* Posts by John H Woods

2307 posts • joined 14 Nov 2007

Cook moves iPhone debate to FBI's weak ground: The media

John H Woods
Silver badge

Re: But who owns the device?

"I’m (obviously) not a lawyer, but I wonder whether the real owner has the legal and moral right ask for help picking the lock. Apple would then have the face-saving option of agreeing on the grounds that they are assisting the owner and not some evil third party, and that this could not possibly set a precedent for government to gain access to everybody else’s phone." -- Mark Simon

I'm afraid the ownership doesn't make any difference. When either the owner or the state has the phone they can legitimately examine the contents. However, the contents are gibberish without the key. The key is ALSO in the phone. But it cannot be extracted by Apple unless that company creates a tool that jeopardises the safety of other customers. Apple, if they are telling the truth, and it looks as if they are, have provided every assistance right up to creating that tool, and now they're asking the courts to dismiss an earlier judgment ordering them to do so.

"this could not possibly set a precedent..."

There is literally no way that this would be possible. For instance, owner asks Apple for help, Apple provides it. FBI asks Apple for help ... Apple say no on the grounds they only help owners? There is nothing any of the parties can do within a court case that will determine (or perhaps even influence) whether or not it later forms a precedent. Remember, precedent does not have to be binding, it can be merely influential.

0
0
John H Woods
Silver badge

Re: Apple is trying to convince us

"This is simply a marketing exercise to limit the damage to Apple caused by the Snowden revelations" --AC

So what? Person X says Y because of reason Z. I disagree with Z. I don't like person X; actually it's worse than that, person X did bad thing W.

What the hell does any of that have to do with the truth or otherwise of Y?

How can actual adults, moreover people who can spell, have passable grammar, can use a computer etc. make such absolutely trivial logical errors? I dream of a "logic auto-correct" that would just put wiggly red lines under all such braindead content, and when you hover your computer s̶q̶u̶i̶r̶t̶s̶ ̶w̶a̶t̶e̶r̶ ̶a̶t̶ ̶y̶o̶u̶ takes you to some web pages on elementary logic and makes you read them until you have wised up.

2
0
John H Woods
Silver badge

Re: Anyone heard of a "subpoena"?

"If Alice is a witness to Bob murdering Charlie, the prosecution most definitely can compel Alice to appear and testify (i.e. speak) in the case against Bob." ... "Don't post about the law unless you know how it actually works, " --- AC

I'm not sure the analogy is useful - in fact I think the way this sub-argument has progressed proves that. I think the AC you are attacking was making the point that there are already exceptions (refusing to self-incriminate by "taking the fifth") to what the court can compel you to do. Your point that they can compel you to do other things (testify against others) doesn't really counter his point. In this case, reluctantly continuing the analogy, the attempted compulsion is more like trying to get an expert witness to publish a book containing all their expertise rather than compelling them to help on a particular issue.

1
0
John H Woods
Silver badge

Re: It's not often I agree with Apple but...

"At this juncture I do not understand the difference between the opening of a physical safe to extract analogue information or the opening of a digital safe (read Phone) to extract digital information." -- Peter R. 1

Nothing wrong with asking Chubb to help you open that one safe, or with them doing so. But if, having assisted you in every way they can, the only way Chubb could assist further is by creating a safecracking tool which would open this safe, but also work on millions of the safes they have already sold, then I think it would be reasonable for them to contest being compelled to do so.

7
0
John H Woods
Silver badge

Re: @DainB - FBI vs Apple

DainB your logic is comical: you presented something as a dilemma, it was (correctly) pointed out to you that it was a false dilemma, and you respond it isn't because the second part is true? You do realise that whether two lemmas form a true dilemma or a false one is ENTIRELY independent of the truth of one of the given lemmas?

7
0
John H Woods
Silver badge

Re: FBI vs Apple

"You can of course continue fooling yourself that there is some kind of moral principles Apple is fighting for but in reality all they're fighting for is their profits. " -DainB

and your point is ... ? The motive and degree of hypocrisy of the proponent makes no difference to the validity or otherwise of the argument. Come on, we all learned that in big school, didn't we?

People arguing that Apple are merely chasing profits make an even more egregious mistake than not realising this is an irrelevance of hypocrisy: it is almost a counter-argument. If Apple make more profit by keeping their customers safe than they do by cooperating with the government, that is what their customers want --- it is very nearly democracy through the proxy of capitalism:

11
1

Apple fires legal salvo at FBI for using All Writs law in iPhone brouhaha

John H Woods
Silver badge

Re: One thing I don't understand

Brute forcing an AES256 bit key is out of the question: it would take on average 2^255 tries; allowing a minimum of a nanosecond per try; ten million of those amazingly fast computers with an algorithm that exploited an as yet unknown weakness yielding a trillion trillion trillion fold speed-up and it would take you more than ten million times the current age of the universe.

The only form of "imaging" I can see helping here is electron microscopy; imaging the data is a non-starter.

2
0

Apple fans take iPhone unlock protest to FBI HQ

John H Woods
Silver badge

Re: I want to be safe. Roll on the flames

"The need to keep me, my loved ones, my country and the world safe outweighs my "right" to keep my information secret. I consider this to be a "cost" of living in a society that is generally safe" -- AC

The need to keep me, my loved ones, my country and the world free outweighs state organisations' "right" to my secret information. I consider the tiny risk of terrorism to be a "cost" of living in a society that is generally free.

4
0
John H Woods
Silver badge

"Why not protest about that instead of some stupid public debate that won't change anything?"

Why make a fuss about a seat on a bus when there were a lot more significant issues? Debate has to start somewhere, and here is as good a place as any, and perhaps a better place than most.

3
0
John H Woods
Silver badge

Re: This is why Apple is a successful business

"They don't have customers, they have devotees!" --- AC

I don't think I've much positive to say about Apple (apart from I like the hardware) for a decade until now.

6
0

Lonely bloke in chem suit fuels Mars orbiter

John H Woods
Silver badge

maybe the fuelling should be performed by

this guy

0
0

Between you, EE and the lamppost ... this UK cell network is knackered

John H Woods
Silver badge

Re: First world problems eh?

When my teenage son pays for goods and/or services and they don't get delivered as per contract, I fully support him getting mad about it. I encourage him to deal with it calmly and professionally, because that is part of growing up; but I don't say "ooh, back in my day, people never had to abide by legally valid contractual terms, ooh, first world problems" because if I did he'd think, correctly, that I was an idiot.

19
1

FBI v Apple spat latest: Bill Gates is really upset that you all thought he was on the Feds' side

John H Woods
Silver badge

Re: We are the government

Comey, as a lawyer, should know that whether a precedent is set or not is not under the control of any of the parties to a case, and there is no way any of them can tailor their submissions to change this. Also I am troubled by the fact he claims he is only interested in unlocking this single iPhone 5c, because if that is really true he is not doing his job properly [1]. And if it's not really true, he's not really telling the truth.

---

[1] Don't get me wrong, I'd like the FBI etc. to have boundaries on what they can do, but in a sensible society these boundaries should be set by legislation and the courts, not by some voluntary backing off by the organisations when they think they have sufficient powers.

10
0

Bill Gates denies iPhone crack demand would set precedent

John H Woods
Silver badge

“We don’t want to break anyone’s encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists." -- Coney

Some thoughtful people already believe that the likelihood that the phone holds such a clue is (possibly vastly) smaller than the likelihood that your current actions will set a master key loose on the land. That is why you are meeting with some resistance.

18
0
John H Woods
Silver badge

“I think we expect governments to find out everything they can about terrorism." said Bill Gates, as he handed in his own devices for analysis, provided a software "skeleton key" for access to all Windows Servers, and campaigned for a ten-fold increase in general taxation to fund more investigation into terrorism..

22
4

Latest in Apple v FBI public squabble over iPhone crack demand

John H Woods
Silver badge

Re: FUD and nonsense

"the mention of surveillance, eavesdropping, and tracking are somewhere between wild exaggeration and lies, and appear crafted to induce fear of both the government and criminals that is beyond what can be justified rationally" -- tom dial

You may be on thin ice here, as it could be argued that the treatment of the terrorist threat does exactly the same.

0
0
John H Woods
Silver badge

Re: Let there be one ruler, one king

"The consequence is a legal challenge to the validity of the court order." -- nijam

Exactly: it's extraordinary how many people who use as their main argument some version of "it's the law, stupid" understand (or want to portray) Apple using the appeals process as outright defiance of the court. The court gave them leave to appeal when it made the order; Apple don't agree with the decision, so they are appealing it. There is (as yet) no failure to "comply with a lawful order."

4
0
John H Woods
Silver badge

Re: Will it apply to other technology too?

"It cost Apple more to write Tom Crook's letter than it would do to for them to disable the pin retry counter."

Depends what you mean by cost: in one sense, it didn't cost Gerald Ratner anything to say that his products were "total crap" -- in another you could easily argue it cost £0.5 billion.

7
0
John H Woods
Silver badge

Re: "... the data in the memory chips is not encrypted."

"I believe it's very likely possible to 'crack' their way past the phone's security, but I don't think it's "very easy"." -- JeffyPoooh

This is the key issue: whilst brute forcing the cryptography is probably infeasible (and if it were possible those capable of it would would be very reluctant for that to become known), that does not mean the device itself cannot be hacked open.

If the phone were suspected of containing the date, time and location of a credible NBC attack, government would have deployed a good deal more effort: even the lack of forensic care during custody is evidence against any such effort having been considered. That leaves us with, at best, the possibility the FBI is trying to do this "on the cheap" without regard for significant ramifications; and at worst that it is a deliberate attempt at setting a precedent.

5
0
John H Woods
Silver badge

Re: Overreach

"I read that the couple had other mobile phones which they destroyed before their rampage - surely those would have been the most likely to have produced some evidence" -- Mitoo Bobsworth

Perhaps the Farooks forgot that this was a (possibly MDMd) work phone and were careless. And perhaps they just forgot to destroy this phone. And perhaps the iPhone has contact details for the Mr Big behind it all. And perhaps they never called Mr Big so there are no phone records. So perhaps this is necessary for the FBI to get his number ...

But Mr Big probably reads the news. So he's probably destroyed his burner phone anyway.

0
0
John H Woods
Silver badge

Re: FBI's Comey

". . . we have awesome new technology that creates a serious tension between two values we all treasure – privacy and safety," -- Coney

I wonder if one of the obstacles to useful debate is the presentation of this as a simple tension between the privacy and safety. My view is that anything that causes the innocent to have less privacy tends to decrease their safety, even if you were to accept (and I don't necessarily agree) that governments to pose no threat to such safety.

4
0
John H Woods
Silver badge

Re: Will it apply to other technology too?

"So, based on the FBI's reasoning, ASSA ABLOY, SentrySafe, etc. might be required to break into every safe or strongbox they manufacturer that might be used by criminals... and at their own cost? Muppets." -- Lobotoman

In a small way, it's better than that -- it won't be at their own cost (although it seems unlikely they will be able to charge their reputational damage as cost). But in a bigger way, it's worse: not so much that they might be required to break into their own products but they might be required to create tools to allow others to do so.

6
0
John H Woods
Silver badge

"Apparently Apple has worked on some 70 phones for the FBI previously. Now how much of this real, how much is BS, and how much is theatre, I have no idea." -- Mark85

It'll make it harder for you to come to a decision if you don't dig a bit deeper.

6
0

Plane food sees pilot grounded by explosive undercarriage

John H Woods
Silver badge

"Isn't there some rule in place that states that if the pilots partake of a meal while flying they must pick different meals? I remember reading that somewhere." -- PassiveSmoking

In the bottom two lines of the article?

14
0

FBI says it helped mess up that iPhone – the one it wants Apple to crack

John H Woods
Silver badge

Re: Right v. Wrong

"Why are they doing the right thing?"

When you have been given leave to do so, appealing a judgment with which you disagree may well be the right thing to do. People have to stop painting this as outright defiance of the court -- it isn't, at least, not yet.

0
0
John H Woods
Silver badge

Re: Right v. Wrong

"Do you mean fourteen victims have no right to be sure all the people involved in their murder are found, or innocent dischaged?" -- AC

No, I didn't mean that, and I (a) struggle to see how you can have inferred that and (b) despair that you should respond to a plea to move away from simplistic arguments with a simplistic argument.

There is obviously a proportionality issue here: I'm not just asserting common sense, the All Writs Act itself says [my emphasis]: "Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law."

It is trivial to show that it cannot be the case that absolutely anything is necessary and appropriate for a terrorist shooting of 14 people: for instance, even if the perpetrators were still at large it would probably not be considered "necessary and appropriate" to interrogate every US Citizen on the matter.

Furthermore a Supreme Court ruling in 1977 on an All Writs Act order was that, although it was justified in the case before the court in that instance, "the power of federal courts [using this Act] to impose duties upon third parties is not without limits; unreasonable burdens may not be imposed"

So, it is not nearly as simple a matter as you suggest, which is rather the point of the comment to which you are replying so, rather in a triumph of hope over experience, I'm stating it again.

----

Addendum: Whilst re-reading this reply I also realised that the phrasing of the Supreme Court ruling uses the term "burdens" rather than "resources" and so presumably that includes things that are easy (handing over the signing key) because the burden in terms of corporate/brand damage could be considered unreasonable.

7
0
John H Woods
Silver badge

Re: Right v. Wrong

"Apple needs to man up, do the right thing, and now." --- Common Guys...

Some of us think they are, and that is what is causing the problem. We know that the All Writs Act is a law on the statute books; that it seems likely the Act would support the order the court has made; that the phone belonged to a terrorist who killed 14 people; that Apple could do it quite easily; that Tim Cook may simply be grandstanding.

Those of us who think Apple are doing the right thing (and that may well include some who think they're doing it for the wrong reasons) will not be persuaded by merely restating the above facts, because they are not in dispute. Are you really expecting anyone you are arguing with here to go "oh, shit, I've just realised which phone we are talking about" and change their mind?

So, let's at least move the discussion on from "come on, you guys, it's simple"

12
0
John H Woods
Silver badge

Re: they want Apple to do it ~For Free~.

"The refunds to companies that bought iPhones because of marketing people telling them no-one can gain access, not even Apple, etc etc?"

Why not? If I were Tim Cook I would comply on the basis that the cost incurred would be the development of the exploit firmware + the cost of destroying unsold 5c stock + the cost of offering all existing 5c customers a free swap upgrade to a phone model that would not be compromised by the new firmware.

5
0
John H Woods
Silver badge

Re: This is despicable.

"the government has both a constitutionally allowed search warrant and the phone owner's permission to search the phone." --- tom dial

Surely, even if we disagree about who is in the right we can agree that this is more complex than a search warrant issue. Apple are not preventing the government from searching the phone. The phone and its contents are in the possession of the FBI; it's just likely that it will be rather (if not prohibitively) expensive to make sense of those contents without Apple's assistance. That assistance, whether you think it should be forthcoming or not, is not, as far as I can tell, covered by any outstanding "search warrant"

Presumably, if a search warrant was issued against Apple (maybe on the basis they were a co-conspirator) they would have to hand over their firmware signing key. Then this would be a search warrant issue. As it stands, the direction of the court is 'make this thing then hand it over to (or use it under the supervision of) the FBI." The court has used the All Writs Act because such a direction is not a "search warrant".

6
1

Black Monday: Office 365 down and out in Europe

John H Woods
Silver badge

Re: News just in...

Achievement unlocked

3
0

US DoJ files motion to compel Apple to obey FBI iPhone crack order

John H Woods
Silver badge

Re: Honest Question

"Yes, there's also some shuffling and such. " -- JeffyPooh

This "shuffling and such" is far more critical to the cipher than the use of the XOR function. If this did not happen, then a plaintext attack vulnerability would exist. None of what you have quoted supports the statement you made, which I rejected, that "The 'serious' encryption is universally the XOR function"

0
0
John H Woods
Silver badge

Re: Just give it to Google....

That's pretty condescending. Read my response again properly and you will see that it is a response to someone suggesting cloning the storage and running "a million emulators" --- so none of the side channel, timing attacks etc. are available.

I would not be at all surprised if the phone can be cracked. But I would be very surprised indeed if a dump of its storage could be, especially because resistance to known plaintext is a particular characteristic of AES256.

1
0
John H Woods
Silver badge

Re: Something doesn't compute

"Yeah right. I'm sure you would."

No need for hypotheticals --- one of the victim's mothers, Carole Adams, supports Apple in this matter.

5
1
John H Woods
Silver badge

Re: Honest Question

The 'serious' encryption is universally the XOR function -- No, it isn't.

The WWII Enigma machine had billions and billions of combinations in the 'keyspace', but because they sent weather reports in standard format, and ended with "HEIL HILTER", the nearly-infinite rotor settings fell out each morning in about 20 minutes. -- Huge oversimplification. Known plaintext played a role, admittedly.

Far too many people stop and stare at the key length, do the 2^N math, and are dazzled by the billions of years. That's why they don't crack codes that way. -- Correct. But AES256 is specifically designed to be resistant to known plaintext attack. The keyspace is about 10^77. You need one heck of a speed up to get anywhere near billions of years here, basically you need to know a fatal flaw: a 10^36 (trillion trillion trillion) speed up wouldn't bring the keysearch within the bounds of feasibility.

"It would be extraordinary that the iPhone 5C just happens to represent the first uncrackable encryption system. So many have claimed that, all have failed so far." So far AES256 has resisted attacks fairly well.

You've made a lot of very authoritative sounding statements without supporting evidence.

1
0
John H Woods
Silver badge

"

"Perhaps you're right. But don't forget 'never ascribe to malice that which can be ascribed to incompetence'"

Given that it is now being claimed the password was reset whilst in "government" custody, the level of incompetence is starting to become less believable.

1
0
John H Woods
Silver badge

Re: Just give it to Google....

"I also like the idea of cloning the storage and run a million emulators to brute force it..."

Do you know how big 2^256 is? If, as is suspected, you'll have to, on average, search half the keyspace before hitting paydirt, that is 2^255 or about 6e+76 key attempts. Let's say you can do one per nanosecond (you'd need a hell of a computer, but let's say). That makes 6e+67 seconds. Let's say you have ten million of those computers. That means it'll only take 6e+60 seconds. Let's say there's a weakness in AES256 that you can exploit to give you trillion trillion trillion fold speed up. Now it's only going to take you about 6e+24 seconds.

That's only about 10 million times the current age of the universe.

1
0
John H Woods
Silver badge

Re: Something doesn't compute

"How would you feel if someone you loved got murdered and Apple refused to play ball?"

How would you feel if someone you loved got murdered because Apple did play ball? For instance someone that ISIS wanted to target, and who was very careful and discrete, is nevertheless killed because one of their kids lost their iPhone and it ended up in the wrong hands?

7
1
John H Woods
Silver badge

Re: I can see both sides of the argument...

"Quite often thought needs to be given the to the "old way" of doing something, and compare it with a contemporary problem to try and justify what is right and what is wrong with, in this case Tim Cook's stance" -- Ken Moorhouse

A perfectly sensible approach ... but ...

"Let's say someone lodges an incriminating document in the vaults of a Swiss Bank. Would the bank accede to compelling legal requests to release the document?"

Ah, now that's the problem. If you are going to use analogies to form conclusions to the original case, they have to be analogous in the relevant respects. Try this.

A Swiss Bank vault may contain a document of as yet unknown value. There are four ways to open the vault

a) the emergency code, which is well known but will destroy any such document

b) the secret code to the vault, the knowledge of which has disappeared with its deceased owner

c) cracking the door lock somehow

d) drilling through the concrete into the bunker.

Now, the FBI, aided by the DoJ, want to do (c) but they want the vault manufacturer to make a tool which will open this vault. However the vault manufacturer demurs on the grounds that such a tool will open many of the vaults they have already sold.

If there's a good chance the document contains the date, time and location of a nuclear attack, then why not just drill (i.e. attempt to use electron microscopy to read the required info that the chips won't divulge). It's expensive but it might be worth it.

In this case, it's pretty unlikely there is such a document. Vaults known to have been used by the deceased that probably did contain such documents have been destroyed by him. He shared this vault with someone else (his employer) so he probably didn't put any incriminating documents in it.

So it's probably not worth doing (d). And if it's not worth doing (d) I'm not sure it's worth doing (c). However, because the US govt doesn't care about any of the other vaults, bizarrely including the ones belonging to citizen that it is its duty to protect,it is going to insist on (c).

It seems to me that the only thing the vault manufacturer can do is comply with the order but I think they have a reasonable case that the cost of this isn't just the tool, but the necessity of offering free replacement vaults which are invulnerable to that tool to all its existing customers.

3
0

Top new IoT foundation (yeah, another one) to develop open standards

John H Woods
Silver badge

Re: IoT - Has it's time passed?

"It means I can turn the heating on as I leave the office and have a warm house when I arrive home, without wasting gas by having it come on based on a timer. "

Can I ask you how many degrees your indoor temp has dropped by the time you activate the heating?

1
0

Yahoo! is! up! for! sale! – so! how! much! will! you! bid!?

John H Woods
Silver badge

Re: Our Highest Bid

upvote for "BARFERAGE"

0
0

Q: How many guns to arm nine coachloads of terrorists?

John H Woods
Silver badge

Re: Isn't it more worrying ...

Dave 126 you are correct that my point about balance is not relevant here but only because you have shorn it of its context, as an adjoinder to a point that was (the complaint that journalism is increasingly uncritical repetition devoid of analysis).

It is ironic that you have done so because the essence of my original point was the importance of context. It may be perfectly correct to report that "100kg of lead was stolen from the roof of St Mary's, which the vicar noted was enough to poison the local reservoir." It's factually accurate, and amusingly the danger is actually more real: the lead is still at large! But, reported like this, it is just alarmist nonsense.

4
0

Forums