Here’s more on the Apple vs. FBI situation

Security expert Bruce Schneier weighs in. This is a guy who absolutely knows what he’s talking about:

The FBI’s demands are specific to one phone, which might make its request seem reasonable if you don’t consider the technological implications: Authorities have the phone in their lawful possession, and they only need help seeing what’s on it in case it can tell them something about how the San Bernardino shooters operated. But the hacked software the court and the FBI wants Apple to provide would be general. It would work on any phone of the same model. It has to.

Make no mistake; this is what a backdoor looks like. This is an existing vulnerability in iPhone security that could be exploited by anyone.

[…]

What the FBI wants to do would make us less secure, even though it’s in the name of keeping us safe from harm. Powerful governments, democratic and totalitarian alike, want access to user data for both law enforcement and social control. We cannot build a backdoor that only works for a particular type of government, or only in the presence of a particular court order.

Either everyone gets security or no one does.

Seriously.

Hey Chief Heathen: Apple, Encryption, and You

As you’ve probably heard, the FBI really, really wants Apple to help them unlock an iPhone that belonged to one of the San Bernadino shooters. A court has actually ordered that Apple do so; in response, Apple CEO Tim Cook issued a public reply (in addition to immediate appeals); you can (and should) read that letter in its entirety, because in it Cook lays out very clearly what’s at stake here.

All this is very confusing to lay people, though, I’m sure. We nerds have been up to our asses in crypto for a long time, and understand how critical it is to modern life. You use strong crypto every day, even if you don’t realize it — every time you see that little “lock” icon in your browser, you’re using it, and (to a first approximation) your browser session is locked up tight — otherwise, online commerce wouldn’t be possible, right?

Obviously, a phone is different from your shopping cart at Amazon, but there are lots of points here that are still being obscured by poor media coverage that has, in general, been entirely too deferential to law enforcement and the government. Let me lay out a few things for you, in simple terms, to help you make sense of it all, because whether you realize it or not this case affects you.

First, you need to understand something about encryption itself.

Properly implemented encryption is effectively unbreakable with current technology. (I could explain why, but it would make this post WAAAAY too long.) Not even the NSA can break it; the computing power doesn’t exist yet. It might, in the future (google “quantum computing”), but right now it’s safe and secure.

That’s exactly why law enforcement is so up in arms about wanting back doors built into things: precisely because they can’t break into some systems or data files if they’ve been properly encrypted. Think about it: the cops don’t care how strong your locks are, because they can always break your door. They care about encryption because, done right, they have no recourse.

Second, you need to understand that encryption isn’t the whole picture here.

There’s also device security, and device security at Apple is in an ongoing improvement process. You have probably seen by now stories about how “well, they helped cops BEFORE, why won’t they do it now?” These are wilfully misleading stories authored by deliberately ignorant people who are carrying water for the anti-crypto squad. Just because it was easy or trivial for Apple to unlock a phone in 2008 doesn’t mean it’s just as easy or just as trivial to do so now, because every new iPhone and new version of iOS improves the platform. It is accurate to say that Apple likely views the ease with which a non-owner (Apple) could unlock prior phones as a flaw to be fixed, and are behaving accordingly.

Good, because the only secure device is one that only its owner can unlock.

Third, Cook’s assertion that the FBI’s request would make all similar phones vulnerable is absolutely and unequivocally true.

The cops are demanding, basically, that Apple create a tool that will circumvent the security of the iPhone in question. Such a tool, once created, will almost certainly get leaked and used by other parties — like foreign intelligence people, or criminals, or repressive regimes.

Law enforcement loves to suggest that such bypass tools or (worse) built-in back doors will only ever be used by the “good guys,” but that doesn’t even pass the risibility test. Even supposed “good guys” overstep their authority with astonishing regularity, and law enforcement in the US is absolutely no exception. “Trust us!” is a bullshit argument.

Fourth, don’t give this mouse a cookie.

Iif Apple is forced to do this, now, to this particular generation of iOS and iPhone, then you can be sure that law enforcement will insist they do so (or attempt to do so) for later iterations of the platform. (This is one reason Apple is working so hard to make the devices secure and private, even against attacks from Apple itself.) We cannot let cops — who, let’s be honest, would be happier with a master key to all locks, all phones, all safety deposit boxes, etc., because what do you have to hide? — dictate privacy and security for the rest of us, and Apple realizes this.

Fifth, there is no ticking-time-bomb situation here.

Thus far, terrorist tradecraft is best described as “epically shitty.” The Paris attackers used normal SMS, which is incredibly insecure. They used regular tappable phones. But even if they started using secure methods, signals intelligence isn’t how you track these people. You need to chase them and catch them and prevent attacks through normal police work; you can’t expect an online dragnet of messaging traffic to do much for you (and, indeed, it clearly doesn’t work, even putting aside the privacy concerns). The FBI know who did this. They have reams of other evidence. They’re using this case, and the spectre of TERRORISM TERRORISM TERRORISM, to try and stifle real security for ordinary Americans. There’s no reason to do that.

Stand with Apple, even if you prefer Android. Stand with Apple, even if you hate the walled garden. Stand with Apple, because they are absolutely the only player in this market who have absolutely no interest in analyzing what you do online and selling it to other people. They’ve been increasingly verbal in their commitment to user privacy, and have proved it with the ongoing security improvements in the iPhone. Now they’re putting their money where their mouth is in a big way, on a big stage, in this particular case. Good for Tim Cook, and good for them, and good for US, because it’s a certainty that the Feds would much rather have us insecure.

As security expert Bruce Schneier puts it:

Today I walked by a television showing CNN. The sound was off, but I saw an aerial scene which I presume was from San Bernardino, and the words “Apple privacy vs. national security.” If that’s the framing, we lose. I would have preferred to see “National security vs. FBI access.”

He’s right.

More from Rep. Ted Lieu, and more background on why Apple is so pro-crypto (that bit’s long, but you should read it).

Aaaah, so THAT’S why this week’s X-Files was so much better

The writer and director, Darin Morgan, also wrote for the original series, and was responsible for two of the very best episodes of the show: Jose Chung’s ‘From Outer Space’ and the Emmy-winning Clyde Bruckman’s Final Repose, both of which are brilliant.

In particular, note that both “Chung” and this week’s episode feature retelling of events from multiple perspectives as well as a certain over-arching sardonic and self-aware humor. (Did you notice Mulder’s ringtone is the X-Files’ theme music?)

Wikipedia link; more over at IO9, which also notes a few Easter eggs — the biggest of which is actually in the comments: the character Guy Mann is dressed exactly like Carl Kolchak, from the show that inspired Chris Cater in the 1970s.

Song Exploder’s Bowie Playlist

First, Song Exploder is brilliant, and you should be paying attention to it.

Second, this feature has a number of musicians discussing particular Bowie songs, and includes John Roderick on Space Oddity (reproduced below). This is awesome because, of course, Roderick has a lost-astronaut song of his own that I’ve seen him play live.

Space Oddity is the original and still the best lost astronaut song, released only a few days before the Apollo 11 launch in 1969. It was originally a current events song! Maybe even a novelty song, if the events in question weren’t so solemn. All the more of an accomplishment, then, that it still sounds futuristic and provokes anxiety 47 years later. In 1969 space travel seemed poised to become mundane–we would soon all be living on space stations, wearing jumpsuits and enjoying science drinks–but Bowie sided with Kubrick that, in addition to metaphysical magic, suburbia, celebrity, and product placement and malfunction would follow us to the stars. Like so much of Bowie’s music, Space Oddity has themes and sounds that in less adroit hands would be corny. The countdown at the top of the song and the horn swell “rocket ship taking off” are so literal you almost roll your eyes, but Bowie’s voice is so urgent you lose all desire for detachment. It’s hard for us now to imagine the emotional moment of 1969, with all the war, violence, unrest and upheaval taking place. The world-historical venture into space, armed with science and human confidence, wasn’t yet a fait accompli. We still could have fucked it up, left dead astronauts on the lunar surface, surrendered to the impossibility of Kennedy’s hubristic challenge and Vietnammed ourselves into a death throe. Instead, we succeeded, and Bowie more than any other artist made outer space the dominant theme of his work for many years after. His persona allowed him to comment on contemporary events from a place that felt like objectivity. Bowie saw us like an alien might, but he loved us and got bloody with us because he was trapped here, or emigrated here on his own, so he took our side. Bowie screeched and squawked and filled his music with unearthly noises and we accepted it because we were so flattered that this metallic space Phoenix was interested in talking to us. The appeal of the Rolling Stones was that you were supposed to feel lucky some cool junkies invited you to listen to their sex party through a keyhole, but Bowie had a message about the salvation of humanity. He seemed to be telling us that the looming apocalypse was survivable? Escapable, maybe? Maybe not, though. Maybe we should just quit fighting and have sex a lot until the fire tornados come? Maybe Major Tom experienced a malfunction and his spacecraft was lost, but more likely Major Tom severed his own tether for reasons known only to him. Maybe he saw something, or someone was waiting out there for him, or he realized the futility of our seeking, or he found what we’re all seeking in the eternal quiet.