James Comey, director of the FBI, said on Thursday that the cost was “worth it”, but added that an accommodation needed to be made with Apple and other technology companies in the future, as paying outside technologists to find ways to access highly-encrypted messages on phones used by terrorist suspects was not “scalable.”
Indeed. Americans need to wake up to the fact that these spooks simply cannot be trusted. The very concept of trust is alien to their culture. Would be nice of we could count on congress to provide adequate oversight.
Considering all communication is subject to eavesdropping the space they are wanting to access borders on the realm of private thoughts. And some day soon it just may exist in that realm.
Then contrast our potential inability to keep private thoughts with the fact that the government is allowed theirs by merely stamping Top Secret across a document.
I don't disagree, but do some countries truly publicly accept unwarranted spaces? I can imagine most governments wouldn't really want to give up that ability if possible.
In some civilized countries, yes. Take eg. your brain (as an accused), a doctor, a lawyer. There are even countries respecting the sources of journalists...
This absurdly reductionist view of participatory politics comes up again and again. What are you trying to add to the conversation? Do you think that this notion is new? Or that the rest of us haven't considered it?
Instead of a pithy but pointless HN comment, let me suggest a book for you that might expand your thinking on this topic:
It would be more helpful if you expanded on why it's a bad argument. Off the top of my head:
> They don't want it, as evidenced by their not voting for it, so they won't get it
Was there a vote on it? When exactly?
Here's a book about how election results can change people's opinions on topics. It applies here because X. I used to think Y, but it changed my thinking to Z. I'd highly recommend it.
Not that GP is any better, but hey... And to be fair, the guy is practically trolling, whether intentional or not.
You're right of course disagreement should be explained better.
But he is responding to a one-line meme whose only purpose is to establish learned helplessness and end discussion that massively oversimplifies a very complex issue and is essentially copy pasted in any article here that even touches on politics. It gets quite exhausting engaging, having long in depth discussion about how this view is overly simplistic on every single thread only to have it appear again tomorrow, exactly the same as before.
I think downvotes and silence is the correct move here.
You're right. I got a bit impatient there. This argument seems to come up again and again and no amount of reason and explanation seems to be able to overcome it, even to the point of convincing its adherents to read what others have said about it.
This notion ("the people get exactly what they vote for") goes back to Ancient Greece; it's not like its a novel topic.
I don't think it's that straightforward. It's hard to vote for something that doesn't come up for a vote. And it doesn't come up for a vote if the right people don't want it to come up for a vote.
"The people" aren't given the opportunity to vote on many things, yet the people they elect do vote. The people they elect often side with their supporters (especially financial ones) on issues that are important to said supporters. A candidate can use their NRA/pro gun status as part of their platform and it will have a meaningful impact on the turnout.
Logically if the US electorate cared even half as much about [topic x] as they do about guns - candidates would care too and "democracy" would follow... no?
(I'm not bashing the US, just taking gun control as an example where a passionate popular view is reflected democratically)
“The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it.
“We don’t want to break anyone’s encryption or set a master key loose on the land,” Comey continued. “I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead. “
That's a lot of double-speak. They know that removing the timeout so they can try thousands of passwords per second opens up a huge security hole. What he's saying is "we want it both ways". We don't want to take away security for users, we just want to make it easier for someone who's not the owner of the phone to get into it.
Which is a bigger flag for mismanagement. If the phone had had device management software as most major companies provision, no hack would have been necessary.
"public funds" is not a single shared bucket of loot that everyone puts into. In this case it was a county owned device.
County governments are typically recognized incorporated organizations that have no real line of authority or connection with the federal government.
So no, the FBI or federal doesn't have some ownership claim that makes it ok to break into. As others point out they have basically seized the device from its owner in the course of investigation.
can you explain the comment on relevance a bit more? You said it twice but I'm not seeing your point.
Regarding the Director's double speak I think it is relevant. The FBI or federal government is still not the owner. Regardless of whether the device was seized or surrendered the property is still owned by the county.
> What he's saying is "we want it both ways". We don't want to take away security for users, we just want to make it easier for someone who's not the owner of the phone to get into it.
If they have permission from the owner, it's wrong to describe it as trying to get into "someone else's phone". There's no expectation of privacy in a government owned phone.
Who decides paying $1M to get access to a government owned device is appropriate use of public money though?
Why didn't they go through proper channels? Why did they reset the iCloud passwords? What steps have they taken to prevent this from happening in the future?
The FBI is doing a lot of hand waving and there is no accountability. Where are all those fiscal conservatives when we need them?
In my personal experience with an iPhone, it will not backup to iCloud without wifi and it will not connect to wifi without having the passcode entered at least once since boot. According to the government, the device was found powered off. If that is true, the iCloud backup would never have worked.
Of course, you can choose not to believe the government that the phone was found powered off (http://www.wired.com/wp-content/uploads/2016/03/Apple-govt-R...), but I think you'd have to pick and choose what you're willing to believe and not believe from what the government have said.
Finally, even though it wouldn't have helped, it's clear Pluhar's team did not consider the iCloud backup possibility when they were making their examination, so they very well could have screwed this up. It's just that they didn't in this case.
It's also possible the phone was actually found powered on and the battery was drained and it turned off by the time Pluhar's team examined it the same day. It wasn't mentioned if anyone checked it and tried to make sure it was kept charged (probably not). I imagine it might be difficult to train the officers on the ground about mobile device forensics best practices, since they change fairly frequently.
I would not trust their word over Apple's because Apple has a better insight of the situation.
The whole thing was a very poor allocation of resources. Of course, those whose promotions and maybe even jobs are on the line will fight back any claim of incompetence or malice.
The phone is evidence in a police investigation, they didn't buy it, while its owners are dead surely it belongs to their hiers? or does that whole rule of law thing mean nothing
The phone was a work phone issued by the San Bernardino Health Department, so no - the heirs of the killers didn't assume ownership of the phone. It was always the property of the San Bernardino Health Department.
So if someone the FBI is interested in knew they were being targeted and used a strong, complex, long password which would be impossible to 'guess' even without the restrictions then how does
> and without it taking a decade to guess correctly.
even make sense when there isn't a force in the universe that can guess that password in 10 millennia.
If they demand that restrictions like gated attempts and automatic wipes be removed, they're just pushing the industry to move to restrictions that can't be removed.
Hell, if I was feeling really cheeky and worked for Apple, I would give the FBI their backdoor which allowed them access, but they have to provide the phone a proof of work worth at least $10 trillion.
The only way to accomplish the goal in the first paragraph is to execute the steps they "don't want to" do from the second paragraph. It's more than double-speak, it's pure bullshit.
I hope someone sticks a couple hundred FOIA requests in that hole they speak to the people from. Hold them accountable: "What did the FBI get out of this?"
Is it unreasonable to think there is legitimately valuable Intel on that phone? I'd say it's at least plausible, maybe even likely lives can be saved by getting at messages on a known terrorists phone.
I wouldn't say likely when it was a government-owned phone and he also had a personal phone and went very much out of his way to thoroughly destroy that phone and another. Possible? Sure. But not in any way justifying a "scalable" solution. He doesn't want to look victims in the eye, but he's ignoring human rights activists who have had their identities compromised for less.
Yes. The FBI had offers (from credible firms) to crack the phone from day 2. (After they screwed it up and started talking about it.) They didn't take those offers because they were trying to force Apple into a larger breach.
Why did they risk it? Because they knew there was nothing of value on the phone. If this was the criminal's only phone we might hypothesize that it has valuable info on it. But when the criminal destroyed one phone and didn't bother to destroy the other it suggests there's nothing on it.
I'm sure it has more than zero data. The FBI merely has to claim that knowing if criminals play Candy Crush is helpful to justify it, in one sense. But enough to justify the trouble they put Apple through? Doubtful.
Enough to justify the decades of distrust they sowed in the security community? Not a chance.
I think they're farther ahead than you think. Apple is having to stand up against this overreach because the public simply isn't. We here are an echo chamber, but we're hardly representative of public opinion, which it turns out support the FBI more than Apple.
>paying outside technologists to find ways to access highly-encrypted messages on phones used by terrorist suspects was not “scalable.”
Good! I don't want it to be "scalable". That means they want to expand the data that they are collecting to include more a more phones. There is no need to do that!
I see two ways to interpret what he said, and I'm kind of appalled at both interpretations:
(1) "We can't afford to pay someone every time we need to bypass security, therefore we need the ability to force third parties to do this work for free": um, OK.
-or-
(2) "Bypassing security takes too much time and effort, therefore we need a backdoor": even more horrifying, even though he's repeatedly denied that this is the endgame.
Making it not scalable is the point. It places a monetary restriction so that they have to pick and choose what devices they think are worth hacking and which ones are not. This is the balance between citizen's rights and government power.
Otherwise we just collect everyone's data on everything all the time and have access to everything.
Why would you expect them to be responsible with money that isn't theirs?
Your argument would work for an individual, and to a lesser extent a corporation (where money spent comes out of profit and would be balanced against benefit), but the government plays with your money - not their own.
If they want to get into a hundred phones, they'll just ask congress for an appropriation for $100m. And since the government is one of its own largest lobbyists, it'll happen.
They don't have unlimited money. If they can bring it down to $1000 per phone to crack, they still can't crack millions of phones without wondering why their budget is allocated this way.
The only reason it would be 'Worth it' is if they found something of note (something to help prosecution of other criminals or prevent further attacks). Is there any reason to believe that this hack accomplished this?
What else would make it 'worth it'? Or is this just politicking?
It's just politicking, its "worth it" because they get to flex their muscle and show the world that they don't need apple's cooperation to get what they want.
And because they didn't get to see their precious All Wits Act request struck down setting a precedent against them. A few million to be able to keep invoking the AWA would definitely be "worth it" in their eyes.
I doubt it was worth it. It wasn't even the terrorist's phone. It was owned by their employer. The terrorists destroyed their personal phones prior to attack.
> Is there any reason to believe that this hack accomplished this?
You mean besides the fact that the FBI guy said it was worth it? You don't expect them to publish the intel they got from the phone before being able to act on it, no?
Can I live in a country that doesn't think a million dollars to break encryption on one phone is worth it? I value my tax dollar way more than they seem to, and way more than 50 thousand dollar air conditioners for jet fighters.
This also has a paywall. Is there a non-paywalled version of this story, or will this story remain irrelevant to my life forever?
(If it were relevant to myself and others, someone would create a non-paywalled version of the story, maybe so simply as just retyping here what they've read elsewhere. Humans see censorship, paywalls, etc as damage and route around them, as long as positive value is generated.)
Along what dimension is this "not scalable"? If you have 100 iPhoneCs and the exploit works on all of them, it sounds like it's very scalable to me. It doesn't scale across every iphone ever made (or that will be made), but honestly, with a few tweaks (maybe a forced OS downgrade, whatever), it could be made to be.
Also, if you don't release the attack vector, things get even murkier.
Plus, the government happens to be the entity that prints our money, as well as an entity that is essentially limitless in funds because it extracts it's budget from US.
Competition from firms may keep the price of breaking the iphone down, well within what the government can pay without anyone noticing (once this dies down). Nevermind companies that would LOVE to sell the NSA a single iphone exploit for anywhere close to $1M.
I think he meant "scalable" in terms of the amount of money, time and effort it will take to overcome each subsequent security obstacle faced by law enforcement. In that sense, this whole Apple-FBI fiasco was certainly not scalable.
Also, money is a very real limiting factor. The government can't just print more money to solve its problems.
That's why you're supposed to use law enforcement resources where you know it makes a difference. The FBI made this whole circus around this phone when everyone already knew they wouldn't found anything. But worst of all, they didn't even bother to check the metadata for that phone, which would've also confirmed whether the phone was used to set-up crimes or not.
It was all a ruse to get their precedent for backdoors, and now they're dripping this (probably bullshit) story to the media in a way that further progresses their agenda, after classifying the information in the first place.
Not scalable as in 'we can't spend a year breaking into every version of OSX', not 'we can't spend a million dollars breaking into every version of OSX'. Because a million bucks is chump change in government spending.
> James Comey, director of the FBI, said on Thursday that the cost was “worth it”, but added that an accommodation needed to be made with Apple and other technology companies in the future, as paying outside technologists to find ways to access highly-encrypted messages on phones used by terrorist suspects was not “scalable.”
That is exactly what we want. If its clearly in the public interest to expended substantial effort as part of a criminal investigation, they absolutely should do so.
The problem is they want scalable access to everything.
Was there something on the phone what made it worth it? I don't know if I understand the hypocrisy of hn. We cry "oh humanity" when Ford pays $50k over sticker for a new Tesla car for reverse engineering but of course if the FBI does something then surely they were judicious with their purse strings.
> Was there something on the phone what made it worth it?
It doesn't matter to me tbh. They want to investigate, they can.
I just don't want them to be able to "scale" their investigations like they seem to want so they can get into all encrypted communications without a serious financial hurdle because they'll abuse it.
> I don't know if I understand the hypocrisy of hn. We cry "oh humanity" when Ford pays $50k over sticker for a new Tesla car for reverse engineering but of course if the FBI does something then surely they were judicious with their purse strings.
I didn't. Generalizing like that is unhealthy because it causes you to make some silly assumptions.
http://www.ft.com/cms/s/0/af23e3ea-07f1-11e6-b6d3-746f8e9cdd...
James Comey, director of the FBI, said on Thursday that the cost was “worth it”, but added that an accommodation needed to be made with Apple and other technology companies in the future, as paying outside technologists to find ways to access highly-encrypted messages on phones used by terrorist suspects was not “scalable.”