[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

ianG iang at iang.org
Fri Mar 29 06:02:32 EDT 2013

On 29/03/13 06:42 AM, Jon Callas wrote:

> I don't believe that it is in the interests of a company to shaft its customers. ...

Right, this is why I like Apple.  This is the same secret as in the 
gambling industry.  The house always wins -- so why bother cheating? 
Better to actually go the other way and be ultra honest and work to your 
customers needs.  Indeed, in casinos, they hand free money out at the 
slightest complaint, it's called "comping".  Why?  Coz 99 out of 100 
customers will simply play the money back into the house.

> Let me ask again -- what could an LE or GOV offer that would be better than being cool?

Be More Cool?

The LEAs might be stupid (a better term might be "behind") but the 
spooks definitely aren't.   The latter have been working on how to 
breach organisations for about a century (in the USA, several centuries 
elsewhere), they wrote the manual on it many times over.  It's their 
job, why do we subconsciously think we can defeat them at it because 
we're smarter or cooler?

There are ways to seduce such an organisation.  Share work on a cool 
secret project [0].  Once inside, loyalties can be shifted, rich 
contracts can be loaded with conditions, products can be shifted.

A second way is to offer cool people, who have primary loyalties that 
one doesn't notice.  If we recall 20 year pensions, this is surprisingly 
easy to arrange.  Ask your HR department how they'd feel about employing 
someone with 20 years of experience in secret spook technology. 
Recently retired, looking for a new challenge!

HR are going to be highly positive about this person.  They will see 
talk of potential conflicts of interest as blather from over imaginative 
geeks living in conspiracy la-la land.  Once a high-tech business model 
gets rolling, the demand for good techs is insatiable.


[0]  Apropos other thread on DES and 56 bit keys:

"NSA worked closely with IBM to strengthen the algorithm against all 
except brute force attacks and to strengthen substitution tables, called 
S-boxes. Conversely, NSA tried to convince IBM to reduce the length of 
the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key.[9]"

Apparently in their own words, the NSA manipulated a cool project by 
being cooler.  As another pointer, Ross Anderson once posted about an 
article in "Foreign Policy" journal (memory may trick me here) which 
outlined how they manipulated the South African crypto industry.

More information about the cryptography mailing list