Law in the Internet Society
In reference to the WSJ article I just added to On the Radar (hope it was ok to add there as well), it really surprised me to see how quickly the government's expectations were set when initially receiving such broad access to data. The reaction to a potential pull back in widespread availability and private sector cooperation indicates a sense of entitlement to all data and an expectation that the private sector is working for them, backed up by the help such access would give in an abduction scenario. Is this entitlement warranted? What does this encryption really mean for consumers and for law enforcement? For anyone who knows more about computers, does the encryption mean law enforcement still cannot get at the information without a warrant, as the article suggests, or just that they would need individualized warrants, like they would in the case of personalized servers discussed in Professor Moglen's speech? Would the encryption guard against access by other private actors to this data?

-- AnnaShifflet - 24 Sep 2014

I find law enforcement's response is astonishing. It is an ideological argument that all information should be potentially available (except of course their own). I look forward to forthcoming calls for bans on shredders and paper. In relation to the abduction scenario it reminded me of the "ticking time bomb" scenario often used to justify torture. These clear cut scenarios never actually happen. Partly its because by the time authorities no there is a bomb, have the suspect, and a timeline they usually have enough information to avert catastrophe without torturing the suspect. Similarly if you know there has been a kidnapping, know who has done it, and have access to that person's phone it is unlikely listening to their voice mail and checking their calender will add for the investigation. I cannot really comment on the technology of encryption beyond what I have read online. I found these links helpful see Cops locked out?; Cops Can Still Pull Data Off a Locked iPhone

-Mathew

I gather that they are talking about some kind of disk encryption. If properly implemented using modern crypto this means that if the device is turned off nobody can access the data on it without the encryption key. The catch is that there isn't any meaningful way to know whether it is properly implemented, notably whether there isn't some hidden process to retrieve the key, like there is now. One might think of this as a safe with 12 inch thick fireproof hardened steel walls (modern encryption) and a faulty lock (the implementation).

Computers generally cannot perform operations on data in encrypted form (besides storing it and moving it around), so the device must be able to decrypt the data at some point to perform its advertised functions. This is usually done by asking the user for the key or the password that unlocks the key when the device is powered on and storing it in memory for the duration of the session. While the key is in memory the data is exposed to the device and potentially exposed to any application running on it. In other words, while the device is in use (this most likely includes while on standby) the safe is open, and the encryption itself is not doing much to protect your data.

In sum, whether with or without Apple's help the data are accessible by law enforcement or anyone else depends on the quality of the implementation of the encryption. Apple's choice to keep their source code secret make it impossible to scrutinize the implementation so we have to take their word for it.

I also recomend this article on Apple's claims and this comic on encryption in general.

-Bastiaan

 

Navigation

Webs Webs

r3 - 01 Oct 2014 - 23:36:47 - BastiaanSuurmond
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM