Posted on 11/01/2014 6:11:30 PM PDT by Swordmaker
Oh, I'm shaking in my boots. . . NOT!
How much of an idiot do you think I am? That FR thread Is about an article on a Chinese hackers' conference on HACKING Android devices, you idiot, the mobile platform which has 97% of mobile malware written for it because of the vulnerabilities in it!!! The rest of mobile malware is on Symbian, Windows Phone, and RIMM. Nowhere in there is there any report on their success in breaking in to Apple devices.
"He said his team has found similar security vulnerabilities in as many as 70 mainstream handsets, including Google’s Nexus 5 and Samsung’s Galaxy S5.. . .Whoopee duck. . . more Android exploits. I'm especially happy about them hacking Xiaomi. They make Android iPhone 6 knock offs.Other hacking demonstrations at the event involved the Mi Wi-Fi rounter developed by Chinese low cost smartphone maker Xiaomi and the 360 Child Guard tracking bracelet from web security company Qihoo 360.
I respectfully disagree. His rational is that they can take a fingerprint and DNA for ID purposes, not to use them as a tool to open access to other items or locations. For example, they could not take that fingerprint or DNA to a bank or a sealed lock and require the opening of the accounts or the lock merely by possession of them. He noted if the phone were locked with a passcode, then they could not compell opening it. Why not? What difference is there? I have a "curtilage," an expectation of privacy that I have established over this object by placing a security lock on it, regardless of how I've locked it.
Under the Constitution a piece of paper posted on an unlocked door declaring no entrance should be just as good a seal against official entry as a ten-inch thick bank door protected by any means available to me. What protects me is my RIGHT against unreasonable search and seizure. It is not the physical or puzzle barrier that prevents the authorities from opening that door (or phone) but the strong arm of Constitutional Law. . . and my intent and trust that Law should and will keep them out.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Anything less is Tyranny. . . including quibble points about whether I've locked my "door" with a fingerprint or a single or multiple character passcode. My intent was that no one but myself get access, regardless of the lock method I chose, and my intent is the controlling factor, not the key used to open the lock.
With modern smart iPhones, gaining access to the phone not only gains the authority access to the gigabytes of contents of the iPhone but also to the entire set of data on his iCloud account and other iDevices that may be linked. Finding anything in particular is, by its very nature of necessity, a fishing expedition among a lot of irrelevancies to which they should not be allowed access. ". . . things to be seized." should always be extremely specific, especially when relating to data, images, documents, emails, phone call records, etc., and not be something general such as "everything on a phone."
In Riley v. California (2014), the Supreme Court ruled unanimously that police must obtain a warrant to search an arrestee's cellular phone. The Court said that earlier Supreme Court decisions permitting searches incident to an arrest without a warrant do not apply to "modern cellphones, which are now such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy," and noted that US citizens' cellphones today typically contain "a digital record of nearly every aspect of their lives — from the mundane to the intimate."
There is simply too much there now. If they have to have a warrant for an arrestee, how much more do they need one for something else? Riley was was based on a case brought before iCloud and multiply connected iDevices opened the possibility of opening more than just the named device to search.
Also in Riley:
Justice Samuel Alito wrote an opinion concurring in part and concurring in the judgment, citing his dissent in Arizona v. Gant that called Chimel's reasoning "questionable". That said, he agreed that
"we should not mechanically apply the rule used in the predigital era to the search of a cell phone. Many cell phones now in use are capable of storing and accessing a quantity of information, some highly personal, that no person would ever have had on his person in hard-copy form."
I haven't read the ruling, but it sounds like it's based on a key-combination dichotomy. A locks combination (password) being testimonial which is clearly protected vs. a key (fingerprint) which is not.
"My intent was that no one but myself get access,...."
Maybe so, but you have stated that a warrant is still necessary so 'they' would have authority to access. Your right against self incrimination would be relevant at this point and as long as you are the only one that knows your passcode, and it's not easily hacked, your intentions may prove fruitful
Amen Swordmaker.
It's interesting, is it not, that for years they've used the insecurity of wireless phones, and then later cellphones to claim that we had no 'reasonable expectation of privacy' in our communications. Now we're finally seeing decent cryptographic protocols being deployed to protect our privacy and these same tyrants are trying to claim the right to it anyway. There is no technical barrier to prevent absolutely secure coms from being universally deployed across the entire line of smartphone lines. It would be trivial to implement if the government didn't throw their 500# weight around to prevent it. If we can ever regain a Constitutional government again, we may see the day where wiretapping will be a thing of the past, as it should already be today.
Especially in light of the recent ruling that police can't make you unlock your phone without a warrant in the first place. I don't see this "fingerprint" case is going to survive appeal.
[reposted for formatting screwup]
“for every 1000 inventions proposed, possibly only 1 or 2 will find commercial success.”
A company which has achieved a 1/3 trillion dollar market cap value, with a hardware product lineup which occupies no more than a small desk, has a clue about how to make high-profile high-stakes systems work.
The current risk-reward for CC infrastructure is highly problematic. The “robust” “fire alarm and sprinkler’ system isn’t acceptable at the current rate of breaches, leaving most cards with a stench of lingering smoke and wet carpet along with higher long-term costs of covering what losses do happen. Customers don’t want a CC system featuring “here’s a new card, you’re not liable for anything” every couple years, they want a CC system featuring no breaches ... and Apple Pay currently has no breaches. Yes, there are theories of how it can be breached, and yes, it hasn’t been out for more than a few days (ironically, MCX suffered a major breach during that period), but until you can show actual in-the-wild breaches occurring anywhere within a couple orders of magnitude of the frequency of CC and MCX breaches, don’t bother blathering about vapid handwaving disparagement.
As for your impressive background and capacity to identify winners, I have to wonder what _would_ convince you of a means to overhaul an existing electronic transaction infrastructure, and why that wouldn’t be a “more cash on hand than the US government” company producing tens of millions (and growing fast) of near-overnight adopter/customers with the backing of several-and-growing major banks on top of an existing system so ubiquitous that competitors (MCX) had to shut down NFC support to prevent it from working (and pissing off their customers in the process)? Yeah, maybe Apple Pay will fail. But we’re talking about a company so good at what they’re doing that just minor mistakes make big news, vs competitors whose failures hardly make news save for the sheer staggering scale of fail (see Microsoft Kin) and 996 others that don’t even make news for trying. Yeah, “sure things” go wrong ... but not all of them, this is a “failure is not an option” thing, and making it trivial unto invisible/ubiquitous for hundreds of millions of users on their next device upgrade is about as optimistic as possible.
If you like the current 19 digit number system, continue swiping your plastic or handing it to waiters who walk those numbers to back rooms with cameras. I’d rather it be buried within a proxy token system where whatever number anyone other than the intended recipient sees gets an already-expired code ... and all that in a platform which instantly invalidates the moment I stop touching it.
Are breaches possible in Apple Pay? Yeah, but you have to go so far as lift my fingerprints, know my passcode, and use my device. In security, I’m comfortable with a limit of “if you’re going that far, you win” (say, home security vs. a trained team of breachers using body armor, AP ammo, night vision, and flashbangs). If you’re that motivated to do what it takes to breach my Apple Pay system, what you’ll get from my account isn’t worth your time.
Oh my, look here ... an applephile thrashing about, drowning while shrieking how great the water is and calling names at those who comment how the water is contaminated. It would be funny if it wasn’t so pathetic.
This issue involves what I dub the “rag doll standard” for 4th Amendment protection: if they can achieve their goal using your limp uncooperative body to do it, they can. In this case, we’re looking at a lock which can be opened with your finger - akin to finding a key in your pocket. If they have a warrant to look inside the phone or box, and only need your finger, they can use your limp form to do so. What they can’t do is either invade that storage without a warrant (per _Riley_), or compel you to state the passcode (akin to a combination lock which they lack tools to open without the number in your head - that’s their problem, not yours).
I don’t necessarily like where this line is, but it’s the only “bright line” I can come up with for the subject. If they’ve got a warrant to “enter” the object (physically or informationally), they can use whatever physical items they can manipulate as needed to do so; they just can’t compel/coerce what’s in your head. If they find the key or use your finger and can get in, they can; if they can’t cut the lock or persuade you to state the code, too bad for them.
Resorting to vague insults usually indicates failure.
Your “comment” about how the water is contaminated is akin to those who decry fluoride, arsenic, and other horrors in common tap water at such low levels the consequences are nigh unto nonexistent, while implicitly promoting the alternative of drinking raw sewage.
Is Apple Pay perfect? no. Of course not. Is it orders of magnitude better than the “ignite and sprinkle” system you’re advocating as superior? he11 yes.
Oh my, look here ... an applephile thrashing about, drowning while shrieking how great the water is and calling names at those who comment how the water is contaminated. It would be funny if it wasn’t so pathetic.
"Prohibitively expensive. . ." You are an idiot, Hostage. YOUR CLAIM OF "EASY" WAS REFUTED! Have fun foaming rabidly at the mouth. It appears to be a symptom of terminal MAPS.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.