[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

Adam Back adam at cypherspace.org
Fri Mar 29 08:31:38 EDT 2013


I dont buy this "it wouldnt be cool so a consumer company wouldnt do it"
argument.  Seemingly companies are very susceptible to law enforcement,
legal and government influence and pressure.  I guess people are forgetting
the hushmail episode.  And the CA episodes.  And much more recent microsoft
skype rumors and partial confirmations.  The NSA illegal spying and the
telco complicity and post-hoc legal immunity given for their illegal
activites.

Lots of similar arguments could be and I think some were made about how it
would be commercial suicide for various things to happen, and yet they
happened, it came out eventually in a few cases.  I do not take this to mean
its rare, I take it to mean companies PR departments know when to shutup,
company officers know to not defy gag orders.  Depending on the architecture
it can be very difficult to detect or technically verify.

Basically in the decades since commercial crypto export got liberalized, and
the civilian crypto community thought they won, the dark side has not been
idle, indeed they have been very very busy and quiet.

Consider:

- commercial and government operated CA malfeasance issuing certs for MITM
   boxes

- real-time GSM decryption and monitoring

- recording for decades position of all GSM phones in most western countries

- influence of companies via implied or explicit threat of loss of lucrtive
   government contract

- appeals to nationalism or four horsemen arguments

- echelon persists and its use has been increasingly turned inwards on the
   countries own population.  That leads towards abuse of such facilities for
   more and minor crimes, even down to surveillance of activists rightly
   protesting against illegal corporate or illegal government activities.

- ramped up surveillance and keyword watching of the internet, massive data
   farms to store it for post-hoc fishing

- selling wide scale mass surveillance to dodgy regimes with human rights
   issues.  You think western country spooks arent using those against their
   own popultion?  Push the right buttons and western anti-corruption
   activists get targetted also.

Do you think if apple has the technical mechanism because of the
architecture, if not the softare, do you think they would refuse to develop
the software if law enforcement came with some plausible sounding urgent
high level demand?  Or a sealed court order requiring that the a company has
to code a backdoor, or implement a targettable MITM, and on penalty of
imprisonment for disclosure.  Right?  Its not like it hasnt happened before
- hushmail, probably others - after all they try to legally gag the people
so ordered.  Secret laws, the US has those; the legal ability to order
people not to disclose law enforcement requests - that too.

I think this whole thing is an iceberg and we're seeing the tips of odd
things that have become pubic knowledge.  Given the scale of the security
and intrusion aspect of the military industrial complex, its not surprising.

And if you did know something you sure wouldnt be whistle-blowing against
apple.  Apple is notoriously litigious.  So insiders either wouldnt know or
they'd keep quiet on the whole topic because they'd be subject to gag
orders, and Apple itself would bring its legal focus on to the former
employee if they spoke out of turn.

btw as to coolness, I think Apple is much more evil thank microsoft - walled
gardens, suing competitors over frivolous and abusive patent claims,
excessive secrecy, clear conflict of interest app removals, abuse of DRM for
device lock down, none of this is cool to me.  Cool to me is open and under
MY control.

Adam

On Thu, Mar 28, 2013 at 08:42:55PM -0700, Jon Callas wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>On Mar 28, 2013, at 6:59 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>
>> On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas <jon at callas.org> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> [Not replied-to cryptopolitics as I'm not on that list -- jdcc]
>>>
>>> On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
>>>
>>>>> Do hardware manufacturers and OS vendors have alternate methods? For
>>>>> example, what if LE wanted/needed iOS 4's hardware key?
>>>>
>>>> You seem to be talking about a single iOS 4 hardware key. But each device
>>>> has its own. We don't know if Apple actually has retained copies of that.
>>>
>>> I've been involved in these sorts of questions in various companies that I've worked.
>> Somewhat related: are you bound to some sort of non-disclosure with
>> Apple? Can you discuss all aspects of the security architecture, or is
>> it [loosely] limited to Apple's public positions?
>
>- From being there, Apple's culture and practices are such that everything they do is focused on making cool things for the customers. Apple fights for the users. The users' belief and faith in Apple saved it from near death. Everything there focuses on how it's good for the users. Also remember that there are many axes of good for the users. User experience, cost, reliability, etc. are part of the total equation along with security. People like you and me are not the target,  it's more the proverbial "My Mom" sort of user.
>
>Moreover, they're not in it for the money. They're in it for the cool. Obviously, one has to be profitable, and obviously high margins are better than low ones, but the motivator is the user, and being cool. Ultimately, they do it for the person in the mirror, not for the cash.
>
>I believe that Apple is too closed-mouthed about a lot of very, very cool things that they do security-wise. But that's their choice, and as a gentleman, I don't discuss things that aren't public because I don't blab. NDA or no NDA, I just don't blab.
>
>
>> I regard these as the positive talking points. There's no slight of
>> hand in your arguments, and I believe they are truthful. I expect them
>> to be in the marketing literature.
>>
>>>>> I suspect Apple has the methods/processes to provide it.
>>>> I have no more evidence than you do, but my guess is that they don't, for
>>>> the simple reason that if they did that fact would leak out. ...
>>> And that's just what I described above. I just wanted to put a sharper point on it.
>>> I don't worry about it because truth will out. ...
>> A corporate mantra appears to be 'catch me if you can', 'deny deny
>> deny', and then 'turn it over to marketing for a spin'.
>>
>> We've seen it in the past with for example, Apple and location data,
>> carriers and location data, and Google and wifi spying. No one was
>> doing it until they got caught.
>>
>> Please forgive my naiveness or my ignorance if I'm seeing things is a
>> different light (or shadow).
>
>Well, with locationgate at Apple, that was a series of stupid and unfortunate bugs and misfeatures. Heads rolled over it.
>
>- From what I have read of the Google wifi thing, it was also stupid and unfortunate. The person who coded it up was a pioneer of wardriving. People realized they could do cool things and did them without thinking it through. Thinking it through means that there are things to do that are cool if you are just a hacker, but not if you are a company. If that had been written up here, or submitted at a hacker con, everyone would have cheered -- and basically did, since arguably a pre-alpha of that hack was a staple of DefCon contests. The superiors of the brilliant hackers didn't know or didn't grok what was going on.
>
>In neither of those cases was anyone trying to spy. In each differently, people were building cool features and some combination of bugs and failure to think it through led to each of them. It doesn't excuse mistakes, but it does explain them. Not every bad thing in the world happens by intent. In fact, most of them don't.
>
>>
>> Apple designed the hardware and hold the platform keys. So I'm clear
>> and I'm not letting my imagination run too far ahead:
>>
>> Apple does not have or use, for example, custom boot loaders signed by
>> the platform keys used in diagnostics, for data extraction, etc.
>>
>> There are no means to recover a secret from the hardware, such as a
>> JTAG interface or a datapath tap. Just because I can't do it, it does
>> not mean Apple, a University with EE program, Harris Corporation,
>> Cryptography Research, NSA, GCHQ, et al cannot do it.
>
>I alluded to that before. Prying secrets out of hardware is known technology. If you're willing to destroy the device, there's a lot you can do, from decapping the chip, to just x-raying it, etc.
>
>>
>> A naturally random event is used to select the hardware keys, and not
>> a deterministic event such as hashing a serial number and date of
>> manufacture.
>>
>> These are some of the goodies I would expect a manufacturer to provide
>> to select customers, such as LE an GOV. I would expect that the
>> information would be held close to the corporate chest, so folks could
>> not discuss it even if they wanted to.
>
>Really? Why?
>
>I don't believe that it is in the interests of a company to shaft its customers. I'm not saying that none of them do -- I've been to bars where they water the drinks. I'm saying that the statement, "why *wouldn't* they water the drinks, it makes sense to water the drinks because you make more money that way" says a lot about what the speaker knows about business. You actually make more money by not watering the drinks and not having specials. It's brilliant. Instead of being in a race-to-the-bottom spiral of lowering margins as well as the gross cost (which makes for an n^2 income drop), they sell only the high-margin, up-market product at a competitive price for up-market goods. That way you get a higher margin on a higher gross, which makes for an n^2 advantage.
>
>Let me ask again -- what could an LE or GOV offer that would be better than being cool? Being a snitch, being a sell-out isn't cool. Lots of people don't get that. To them, money is more important than being cool. And all that means is they aren't cool. Some of those people are rich, which is good for them, but money can't buy cool.
>
>	Jon
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Universal 3.2.0 (Build 1672)
>Charset: us-ascii
>
>wj8DBQFRVQ3EsTedWZOD3gYRAiMLAKDPjaaBh2c1bxdnJGcn2kCYcp7IvACfY/AI
>VbqjxxSpO/ju+7/Qn3bbrKk=
>=qWPa
>-----END PGP SIGNATURE-----
>_______________________________________________
>cryptography mailing list
>cryptography at randombit.net
>http://lists.randombit.net/mailman/listinfo/cryptography


More information about the cryptography mailing list