[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

Kevin W. Wall kevin.w.wall at gmail.com
Thu Mar 28 20:24:39 EDT 2013


On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas <jon at callas.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [Not replied-to cryptopolitics as I'm not on that list -- jdcc]

Ditto.

> On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
>
>>> Do hardware manufacturers and OS vendors have alternate methods? For
>>> example, what if LE wanted/needed iOS 4's hardware key?
>>
>> You seem to be talking about a single iOS 4 hardware key. But each device
>> has its own. We don't know if Apple actually has retained copies of that.
>
> I've been involved in these sorts of questions in various companies that I've worked. Let's look at it coolly and rationally.
>
> If you make a bunch of devices with keys burned in them, if you *wanted* to retain the keys, you'd have to keep them in some database, protect them, create access  controls and procedures so that only the good guys (to your definition) got them, and so on. It's expensive.
>
> You're also setting yourself up for a target of blackmail. Once some bad guy learns that they have such a thing, they can blackmail you for the keys they want lest they reveal that the keys even exist. Those bad guys include governments of countries you operate or have suppliers in, mafiosi, etc. Heck, once some good guy knows about it, the temptation to break protocol on who gets keys when will be too great to resist, and blackmail will happen.
>
> Eventually, so many people know about the keys that it's not a secret. Your company loses its reputation, even among the sort of law-and-order types who think that it's good for *their* country's LEAs to have those keys because they don't want other countries having those keys. Sales plummet. Profits drop. There are civil suits, shareholder suits, and most likely criminal charges in lots of countries (because while it's not a crime to give keys to their LEAs, it's a crime to give them to that other bad country's LEAs). Remember, the only difference between lawful access and espionage is whose jurisdiction it is.
>
> On the other hand, if you don't retain the keys it doesn't cost you any money and you get to brag about how secure your device is, selling it to customers in and out of governments the world over.
>
> Make the mental calculation. Which would a sane company do?
>

All excellent, well articulated points. I guess that means that
RSA Security is an insane company then since that's
pretty much what they did with the SecurID seeds. Inevitably,
it cost them a boatload too. We can only hope that Apple
and others learn from these mistakes.

OTOH, if Apple thought they could make a hefty profit by
selling to LEAs or "friendly" governments, that might change
the equation enough to tempt them. Of course that's doubtful
though, but stranger things have happened.

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein


More information about the cryptography mailing list