FBI security expert: Apple are “jerks” about unlocking encrypted phones

[mercurial]

FBI security expert: Apple are “jerks” about unlocking encrypted phones

Federal Bureau of Investigation officials are continuing to voice their displeasure with Apple's approach to iPhone security, with one FBI official reportedly calling the company "jerks" and an "evil genius" this week.

Apple has repeatedly made it more difficult to access data on encrypted iPhones, making Apple customers safer from hackers but also preventing the FBI from breaking into phones used by suspected criminals.

"At what point is it just trying to one-up things and at what point is it to thwart law enforcement?" FBI forensic expert Stephen Flatley said yesterday while speaking at the International Conference on Cyber Security in Manhattan, according to a report by Motherboard. "Apple is pretty good at evil genius stuff."

Flatley also used the word "jerks" to describe Apple and its approach to iPhone security, according to Motherboard. The story also says:

For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

That means, he explained, that "password attempts speed went from 45 passwords a second to one every 18 seconds," referring to the difficulty of cracking a password using a "brute force" method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.

By contrast, the Motherboard report says that Flatley praised another company, Cellebrite, which sells technology the FBI uses to break into iPhones.

Flatley is a senior forensic examiner in the FBI's New York division. He appeared at the security conference to discuss the challenges of running a large forensic lab, according to the conference website.

We emailed Flatley this morning to ask if he'd like to provide further details or explanation of his views on Apple's approach to encryption. We'll update this story if we get a response.

Apple: Encryption is vital for customer safety

While Apple has assisted the FBI in some cases, the company has held firm in its stance that strong encryption is vital for keeping its customers safe.

"For many years, we have used encryption to protect our customers' personal data because we believe it's the only way to keep their information safe," Apple says in a "message to customers" posted on its website since 2016. "We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business."

Apple CEO Tim Cook previously argued that intentionally including vulnerabilities in consumer products to help law enforcement would also help criminals hack everyday people who rely on encryption to ensure their digital safety.

FBI says encryption “urgent public safety issue”

Flatley's comments came one day after FBI Director Christopher Wray called phone encryption "an urgent public safety issue."

"In fiscal year 2017, we were unable to access the content of 7,775 devices—using appropriate and available technical tools—even though we had the legal authority to do so," Wray said in a speech at the security conference. "Each one of those nearly 7,800 devices is tied to a specific subject, a specific defendant, a specific victim, a specific threat."

The problem makes it harder for the FBI in investigations related to "human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation, and cyber," he said.

Wray said the FBI "supports information security measures, including strong encryption," but he said technology companies should give more help to law enforcement agencies that want to access encrypted data.

"We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both," he said.

Wray's comments were just the latest example of federal officials calling for greater access to encrypted devices. Instead of encryption that can't be broken, tech companies should implement "responsible encryption" that allows law enforcement to access data, Deputy Attorney General Rod Rosenstein said in a speech in October.

Unbreakable encryption "is a huge, huge problem," Wray said at another conference in October.

 

[TelkomUseless]

"evil genius"

made me lol

 

[konfab]

To me there is a compromise that can be put in place that won't affect user security, whilst allowing law enforcement to do their jobs.
If they had the following requirements for said backdoor, I don't think they would be compromising somone's privacy any more than is what was already allowed.(The court can order a medical exam ffs)
1) The access can only be physical.
2) The access can only be done by one machine.
3) The existence and method of backdoor has to be published with both Apple and the FBI providing bounties for people who crack it.
4) The access will destroy the usability of the device when it is used.
5) The existence of said backdoor is agreed to in the agreement to use Apple's systems (terms and conditions).

If people really wanted to encrypt their data, they would not be relying on other people's computers or software.

 

[sajunky]

No compromises about privacy. In the past nobody banned whispering secretly to the someone else ears, the same should apply in digital age.

Oherwise ban encryption and ban VPN by law, it is how it is made in Russia.

 

[/dev/null]

By contrast, the Motherboard report says that Flatley praised another company, Cellebrite, which sells technology the FBI uses to break into iPhones.

That's nice. I didn't know about them.

 

[mercurial]

So they're not unhackable

 

[saor]

No compromises about privacy. In the past nobody banned whispering secretly to the someone else ears, the same should apply in digital age..

Except this isn't 1890 and these aren't whispers.
So when breaching privacy could result in the apprehension of a murderer - we should rather uphold privacy as being of the utmost importance and not breach it?
Should we do away with search warrants too?

 

[grok]

Except this isn't 1890 and these aren't whispers.
So when breaching privacy could result in the apprehension of a murderer - we should rather uphold privacy as being of the utmost importance and not breach it?
Should we do away with search warrants too?

What exactly do you think the FBI will do once they get a back door to circumvent privacy? Zacly, spy the **** out of everyone left right & centre..

Unfortunately gov started this crap, and they are the reason no-one (should) trust them.

 

[tRoN]

Boo fukkin hoo!

 

[ponder]

What exactly do you think the FBI will do once they get a back door to circumvent privacy? Zacly, spy the **** out of everyone left right & centre..

Unfortunately gov started this crap, and they are the reason no-one (should) trust them.

Feel the same way but at times in two minds about this, ie pedophiles sleeping peacefully at night...

 

[crackersa]

Except this isn't 1890 and these aren't whispers.
So when breaching privacy could result in the apprehension of a murderer - we should rather uphold privacy as being of the utmost importance and not breach it?
Should we do away with search warrants too?

What stops them from planting evidence?

 

[HavocXphere]

In other news...Apple sends the FBI a fruit basket with a thanks for the free marketing note.

 

[crackersa]

In other news...Apple sends the FBI a fruit basket with a thanks for the free marketing note.

Lol

 

[saor]

What stops them from planting evidence?

I thought your objection was privacy, now it's corrupt cops. Which is it? You can't keep shifting the goalpoasts. By this logic we should abolish roadstops, arrests & search warrants because...evidence can be planted?

 

[crackersa]

I thought your objection was privacy, now it's corrupt cops. Which is it? You can't keep shifting the goalpoasts. By this logic we should abolish roadstops, arrests & search warrants because...evidence can be planted?

Source were I object ed to privacy? And source the post that I shifted goal posts?

 

[Zoomzoom]

Except this isn't 1890 and these aren't whispers.
So when breaching privacy could result in the apprehension of a murderer - we should rather uphold privacy as being of the utmost importance and not breach it?
Should we do away with search warrants too?

yes. there are instances when the greater good allows criminals to get away. things like burden of proof etc do exactly the same thing sometimes and yet we aren't screaming about doing away with those.

ignore the 'we are letting murders get away' emotive crocodile tears and ask yourself why the FBI / NSA / Security apparatus are SO fussed about effective encryption (hint it has nothing to do with criminals).

 

[saor]

Source were I object ed to privacy? And source the post that I shifted goal posts?

Really?


Exhibit A: Objection to invasion of privacy:

No compromises about privacy. In the past nobody banned whispering...

Exhibit B: Shifting from privacy to the planting of evidence:

What stops them from planting evidence?

The planting of evidence applies in almost all aspects of law enforcement, so bringing it up here is somewhat moot. Your original concern was with invasion of privacy, not with the planting of evidence.

 

[marine1]

Apple are jerks but not for this, intentionally slowing phones down for 1.

 

[crackersa]

Really?


Exhibit A: Objection to invasion of privacy:


Exhibit B: Shifting from privacy to the planting of evidence:


The planting of evidence applies in almost all aspects of law enforcement, so bringing it up here is somewhat moot. Your original concern was with invasion of privacy, not with the planting of evidence.

No where does it say I support it. You made that assumption, I just posted a whataboutism based off your statement to encourage a deeper thinking

But meh....whatever

 

[saor]

No where does it say I support it. You made that assumption, I just posted a whataboutism based off your statement to encourage a deeper thinking

But meh....whatever

Sorry.
I confused sajunky & your posts as being from the same person.