HN Theater @HNTheaterMonth

Two relevant humor bits.

* Honest Government Ad | Anti Encryption Law - YouTube || https://www.youtube.com/watch?v=eW-OMR-iWOE

* Encryption: Last Week Tonight with John Oliver (HBO) - YouTube || https://www.youtube.com/watch?v=zsjZ2r9Ygzw

Elections are coming and everyone has to play tough. None of this is targeted at terrorist as is does not even remotely make sense its all about controlling the population.

Let`s see when they propose to ban math.

Mandatory John Oliver on Encryption :) https://www.youtube.com/watch?v=zsjZ2r9Ygzw

I agree voting from your IOT device is something that should happen. We will get there some day.

To get to that point sooner, we should elect more people who are knowledgeable about technology. If you disagree or feel that is an impossible route, you may be able to find others who feel similarly. Personally I think people who feel this way are part of a minority and that limiting your interactions to a certain group is isolating and not productive. I am always looking for ways to engage people with different ideas, both to learn and to share what I've learned.

Ultimately, I reject vox_mollis comment that participation in the democratic process is worthless or powerless. Just listen to This American Life's episode on "Take the Money and Run for Office" [1],

> Barney Frank: If the voters have a position, the votes will kick money's rear end any time. I've never met a politician-- I've been in the legislative bodies for 40 years now-- who, choosing between a significant opinion in his or her district and a number of campaign contributors, doesn't go with the district. [2]

Or look at how Lindsey Graham changed his mind in the encryption case [3]. Our representatives are not entirely useless. Similar to your day job or at your school, some people are good at what they do, and some are bad at it. That's no reason to throw the baby out with the bath water. We have the longest running democratic republic in the world. We should study it, contribute improvements by speaking up and voting, and be proud of it. Much of the rest of the world faces strict repercussions when they even speak against their government.

[1] http://www.thisamericanlife.org/radio-archives/episode/461/t...

[2] http://www.thisamericanlife.org/radio-archives/episode/461/t...

[3] https://youtu.be/zsjZ2r9Ygzw?t=14m30s

I think you're reading this completely wrong.

The FBI asked for access, Apple said no (because they knew the case was about precedent rather than capabilities). Apple knows the older phones had vulnerabilities (see this faux-apple computer - https://youtu.be/zsjZ2r9Ygzw?t=15m50s commercial).

This is the follow-up from Apple saying "oh, you needed our help to crack it huh? How did you suddenly find a way to do it on your own without us as soon as you realized public perception wasn't proceeding as you hoped?

EFF seems to think that the FBI is legally required to disclose the method (https://www.eff.org/deeplinks/2016/03/fbi-breaks-iphone-and-...) due to their VEP process.

⬐ freyr

> I think you're reading this completely wrong.

It may be the wrong opinion, but it's the popular opinion among many people I've spoken to. Namely, they think Apple has egg on its face and isn't as good at security as they claimed to be. Right and wrong don't always matter in the court of public opinion.

⬐ altern8tif

The VEP seems to be policy rather than legislation. Meaning that there is no legal obligation for the US Government to abide by it.

If anything, the question is whether the US Government is morally obliged to reveal the vulnerability, given that the risk of not doing so is much higher than the value the government gets from exploiting it as a tool against terrorism. That, I believe, is the EFF's strategy – getting public support and appealing to the government's moral obligation to protect its people.

⬐ kra34

So the same company that didn't want to help investigate somebody who killed 14 people because of privacy concerns believes the government has a moral obligation to help them debug their software / hardware platforms. Yup, that makes sense.

⬐ icebraining

You seem to think holding both positions is incoherent, but I have no idea why.

Blog post by one of the authors about the attack: http://blog.cryptographyengineering.com/2016/03/attack-of-we...

Also the title seems to be a reference to Last Week Tonight's Apple ad: https://youtu.be/zsjZ2r9Ygzw?t=950

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch.

reminds me of John Oliver's fake Apple ad from last week:

"We're barely one step of hackers at any time," https://www.youtube.com/watch?v=zsjZ2r9Ygzw#t=15m50

⬐ runesoerensen

They thought of that ad too it seems ;) "Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage". Yes, the title is totally stolen from @LastWeekTonight https://twitter.com/secparam/status/712106956538793984

⬐ unabst

All the FBI or anyone with a locked phone has to do is wait without updating the phone. Eventually an exploit for that version will emerge. It appears they've already caught up to iphone5 and iOS 8.

http://www.ebay.com/sch/i.html?_odkw=ios+passcode&_osacat=0&...

⬐ rm_-rf_slash

Nothing wrong with that. Hacking goes both ways.

There is good evidence that public debate is starting to turn. Senator Lindsay Graham, a national security hawk, is beginning to state reservations with the FBI's strategy. That's a big deal: https://youtu.be/zsjZ2r9Ygzw?t=14m30s

This was showcased during the last episode of the John Oliver show https://youtu.be/zsjZ2r9Ygzw?t=522. Here's what happened : http://www.nytimes.com/1994/06/12/magazine/battle-of-the-cli...

⬐ JetSpiegel

That was a great article, thanks for sharing. This snippet puts things in perspective:

The agency is really worried about its screens going blank" due to unbreakable encryption, says Lance J. Hoffman, a professor of computer science at George Washington University. "When that happens, the N.S.A. -- said to be the largest employer in Maryland -- goes belly-up. A way to prevent this is to expand its mission and to become, effectively, the one-stop shop for encryption for Government and those that do business with the Government."

⬐ studentrob

Note that currently, the NSA is not asking for this privilege, and indeed two former intelligence directors (Hayden-NSA/CIA and Woolsey-CIA) and former CIA agent / current US representative Will Hurd all believe the DOJ is in the wrong to try to force Apple to build them an access tool.

I know you're quoting the 1994 situation but I just want to clarify for other readers here.

⬐ EthanHeilman

> "When that happens, the N.S.A. -- said to be the largest employer in Maryland -- goes belly-up. A way to prevent this is to expand its mission

The article is from 1994 and I believe my reaction is as true then as now.

Why can't NSA just switch to doing 90% information-assurance and work to secure US infrastructure?

Certainly there is more than enough work to go around, if they are looking for something to do I have some suggestions. The US military isn't really known for having secure communications or storage systems, maybe NSA should try to solve that problem (as a plus it is already part of their mission).

Is the claim here that NSA's budget would shrink if all they were doing was securing US systems and communications against foreign intelligence agencies? Does Congress consider that task unimportant?

⬐ studentrob

I'm pretty sure they're focused on stopping terrorist attacks like 9/11 from happening.

Note that the NSA is not asking for Apple to give them a special key to the iPhone. The FBI is asking for it.

Note that a former NSA director (Hayden) and CIA director (Woolsey) have said they both support Apple in this case.

⬐ EthanHeilman

I'm reacting to a statement from 1994 in which it was claimed that the NSA wanted to expand its mission to ensure it could still employ the same number of people.

>I'm pretty sure they're focused on stopping terrorist attacks like 9/11 from happening.

That was not NSA's original mission and if congressional testimony is to be believed, not one NSA is particularly well suited to do. SIGINT/COMINT targeting the organs of the Soviet Union is a very different game than interrupting a terrorist plot by a small number of unknown actors.

>Note that a former NSA director (Hayden) and CIA director (Woolsey) have said they both support Apple in this case.

The FBI's position is so unreasonable that it appears nearly everyone that is well informed about the issue and isn't currently employed by the US government supports Apple, but we are talking about the Clipper Chip which was an NSA program.

> it's not about the average person, it's about someone with something to hide

Keep in mind that the FBI would love it if everyone held that to be true. We all have something to hide, average person or not. No matter if you are a criminal, political activist, pervert, lawyer, priest, or just the baker down the street. Paraphrasing John Oliver: your banking statements, medical data, dick pics, private messages, dick pics, dick pics, and your secret diary are all things you most likely want to hide.

( https://www.youtube.com/watch?v=zsjZ2r9Ygzw )

The FBI would not mind a situation where only people with technological know-how use GnuPG, LUKS with dm-crypt, etc., and the rest whatever came with their smartphone. Most criminals are not particularly tech-savvy, so if that group loses access to strong encryption by default, they largely gain what they want.

Of course there is no practical way to make the use of strong encryption by individual citizens around the globe illegal, and they know this. They may however succeed in outlawing strong disk encryption available by default on store-bought devices. So when a suspect uses an Android or IPhone, and the FBI has his or her device, they want to be able to access its contents without the suspect's consent. Ideally, they also want the most popular messaging platforms (like Facebook's WhatsApp) to have a backdoor available, in order for the vendor to be able to comply with warrants for such data.

I am surprised that a search for "math" only turned up one result in this thread, about car accidents vs terrorist victims.

Isn't it true that encryption legislation or policy is sort of irrelevant next to the very clear math that says encryption will always be ahead of decryption? Even in a (hopefully avoidable) dystopia where encryption is illegal, would that really stop technology companies from continuing to do what they've always done?

John Oliver has a great segment[1] where he notes that the majority of cheap, available encryption applications aren't even US-based, and so it becomes nigh-impossible for our (or any) government to stop any pedestrian from encrypting.

[1] https://www.youtube.com/watch?v=zsjZ2r9Ygzw

⬐ h0w412d

Yep. Cory Doctorow has talked about this: how the universe "makes it easy" to secure communications because mathematically, it's really easy to encrypt (verify that a number is prime) and really difficult to decrypt through hacking (factor a huge prime number).

And because of that, outlawing encryption is really outlawing math, which is ridiculous. Math is a universal API everyone has access to simply by existing. You can't outlaw math.

⬐ nickpsecurity

Do you have a link to that? Because I know a guy who really needs to counterpoint it. High-security engineer, Clive Robinson, always said security is about physics if you look at it down to the hardware. The physics try to connect things in ways you didn't see coming. That allows unauthorized communications. The physics also try to corrupt the operation of your chips. That compromises computational security mechanisms. Even encryption algorithms had tons of problems when they were implemented to the point that it takes pro's with years of experience to implement them with any assurance. Those are often broken later.

So, if Doctorow said that, he couldn't be further from the truth. The universe seems to do everything it can to make security difficult via physics itself. Throw in economics and biology (evolving malicious attackers) to top the argument off.

⬐ SCHiM

Security != encryption in every case. What you're describing is actually also what makes encryption stronger/easier than decryption:

A priori there's only 1 correct plaintext, while there are limitless chipertexts of any given plain text (assuming arbitrary IV lengths and key). You can't change that and this is basically what makes encryption so much stronger than decryption.

⬐ nickpsecurity

Only two sentences were about encryption. The others mainly covered the foundations, like kernels or MMU's, encryption depends on or can be bypassed with. You should look up TEMPEST Level 1 safes, PC's, peripherals, and rooms. That's just EMSEC part tgat requires all thst because physics fights us. Then, look up NSA Type 1 hardware and physical separation with Red/Black model to see how you start on endpoints. Rad-hard and fault-tolerant circuitry too where you'll see probabilities instead of certainties.

Add it all up to say that, outside a few products, your security mechanisms from CPU go crypto arent secure. Physics and intrinsic complexity work together to ensure this. Systems fighting all of it have less features, are heavy, more manual steps, less battery life, and cost several times more. Economics takes over there where physics leaves off.

"A priori there's only 1 correct plaintext, while there are limitless chipertexts of any given plain text (assuming arbitrary IV lengths and key)."

A priori there's electrical signals going through analog and digital circuitry that implements a form of it with malicious hardware, software, or networks connected to it. There's tons of ways to intercept or leak those secrets. These are not in the formal model of crypto. Once included, the picture changes considerably and leans my way.

⬐ SCHiM

Except of course I can create an unbreakable encryption with two pieces of paper and a pencil by constructing a one-time pad. And that encryption has nothing to do with computers except for the fact that doing encryption by hand would take ages these days and we therefore choose to delegate it.

The fact that our computers are too unreliable to be trusted with encryption does not mean that the universe does not favour encryption.

Unless you constantly keep inventing malicous hardware or hidden 'observers' in the paper and pencil scenario there's no way you can say that decryption is easier than decryption.

⬐ nickpsecurity

I saw that counter coming. A little bit different, better argument. Several things in here. So, let's look at them.

re paper encryption

That was defeated regularly in the Cold War in a number of ways. Easy or not, the mathematical proof didn't translate directly into the real world due to human issues and physical ones like intercept or observation. FBI's crypo unit has been defeating custom pencil and paper ciphers of criminals for a long time, too. So, we can say the best, provable encryption makes the job more difficult if no observation of the act of encryption, KEYMAT, or decryption take place. That's a lot more limited than mathematicians pronouncements imply. ;)

re universe

"universe does not favor encryption"

Oh, I think it doesn't. For one, encryption only happened one time in known universe that we know of. When it did, it screwed up more often than it worked. Then, even the best forms are defeated by stuff above thanks to other properties of the universe. Universe seems to favor plain text to me. Its own codes are plain to observe, too. Obfuscated at worst.

re computers

That was a nice dismissal but computers are the whole point, right? We talk encryption that we're going to use on a computer most likely. Then someone says some stuff like how we can trust the math. Then I have to point out we run electrical impulses representing machine instructions, not math. Then the conversation drifts to pencil and paper or arcane stuff.

At least you admitted we can't trust the math on a computer because it doesn't represent what it does. Often not on pencil and paper either or in speech if under surveillance. So, we can't trust the math at all. It's always math + all kinds of circumstances and methods. Even then, we can only trust it with probability C as in odds of Compromise.

It's on youtube too: https://www.youtube.com/watch?v=zsjZ2r9Ygzw

⬐ tinkerrr

That Youtube link is blocked in the UK

⬐ None

None

⬐ mangeletti

I hoped he would have touched on one more important and oft overlooked point:

Encryption is not a secret. It's accessible to criminals, and criminals don't give a shit about "backdoor" laws.

In fact, I'd venture to guess that there is great encryption software already available on jail broken iPhones.

⬐ drakenot

He did touch on this point. He said that no matter what the outcome if this case is, real encryption is still just an app away. He then listed several 3rd party encryption apps.

⬐ mangeletti

Ah, good catch. I hadn't noticed that. I miss words all the time when listening to British people speak.

⬐ squeaky-clean

He brings this up around 13:30, when he mentions Telegram has 100 million downloads, and that if the government forced them to weaken their encryption, other apps with pop up 5 minutes later.

⬐ baldfat

Well what we have seen in actual practice is in France and other terror attacks that they used no encryption so far. http://www.bloombergview.com/articles/2015-11-18/a-back-door...

What we have also seen in regards to just use of technology is the reign of default. I I doubt that criminals would go for an unlocked iPhone for security reasons for a few reason but one being that is beyond them.

⬐ jschwartzi

ISIS is known to use encryption in their communications.

⬐ will_hughes

Do they? Do you have evidence to back that up?

The bits I've read suggest that they don't - or at least not widely.

Eg: https://www.schneier.com/blog/archives/2015/11/paris_terrori...

⬐ stoshe

http://www.businessinsider.com/telegram-isis-app-encrypted-p...

⬐ will_hughes

There's only one mention of ISIS affiliated chat channels on Telegram, not that it's actually been used by actual terrorists.

The rest of the speculation in that article was called out and refuted by the link I supplied.

⬐ baldfat

I specifically spoke about the attacks in Paris which was originally blamed on Snowden and encryption but actually they didn't use encrypted communication.

⬐ mangeletti

Considering that ISIS has a website[1] protected by TOR, I'm pretty sure they could figure out how to jail break an iPhone, which takes about 10 minutes and a YouTube tutorial.

I apologize, if I'm wrong, but I can't help but feel like you're being disingenuous.

1. http://motherboard.vice.com/read/isis-now-has-a-propaganda-s...

⬐ baldfat

Though there is a tor website is does it actually get visited by people? Seems like Twitter, Facebook, YouTube and Telegram has been more successful for them.

⬐ anc84

What a shame that Signal is not mentioned as encryption app.

⬐ meritt

Telegram is good at marketing and Signal/OWS is good at encryption. Not too surprising.

⬐ ehartsuyker

I know, right? I actually got excited for a second thinking he'd name drop that.

⬐ maxerickson

Open Whisper is based in the US so Signal isn't different from Apple in a way that was interesting for the story.

⬐ lorenzhs

If someone shows up with a phone, Open Whisper Systems can't read the messages stored on it if they don't have the passphrase. The messages are encrypted at rest, so they can't create an update that would circumvent it. The only option would be brute-forcing the passphrase. In that way, it's fundamentally different from Apple.

⬐ maxerickson

Sure, but the segment that mentioned other encryption apps was talking about what would happen under a US government mandate. Open Whisper Systems would have to comply, move or cease operating (Just like Apple).

Apple also improved the latest iPhones, the OS replace bypass at question here will no longer work. So Signal has an advantage over older iPhones, but not all of them.

⬐ thwarted

He used phrasing like "widely thought by experts to be impossible" (13m2s) a few times through this piece. Which cryptographers and cryptography experts think, in 2016, that a crypto system could be created that is, baring bugs, completely secure right up until the point where you don't want it to be? He showed clips of legislators asking for magic crypto unicorns (10m). Is this some kind of 4 out of 5 cryptographers think it's an "impossibility", and do we really think that that remaining one is actually an expert?

Or is this just an attempt at "fair and balanced" reporting, implying that, while they couldn't find any "experts" to take the opposite side, there must be some out there. John Oliver doesn't usually do that though.

⬐ datapolitical

If you sound overly certain when people disagree with you they won't take you seriously.

⬐ shard972

Pretty much explained why Donald Trump is so popular at the moment.

⬐ mistermann

Glib dismissals like this are just one of his sources of power.

⬐ kevinwang

I'm not sure I completely understand your comment. Do you mean that instead of "widely thought by experts to be impossible", he should have said "all experts believe it to be impossible"?

⬐ jlubawy

It doesn't sound likely to be possible, but has it been proven so (in the rigorous mathematical sense)?

⬐ logicrook

>"widely thought by experts to be impossible" (13m2s) a few times through this piece. Which cryptographers and cryptography experts think, in 2016, [...]"

You take a John Oliver quote, and it contains the current year? Come on.

⬐ manuelflara

I think what he meant with those words was that experts think it's impossible to create such a backdoor and keep it 100% safe from being leaked or exploited by bad actors. Which I think we all here can agree with.

⬐ rtpg

Well Apple has signing keys right? The signing keys are a backdoor, and we've mostly mastered "don't leak your secret keys."

Now for a backdoor that you're sharing with a bunch of people...

⬐ monocasa

But they would be asked to share this back door with the thousands of law enforcement organizations, as well as other countries. If they had to do the same with their signing keys, those wouldn't be secure either.

⬐ Tempest1981

Awesome summary of the issue. All it takes is 1 disgruntled/bribed/blackmailed employee, and everyone could be compromised. Not worth the risk.

⬐ XorNot

As opposed to the current situation with Apple's signing key?

⬐ vonmoltke

One disgruntled/bribed/blackmailed employee with access. Without knowing how many that is and what measures are in place to stop those people it isn't possible to quantify the risk.

Note that I'm not defending the idea of encryption backdoors. I still believe they are a bad idea, period. I'm just getting annoyed that the pro-encryption crowd here and on other tech sites is engaging in the same kind of out-of-touch hyperbole that the anti-encryption crowd is.

⬐ dogma1138

Depending on how it's done if the signing key is delivered to the USG yes, if Apple only delivers on-demand software updates then the security remains pretty much the same - anyone within apple who has access to the current signing key / authority to push software updates to apple devices.

Handing out the signing key to the USG will probably be quite disastrous as they more likely than not offload it to any 3rd party in the private sector which will offer to make them the next best phone scrapping kit or spyware.

If Apple is compelled and goes trough the software route then it's will be bombarded by 1000's of requests to unlock phones, and worse in the future to potentially install "wiretaps" on phones of suspects not in custody who haven't been charged with anything yet which will be quite a costly operation for Apple.

⬐ nickik

In the house meeting the security expert said this pretty well. As soon as the process becomes routine its going to be in a huge amount of danger.

⬐ dogma1138

That one I don't really buy sorry, wiretaps have been around for ages and while they have been misused by law enforcement I haven't heard about too many cases in which criminals actually exploit them.

While cyber criminals are sophisticated it's just not going to be worth the effort for them, most large cyber crimes were pretty low tech.

Foreign intelligence agencies is another deal, but then again they could just as easily penetrate Apple now.

So while there will be some technical risk its really not substantial, the privacy implications however are going to be very severe.

⬐ nickik

You attack the weakest aspect of a system and with traditional phones that was not the interface to the state.

Apple having a well such a key now is problematic but it is necessary. As long as apple only signs individuel versions that is hardcoded to one perticular phone, the danger is not that large. These keys are protected with lots of effort and access to it is limited.

If apple is forced to unlock hundreds of phones they will not sign a version for each phone individually, the will have a version that runs on all phones. This software is way more problematic then the key itself.

This is by the way exactly what the securty expert said in front of the house:

https://judiciary.house.gov/hearing/the-encryption-tightrope...

⬐ dogma1138

Apple doesn't and as far as I can tell cannot sign a version for an individual phone a signed binary by apple that removes the security settings for a phone lock/wipe will be valid for any other apple phone as long as you can trigger an update which you can using iTunes you should be able to deploy it on any device you want.

There are no individual singing keys for phones that would be unmanageable there are probably a handful (or even a single one) singing keys that apple has which are valid on their devices and that's it.

⬐ nickik

That is wrong. The phones have hardware ids and those can be checked in code. They can sign a binary blob that runs on one phone only.

⬐ dogma1138

No its not, phones have hardware ID's that are used to generate the encryption key (on phones with a secure enclave, this isn't even one) I have seen no evidence that there is any specific per phone signing of apple software.

⬐ Shivetya

Okay, while I am in full agreement that no back door is warranted why does Apple get a pass of their actions with regards to China? The rumor mill claims it means possibly handing over source code used to drive devices. If true, how would they not do the same for US officials?

I certainly don't believe they should write the code request by the government but at the same time are they going to keep that stance in all markets?

⬐ Tloewald

Apple showed the Chinese its source code so they could verify that it had not been back doored (per Snowden's accusations). Since this did not entail revealing their signing keys, it's a completely irrelevant comparison (in fact, it's exculpatory).

⬐ bhhaskin

There is a big difference between handing over source code and pushing signed patches to a device. A key principle in modern Cryptography is that if your algorithm has to stay secret in order to remain secure then it is inherently insecure. The same could be said of source code. Handing over the source code to China should not effect the security of the platform, otherwise it is inherently insecure. Handing over signing keys however is completely different.

⬐ aauchter

Would it be possible to build devices that could be unlocked a fixed number of times across all units (say 1,000 times). Devices could be heavily hardware encrypted, but unlockable with an encryption key, a portion of which comes from a publicly monitored blockchain/distributed ledger, that when used reduces the number of future uses.

This way, the government could be granted access for extreme cases, but without the potential for abuse or mass surveillance. Once there were 1,000 check-ins, not more keys could be generated.

Thoughts?

⬐ ohazi

No, you can't do this in a way that's as strong as conventional encryption. It would be too easy to present your system with an older view of the "ledger" to compel it to reveal expired/locked information. If your system were to mutate some encrypted internal state to keep track of the read count, this could be worked around via backups.

The only way your system could work is if it relied on some sort of TPM, which is essentially security by obscurity.

⬐ alain94040

Doesn't the blockchain offer some solution to that problem?

⬐ yoha

No. The blockchain is only a consensus through a network.

Anyone can make a tiny isolated network and create a fork that will look real to the target (here, the iPhone).

This is remotely related to the CAP Theorem [1]. Namely, you expect a blockchain not to fulfill the consistency requirement.

[1] https://en.wikipedia.org/wiki/CAP_theorem

⬐ acqq

It's irrelevant, since the goal of FBI now is to make a precedent in being able to demand the changes in hardware or software based on the "All Writs Act" which should otherwise be the wrong act to allow them to effectively introduce infinite "Clipper chip" equivalents the way they haven't succeeded through the regular legislation procedures up to now.

Up to now such changes had to pass through the Congress, the laws had to be voted to solve such issues. This time they just quoted the Act which really just says they "may issue all writs necessary or appropriate." (check: https://en.wikipedia.org/wiki/All_Writs_Act ) Almost like citing the Catch 22.

It sounds too trivial but it's fundamentally dangerous in the powers they obtain if their current interpretation is accepted: the state doesn't have to make laws, the government can just write anything whenever it likes and say it's covered by "All Writs."

In the older cases when Apple cooperated Apple didn't have to change anything, neither their future hardware for retail nor the software of the hardware they produce for retail and the cases when nothing has to be changed but just the accessible data copied can be understood to be actually covered with the specific law, CALEA.

And don't forget how weak the argument of the FBI really is, the phone in question was a business phone of the terrorist, who actually intentionally destroyed his private phone before being chased. For this one he didn't care. Apple gave FBI the backup of the business phone, and was able to give them even the current state of it, but the government changed the backup password themselves. And the FBI can actually without Apple copy the data from the SSD disk of the phone and restore it any time to allow them more password tries. But they really want to make the precedent. Because they don't want that Apple produces the next phone on which FBI can't have more access.

⬐ josinalvo

Is it really technically feasible for the FBI to do a bit by bit copy of the SSD? Is there not some hardware restriction?

This seems highly relevant...

⬐ serge2k

Not on the 5, apparently. My understanding is that it isn't the SSD but rather the flash on which the encryption key derived from user input is stored (the part you unlock with code and is wiped after 10 tries).

⬐ acqq

I don't agree. There were more texts claiming it can be done, they just have to try the combinations on the same circuit board, because one of the parts of the key is the part of the hardware, but the copying of encrypted data and then restoring from such backup can be done outside of the board, nothing is against that. Here's how Chinese trivially remove and replace the "solid state disk" chip.

http://9to5mac.com/2016/02/03/iphone-flash-storage-upgrade-s...

And the article that describes the process:

https://www.aclu.org/blog/free-future/one-fbis-major-claims-...

Yes it's just a chip that has to be copied, it's not a disk as we understand it in notebooks in a sense "a bunch of chips connected via SATA or M2" it's lower level but the principle is the same.

⬐ acqq

It is feasible but not purely with software, the SSD chip has to be desoldered from the circuit board, the socket inserted in the board and then the copying can be done as many times as needed and the combinations tried. There are companies that do exactly such kind of intervention.

https://www.aclu.org/blog/free-future/one-fbis-major-claims-...

⬐ pointernil

So there is an effort estimate to ADD what the authorities need?

Does this indicate the crypto is already broken?

What's hindering the "intelligence community" from doing it on their own on case by case basis?

Did they already do this?

Does Apple win disproportionately marketing wise by staging it self as the sound and secure provider?

⬐ will_hughes

There's widespread speculation that this is a test case.

I.e one big high visibility case where there is general support that the government should have access to a Terrorist's data.

Once Apple has been forced to write this one version of the software, the legal precedent is there to force Apple (and every other company building software and devices) to do it again for all the other devices that any law enforcement agency has on hand, for scenarios that might not have as much support.

⬐ nickik

I listen to the hole house commity about this issue. The FBI says it has "talked to anyone who would talk to them". The security expert is on record stating that she beliefes the NSA had the capability to break the 5C but did not want to share it with the FBI. She recommended the FBI build such capabity itself instead of threaten the security of everybody.

⬐ pfg

The FBI is asking for firmware that disables its anti-brute-force delays and auto-wipe feature. The estimate Apple gave is for creating that firmware and signing it with their key. They're not breaking the crypto, but merely making an brute-force attack more viable (by reducing the delay to ~80ms, which is how long the hash algorithm takes per passcode).

The intelligence community would need access to Apple's firmware signing key in order to do this themselves. (IIRC, in their latest court filing, the FBI actually mentioned this would work for them if Apple is unwilling to implement the firmware changes.)

⬐ pointernil

Thanks for clarifying this.

⬐ senectus1

any chance of a non-geoblocked link?

⬐ tdy721

https://eztv.ag/shows/1025/last-week-tonight-with-john-olive...

⬐ Freak_NL

Interesting; I can see the video in The Netherlands. I wonder which specific regions they are blocking and why.

⬐ None

None

⬐ samwillis

https://m.facebook.com/story.php?story_fbid=858905877571756&...

Supprisingly their Facebook video isn't...

⬐ None

None

⬐ fufefderddfr

Video spam. Late night show bullshit.

⬐ dcw303

Like everyone on this site, I've been following this story too closely to get any new info from this segment, so I couldn't tell if this will convince people. It was up to the always high standards of Last Week Tonight though.

I really hope the message got through to his audience. We need every single non-technical person in the world to understand this clearly if we have any hope of getting the US Government to back down.

⬐ dfc

Do you honestly think non-technical people from outside the US are going to make a difference in this debate? I can't imagine a demographic with less influence over the situation.

⬐ Larrikin

The host is British, but Last Week Tonight is an American television show.

⬐ None

None

⬐ Cuuugi

I hope so. It has worldwide implications. There would be negative impacts for their business(es) globally if they nerf encryption.

⬐ kilotaras

If it can be shown that it will eat into profits of US companies (because people will switch en masse to non-US providers, e.g. telegram in Brasil) then it's a pretty big difference non-technical people from outside the US can make.

⬐ Selfcommit

That "non-technical" person from "outside the US" has done a better job of explaining Edward Snowden to the masses than most news networks. His target demographic is Millennials, and he's very popular.

Yeah - This carries some weight.

⬐ dfc

OP said "We need every single non-technical person in the world to understand this clearly." You are talking about one non-technical person, from outside the US, who reads, writes and speaks English fluently, lives in NYC with his American wife and has an above average income because of the wildly popular television show on HBO that he hosts. John Oliver is hardly representative of the other billions of non-technical people from outside of the US.

  > Yeah - This carries some weight. 

A February poll by Reuters has 46% of Americans supporting Apple, the number jumped to 64% for people 18-39 years of age and a more recent WSJ/NBC poll of registered voters puts the number at 47%. What percentage of John Oliver's audience do you think changed their opinion after seeing the show and now support Apple? Or do you consider comedic reinforcement of a previously held belief is "carrying some weight"?

⬐ baldfat

A) Yes John Oliver is awesome

B) Holy Crap! A comedian is the best for reporting on issues that are actually important. What a sad state of journalism we have been for the last decade or so.

⬐ kawsper

Comedy is very effective, and I have been a fan of Juice Rap News for a long time, they are really good at breaking things down, explain things with references and asking the right questions.

My favorite is this: https://www.youtube.com/watch?v=o66FUc61MvU

⬐ Renaud

Thanks for that. It's very well done and the message is spot on!

⬐ michaelbuddy

Meh I used to think so, then I saw the lengthy rebuttal that a guy did regarding the Trump episode he did. John Oliver unfortunately can't be trusted in some regards - https://www.youtube.com/watch?v=Jf3vW0e_Wgc

⬐ nitrogen

Is there a transcript somewhere or a 5 minute version? I would like to have a counterpoint to the Drumpf piece but don't have 80 minutes to spend.

⬐ jclulow

It's basically 80 minutes of agonising "Yeah, well, you know, that's just, like, your opinion, man."

⬐ ZoeZoeBee

A counterpoint to the Drumpf piece, Bill Clinton is not a Clinton, he changed his name from his biological father's Blythe.

⬐ jerf

Unfortunately, the problem is that the media isn't any better than a comedian, not that the comedian is very good. Having been on both sides of some of John's issues, I have to say that he is a master of making you think you understand an issue, when in fact you are carefully sealed off from getting even a whiff of what the other side's points may be, with snark and mockery substituted instead. Many people criticize the mainstream media for the fake controversy approach where every issue has two sides no matter how silly, but John Oliver is even worse than that. It's fun, but that's all it is... it is not informative. Only fun.

If you think he's "really good" at covering the issues, I strongly suggest tuning your media consumption; you're not even getting one side of an issue so much as one spoon-fed preparation of one side of an issue. You're dangerously underexposed.

(And to be clear, I do think he is fun. I've watched a goodly number of his videos myself. I'm not saying I don't like his schtick... just that it is a schtick.)

⬐ Lawtonfogle

>Having been on both sides of some of John's issues, I have to say that he is a master of making you think you understand an issue, when in fact you are carefully sealed off from getting even a whiff of what the other side's points may be, with snark and mockery substituted instead.

It is like the people who, when asked about why some thing should be, they respond "Because it is 2016!" And all their supporters laugh and agree and think the argument has been made. Both sides are really strongly set on talking past each other, and on some issues they are often far closer in opinion than they would ever be willing to admit (especially after all the extreme rhetoric was thrown around).

And my absolute favorite, when you make a careful comparison between two issues to show a comparable line of reasoning, a lot of people will just go "They aren't comparable." No discussion, no attempt to explain why they are different, and if you can manage to get them to keep going, you are going to be swimming in a flood of logical fallacies.

⬐ DanielBMarkham

Interesting format. First time I've watched him. This is a pet topic, so I wanted to watch. But I stopped about half-way through.

If you need a joke every 10 seconds or so -- otherwise you lose attention -- I guess it's okay. Seemed to cover this topic well enough. But if you need that amount of humor, if I were you I might want to up my game a bit.

The problem with entertainment disguising itself as useful information is bias. At the end of the day, it doesn't really matter to most people what the guy is saying. His criteria for a successful broadcast is something that emotionally moves folks and that he can make entertain people the maximum amount. The viewer's criteria is to laugh and feel like they now understand some complex subject.

Whether or not the information is biased or not never enters the picture between the two parties. In fact, the more complexity that's introduced, the less likely the material is to be entertaining. Likewise, the more you're laughing, the less you're probably learning. But it doesn't matter because everybody's having a good time. Reminds me of talk radio in the early 90s (except the politics are all different, of course)

⬐ baldfat

My point is still the same take away all the jokes and look at only that facts. John Oliver does a better job at breaking down stories into parts that tell the story better.

John Oliver is entertainment but the News facts are presented better then mainline news.

My case in point: New Neutrality. He singlehandedly turned the whole issue into something people a) could understand b) then decided if it was something they should care about. For YEARS tech community went no where then John Oliver immediately made it into an issue most people understood and changed FCC and Net Neutrality overnight,

⬐ nitrogen

You should watch the entire segment because he "plot twists" a little past half way.

And the jokes are just part of the Last Week Tonight formula. This is information disguising itself as entertainment, not the other way around. Oliver also did a segment recently about special tax districts that was quite informative, as another example of the LWT formula for you to sample.

You get a lot more information from a LWT piece than from traditional news; the comedy bit might even just be to avoid being sued for satirizing living people (maybe "comedians" can get away with more than "journalists").

⬐ jclulow

Is there a particularly egregious example of one-sidedness you can point to?

⬐ baldfat

Example: FCC Chairman Net Neutrality is a good example of his style. Yes he does show the other side and yes it maybe a case of straw-man argument, but for the most part.

Encryption - He shows the FBI public address on the issue and why they are concerned in terms of terrorist. Then shows the Congress and Trump. Points out the ability for the government to "penetrate" any bank, door, etc as needed through a court of law.

Then the issue is the "Pandora's Box" of setting president.

I would like you to show one where there isn't the other side getting their main points presented by John Oliver? Would you be willing to show an example of what shows only one side?

⬐ Lawtonfogle

I'm not sure how much of this is on John Oliver's show and how much of this is due to his followers, but the sentiment to pick on Trump because his last name used to be different when his father immigrated. Imagine if conservatives found that Sanders originally had a more ethnic sounding name and made fun of that... would that have been treated the same? I don't think so.

⬐ baldfat

It was 100% because Trump told Jon Stewart that he should have been proud of his original last name and then years later denied he made fun of it and would have never done so.

Donald Trump's tweet - https://twitter.com/realDonaldTrump/status/32707672042545152...

⬐ jerf

I decline to volunteer a list of the exact ways in which I disagree with the liberal orthodoxy. (Thread derail ho!) I'm sure you'll understand.

He carefully makes sure that any exposure to the "opposite side" is sandwiched with snark on both sides, and to make sure that none of the strong arguments are shown to you. You are not actually being exposed to the other side, just a soundbite carefully processed to remove any possibility that you might even be so much as intrigued, let alone convinced.

Be honest: When have you been "exposed" to one of these viewpoints and even experience a hint of "Hmmm, maybe I should dig into that position a bit more, I'm not sure John's right here."? All I'm asking for is a twitch. I bet you're too busy laughing for the thought to even cross your mind. (Again... be honest with me. Don't hypothesize about how maybe somebody else might have. Tell me about whether you followed up on a video's points.)

I'm taking a bit of risk putting this challenge out there, because a lot of people read these posts and of all those people, there almost has to be one person who actually can tell a story about how they followed up and came to a conclusion that disagreed with John. But I dunno... I've probably still got decent odds, and I'm quite sure there won't be a long stream of them below this concept.

And let me reemphasize my core point here, which is not that I really expect that much more from a comedian (you are laughing, because he is pretty funny, after all), but that the media doesn't do any better. John isn't doing anything particularly wrong. He ought to be the dessert part of your balanced news and media diet; it's not the dessert's fault that the rest of the meal is short on nutrients.

⬐ dropdatabase

You forgot to give an example to illustrate your point

⬐ baldfat

1) My point was what a bad place we are in when a Comedian does a better job covering a story. When I know the facts of an issue John Oliver has actually covered the issue MUCH better then News Media.

2) I think you turned this into something else completely :) Please don't be the facts don't matter everything is bias and then never care about what common ground facts people can hold on to. Example Obama going to SxSW for a "Entertainment" festival instead of going to Nancy Reagan's funeral. a) SxSW is also a major technology gathering (We all know that here) b) no other President went to a funeral of a first lady for decades and it was the job of the first lady.

> I decline to volunteer a list of the exact ways in which I disagree with the liberal orthodoxy.

Wait we are talking points of John Oliver not showing both sides. I am Pro-Life and I disagreed with him and he would with me also. Facts are different then conclusions. I never get mad at people for coming to a different conclusion if we both have access to the same facts. I am asking for an example where he doesn't show both sides like you were saying.

Also your tone is a "wee-bit" offensive. I use to be a Systems Librarian and to this day I check everyone's facts with them in person. My kids when they hear something take the phone and ask Google for the answer.

  I wasn't saying HE IS FUNNIES I said he covered the story better. It is the fact that no one else covered Net Neutrality in a balanced or informed way at all. The issue had zero traction till John Oliver did his piece. The reason why is he was informed and presented it in a way the general public could understand and they could come up to a conclusion of gee John is right or wrong for themselves.