[cryptome] Re: USG v Apple: Bruce Schnieir on Farook's Iphone

  • From: douglas rankine <douglasrankine2001@xxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Sun, 13 Mar 2016 19:55:24 +0000

see url: https://cryptome.org/2016/03/obama-crypto-sxsw.htm

POTUS says in the last para in his speech...
Quote<<<But we’re going to need the tech community, the software designers, the people who care deeply about this stuff to help us solve it. Because what will happen is if everyone goes to their respective corners and the tech community says ‘Either we have strong, perfect encryption or else it’s Big Brother and an Orwellian world,’ what you’ll find is that after something really bad happens, the politics of this will swing, and they will become sloppy, and rushed, and it will go through Congress in ways that have not been thought through. And then you really will have dangers to our civil liberties because the people who understand this best, who care most about privacy and civil liberties, will have disengaged or taken a position that is not sustainable for the general public as a whole over time. >>>End of quote

That's another one of the dangers...

On 13/03/2016 18:33, Sean Lynch wrote:

On Mar 13, 2016 04:37, "douglas rankine" <douglasrankine2001@xxxxxxxxxxx <mailto:douglasrankine2001@xxxxxxxxxxx>> wrote:
> see url: https://www.schneier.com/blog/archives/2016/02/decrypting_an_i.html
> Interesting article exploring Schnieirs views about issues around the USG v Apple case.
> Quote<<<And while this sort of attack might be limited to state actors today, remember that attacks always get easier. Technology broadly spreads capabilities, and what was hard yesterday becomes easy tomorrow. Today's top-secret NSA programs become tomorrow's PhD theses and the next day's hacker tools. Soon this flaw will be exploitable by cybercriminals to steal your financial data. Everyone with an iPhone is at risk, regardless of what the FBI demands Apple do>>>End of quote.

He sort of glosses over the need to have a copy of Apple's code signing key. While it's true that a "bank robbery attack" is easier than needing to tear down the chips and use an electron microscope or something, pretty much all crypto is vulnerable to this same attack. I agree with him that Apple can and must fix this problem, I think there's a risk that anyone reading the article might think that the FBI's demands here don't matter, or that it would be "OK" for the government to go after Apple's code signing key instead.

Other related posts: