John Oliver Explains Why You Should Side With Apple Over The FBI Better Than Most Journalists
from the and-better-than-apple dept
You had to know this was coming eventually, but the latest John Oliver main story was his take on the Apple v. FBI encryption fight. If you haven’t seen it yet, here it is:
But the biggest contribution to the debate — which I hope that people pay most attention to — is the point that Oliver made in the end with his faux Apple commercial. Earlier in the piece, Oliver noted that this belief among law enforcement that Apple engineers can somehow magically do what they want is at least partially Apple’s own fault, with its somewhat overstated marketing. So, Oliver’s team made a “more realistic” Apple commercial which noted that Apple is constantly fighting security cracks and vulnerabilities and is consistently just half a step ahead of hackers with malicious intent (and, in many cases, half a step behind them).
This is the key point: Building secure products is very, very difficult and even the most secure products have security vulnerabilities in them that need to be constantly watched and patched. And what the government is doing here is not only asking Apple to not patch a security vulnerability that it has found, but actively forcing Apple to make a new vulnerability and then effectively forcing Apple to keep it open. For all the talk of how Apple can just create the backdoor just this once and throw it away, this more like asking Apple to set off a bomb that blows the back off all houses in a city, and then saying, “okay, just throw away the bomb after you set it off.”
Hopefully, as in cases like net neutrality, Oliver’s piece does it’s job in informing the public what’s really going on.
Filed Under: doj, encryption, fbi, going dark, iphone, john oliver, matt blaze, security, vulnerabilities
Companies: apple
Comments on “John Oliver Explains Why You Should Side With Apple Over The FBI Better Than Most Journalists”
The perfect counter to a stupid argument
“When I hear the ‘If we can put a man on the moon we can do this’ I’m hearing an analogy almost as if we’re saying ‘If we can put a man on the moon, well surely we can put a man on the sun.'” -Matt Blaze
Re: The perfect counter to a stupid argument
Why not put a man on the sun? we just have to go at night.
Re: Re: The perfect counter to a stupid argument
so… what you are saying, is that the US Govt is making statements that North Korea is making?
wait wait wait
the USA, (one of) the most powerful nations on earth, with a sizable nuclear stockpile, is making bat-shit insane statements?
THAT should scare the FUCK out of any sane person.
Re: The perfect counter to a stupid argument
Oliver actually uses that quote in his segment.
Re: Re: The perfect counter to a stupid argument
What a coincidence.
The video appears to be encrypted with the “Theuploaderhasnotmadethisvideoavialableinyourcountry” key. Do you think Apple could decrypt it for me?
Re: Re:
No, because it isn’t four digits long.
Re: Re:
No, but the PWN YouTube bookmarklet can do it for you;
SD, MP4, 58MB
https://www.sendspace.com/file/lassh6
HD, MP4, 195MB
https://www.sendspace.com/file/1fpk9v
Download quickly, the file and/or this message may get deleted.
Re: Re:
Its also on the Last Week Tonight facebook page – no restrictions.
Re: Re:
Torrent sites are your friend. As are VPNs.
Re: Re: Re:
Until YouTube adopts Netflix’s stupid strategy of blocking VPNs and all sorts of proxies.
Engineering reaction
As much as I liked the overall video, I have to say that the engineers’ reaction to a hacker finding a flaw at the end of the segment is too optimistic. Normally the reactions are much more panicked and much more vehement, especially if the flaw is being actively exploited and you were the guy responsible for the code in question.
Wow
Hilarious, and deeply informative without once being “technical” (and not a single mistake on the presenter’s part that I could see, which is VERY unusual).
If only education and pop-sci journalism in general were this well done.
Re: Wow
Hilarious, and deeply informative without once being “technical” (and not a single mistake on the presenter’s part that I could see, which is VERY unusual).
If only education and pop-sci journalism in general were this well done.
His staff reached out to a number of experts, including two people I know who are really, really good on encryption.
whether i mean to or not, i’m beginning to nudge george carlin’s star over just a bit in that high and far constellation to make room for one for john oliver.
Re: Re:
Probably not an entirely fair comparison, because Carlin was one man and Oliver has a team of writers and researchers. But in simple terms of the quality of the satire they produce, I totally agree.
Re: Re: Re:
Can I just put forward The Bugle Podcast as evidence that Oliver is a brilliant satirist even without a team of writers.
Worn tires on wet pavement slide and create accidents. This is a far more common event than having to open an encrypted phone. So why isn’t the government demanding that car makers do away with tires on all vehicles? It would have far more effective result than demanding Apple create a new government OS for it’s phones.
Of course the car makers, tire makers, tire sellers, and tire shops are going to bitch, but hey automakers should be able to do anything they tell their engineers to come up with… /s
Re: Re:
Not nearly as much as insurance companies will. Wait till you see what they have to say about self driving vehicles.
I don't know what's more scary...
The fact that the FBI might win their court case, or the fact that Lindsey Graham is the voice of reason in congress.
The Media Not Realizing That They Are Clueless Concerning Encryption
Fox News this morning unbelievably continued to wage its erroneous biased war against the iPhone. In this case, there was a person who created third party software that allows communications to be encrypted. Fox News continued to rage how the encryption of the iPhone needs to be “broken” so law enforcement can examine the communications on an iPhone.
Apparently Fox News was clueless to the fact that third party encryption software is different from the iPhone itself. Breaking the iPhone, will not magically give law enforcement access to the communications of terrorists using this third party software.
Moreover, the existence of this third party encryption software means that the attack on the iPhone by law enforcement could be considered moot. Should the iPhone encryption be broken, the terrorists will simply adapt by using another form of encryption.
What then security people? Essentially you have achieved nothing except create a security risk for law abiding people.
To reiterate, unbreakable encryption is needed for legitimate business and personal reasons. Breaking it will only mean that the law abiding will become susceptible to security breaches and malicious hacking.
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
Fox News isn’t clueless. They are part and parcel of the same Rupert Murdoch empire that got nailed in the UK for scraping information off of peoples phones. They are likely doing, or want to do something similar here.
The funny part of that is that they got in trouble for it in the UK. Probably because the government was jealous of their capability, or was incensed at their bringing the practice into the public’s awareness.
Re: Re: The Media Not Realizing That They Are Clueless Concerning Encryption
That may explain the endless stream of shills on Fox News only asserting that encryption only helps the terrorists, while blatantly ignoring the benefits of encryption for legitimate purposes.
Re: Re: The Media Not Realizing That They Are Clueless Concerning Encryption
??
Jealous of “people not changing the default pins on their voicemail”/”people being socially engineered into giving their pin out”/”journalists mimicking caller-id”
??
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
“Essentially you have achieved nothing except create a security risk for law abiding people.”
Let me work on that..
“Essentially you have achieved nothing except further the cause of the endless war on terror, generate mega profits for the usual contractors, and keep many thousands of federal employees in plush pensions for ever and ever.”
Taht looks much better.
“the law abiding will become susceptible to security breaches and malicious hacking”
Of course. One can’t make omelettes without breaking a few eggs. It’s a shame and all that, but one must have one’s priorities straight.
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
Sort of. unfeaibly breakable encryptionis the primary goal. The reason why it needs to be unfeasible is so that very few of the world’s fascist agents can crack the encryption for a good long while.
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
“…third party encryption software is different from the iPhone itself. Breaking the iPhone, will not magically give law enforcement access to the communications of terrorists using this third party software.“
My take on this is that the goal is to access the endpoints. The easiest way to defeat encryption is not to brute force decrypt (which is hard, if not outright impossible) but to access an endpoint, and thereby gain access to the plaintext. This case against Apple is a step in that direction.
I’d show this video to my friend, but he probably would just dismiss the concerns of setting a precedent (“That’s good!”) and of the software getting out (“Not if they keep it in a safe place.”) and would just say that Apple should unlock the phone themselves.
going dark means stop using tech. you dont talk about murdering someone on the phone then take snap-chats of the body unless your OJ, organized crime, terrorist, and police figured this out awhile back.
The video is great, but it’s a perfect example of the mixing of issues to try to scare people about what the FBI has asked Apple to do.
The FBI didn’t ask for encryption to be broken, or for a patch that breaks encryption to be applied to every phone Apple ever made. That’s bullshit. That’s Apple’s scaremongering script being recited almost word for word.
Yes, Oliver got it right, the FBI wants unlimited shots at the passcode. But honestly, he brushed over it and made it a fast joke about remembering passcodes, and then went right back to ranting on about Apple being forced to destroy the encryption on every other phone in the world.
It’s an artful pack of Apple propaganda, and not much more. Gotta bet he’s a fanboi.
Re: Re:
The FBI didn’t ask for encryption to be broken, or for a patch that breaks encryption to be applied to every phone Apple ever made.
Unfortunately, there is no magic that allows Apple to do exactly that. If they weaken the encryption for this one phone, it’s weakened for all iPhones of that generation. No matter what Apple marketing would like you to think, iPhones are mass produced, not lovingly crafted by hand, each phone a unique work of art.
I know neither you nor FBI understand technology and think Apple can just command their flock of wizards to do your bidding, but please keep your fanfics to yourself. Out here in the real world you could do a lot of damage with that powerful imagination of yours.
Your post is an artful pack of government propaganda, and not much more. Gotta bet you’re a fanboi.
Re: Re: Re:
“Unfortunately, there is no magic that allows Apple to do exactly that. If they weaken the encryption for this one phone, it’s weakened for all iPhones of that generation. No matter what Apple marketing would like you to think, iPhones are mass produced, not lovingly crafted by hand, each phone a unique work of art.”
Nonsense. Apple controls the update system, they would not and will not be forced to apply the same patch to every other phone out there. Moreover, their strict control on updates (go outside the box, you own an expensive brick) means that the patch ain’t going out in the wild.
“Your post is an artful pack of government propaganda, and not much more.”
You aren’t even a very good troll. Gotta bet your a Mike Fanboi. 😉
Re: Re: Re: Re:
It will be the most sought-after software in the entire world, both by foreign governments and by organized crime.
If they get a copy they WILL hack it and gain entry to all iPhones.
As a software developer that has done encryption software, Apple is 100% correct. You can’t make encryption that just works for the good guys. It either works, or it doesn’t.
Re: Re: Re:2 Re:
Well, in the larger scheme of things, so what?
If people trust the strength of a 4-digit pin when the physical hardware in the hands of a determined, capable, resourceful adversary… well…
I mean, you don’t even necessarily have to put a major nation-state as the adversary in your threat model. How about the resources and capabilities of a large multinational corporation? Say a Boeing-owned iPhone falls into Airbus hands.
Just saying.
Re: Re: Re: Re:
You aren’t even a very good troll
You should know. After all, you speak from experience, master humorist.
Re: Re:
Your Apple hatred is getting really tiring. You offer nothing to the discussion except attacks on Apple, completely missing the bigger, far more important issues.
Re: Re: Re:
JMT, I understand the biggest issues. What you aren’t understanding is that this issue isn’t connected to the bigger issues. The FBI request is NARROW, it is FOCUSED, and it is for something that does not harm, change, or any way backdoor the encryption.
Most importantly: The special OS patch (because it will be just a minor patch) won’t get rolled out every Apple phone in the world. The small change (likely something to reset an attempt counter back to zero every couple of milliseconds) is just that, a small change to a single phone.
I understand the biggest issues, and that is a separate debate. Apple is trying to link the two in order to avoid dealing with simple issue that their short pincode system essentially defeats all of their encryption. If Apple could just fess up to that and deal with it, the rest of the debate might be easier to swallow.
Re: Re: Re: Re:
The FBI request is NARROW, it is FOCUSED, and it is for something that does not harm, change, or any way backdoor the encryption.
The ‘request’ is for Apple to create custom code for the express purpose of removing security features. If Apple can be forced to do that here then it’s not a stretch at all to expect that it’s only a matter of time until they’re presented with a ‘request’ to decrypt data or ensure that they can do so whenever presented with ‘a lawfully given order’, especially as the DOJ/FBI is already arguing that Apple specifically implemented their security features in order to avoid being able to do so.
When the government’s legal filings already include a demonization of encryption by claiming that it’s implemented primarily to avoid warrants it’s a stretch not to think that an order to remove security in one case won’t lead to the very thing happening more later on, especially when you’ve got other groups sending in support for the FBI/DOJ making it clear that if Apple can be forced in this case they will use the precedent in other cases.
Most importantly: The special OS patch (because it will be just a minor patch) won’t get rolled out every Apple phone in the world.
Strawman argument, no-one’s saying it would be. What people are saying is that with the multitude of ‘requests’ to undermine and/or remove security that Apple will be presented with if they are forced to do so here it’s not a matter of ‘if’ those ‘patches’ will leak, but ‘when’, making things less secure for everyone. Not to mention the idea that a company should be allocating resources deliberately undermining security, when companies should be doing the absolutely opposite is just asking for trouble
The small change (likely something to reset an attempt counter back to zero every couple of milliseconds) is just that, a small change to a single phone.
That ‘small change’ is estimated by Apple to require half a dozen people working for a month to create, and that’s just for this case. If the precedent is set that they can be compelled to do this then they are going to be very busy making ‘small changes’ for everyone that comes knocking, either starting from scratch each time and making patches that only work on one phone, or making a patch that works for a large number of phones and keeping it for future ‘requests’, which opens up hefty problems for when that patch is leaked.
Speaking of ‘small change’ however, if your argument is that it’s not that difficult so they should just do it, wasn’t that long ago that an article was posted here on TD talking about how the FBI almost certainly already has the capabilities to bypass the password restriction with just a little tinkering with the hardware. That sounds like a pretty easy process to me, and would likely take less time than waiting for Apple, so if there really is sensitive and valuable data on the phone they should have skipped the court case entirely and gone with that route.
Of course let’s not forget that this could have been avoided entirely had the FBI not monumentally screwed up by letting the public root through the home of the perpetrators of an active case, followed by their bungling that resulted in the device password being reset in the first place. Not Apple’s fault the FBI is so freakin’ incompetent, so don’t see why they should be forced to step in and clean up the FBI’s mess.
Apple is trying to link the two in order to avoid dealing with simple issue that their short pincode system essentially defeats all of their encryption.
That ‘simple’ pincode system is apparently enough to stop the FBI/DOJ cold(helped along by the fact that both are so lazy).
Of course even if the password system were flawless what stops the DOJ, FBI or any other agency from going to Apple and demanding ‘Remove the requirement to enter the password’? Right now the limit on attempts is what’s stopping them, if something else like encryption is what keeps them from accessing the data in another case, and they’ve got a precedent that they can force a company to remove security features that keep them from otherwise ‘protected’ data, then the fight is already mostly won for them.
1) Companies can be compelled to remove security features that prohibits access to data.
2) Encryption is a security feature that prohibits access to data.
3) Therefore companies can be compelled to remove or bypass the encryption that they implemented to allow access to the data.
Re: Re: Re:2 Re:
The government is almost certainly misstating material facts. Should we conclude that there is a high probability the government is intentionally misstating material facts?
Has the government already tested the particular technique to which you’re referring?
Some of the other approaches that have been sketched out should not be characterized as “pretty easy”. The approaches that have the greatest probability of success —overwhelming odds— required advanced equipment, expertise, and a certain amount of care. In particular, one of the two techniques for running unsigned code on the A6 processor would require substantial reverse engineering effort. Even the second, less-invasive technique would require information about the off-processor bus architecture that I have not found in the open literature, and thus may need to be reverse engineered.
Re: Re: Re:3 Re:
The government is almost certainly misstating material facts. Should we conclude that there is a high probability the government is intentionally misstating material facts?
Oh they wouldn’t necessarily have to lie directly, they could simply lie by omission. They could claim that they cannot do A without (forced) assistance from Apple, and just ‘forget’ to mention that they can try B, C and D completely on their own.
Has the government already tested the particular technique to which you’re referring?
Here’s the article that discusses the technique I’m referring to. Put simply they remove the chip that contains the file system key, copy the data to another device, install the chip back in the phone and make the attempts. If they don’t get it in those attempts they remove the chip, copy the original data back into it, which resets the counter, and then try again.
Time consuming and a hassle to be sure, but assuming the idea is sound then it’s simply a matter of how badly do they want the data and how much work are they willing to spend to get it. Unless the person who wrote about the technique was wildly off the FBI/DOJ does have a way to break into the phone, it would just take them a good deal of work to do it, and more importantly from their point of view wouldn’t grant them the precedent they want so badly from this case.
Re: Re: Re:4 Re:
Stacey Perino declaration (Mar 9, 2016; Document 149-3) p.4-5 (p.312-3 in PDF):
Re: Re: Re:4 Re:
Thank you for the pointer to that article, I appreciate the courtesy. But you didn’t address the question I asked—
Has the government already tested that technique?
Re: Re: Re:5 Re:
Has the government already tested that technique?
On this particular device, not as far as I’m aware, though unless I misread it the technique was pretty simple(if time-consuming) as far as it goes, so they should have no problem doing so if they wanted to.
At this point however I’m firmly of the opinion that they’re in it for the precedent, not the contents of the phone, and as such I wouldn’t expect them to actually try to get the contents themselves, as that wouldn’t give them the precedent they want.
Re: Re: Re:6 Re:
Imo, any reasonable engineer taking that particular approach would simply emulate the NAND flash, rather than attempting to repeatedly reattach an actual flash device.
It’s been awhile since I’ve worked with FPGAs, but I’m reasonably confident that an FPGA and some DRAM (and might still want to to pass through to actual flash for non-volatile data) would emulate the NAND flash with sufficient speed that there wouldn’t be any need to slow clocks down.
Of course, hacking together a NAND flash emulator would require some engineering effort. So, it’d be worth looking to see whether an off-the-shelf flash emulator would work in this application.
Re: Re: Re:7 Re:
In contrast, btw, simulating the baseband processor would probably not necessarily require emulating the actual capacity to make phone calls. A simulated baseband processor just has to convince the application processor that it’s ok to boot up and load trusted code from “flash”.
Re: Re: Re:6 Re:
I posted a question in another recent article, but got not replies, so I’m going to repeat it here, in abbreviated form—
Back on February 18, the New York Times reported:
Do we believe this? Do we believe that Apple would have acceded to the government’s request, had the application been made under seal?
Imo, the confidence placed in this anonymously-sourced intelligence goes towards an assessment of the government’s motives.
Re: Re: Re:7 Re:
Do we believe this? Do we believe that Apple would have acceded to the government’s request, had the application been made under seal?
Possible, but unlikely I’d say, though a large part would depend on how far ahead Apple’s lawyers were thinking. In the short term, folding and doing what the FBI/DOJ demanded is certainly cheaper than duking it out in court, but long-term they’d basically have been dousing themselves in blood and jumping into shark infested water by doing so, which would have made fighting the better choice. Once they’d done it once they would have known that refusing future requests would have been all the harder, which means they’d have been stuck doing so time and time again.
Given they can be stupid at times, but not that stupid I imagine they still would have fought the order in court, even under seal, it just wouldn’t have turned into the circus it has since the matter went public.
Re: Re: Re:8 Re:
In the EDNY case, Apple was invited to intervene by Magistrate Judge Orenstein, and their initial response in that case was rather tepid.
Is the critical difference between the two cases iOS 7 (EDNY) as opposed to iOS 9 (CDCal) ?
Re: Re: Re:6 Re:
Suppose that they’ve gamed this out, and expect Apple to ultimately prevail in court.
Then, FBI and friends —through a massive PR effort— —involving fraud on the courts— would have just convinced the great bulk of the public to believe that a 4 digit pin is sufficient to protect their secrets against the motivated assault of a major nation-state.
Re: Re: Re:4 Re:
Christopher Pluhar declaration (Feb 16, 2016) p.5 (p.25 in PDF):
Re: Re: Re:
“The FBI request is NARROW, it is FOCUSED, and it is for something that does not harm, change, or any way backdoor the encryption.”
The FBI request is narrowly focused on bypassing an important security feature that makes the encryption effective. The encryption will be irrelevant if the passcode can be so easily hacked. Arguing that this in not backdooring the encryption is a lame semantic point. The effect is exactly the same.
“The special OS patch (because it will be just a minor patch) won’t get rolled out every Apple phone in the world. The small change (likely something to reset an attempt counter back to zero every couple of milliseconds) is just that, a small change to a single phone.”
Once again, you look very foolish sticking to this very early claim that most people, even those on the government’s side, now realize is completely false. Hard to take you seriously when you keep repeating it with such conviction.
credit to his sizable team of writers :)
where its due. It always annoyed me, even when he acted on the Daily Show, that the presenters get all the credit, and the show’s writers get none.
beware the ides of march
1. If Apple is forced to decrypt now, they’ll be forced to do so again, and again, and again…
2. Apple isn’t the only company making encryption software. We’ve been down this whack-a-mole road before. When metallica sued Napster, did file sharing stop?
3. Whoever expects Apple to decrypt at the command of the government, should also expect no privacy with anything that they do online (emails, medical records [thanks President Obama], online purchases…the whole 9)
4. Per usual, the terrorists win because we always attack each other after being attacked by the terrorists.
Who says incription must be mass produced?
2 things:
1. I understand the FBI can complete a work-around by isolating the chip and using brute force without any assistance from Apple.
2. Going out on a limb here and I’m not an encryption wiz. However, why does encryption need to be developed on a 1-size-fits-all basis? Why can’t the underlying code be set so that it achieves a different result for each phone? sort of like a PGP approach. Admittedly difficult and expensive but that would remove Apple from the issue.
I’m sure many of you can let me know how silly that idea is?
Re: Who says incription must be mass produced?
I don’t understand this question. What do you mean by “a different result for each phone”?
Re: Who says incription must be mass produced?
Of the techniques for getting unsigned code to run on the A6, the one in which I have the highest degree of confidence involves isolating the application processor from simulated RAM. Due to the “Package-on-Package” stacking of the application processor die with the Elpida LPDDR2 RAM, that approach would require removing the outer package of the A6.
So yeah, isolating the “chip”.
Accurate News
It is a sad state of affairs when then most accurate reporting you can get on the important issues is on the satire shows. Granted they only do one show a week and dig deep into a few stories. Still “The Daily Show” “This Week Tonight”, etc do more accurate reporting than any of the “True” news outlets with their repetitive sound bites and willingness to pass on press releases with almost no research into what are in them.
Even if it was possible, somehow, to enable encryption for good guys only, it would be abused because “good guys” like the NSA would spy on “bad guys” like Snowden, Poitras, Assange, Manning, Greenwald etc.
Re: Re:
PS: NSA already spy and harass that people, who encrypt their communications.