. You have to instead change the laws that govern their actions.
If you think the rules should be different for a safe and a phone, you need to be able to explain why digital evidence should be treated differently than physical evidence?
What does either of those things have to do with decrypting things found inside either the safe or the iPhone?
If the FBI found coded papers inside a safe, they could try to decrypt those papers, but couldn't compel the owner to assist them.
Security flaws are fair game for law enforcement. Secure encryption without exploitable weaknesses will probably defeat them even in the presence of a court order.
Authourities must first gain access to premises with a warrant and then get a safe cracker in.
VS: authourities (at an airport or just about anywhere) take the phone off the person, there is a layer of obsfucation as to whether a warrant has been obtained or is needed, and data is collected.
If you look at the history of digital data (ie echelon etc) there is a clear trend for vast data hovering of all and any resources.
This is not possible with physical data, as it leaves behind a more concrete trail when authorities go after it, and causes them to (generally) be more selective about what they are doing
I think a better question is what happens when we go to a paperless society? Because it's coming, and search warrants will be useless in such a society.
And while some of your rhetoric about the abuses of government spying on citizens is justified (e.g. COINTELPRO, Watergate, etc.), search warrants as a whole do far more good than harm.
And I'd hate to see this power for prosecutors disappear just because drug dealers started using iPhones to keep their illegal activities hidden from police.
Were this true, crimes would have been practically unsolvable before about the mid 1990s. Back then nobody carried pocket computers/communicators (encrypted or otherwise) and criminals also largely failed to make paper records of their crimes.
You can't smuggle guns via SMS. You can't vandalize shop windows over the Internet. You can't kill people with a digital photograph. Most crimes, and especially the violent crimes that scare people the most, require physical actions that leave physical traces.
The major exception would seem to be certain white collar crimes: insider trading, trade secret theft, perhaps tax evasion and other financial shenanigans. That's where I can see secure electronic devices making law enforcement significantly harder. But when LEOs speak against encryption in public they usually seem to invoke killers and kidnappers, as if victims' bodies were now regularly hidden inside encrypted iPhones instead of car trunks and shallow graves. Maybe LEOs believe their own rhetoric or maybe they just realize that "think of the victims of inside trading!" isn't the sort of terrifying scenario that will get the public on their side.
I could commit these crimes over the internet by using others to perform them. So the people you catch are not the prime cause of the crimes. This was not feasible before the internet, and digital monitoring would be the only way to catch me.
Perhaps law enforcement is angry at the passing of a brief golden age where most Americans carried a cell phone and that phone's security was almost always terrible. I'd put that era roughly between 2000, when American cell phone ownership rates rose past 50%, and 2009, when Apple introduced iOS full disk encryption and began regularly improving other data-at-rest protections.
> Perhaps law enforcement is angry...
I wonder if what they're truly feeling is worried. Would that change the way you thought about them?
I get that whole thing with "COINTELPRO", and Watergate where there were abuses. But assuming everyone is of the honest type here, wouldn't you want them to have more tools?
I want to see the evidence that forms the basis for their worry, if they're feeling worried. Sincere feeling is better than pretending, but sincere feeling isn't enough.
The most compelling evidence would show:
- A statistically significant decline in solving violent crimes or serious property crimes now over the 1990s.
- A statistically significant increase in solving these serious crimes among police departments with access to phone-unlocking (e.g. GrayKey devices) vs. otherwise-comparable police departments without access to such devices.
If nothing regarding smartphones shows a statistically significant correlation to serious crime solution rate, then everyone will just go with their gut feelings. The gut feeling of police is, apparently, that they need to be able to look at the contents of phones. My gut feeling is that they don't. It's an impasse.
If serious crimes are solved at a higher rate in departments with phone-unlocking capabilities, but the rate in the departments without unlocking tech is still no worse than in the 1990s, I still would resist weakening phone protections. It would make me think that maybe things have become harder since 2008, when phones were widespread and insecure, but that secure phones aren't a notable hazard to public safety.
If it turns out that departments with phone-unlocking tech are doing significantly better than departments without it, and that departments without it are now solving crimes of violence and serious property crimes at a lower rate than in the late 20th century, I'd have to have a long, hard think about my personal stance on this issue. There would still be gnarly technical issues even if I decided that less secure phones were a net benefit to society.
But I have changed my stance on security issues before. For example, I changed my mind about video surveillance of public streets. I find it more reassuring than dystopian. I'm more worried about hit-and-run drivers than about the cameras being used by a future dictatorship against the resistance. I've yet to be convinced that monitoring should extend to private spaces like my domicile or phone.
To borrow a page from your argument book, if physical evidence alone were enough, we wouldn't have so many unsolved homicides. Look at the KC unsolved murder list for 2017:
> You can't smuggle guns via SMS.
Technically, you can send the plans for a plastic gun over the internet now, which just needs to be printed on the other side.
You can also send a virus, if the other side has a gene sequencer.
> You can't vandalize shop windows over the Internet.
You can vandalize digital signage over the internet. As well a steal credit cards from the store's credit card readers.
> You can't kill people with a digital photograph.
Well... technically it's animated gif. But yeah you can.
> Maybe LEOs believe their own rhetoric or maybe they just realize that "think of the victims of inside trading!" isn't the sort of terrifying scenario that will get the public on their side.
Honestly, I think law enforcement believes that they need more tools. I don't think they want unsolved murders any more than the citizens do. So telling law enforcement officers, "you can pry open my iPhone from my cold dead hands" tends to ring hollow, especially if they really are of the honest kind and really do want to put criminals away as well as respecting your privacy.
The US Constitution makes it clear that the rights of the people to be secure in their persons and possessions is paramount, but for a narrowly defined list of exceptions. That crimes may go unsolved because the state is kept on too short a leash, or because modern technology has made their job more difficult, is a feature, not a bug. A government with perfect knowledge about its citizens behavior and correspondence, or one that can perfectly enforce its laws, is indistinguishable from tyranny.
>So telling law enforcement officers, "you can pry open my iPhone from my cold dead hands" tends to ring hollow, especially if they really are of the honest kind and really do want to put criminals away as well as respecting your privacy.
They can pry my iPhone from my cold dead hands, or my live warm hands will hand it over if they have a warrant, but it will remain encrypted either way, for no other reason than I have the right to do so, and they have no right to demand otherwise.
As for the rest, I can't tell if you are just trying to demonstrate that you can think creatively, or if you actually think that iOS disk encryption is an important element of a scheme to get away with murdering someone with a pathogenic virus recreated from sequence data. (Or to get away with 3D printing guns under illegal circumstances, or deliberately inducing an epileptic fit.)
Why do you insist on this artificial restriction on whether or not police officers should have access to the data on an iPhone? It seems to me this would help the clearance rate if anything. It's another tool in the arsenal.
> As for the rest, I can't tell if you are just trying to demonstrate that you can think creatively...
The internet allows new styles of crimes, perhaps crimes you or I have never really thought about yet. Or maybe I've been paying attention to crimes on the internet lately. And for the record, I'm not the first to think about resequencing viruses. See point #5 here:
And to answer the rest of your comment, your rhetoric reads stronger than it truly is.
Having access to more worthless data only makes it harder to find the information amongst the sea of data.
But they did use fixed-line telephones and talk in person. These communications can be monitored with a warrant for the use of a telephone intercept or listening device.
And equally important, how many children were "put into a position of safety" by cracking into these phones?
A bit more here: https://news.ycombinator.com/item?id=16829478
(Even if it's none of these, the next exploit might be "we can decap the secure enclave and read/manipulate data on it with an electron beam")
"The encryption on smartphones only applies to data stored solely on the phone. Companies like Apple and Google regularly give law enforcement officials access to the data that consumers back up on their servers, such as via Apple’s iCloud service. Apple said that since 2013, it has responded to more than 55,000 requests from the United States government seeking information about more than 208,000 devices, accounts or financial identifiers."
Why don't they encrypt the data with my apple id password? Such a big security risk.
It seems like hacking the iCloud servers is a much more obvious way for an attacker to get data.
I don't see any reason why encrypting it couldn't be a toggle switch, not on by default, though.
Wouldn't get everything from it, iirc it's photos, bookmarks, contacts and documents as well as some app storage (WhatsApp, notably).
Some people may argue that extreme personal protection is good and extreme personal vulnerability is bad, which makes these "extremes" quite opposite, making one highly desirable and another one not.
Plus who decided that subpoenas are a good idea, or law enforcement traditions are how things ought to be? Inquisition and slavery were also a thing until they were not.
Any volume-level encryption?
An hour seems like a long time?
On Android (at least, on my device) the USB port is always charging-only. For data transfer you must always unlock the phone and accept a notification for MTP/PTP mode.
That's why this semi-adversarial relationship exists principally between Apple and Law Enforcement. Not necessarily Google or Samsung and Law Enforcement.
Well this is obviously an exploit, not a feature. You have to unlock and specifically trust a computer if you plug your phone into one.
The situation on Android isn't as cut and dry as you make it, you can for example plug USB headphones in and they will work without unlocking the device.
(little do they know, it sends the encryption key to microsoft)
So how long before the NSA has it cracked with power signal analysis?
Etc etc etc
I'm fairly certain a ban on parallel construction would not do you much good.
A gun must always work when needed for protection - it's not like software where it's ok to be "down", rebooting, or having battery troubles some of the time.
That's a very spun definition for "safe". Any individual gun is far, far, FAR more likely to be used to commit a crime than deter one.
Incidentally, that article includes suicide. Leaving aside the issue of whether or not somebody should be permitted to make such a decision about their own life, statistics don't apply to individuals in the way you are implying. While you could determine that owning increases the rate of successful suicide in a population, you cannot say it makes that man right there, named Bob more likely to kill himself. Because you don't know anything about Bob. Bob may be the sort of man who never even fleetingly contemplates suicide once in his entire life. If Bob were such a man, owning a gun would not make it particularly likely for Bob to commit suicide.
Furthermore whether or not Bob trusts his wife to not murder him with his gun is a matter completely removed from whether or not Bob ever uses his gun in self defense, or whether he owns it for self defense but never uses it for self defense (the later being orders of magnitude more common.)
I feel like we're getting off on a tangent regarding Apple's decision to further strengthen the privacy of a device. Happy to discuss in another forum the practicality of gun ownership.
It doesn't say that, but perhaps it appears that way to you. You read it that way because what you seem to have is a fundamentally dehumanizing ideology that reduces individuals to averages. Something I've found to be characteristic of those with extremist political beliefs.
Phones are the only thing I can think of that do support this, probably because they can draw a clean line between “emergency” and “non-emergency” use.
If I want to develop apps, should I get a computer?