Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Communications IOS Iphone Networking Operating Systems Privacy Security Software The Courts The Internet United States Wireless Networking Politics Apple Build Hardware

FBI Has Sights On Larger Battle Over Encryption After Apple Feud (bloomberg.com) 171

An anonymous reader writes from a report via Bloomberg: FBI Director James Comey said the FBI is exploring how to make broader use of the hack, used to access a San Bernardino terrorist's encrypted iPhone, while bracing for a larger battle involving encrypted text messages, e-mails and other data. The tool could "in theory be used in any case where there's a court order" to access data on an iPhone 5c running Apple's iOS 9 OS, Comey told reporters in Washington on Wednesday. However, accessing content on a phone, known as "data at rest," is only part of the challenge that encryption poses for U.S. investigators. Software applications and other services that encrypts texts, e-mails and other information in transit over the Internet, known as "data in motion," are "hugely significant," especially for national security investigations, Comey said. He said criminals are increasingly using services that encrypt data in motion, and he didn't rule out litigation against companies such as WhatsApp. "WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house." As for whether or not there will be litigation against WhatsApp down the road, Comey says, "I don't know." The FBI is trying to figure out how to allow "law enforcement around the country with court orders to be able to use our tool," Comey said. It's "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court preceding if there isn't a procedure in place to prohibit testimony about how it works.
This discussion has been archived. No new comments can be posted.

FBI Has Sights On Larger Battle Over Encryption After Apple Feud

Comments Filter:
  • by mishehu ( 712452 ) on Wednesday May 11, 2016 @11:07PM (#52095989)
    ...yet they're just itching to let local law enforcement use their tool for what plainly is not a matter of national security. I really hope that Americans aren't quite as dumb as I perceive and can see things for the way they are. Also, the more I hear Comey speaking, the more I wish somebody would just put a sock in him. The 1990's called and wants its Clipper chip back.
    • by Anonymous Coward

      It is understandable the FBI wants to not have to deal with encryption. It is their sworn duty to uphold the law, and to them, encryption is something a crook can use to keep them from answering for their crimes.

      However, the problem is that it creates a blowback effect. Before Biden and Lieberman introduced laws to ban encryption completely, nobody gave a rat's ass about it. What encryption there was was absolute shit and at best, just homegrown (lets seed and use rand.c and XOR that.) Want FDE? Stacke

    • by MightyMartian ( 840721 ) on Thursday May 12, 2016 @12:02AM (#52096175) Journal

      It's even a worse slippery slope. Not only do they want to be able to crack open all encryption, but they want to black box the process so they don't have to reveal how they obtained the information in open court.

      "Well, you're honor, we have the Anti-encrypto-tron 5000, whose inner workings we can't reveal, because, you know, terrorists and pedophiles! But rest assured, we didn't just invent this incriminating evidence. You can trust us totally."

      • by TheGratefulNet ( 143330 ) on Thursday May 12, 2016 @12:30AM (#52096225)

        nice justice system you got there.

        I wonder, can we go back to using ducks and scales? at least there, you have some transparency.

      • by Anonymous Coward

        "Well, you're honor, we have the Anti-encrypto-tron 5000, whose inner workings we can't reveal, because, you know, terrorists and pedophiles! But rest assured, we didn't just invent this incriminating evidence. You can trust us totally."

        Re: Actually TOP SECRET AND CONFIDENTIAL.

        The Anti-encrypto-tron 5000

        [Graphic REDACTED]

        The Anti-encrypto-tron 5000 works by having an unlimited number of monkeys type away on an unlimited number of keyboards connected to the device with the encrypted data. Though the [SUPER S

    • by rsborg ( 111459 ) on Thursday May 12, 2016 @12:18AM (#52096201) Homepage

      I really hope that Americans aren't quite as dumb as I perceive and can see things for the way they are.

      There's a large majority that are completely pissed off at the current (police) state of affairs.

      However, the security state and corporatocracy have chipped away again and again, year after year at the power of the people and it's not clear there's any real power left.

      • by Thanshin ( 1188877 ) on Thursday May 12, 2016 @12:52AM (#52096285)

        the security state and corporatocracy have chipped away again and again, year after year at the power of the people and it's not clear there's any real power left.

        The People, can have their power back at any point in time.

        It just requires a larger sacrifice the longer it takes.

        Last time, we had to sacrifice our humanity and decapitate other human beings.

        Let's hope next time the new start can be achieved in a more civilized manner.

    • by Anonymous Coward

      there is no slippery slope, there is just a deep shaft straight down to Stasi land

    • by Anonymous Coward

      Call me crazy, but I think John McAfee should be the Vice President. [youtube.com]

      He actually knows what's up with this encroachment on our privacy and the necessity for strong encryption not to have backdoors. I'll vote for McAfee over Hillary, write him in if I have to.

    • by _KiTA_ ( 241027 ) on Thursday May 12, 2016 @08:08AM (#52097503) Homepage

      Slipperly slope nothing, they're leaping off the cliff. Their latest argument is that part time traffic court judges in bumfuck Nebraska should be allowed to authorize hacks to literally any/every computer everywhere. [vice.com]

      Perhaps, I don't know, the FBI's job is SUPPOSED to be hard. Whenever they use that as an excuse to shit over everyone's rights I get more than a little wary.

  • by surfdaddy ( 930829 ) on Wednesday May 11, 2016 @11:10PM (#52095997)

    I can walk down the street with a friend and have a conversation that is not recorded, is never discoverable in the future. Although millions of us are honest people, terrorists could have these types of conversations as well. I just don't know how we can let that happen. It seems that the government should require us to record conversations so that if there is a warrant in the future we can get that data. Why it is just unfathomable that there could be information that the government cannot discover! How could we have let this happen for so long?! It's just SO GREAT that the FBI is trying to protect us...

    • by DaHat ( 247651 )

      I can walk down the street with a friend and have a conversation that is not recorded, is never discoverable in the future.

      Not exactly a fair comparison as recording the two of you takes a good bit more work, either someone near by auto-recording everything, or that PI or PD following you with a parabolic dish is being compared to ones where copying the contents of a conversation is trivial.

      I've a 24/7 recording camera in my home which does both audio & video... and I turn it off from time to time when

      • by tlambert ( 566799 ) on Thursday May 12, 2016 @02:02AM (#52096487)

        I've a 24/7 recording camera in my home which does both audio & video... and I turn it off from time to time when I'm going to have a conversation which I want to reduce the possibility of someone ever being able to overhear.

        I know.

        The Chinese company that sells me access to the web site that lets me remotely monitor your (or anyone else's) camera and microphone for $9.95 a month pops up a dialog when you do that, and I have to click "Reenable" instead of "Ignore" on the little dialog box.

        Luckily, I've written an Automator script to click the button for me, in case I'm away from home when you go into that mode, since I still want to record everything you say or do "just in case".

        • by AmiMoJo ( 196126 ) on Thursday May 12, 2016 @07:36AM (#52097377) Homepage Journal

          Surely it would make more sense to start recording when he presses the privacy button. The "temporarily disable recording" function is just a way to get victims to mark out interesting conversations for you, instead of having to waste your own time listening to irrelevant stuff.

          • To paraphrase Andromeda:

            Captain Hunt: America, override privacy mode.
            Beka: Hold on. You can just override privacy mode just like that?
            Captain Hunt: Yeah. America's at war. We can't afford secrets.
          • by DaHat ( 247651 )

            What privacy button? Perhaps I should have been more clear: when I turn it off... I yank the power cord.

    • by gweihir ( 88907 )

      Already being worked on. You think your phone is locked or off? Bad news, it can still listen to you and encoding and storing audio-data does not take a lot of power. Of course, at some point, anybody without a mobile phone or carrying one that cannot do this, will automatically be regarded as a terrorist.

      • by DaHat ( 247651 )

        Can't "OK Google" automatically pick up the request while the screen is turned off (and charging?)?

        The 17 people using Windows Phone have hands free "Hey Cortana."

        In our homes we have always listening "Xbox, watch CNN" and "Alexa, add dish soap to my shopping list.

        It is said that the 'wake word' is baked deep into these systems so they aren't 'really' listening & transcribing everything, but as you say, it's coming.

        • by AmiMoJo ( 196126 )

          In theory this wake-on-voice feature uses a low power DSP that only recognizes one phrase ("OK Google" or "Hay Cortana"), and never sends the audio samples out over the network. Sending it out would kill the battery.

          It could be abused by re-training it to use a different phrase ("allahu akbar") and then send the next 60 seconds of audio. Such an attack would be much more effective than simply recording all the time, because it would have much less impact on battery life.

        • My Droid Turbo had a feature that let me say an activation phrase and then perform tasks. I had it active for a short time but turned it off because it would hear anything as the activation phrase. We'd be talking about a random topic and suddenly my phone would beep to indicate that it Googled what we were talking about. So, yes, these features can be constantly listening and it wouldn't take much to turn them from "Ok, Google [now perform search]" to always sending recordings of you to some server some

      • by Gr8Apes ( 679165 )
        You know, that little electrostatic bag really has multiple good uses.
        • by gweihir ( 88907 )

          It has. In particular, it does not help at all here. Because it is, you know, an electro-static bag. That does not do anything for RF, which is electro-magnetic and not static at all. And recording voice does not even need an RF connection. I give you a "TRIPLE-FAIL!" and award you one virtual Popsicle. (The 3rd fail is that you apparently did not even try this. My phone is so unimpressed that it does not even drop a reception-bar.)

          The only reliable way to do this (besides carrying a tin can or the like as

    • I can walk down the street with a friend and have a conversation that is not recorded, is never discoverable in the future. Although millions of us are honest people, terrorists could have these types of conversations as well. I just don't know how we can let that happen. It seems that the government should require us to record conversations so that if there is a warrant in the future we can get that data. Why it is just unfathomable that there could be information that the government cannot discover! How could we have let this happen for so long?! It's just SO GREAT that the FBI is trying to protect us...

      Even this is a slippery slope. When all conversations are recorded then the terrorists will simply move to sign language. In this end we must also break everyones fingers to keep freedom safe or whatever.

    • I know you're intending to be funny, but please keep in mind that some of the folks who want to rip away our privacy will think your comments are a good idea. Ever notice that there are some people out there who think of 1984 as a training manual?
  • Who cares? Are they going to make illegal to use something else?

    • Re: (Score:3, Funny)

      by davester666 ( 731373 )

      Yes, they will go for requiring backdoors into everything. It is no surprise that ever since Hoover was in charge, the FBI loves backdooring anything and anyone they can.

  • by Macdude ( 23507 ) on Wednesday May 11, 2016 @11:18PM (#52096029)

    If the prosecution's case relies on evidence gathered by secret means then the data cannot be verified and it does not meet the standard of beyond reasonable doubt.

    "We have evidence that proves his guilt but we can't tell you about it" -- then you don't have evidence.

    • by Anonymous Coward on Wednesday May 11, 2016 @11:22PM (#52096041)

      That's why they use the illegally obtained evidence to make up a different story [wikipedia.org]. They even helpfully tell local police departments [scmagazine.com] to do it.

      • That's why they use the illegally obtained evidence to make up a different story [wikipedia.org]. They even helpfully tell local police departments [scmagazine.com] to do it.

        Yes, that happens. Note that in this case, though, we aren't talking about illegally-obtained evidence, we're talking about legally-obtained evidence that can't stand up in court. So they don't need careful parallel construction to avoid "fruit of the poisoned tree" issues. If asked what put them on the track of the evidence that can be used in court, they can happily point to the decrypted data.

        Where this creates real risks is if they claim to have gotten a lead from decrypted data in order to start a pa

    • FISA Court
      • Comment removed (Score:5, Insightful)

        by account_deleted ( 4530225 ) on Wednesday May 11, 2016 @11:45PM (#52096117)
        Comment removed based on user account deletion
        • A rubber-stamp procedure where one government employee pretends to be an advocate for the government's target while another one pretends to be a neutral magistrate, and a third pretends to be a legitimate officer of the court asking for a legal warrant, is not a court of law at all, and everyone participating in such a farce is complicit in a conspiracy to deny civil rights under color of authority.

          Quoted for truth...

          This is no different than the "special NAZI courts" that Hitler setup in the 1930s when the open courts weren't ruling "his way".

          https://en.wikipedia.org/wiki/... [wikipedia.org]

          ---

          The Special Courts came into being in 1933, soon after the passage of the Reichstag Fire Decree which all but eliminated civil liberties. The scope of its power was successively augmented by the

          "Decree to Protect the Government of the National Socialist Revolution from Treacherous Attacks" (21 March 1933),
          the "Law of 20 December 1934 against insidious Attacks upon the State and Party and for the Protection of the Party Uniform",
          the "Law for the Guarantee of Peace Based on Law" of 13 October 1933
          and a number of extensions when World War II commenced.
          The number of Special Courts increased from 26 in 1933 to 74 in 1942.

          A special court had three judges, and the defense counsel was appointed by the court. Even as heavy-handed as justice was in Nazi Germany, defendants were afforded at least nominal protections under the regular courts' rules and procedures. These protections were swept away in the special courts, since they existed outside the ordinary judicial system. There was no possibility of appeal, and verdicts could be executed at once. The court decided the extent of evidence to consider, and "the defense attorneys couldn't question the proof of the charges".

          • by MrKaos ( 858439 )

            The Special Courts came into being in 1933, soon after the passage of the Reichstag Fire Decree which all but eliminated civil liberties.

            It would be interesting to compare the intent of the wording of this with modern "Anti-Terorism" Acts that achieve this very same thing. For example:

            Constitution of the German Reich are suspended until further notice. It is therefore permissible to restrict the rights of personal freedom [habeas corpus], freedom of (opinion) expression, including the freedom of the press, the freedom to organize and assemble, the privacy of postal, telegraphic and telephonic communications.

            All of these things have been

        • Thank you for this. I hope you are right.
    • then you don't have evidence.

      They don't need no steenking evidence [latimes.com]

    • by gweihir ( 88907 )

      Not so! First, you make this type of data "evidence" by law. Just use enough terrorists and child molesters, and that should be a breeze. And next, you just start making up evidence completely, thereby saving a ton of money and being able to put a lot more people in prison!

    • by Anonymous Coward

      "We have evidence that proves his guilt but we can't tell you about it" -- then you don't have evidence.

      Except in practice that's not what happens. What actually happens is thus. First, the evidence acquired by secret means remains secret or at least the source of it remains secret. Second, the evidence gathered from the first or secret source is used to launch a separate investigation that while arguably serendipitous none the less explains how the authorities became aware of and monitored the alleged criminal activity in ways that are both legal and allow for plausible deniability of any secret alternative

  • .... we can learn a lesson from WhatsApp. if you ever develop any mechanism that allows end users to encrypt data in ways that nobody other than the intended recipient can decrypt, you have to actively try to discourage it from ever becoming too popular, because if it ever should become a dominating player, then criminals will be using it as well, and then law enforcement will want to come after you.
    • by Anonymous Coward

      if you ever develop any mechanism that allows end users to encrypt data in ways that nobody other than the intended recipient can decrypt, [...] then law enforcement will want to come after you.

      Doesn't even have to be popular. [project-retrograde.com]

      ~W8sJZuq7 boCJv0Mcr Q4npxqWWb SPWEjkPie
      csURjLyyc HKtz3QEDq 8oP6j0HrQ u6JyC4b_g
      z2Jzf7Kav 3.tilpIRF FAQ_y0dSo ryS4xPmIU
      u5gZ3kH2h ekOx5vnJl 71Xfatwso qEXFPG05U
      nRSbAZRBA g37p8l7MN NIeE2_XCv 9nokyg_ND
      fSMYPfWDr 3LVcUq916 osfEWSsXV DgHRgYS8u
      atUHjkrwN 2I3ozXKH3 4fvV1vdq1 TIng05Fm.
      bV8rXOR2S yiYSqUl8H _a1ELHDb9 fHGMadoW2
      tf7jnCUC6 TqnOHzFDH 00

      Secret Key: hunter2

    • by tom229 ( 1640685 )

      we can learn a lesson from WhatsApp [...] discourage it from ever becoming too popular

      That's the lesson you've learned? Oi vey, I don't know if there's any hope for this Facebook generation. Here's a tip: don't centralize stuff you think is important. You send every message, encrypted or not, through a central hub of a private, for-profit, American company, and are surprised someone can just flick a switch and make it all go away? Look up XMPP and PGP. Tell your friends. Then, please apply this same criticism to every cloud service you use, social media account you have, and walled garden y

  • by SeattleLawGuy ( 4561077 ) on Wednesday May 11, 2016 @11:48PM (#52096125)

    Secret investigations are often necessary for a time to allow law enforcement investigations to proceed.

    Right up until the moment when you take someone to court. If you don't disclose how evidence was obtained, then there is nothing to prevent en masse violation of the Constitution--no matter how good your intentions or how bad the people you are going after.

  • by Gravis Zero ( 934156 ) on Wednesday May 11, 2016 @11:49PM (#52096131)

    FBI Director James Comey needs to resign because he's made it very clear he does not have the American public's best interests in mind.

    • FBI Director James Comey needs to resign because he's made it very clear he does not have the American public's best interests in mind.

      Not to mention his ignorance regarding fundamental tenets of the Constitution.

      • Not to mention his ignorance regarding fundamental tenets of the Constitution.

        agreed.

        and btw, thanks for saying 'tenets' and not 'tenents'. the constitution has been rented out enough and its a bit tired from all the abuse. it needs some alone-time and maybe some ice cream.

    • Congress has the right to impeach any federal employee. Write to your congressman and ask for a vote on the matter.

  • Where are the GoPro cameras, where is the third suspect, why was a 'disaster drill' going on before the shooting. How did a coworker manage to identify one shooter as Farook as they were all wearing masks. Why did Farook attend the 'departmental event' in civvies only to rush out after being insulted to return in combat gear.

    San Bernardino Jihadis Strapped GoPros to Their Body Armor [pamelageller.com]
  • by Rosco P. Coltrane ( 209368 ) on Thursday May 12, 2016 @01:48AM (#52096441)

    They're bad because any old file can be presented as coming from the encrypted device. It would be very easy for the fuzz to "plant evidence", so to speak. As in:

    "Did you find this photo of the defendant wielding an ISIS flag on the defendant's phone Officer?"

    "Yes your honor."

    "How did you recover it?"

    "I can't say your honor."

    Good luck proving the phone only had lolcats on it.

    The FBI director openly discussing how to subvert the justice system is yet another sign that the US is now a fully fledged totalitarian state.

  • So the claim is terrorists use "whatsapp" - then what are their names?
    I think the claim, like many others, is a lie.
    How many terrorists even use a timer on bombs let alone more advanced technology? They are just being used as an excuse to lie and push an agenda.
  • by Bruce66423 ( 1678196 ) on Thursday May 12, 2016 @01:51AM (#52096451)

    Given that it doesn't want to be subject to US harassment, it should find another country to be based in - and in which to pay

    TAXES

    it's only when the government is hit in its finances will it stop drifting towards a police state.

  • Really? (Score:5, Informative)

    by nospam007 ( 722110 ) * on Thursday May 12, 2016 @02:07AM (#52096497)

    "WhatsApp has over a billion customers, overwhelmingly good people,"

    And they live in 194 countries, 193 of them not giving a shit what the FBI wants.

    • by PPH ( 736903 )

      The CIA/NSA will take care of those 193.

  • I told you (Score:5, Insightful)

    by kbg ( 241421 ) on Thursday May 12, 2016 @04:41AM (#52096861)

    This is exactly what Apple was saying would happen if they released the patch. This hack is now to be used for all other phones that have some information, which have no bearing to the original case. This is exactly the slippery slope we where warning about would happen.

  • by wbr1 ( 2538558 ) on Thursday May 12, 2016 @05:17AM (#52096945)
    Terrorists and good people lock their doors. Both use safes. Both drive cars. Should we ban these things as well to make your job easier cop? No. Fuck you, do your job, don't compromise my security and privacy to do so.
  • by jenningsthecat ( 1525947 ) on Thursday May 12, 2016 @05:47AM (#52097015)

    FTA:
    "WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."

    Translation:
    "The United States has over 300 million people, overwhelmingly good people," Comey said. "But in that 300 million people are terrorists and criminals, and so that now-under-siege document called The Constitution will be further undermined by law enforcement agencies."

  • by ytene ( 4376651 ) on Thursday May 12, 2016 @07:17AM (#52097295)

    One of the interesting aspects of the Assault on Freedom being conducted by governments the world over is the incredibly selective, distorting arguments that they make. In this case, one of the FBI's central themes has been that "terrorists, criminals and paedophiles" use encryption to hide behind. The inference is that "general purpose encryption" is being used "to do or hide bad things".

    Even assuming that this argument were true, or had been substantiated by the claimant [neither in this case] it seems to be somewhat self-defeating.

    If we apply the same logic to, say, the right to private ownership of firearms [and, sorry for all those who wish to retain their Second Amendment rights, because I truly don't mean to come across as a troll] provides a very similar argument and case. The United States has some of the highest personal firearm ownership levels anywhere in the world, and some of the highest levels of firearms related murders and woundings. So if the FBI were to stand up and say, "Well, because so many people with firearms use them for criminal purposes, we'll just outlaw all personal firearm ownership..." Whether or not you consider that argument right or wrong is irrelevant in this case, because I am using it as a good example of the way that law enforcement are so selective when it comes to their arguments.

    We have also seen how acts of states that are conducted behind closed doors and without full public scrutiny (Wikileaks, Snowden, Panama Papers, etc) lead to corruption and vast amounts of white-collar crime. So if we apply the same logic that the FBI are using to attack encryption - and in attempting to stamp out bribery, corruption, fraud and tax evasion, obviously the FBI will also be demanding completely transparent government, all key decisions made before public hearings, complete financial transparency, with additional requirements for anyone worth more than say $10 Million and so on?

    What's that you say? No? Didn't think so...

  • ... when Comey was still telling everyone he wasn't obsessed with encryption, back doors, and such. Nowadays he doesn't even bother to lie about it.

  • These articles really need to stop confusing "encryption" with password security. They've broken Apple's password security, probably an altogether trivial thing to do as security exploits in iPhones are fairly common. They can't "break [good] encryption" anymore than they can break gravity - it's math - it's fundamental laws of the universe. They can break software security measures designed to artificially bolster security of weak passwords though. Nothing to see here, use strong passwords folks, as always
  • by wcrowe ( 94389 ) on Thursday May 12, 2016 @09:16AM (#52097903)

    Somebody help me out here. Since pgp is, essentially, open-sourced, how do government agencies expect to regulate encryption? Even if they force this company or that company to give them a "back door", what is there to prevent someone from running their own app? Do they not realize that criminal and terrorist organizations are capable of easily building their own encryption applications?

    • by PPH ( 736903 )

      It will be like money laundering. Since there are 'approved' methods of encryption (funds transfer), anyone using an 'unapproved', not back-doored method MUST be a criminal. And then use of the unapproved method becomes a crime in and of itself.

  • As long as they rely on hacking the system, and not forcing the system provider to fork over security keys. Let's just hope that Apple keeps on top of their security and continually fixes the holes that the FBI finds.

Keep up the good work! But please don't ask me to help.

Working...