[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

Jon Callas jon at callas.org
Thu Mar 28 23:42:55 EDT 2013

Hash: SHA1

On Mar 28, 2013, at 6:59 PM, Jeffrey Walton <noloader at gmail.com> wrote:

> On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas <jon at callas.org> wrote:
>> Hash: SHA1
>> [Not replied-to cryptopolitics as I'm not on that list -- jdcc]
>> On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
>>>> Do hardware manufacturers and OS vendors have alternate methods? For
>>>> example, what if LE wanted/needed iOS 4's hardware key?
>>> You seem to be talking about a single iOS 4 hardware key. But each device
>>> has its own. We don't know if Apple actually has retained copies of that.
>> I've been involved in these sorts of questions in various companies that I've worked.
> Somewhat related: are you bound to some sort of non-disclosure with
> Apple? Can you discuss all aspects of the security architecture, or is
> it [loosely] limited to Apple's public positions?

- From being there, Apple's culture and practices are such that everything they do is focused on making cool things for the customers. Apple fights for the users. The users' belief and faith in Apple saved it from near death. Everything there focuses on how it's good for the users. Also remember that there are many axes of good for the users. User experience, cost, reliability, etc. are part of the total equation along with security. People like you and me are not the target,  it's more the proverbial "My Mom" sort of user.

Moreover, they're not in it for the money. They're in it for the cool. Obviously, one has to be profitable, and obviously high margins are better than low ones, but the motivator is the user, and being cool. Ultimately, they do it for the person in the mirror, not for the cash.

I believe that Apple is too closed-mouthed about a lot of very, very cool things that they do security-wise. But that's their choice, and as a gentleman, I don't discuss things that aren't public because I don't blab. NDA or no NDA, I just don't blab.

> I regard these as the positive talking points. There's no slight of
> hand in your arguments, and I believe they are truthful. I expect them
> to be in the marketing literature.
>>>> I suspect Apple has the methods/processes to provide it.
>>> I have no more evidence than you do, but my guess is that they don't, for
>>> the simple reason that if they did that fact would leak out. ...
>> And that's just what I described above. I just wanted to put a sharper point on it.
>> I don't worry about it because truth will out. ...
> A corporate mantra appears to be 'catch me if you can', 'deny deny
> deny', and then 'turn it over to marketing for a spin'.
> We've seen it in the past with for example, Apple and location data,
> carriers and location data, and Google and wifi spying. No one was
> doing it until they got caught.
> Please forgive my naiveness or my ignorance if I'm seeing things is a
> different light (or shadow).

Well, with locationgate at Apple, that was a series of stupid and unfortunate bugs and misfeatures. Heads rolled over it.

- From what I have read of the Google wifi thing, it was also stupid and unfortunate. The person who coded it up was a pioneer of wardriving. People realized they could do cool things and did them without thinking it through. Thinking it through means that there are things to do that are cool if you are just a hacker, but not if you are a company. If that had been written up here, or submitted at a hacker con, everyone would have cheered -- and basically did, since arguably a pre-alpha of that hack was a staple of DefCon contests. The superiors of the brilliant hackers didn't know or didn't grok what was going on.

In neither of those cases was anyone trying to spy. In each differently, people were building cool features and some combination of bugs and failure to think it through led to each of them. It doesn't excuse mistakes, but it does explain them. Not every bad thing in the world happens by intent. In fact, most of them don't.

> Apple designed the hardware and hold the platform keys. So I'm clear
> and I'm not letting my imagination run too far ahead:
> Apple does not have or use, for example, custom boot loaders signed by
> the platform keys used in diagnostics, for data extraction, etc.
> There are no means to recover a secret from the hardware, such as a
> JTAG interface or a datapath tap. Just because I can't do it, it does
> not mean Apple, a University with EE program, Harris Corporation,
> Cryptography Research, NSA, GCHQ, et al cannot do it.

I alluded to that before. Prying secrets out of hardware is known technology. If you're willing to destroy the device, there's a lot you can do, from decapping the chip, to just x-raying it, etc.

> A naturally random event is used to select the hardware keys, and not
> a deterministic event such as hashing a serial number and date of
> manufacture.
> These are some of the goodies I would expect a manufacturer to provide
> to select customers, such as LE an GOV. I would expect that the
> information would be held close to the corporate chest, so folks could
> not discuss it even if they wanted to.

Really? Why?

I don't believe that it is in the interests of a company to shaft its customers. I'm not saying that none of them do -- I've been to bars where they water the drinks. I'm saying that the statement, "why *wouldn't* they water the drinks, it makes sense to water the drinks because you make more money that way" says a lot about what the speaker knows about business. You actually make more money by not watering the drinks and not having specials. It's brilliant. Instead of being in a race-to-the-bottom spiral of lowering margins as well as the gross cost (which makes for an n^2 income drop), they sell only the high-margin, up-market product at a competitive price for up-market goods. That way you get a higher margin on a higher gross, which makes for an n^2 advantage.

Let me ask again -- what could an LE or GOV offer that would be better than being cool? Being a snitch, being a sell-out isn't cool. Lots of people don't get that. To them, money is more important than being cool. And all that means is they aren't cool. Some of those people are rich, which is good for them, but money can't buy cool.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii


More information about the cryptography mailing list