French going after Apple
iPhone encryption now
Ping!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Posted on 03/02/2016 12:16:38 AM PST by Swordmaker
France will consider a law that would impose fines of €1 million on Apple and Google if they refused to hack into smartphones belonging to terrorists.
On Monday, French Socialist MP Yann Galut proposed an amendment to French law that - if passed - would see the US companies punished if they didn't give French officials backdoor access to terrorists' phones.
In France last year, there were eight phones that were inaccessible to police - all tied in some way to terror attacks, reports Le Parisien.
Galut said on Monday that companies like Apple and Google should be fined up to €1 million when they didn't cooperate in such cases.
"We are faced with a legal vacuum when it comes to data encryption, and it's blocking judicial investigations" he told Le Parisien newspaper.
"Only money will force these extremely powerful companies like Apple and Google to comply," he said.
Galut added that such companies were operating under "total bad faith".
"They are hiding behind a supposed privacy protection, but they're quick to make commercial use of personal data that they're collecting," he said.
He stressed that his proposed amendment would not affect the privacy of the common public, only those who are under investigation.
The case comes as Apple is embroiled in a legal battle in the US after a judge ordered the tech giant to find a way to unlock the encrypted iPhone of a gunman in the deadly San Bernardino shootings.
At a tech conference in Paris last week, Google chief Sundar Pichai expressed his support for Apple in its standoff with the FBI, warning that creating so-called "backdoors" into encrypted communications could have "bad consequences".
"We want to take a very strong stance against any form of backdoor whatsoever," Pichai said during the conference at the Sciences Po university, reported AFP.
"When you create backdooors it leads to very, very bad consequences which always ends up harming users."
Apple has won the backing of a number of Silicon Valley firms in its legal fight, with Facebook's Mark Zuckerberg saying Monday that he was "pretty sympathetic" with Apple's quandary.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
only $1 million? That’s peanuts unless its per day
Maybe background checks should be done when an iphone is bought.
Then apple would cease operations.
Unless it is a million Euros a day, Apple will just consider the fine as a cost of doing business. It would lose a lot more than a million Euros if it installed a backdoor.
Apple wont put in a backdoor.
Current iPhones (iOS 8 & 9) employ AES 256 encryption....they gonna ban that?? The FBI requested help/”hack” is to disable the “10 tries then erase” feature and the “timer” function that requires more & more time between password tries...these 2 things help prevent “brute force” password cracking. Even if Apple fully cooperated with the FBI/France, if the terrorist used a long (>12 alphanumeric characters) password then the FBI/France are out of luck. They are hoping the password is short (4 or 6 characters and only numbers) then they have a chance to “brute force” it.
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://www.eetimes.com/document.asp?doc_id=1279619
I would never say never, but it would take a lot more than any single country to force its hand.
What I don’t get is why the FBI can’t clone the SSD (then make clones of the clone, probably preserving copies as evidence, etc). Put the cloned SSDs in apple phones and go brute force. Maybe the passcode is salted with a UUID on the phone that is not on the SSD?
Oh yeah, forgot something:
Go %^*&^$&*@# yourselves you cheese eating sunburnt armpit surrender monkeys.
I am not an iPhone hardware/software expert by any means, but from what I have read something called the “secure enclave”(hardware & software) would prevent a successful “memory clone job”. See this starting at page 7: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
flr
Here is a basic explanation of why not:
The key to the data encryption is constructed from the user's passcode which is entangled with a unique device ID (UID), plus a device Group ID (GID), plus a random number which was generated at the time the original user's passcode was input by polling certain sensors on the iPhone, the camera, the microphone, and the accelerometer, and combining them to generate a truly random number. The user's passcode is NOT stored on the device at all, nor is the final data encryption key. Instead one-way HASHES are calculated and those are stored in an inaccessible area of the A5 (iPhone 4S and 5) and A6 (iPhone 5C from San Bernardino) processors called the Encryption Engine. On the A7, A8, A9 and later System on a Chip processors of the iPhone 5S, 6, 6 Plus, 6S and 6S plus, these are stored in a very secure specialized processor called the Secure Enclave processor.
For both the Encryption Engine and the later Secure Enclave, the UID which is unique to each is randomly assigned and burned into the silicon as is the GID for the model of device it will be installed in during the manufacturing process. Also burned in to the silicon will be the algorithms randomly assigned to those devices for calculating one-way hashes and doing the encryption key entanglements. No records are kept of what UID, algorithms, etc. are burned into these secure silicon chips. There is no way of learning what they are. These secure areas are WRITE ONLY from outside for any additional data such as the user passcode input and random number seeds, and data in them can not be read by any external system or app software, nor can data in them, or any of the burned UID or algorithms they contain be read by any diagnostic hardware. Their processing is done entirely internal to themselves.
They are registered with the A(X) processor and with the Secure Boot system ROM. If the exactly correct chips are not present, or have been modified, the iPhone will not boot. In the case of the A5 and A6, both the processor and the Secure Boot ROM have to match. With the A7 and above, the processor, the Boot ROM, and the Secure Enclave have to be present and match for a boot to proceed.
Either one of these will construct the key for the data each time using the user's passcode, entangling it with the UID, GID, the stored random random number kept in the secure location. This key can be as small as 132 characters or as large as 256. It's variable. The characters can be any of the 233 available in Apple's set. However, just assuming the 132 length key, to try every possible key to brute force the data would take 5.62 UNDECILLION YEARS! That 5.62 X 10195 Years. . .
It seems to me that the police desk duty and IT departments are developing an unhealthy appetite for digital evidence.
Right now police are probably resenting being thought of as stupid thugs, reacting slowly to real world crime, much of which occurs in the digital world these days. However, if the police can crack arbitrary cell phones, then they get a potentially infinite amount of digital data that they can access from the comfort of their desks without having to do any potentially difficult, complicated, or dangerous leg work. who can blame the pencil pushing desk duty police for being lazy and wanting to be admired instead of derided? it is human nature. with the digital information from people’s cell phones, the desk duty police and their IT departments (aka digital crime investigators) can keep themselves busy for years cracking cell phones— or maybe not, if the cell phone companies give them back door keys— and then finding, collecting, and examining people’s *private* photos and videos. (who knows, the police could even come up with new potential sex crimes after watching enough of these videos!) at any rate, it is no longer up to the individual.
the trend is for police to have more and more private information. this is already the case with airplane travel— you need “global entry” registration and ID to navigate the homeland security checkpoints efficiently.
the trend for cell phones is, sadly, registration. the registration would include a backdoor key and enable remote upload of all information upon demand by police at any time for any reason. people would not be *required* to register. however the question would no longer be “why give up the cell phone” but “why not register your cell phone” and “what do you have to hide by not registering your cell phone?” registering the cell phone would then be similar to an inoculation against police permanent confiscation of the cell phone in cases in which an civilian cell phone user happens to be near the scene of a possible crime. when would such civilians get their cell phones back? as soon as the police crack the cell phones and can access the data in an unencrypted manner, investigate all the data found for potential evidence of (any and every) criminal statute (not limited to terrorism, not limited to third parties), and once all of the potential investigations, trial(s) and appeals are completed. that could of course take several years, and in that time, much evidence in the lockers can get stolen, misplaced, or damaged, or mfgr tech support for the cell phone is discontinued, at which point the cell phone becomes unreliable and therefore worthless to the civilian.
(but at least the desk duty police and their IT administators would be happy.)
“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
I love analogies so here is my lame attempt to construct one —
France : Apple :: 1 flea : St. Bernard
Funny how Apple has no problem fighting against counter terror efforts yet when presented with similar opportunities to stand for privacy they don’t hesitate to roll over and cave to the demands of Chinese communists.
Says it all, right there ...
even 14 lowercase characters with a few spaces thrown in would cause them severe heartburn (an easily remembered “pass phrase”).
There was some interesting reading here:
http://security.stackexchange.com/questions/60691/length-of-passwords-that-are-rainbow-table-safe
I believe the last response was the most informative, but there are others there that provided very good info.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.