Donate for the Cryptome archive of files from June 1996 to the present

29 March 2013

Government Control of Comsec Commerce

Jon Callas, March 28, 2013: "Remember, the only difference between lawful access and espionage is whose jurisdiction it is."

Date: Fri, 29 Mar 2013 13:31:38 +0100
From: Adam Back <adam[at]cypherspace.org>
To: Jon Callas <jon[at]callas.org>
Cc: "cryptography[at]randombit.net list" <cryptography[at]randombit.net>,
 Cryptopolictics Mailing List <cryptopolitics[at]randombit.net>
Subject: Re: [cryptography] Here's What Law Enforcement Can Recover From A
 Seized iPhone

I dont buy this "it wouldnt be cool so a consumer company wouldnt do it" argument.  Seemingly companies are very susceptible to law enforcement, legal and government influence and pressure.  I guess people are forgetting the hushmail episode.  And the CA episodes.  And much more recent Microsoft Skype rumors and partial confirmations.  The NSA illegal spying and the telco complicity and post-hoc legal immunity given for their illegal activites.

Lots of similar arguments could be and I think some were made about how it would be commercial suicide for various things to happen, and yet they happened, it came out eventually in a few cases.  I do not take this to mean its rare, I take it to mean companies PR departments know when to shutup, company officers know to not defy gag orders.  Depending on the architecture it can be very difficult to detect or technically verify.

Basically in the decades since commercial crypto export got liberalized, and the civilian crypto community thought they won, the dark side has not been idle, indeed they have been very very busy and quiet.

Consider:

- commercial and government operated CA malfeasance issuing certs for MITM boxes

- real-time GSM decryption and monitoring

- recording for decades position of all GSM phones in most western countries

- influence of companies via implied or explicit threat of loss of lucrtive government contract

- appeals to nationalism or four horsemen arguments

- Echelon persists and its use has been increasingly turned inwards on the countries own population.  That leads towards abuse of such facilities for more and minor crimes, even down to surveillance of activists rightly protesting against illegal corporate or illegal government activities.

- ramped up surveillance and keyword watching of the internet, massive data farms to store it for post-hoc fishing

- selling wide scale mass surveillance to dodgy regimes with human rights issues.  You think western country spooks arent using those against their own population?  Push the right buttons and western anti-corruption activists get targetted also.

Do you think if Apple has the technical mechanism because of the architecture, if not the softare, do you think they would refuse to develop the software if law enforcement came with some plausible sounding urgent high level demand?  Or a sealed court order requiring that the a company has to code a backdoor, or implement a targettable MITM, and on penalty of imprisonment for disclosure.  Right?  Its not like it hasnt happened before - hushmail, probably others - after all they try to legally gag the people so ordered.  Secret laws, the US has those; the legal ability to order people not to disclose law enforcement requests - that too.

I think this whole thing is an iceberg and we're seeing the tips of odd things that have become pubic knowledge.  Given the scale of the security and intrusion aspect of the military industrial complex, its not surprising.

And if you did know something you sure wouldnt be whistle-blowing against Apple.  Apple is notoriously litigious.  So insiders either wouldnt know or they'd keep quiet on the whole topic because they'd be subject to gag orders, and Apple itself would bring its legal focus on to the former
employee if they spoke out of turn.

BTW, as to coolness, I think Apple is much more evil than Microsoft - walled gardens, suing competitors over frivolous and abusive patent claims, excessive secrecy, clear conflict of interest app removals, abuse of DRM for device lock down, none of this is cool to me.  Cool to me is open and under MY control.

Adam 

On Thu, Mar 28, 2013 at 08:42:55PM -0700, Jon Callas wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 28, 2013, at 6:59 PM, Jeffrey Walton <noloader[at]gmail.com> wrote:

> On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas <jon[at]callas.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> [Not replied-to cryptopolitics as I'm not on that list -- jdcc]
>> 
>> On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg <jeffrey[at]goldmark.org> wrote:
>> 
>>>> Do hardware manufacturers and OS vendors have alternate methods? For
>>>> example, what if LE wanted/needed iOS 4's hardware key?
>>> 
>>> You seem to be talking about a single iOS 4 hardware key. But each device
>>> has its own. We don't know if Apple actually has retained copies of that.
>> 
>> I've been involved in these sorts of questions in various companies that 
>> I've worked.
> Somewhat related: are you bound to some sort of non-disclosure with
> Apple? Can you discuss all aspects of the security architecture, or is
> it [loosely] limited to Apple's public positions?

- From being there, Apple's culture and practices are such that everything 
they do is focused on making cool things for the customers. Apple fights for 
the users. The users' belief and faith in Apple saved it from near death. 
Everything there focuses on how it's good for the users. Also remember that 
there are many axes of good for the users. User experience, cost, reliability, 
etc. are part of the total equation along with security. People like you and 
me are not the target,  it's more the proverbial "My Mom" sort of user.

Moreover, they're not in it for the money. They're in it for the cool. 
Obviously, one has to be profitable, and obviously high margins are better 
than low ones, but the motivator is the user, and being cool. Ultimately, 
they do it for the person in the mirror, not for the cash.

I believe that Apple is too closed-mouthed about a lot of very, very cool 
things that they do security-wise. But that's their choice, and as a 
gentleman, I don't discuss things that aren't public because I don't blab. 
NDA or no NDA, I just don't blab.

> I regard these as the positive talking points. There's no slight of
> hand in your arguments, and I believe they are truthful. I expect them
> to be in the marketing literature.
> 
>>>> I suspect Apple has the methods/processes to provide it.
>>> I have no more evidence than you do, but my guess is that they don't, 
>>> for the simple reason that if they did that fact would leak out. ...
>> And that's just what I described above. I just wanted to put a sharper 
>> point on it. >> I don't worry about it because truth will out. ...
> A corporate mantra appears to be 'catch me if you can', 'deny deny
> deny', and then 'turn it over to marketing for a spin'.
> 
> We've seen it in the past with for example, Apple and location data,
> carriers and location data, and Google and wifi spying. No one was
> doing it until they got caught.
> 
> Please forgive my naiveness or my ignorance if I'm seeing things is a
> different light (or shadow).

Well, with locationgate at Apple, that was a series of stupid and unfortunate 
bugs and misfeatures. Heads rolled over it.

- From what I have read of the Google wifi thing, it was also stupid and 
unfortunate. The person who coded it up was a pioneer of wardriving. People 
realized they could do cool things and did them without thinking it through. 
Thinking it through means that there are things to do that are cool if you 
are just a hacker, but not if you are a company. If that had been written 
up here, or submitted at a hacker con, everyone would have cheered -- and 
basically did, since arguably a pre-alpha of that hack was a staple of DefCon 
contests. The superiors of the brilliant hackers didn't know or didn't grok 
what was going on.

In neither of those cases was anyone trying to spy. In each differently, 
people were building cool features and some combination of bugs and failure 
to think it through led to each of them. It doesn't excuse mistakes, but it 
does explain them. Not every bad thing in the world happens by intent. In 
fact, most of them don't.

> 
> Apple designed the hardware and hold the platform keys. So I'm clear
> and I'm not letting my imagination run too far ahead:
> 
> Apple does not have or use, for example, custom boot loaders signed by
> the platform keys used in diagnostics, for data extraction, etc.
> 
> There are no means to recover a secret from the hardware, such as a
> JTAG interface or a datapath tap. Just because I can't do it, it does
> not mean Apple, a University with EE program, Harris Corporation,
> Cryptography Research, NSA, GCHQ, et al cannot do it.

I alluded to that before. Prying secrets out of hardware is known technology. 
If you're willing to destroy the device, there's a lot you can do, from 
decapping the chip, to just x-raying it, etc.

> 
> A naturally random event is used to select the hardware keys, and not
> a deterministic event such as hashing a serial number and date of
> manufacture.
> 
> These are some of the goodies I would expect a manufacturer to provide
> to select customers, such as LE an GOV. I would expect that the
> information would be held close to the corporate chest, so folks could
> not discuss it even if they wanted to.

Really? Why?

I don't believe that it is in the interests of a company to shaft its 
customers. I'm not saying that none of them do -- I've been to bars where 
they water the drinks. I'm saying that the statement, "why *wouldn't* they 
water the drinks, it makes sense to water the drinks because you make more 
money that way" says a lot about what the speaker knows about business. 
You actually make more money by not watering the drinks and not having 
specials. It's brilliant. Instead of being in a race-to-the-bottom spiral 
of lowering margins as well as the gross cost (which makes for an n^2 
income drop), they sell only the high-margin, up-market product at a 
competitive price for up-market goods. That way you get a higher margin 
on a higher gross, which makes for an n^2 advantage.

Let me ask again -- what could an LE or GOV offer that would be better 
than being cool? Being a snitch, being a sell-out isn't cool. Lots of 
people don't get that. To them, money is more important than being cool. 
And all that means is they aren't cool. Some of those people are rich, 
which is good for them, but money can't buy cool.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFRVQ3EsTedWZOD3gYRAiMLAKDPjaaBh2c1bxdnJGcn2kCYcp7IvACfY/AI
VbqjxxSpO/ju+7/Qn3bbrKk=
=qWPa
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography[at]randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography