Fundamentally, if the Supreme Court took that position I can see how it makes sense. It is unreasonable to sue someone to go on a fishing expedition to see what they might have done wrong.
Realistically, the constitution lost most of its staying power a long time ago. The judiciary can't actually stop the rest of the government if it is united on launching a mass surveillance program - and the evidence suggests there is bipartisan support for it both between parties and between the executive and legislative branches.
The later is contingent upon the former. You have to know how they might be breaking into your phone to assertain the evidence that they are so you can sue for relief.
i.e. you must be able to show harm to sue for relief.
I'd think that getting them to confirm what methods they're using would shorted the shelf-life of those methods a fair bit. Which I suppose fits with them pushing back as hard as they can.
Could someone ELI5 how this is even conceptually possible? I suppose that is exactly what the ACLU was trying to find out, but I thought something like AES-256 should be impossible in principle to break.
So what type of thing is most likely happening? Are hardware vendors secretly installing back doors? is there some sort of software encryption standard that's compromised? Or some kind of secret breakthrough in computation theory that easily "solves" encryption? Or maybe, bolstered by NSA surveillance, they just know passwords and unlock codes to devices?
Again, I understand that that is the exact mystery here, but I would appreciate knowing if one or more of the possibilities is conceptually more likely than the others.
Usually the weakest link in any crypto system is the code surounding it. AES-256 is very solid, but using it correctly can be hard. Apple knows what they are doing but they are still human.
For example if this is a lock screen bypass (and not a bypass of say the start up process before the key is entered), maybe some memory corruption issue allows you to bypass the password check. Or another example, many people use short numeric pins to encrypt their phones. Apple then does a lot of complex stuff to take that and turn it into a high entropy key. Maybe this is an exploit in that part, allowing for a bruteforce attack.
These are all just wild gueses, i have no idea what these capabilities are or for that matter, i dont really know very much about how iphone FDE works.
* The hdd in a phone that is not powered off is mounted. It takes an exploit in OS to pass the Lock Screen or read the RAM.
* The vast majority of people don’t have long alphanumerical passwords. The short pins can be broken.
* Some manufacturing companies don’t handle encryption keys properly. Synology NAS stores the keys next to the encrypted data for automatic access upon boot (unless you change the default and store the keys on an encrypted USB or enter keys manually upon boot).
* There are sometimes bugs in algorithm implementations, especially if a company roles its own crypto with closed source software.
* Sometimes encryption keys are not properly generated. Bad RNGs were a thing for a long time.
* And of course there could be back doors for law enforcement.
They are likely using GreyShift or Cellbrites UFED or similar products. Most of them leverage exploits in the phone that are usable on the lock screen to either enable you to bypass the lock screen or to allow you to have unlimited password guesses then brute force the password.
According to this[1] Twitter thread, it's a matter of convenience outweighing security. Phones keep the encryption keys used for most apps in memory so the apps can do background work while the phone is locked.
Most PINs or passwords are so short that they would be easy to brute-force but phones have anti-brute-force mechanisms. So maybe there's a tool that does that.
In my opinion, if they want a few shortcuts and hints they need to first talk to the wireless switch engineers and ask them if they've directly received any gag orders from the feds, or indirectly threats from their management. Back in the 90's, we used to update the firmware over the air. We could rewrite anything anywhere on the phone. Officially we did not do this, not because of any secrets or conspiracy... The fear was that if customers found out we could do this, it would be a support nightmare and not cost sustainable. We made the business decision to not update the phones over the air to avoid the risk of bricking any of them. This was only done for really bad firmware bugs and only to specific phones. As a result the phones would become out of date and people would eventually buy new ones. The reason I mention this is that if you can rewrite the firmware and reboot the phone, then you can intercept anything related to encryption, keys, passwords, etc... I have no idea what capabilities are in place now, but I would be very surprised if they regressed from what we could do in the 90's.
There are rumors of recent-model iPhones receiving "carrier setting" updates not documented on the carrier's website (they should be), occasionally followed by instability (crash, refusal to boot, refusal to reboot on battery power alone).
Fallacy of encryption: the algorithms are secure, it is the random numbers that are backdoored, but you cannot ever prove that.
--> How? The random numbers that servers use are chosen from a list if you will as opposed to true zener diode type shit.
You cannot prove this, but this is how I would do it if asked, and I am pretty sure RSA does this if not mistaken.
Yes, but this leads to corporate "contractors" and the secrets become intellectual property/trade secrets and there is nothing under the sun to FOIA those, even if that corporation has more 11 star generals than call of duty
In the last 10-15 years ACLU has moved away from being politically neutral (and has publicly stated so), so one might easily see this action as an attempt to undermine the government's capabilities rather than to legitimately protect the freedoms of Americans.
Believing that americans should have freedom is not a politically neutral position.
Y'all literally fought a war over that very question back in the 1700s.
Hell, is there any question less political than to what extent individual freedoms should be trumped by the state and the collective "good"? That, in its various forms, is the fundamental political question from which all other political questions follow.
The ACLU has lost a great deal of moral clarity once they began taking on political positions. They no longer have the clout they once had, in the eyes of many.
Limiting the governments capabilities is the very essence of what it means to protect freedom of private citizens. Throughout history there is no case of continual government expansion which leads to more freedom of its citizens.
Consumer privacy has been politicized as it entered the public consciousness. Parties have taken sides.
I don't see another choice for them. The populist authoritarian streak taking hold in many country's right wing parties goes against much of what the ACLU stands for.
If law enforcement has a valid search warrant to access the data stored on a device then the "how" is irrelevant. It doesn't matter how they bypass the encryption, self created forensic tools or vodoo encantation, the action is legal. The lawsuit will go nowhere and they know it. It is a fundraising ploy.
What the ACLU should be demanding is "show us the warrants".
According to the article, they are suing related to FOIA record requests. Whether or not the fbi is doing something illegal with encryption sounds pretty unrelated to whether their response to the foia request was legal.
> What the ACLU should be demanding is "show us the warrants".
Before the ACLU can ask that, they need to see that the FBI are breaking encryption. This is shown in some court documents (where there are warrants).
So the ACLU asked the FBI, hey, are you breaking into phones, as these court documents say? (probably so they can ask the follow up, "show us the warrants").
The FBI then responded. I'm not saying a damn thing! not gonna even confirm whether we've broken into anything. NOPE.
At which point, how can the ACLU ask to see warrants. The fbi need to say that they are breaking into phones (as court documents state) which they won't even do, so the ACLU are suing to say "hey that's not fair, you definitely are doing that, don't deny it."
[+] [-] DubiousPusher|5 years ago|reply
How I expect this will go.
ACLU: I want to sue because the government is surveiling my clients.
Supreme Court: How do you know they are doing this?
ACLU: We know they are doing it but not specifically how they do it to our clients that's what we're suing to find out.
Supreme Court: But without a specific complaint you don't have standing.
ACLU: The methods are secret so we don't have specifics.
Supreme Court: Come back when you do.
ACLU: But we can't find out without knowing more about how they are doing it which is what we are suing for.
Supreme Court: Yeah but you don't have standing.
ACLU: So 4th amendment rights are at stake but there is no constitutional remedy because of bureaucracy?
Supreme Court: shrugs
[+] [-] roenxi|5 years ago|reply
Realistically, the constitution lost most of its staying power a long time ago. The judiciary can't actually stop the rest of the government if it is united on launching a mass surveillance program - and the evidence suggests there is bipartisan support for it both between parties and between the executive and legislative branches.
[+] [-] bassrattle|5 years ago|reply
[+] [-] supernova87a|5 years ago|reply
They're not suing to stop it. (edit: yet)
[+] [-] DubiousPusher|5 years ago|reply
i.e. you must be able to show harm to sue for relief.
[+] [-] tbrownaw|5 years ago|reply
[+] [-] 7e|5 years ago|reply
[+] [-] glenstein|5 years ago|reply
So what type of thing is most likely happening? Are hardware vendors secretly installing back doors? is there some sort of software encryption standard that's compromised? Or some kind of secret breakthrough in computation theory that easily "solves" encryption? Or maybe, bolstered by NSA surveillance, they just know passwords and unlock codes to devices?
Again, I understand that that is the exact mystery here, but I would appreciate knowing if one or more of the possibilities is conceptually more likely than the others.
[+] [-] bawolff|5 years ago|reply
For example if this is a lock screen bypass (and not a bypass of say the start up process before the key is entered), maybe some memory corruption issue allows you to bypass the password check. Or another example, many people use short numeric pins to encrypt their phones. Apple then does a lot of complex stuff to take that and turn it into a high entropy key. Maybe this is an exploit in that part, allowing for a bruteforce attack.
These are all just wild gueses, i have no idea what these capabilities are or for that matter, i dont really know very much about how iphone FDE works.
[+] [-] aborsy|5 years ago|reply
* The hdd in a phone that is not powered off is mounted. It takes an exploit in OS to pass the Lock Screen or read the RAM.
* The vast majority of people don’t have long alphanumerical passwords. The short pins can be broken.
* Some manufacturing companies don’t handle encryption keys properly. Synology NAS stores the keys next to the encrypted data for automatic access upon boot (unless you change the default and store the keys on an encrypted USB or enter keys manually upon boot).
* There are sometimes bugs in algorithm implementations, especially if a company roles its own crypto with closed source software.
* Sometimes encryption keys are not properly generated. Bad RNGs were a thing for a long time.
* And of course there could be back doors for law enforcement.
[+] [-] _kbh_|5 years ago|reply
Thats my guess at least.
[+] [-] lazulicurio|5 years ago|reply
[1] https://twitter.com/matthew_d_green/status/13417461712205373...
[+] [-] wmf|5 years ago|reply
[+] [-] K0balt|5 years ago|reply
[+] [-] LinuxBender|5 years ago|reply
[+] [-] rmrfstar|5 years ago|reply
[+] [-] gbasin|5 years ago|reply
[+] [-] unnouinceput|5 years ago|reply
[+] [-] chirus|5 years ago|reply
[+] [-] fakename11|5 years ago|reply
[+] [-] ranguna|5 years ago|reply
[+] [-] chirus|5 years ago|reply
[+] [-] kirbysnacks|5 years ago|reply
This is silly.
[+] [-] hkai|5 years ago|reply
[+] [-] bawolff|5 years ago|reply
Y'all literally fought a war over that very question back in the 1700s.
Hell, is there any question less political than to what extent individual freedoms should be trumped by the state and the collective "good"? That, in its various forms, is the fundamental political question from which all other political questions follow.
[+] [-] rjbwork|5 years ago|reply
[+] [-] paul_f|5 years ago|reply
[+] [-] tbrownaw|5 years ago|reply
[+] [-] suifbwish|5 years ago|reply
[+] [-] throwaway189262|5 years ago|reply
I don't see another choice for them. The populist authoritarian streak taking hold in many country's right wing parties goes against much of what the ACLU stands for.
[+] [-] 7174n6|5 years ago|reply
What the ACLU should be demanding is "show us the warrants".
[+] [-] bawolff|5 years ago|reply
Ianal
[+] [-] mijoharas|5 years ago|reply
Before the ACLU can ask that, they need to see that the FBI are breaking encryption. This is shown in some court documents (where there are warrants).
So the ACLU asked the FBI, hey, are you breaking into phones, as these court documents say? (probably so they can ask the follow up, "show us the warrants").
The FBI then responded. I'm not saying a damn thing! not gonna even confirm whether we've broken into anything. NOPE.
At which point, how can the ACLU ask to see warrants. The fbi need to say that they are breaking into phones (as court documents state) which they won't even do, so the ACLU are suing to say "hey that's not fair, you definitely are doing that, don't deny it."
[+] [-] iancarroll|5 years ago|reply
[deleted]