29 March 2013
Government Control of Comsec Commerce
Jon Callas, March 28, 2013: "Remember, the only difference between lawful
access and espionage is whose jurisdiction it is."
Date: Fri, 29 Mar 2013 13:31:38 +0100
From: Adam Back <adam[at]cypherspace.org>
To: Jon Callas <jon[at]callas.org>
Cc: "cryptography[at]randombit.net list"
<cryptography[at]randombit.net>,
Cryptopolictics Mailing List
<cryptopolitics[at]randombit.net>
Subject: Re: [cryptography] Here's What Law Enforcement Can Recover From
A
Seized iPhone
I dont buy this "it wouldnt be cool so a consumer company wouldnt do it"
argument. Seemingly companies are very susceptible to law enforcement,
legal and government influence and pressure. I guess people are forgetting
the hushmail episode. And the CA episodes. And much more recent
Microsoft Skype rumors and partial confirmations. The NSA illegal spying
and the telco complicity and post-hoc legal immunity given for their illegal
activites.
Lots of similar arguments could be and I think some were made about how it
would be commercial suicide for various things to happen, and yet they happened,
it came out eventually in a few cases. I do not take this to mean its
rare, I take it to mean companies PR departments know when to shutup, company
officers know to not defy gag orders. Depending on the architecture
it can be very difficult to detect or technically verify.
Basically in the decades since commercial crypto export got liberalized,
and the civilian crypto community thought they won, the dark side has not
been idle, indeed they have been very very busy and quiet.
Consider:
- commercial and government operated CA malfeasance issuing certs for MITM
boxes
- real-time GSM decryption and monitoring
- recording for decades position of all GSM phones in most western countries
- influence of companies via implied or explicit threat of loss of lucrtive
government contract
- appeals to nationalism or four horsemen arguments
- Echelon persists and its use has been increasingly turned inwards on the
countries own population. That leads towards abuse of such facilities
for more and minor crimes, even down to surveillance of activists rightly
protesting against illegal corporate or illegal government activities.
- ramped up surveillance and keyword watching of the internet, massive data
farms to store it for post-hoc fishing
- selling wide scale mass surveillance to dodgy regimes with human rights
issues. You think western country spooks arent using those against
their own population? Push the right buttons and western anti-corruption
activists get targetted also.
Do you think if Apple has the technical mechanism because of the architecture,
if not the softare, do you think they would refuse to develop the software
if law enforcement came with some plausible sounding urgent high level
demand? Or a sealed court order requiring that the a company has to
code a backdoor, or implement a targettable MITM, and on penalty of imprisonment
for disclosure. Right? Its not like it hasnt happened before
- hushmail, probably others - after all they try to legally gag the people
so ordered. Secret laws, the US has those; the legal ability to order
people not to disclose law enforcement requests - that too.
I think this whole thing is an iceberg and we're seeing the tips of odd things
that have become pubic knowledge. Given the scale of the security and
intrusion aspect of the military industrial complex, its not surprising.
And if you did know something you sure wouldnt be whistle-blowing against
Apple. Apple is notoriously litigious. So insiders either wouldnt
know or they'd keep quiet on the whole topic because they'd be subject to
gag orders, and Apple itself would bring its legal focus on to the former
employee if they spoke out of turn.
BTW, as to coolness, I think Apple is much more evil than Microsoft - walled
gardens, suing competitors over frivolous and abusive patent claims, excessive
secrecy, clear conflict of interest app removals, abuse of DRM for device
lock down, none of this is cool to me. Cool to me is open and under
MY control.
Adam
On Thu, Mar 28, 2013 at 08:42:55PM -0700, Jon Callas wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 28, 2013, at 6:59 PM, Jeffrey Walton <noloader[at]gmail.com> wrote:
> On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas <jon[at]callas.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> [Not replied-to cryptopolitics as I'm not on that list -- jdcc]
>>
>> On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg <jeffrey[at]goldmark.org> wrote:
>>
>>>> Do hardware manufacturers and OS vendors have alternate methods? For
>>>> example, what if LE wanted/needed iOS 4's hardware key?
>>>
>>> You seem to be talking about a single iOS 4 hardware key. But each device
>>> has its own. We don't know if Apple actually has retained copies of that.
>>
>> I've been involved in these sorts of questions in various companies that
>> I've worked.
> Somewhat related: are you bound to some sort of non-disclosure with
> Apple? Can you discuss all aspects of the security architecture, or is
> it [loosely] limited to Apple's public positions?
- From being there, Apple's culture and practices are such that everything
they do is focused on making cool things for the customers. Apple fights for
the users. The users' belief and faith in Apple saved it from near death.
Everything there focuses on how it's good for the users. Also remember that
there are many axes of good for the users. User experience, cost, reliability,
etc. are part of the total equation along with security. People like you and
me are not the target, it's more the proverbial "My Mom" sort of user.
Moreover, they're not in it for the money. They're in it for the cool.
Obviously, one has to be profitable, and obviously high margins are better
than low ones, but the motivator is the user, and being cool. Ultimately,
they do it for the person in the mirror, not for the cash.
I believe that Apple is too closed-mouthed about a lot of very, very cool
things that they do security-wise. But that's their choice, and as a
gentleman, I don't discuss things that aren't public because I don't blab.
NDA or no NDA, I just don't blab.
> I regard these as the positive talking points. There's no slight of
> hand in your arguments, and I believe they are truthful. I expect them
> to be in the marketing literature.
>
>>>> I suspect Apple has the methods/processes to provide it.
>>> I have no more evidence than you do, but my guess is that they don't,
>>> for the simple reason that if they did that fact would leak out. ...
>> And that's just what I described above. I just wanted to put a sharper
>> point on it. >> I don't worry about it because truth will out. ...
> A corporate mantra appears to be 'catch me if you can', 'deny deny
> deny', and then 'turn it over to marketing for a spin'.
>
> We've seen it in the past with for example, Apple and location data,
> carriers and location data, and Google and wifi spying. No one was
> doing it until they got caught.
>
> Please forgive my naiveness or my ignorance if I'm seeing things is a
> different light (or shadow).
Well, with locationgate at Apple, that was a series of stupid and unfortunate
bugs and misfeatures. Heads rolled over it.
- From what I have read of the Google wifi thing, it was also stupid and
unfortunate. The person who coded it up was a pioneer of wardriving. People
realized they could do cool things and did them without thinking it through.
Thinking it through means that there are things to do that are cool if you
are just a hacker, but not if you are a company. If that had been written
up here, or submitted at a hacker con, everyone would have cheered -- and
basically did, since arguably a pre-alpha of that hack was a staple of DefCon
contests. The superiors of the brilliant hackers didn't know or didn't grok
what was going on.
In neither of those cases was anyone trying to spy. In each differently,
people were building cool features and some combination of bugs and failure
to think it through led to each of them. It doesn't excuse mistakes, but it
does explain them. Not every bad thing in the world happens by intent. In
fact, most of them don't.
>
> Apple designed the hardware and hold the platform keys. So I'm clear
> and I'm not letting my imagination run too far ahead:
>
> Apple does not have or use, for example, custom boot loaders signed by
> the platform keys used in diagnostics, for data extraction, etc.
>
> There are no means to recover a secret from the hardware, such as a
> JTAG interface or a datapath tap. Just because I can't do it, it does
> not mean Apple, a University with EE program, Harris Corporation,
> Cryptography Research, NSA, GCHQ, et al cannot do it.
I alluded to that before. Prying secrets out of hardware is known technology.
If you're willing to destroy the device, there's a lot you can do, from
decapping the chip, to just x-raying it, etc.
>
> A naturally random event is used to select the hardware keys, and not
> a deterministic event such as hashing a serial number and date of
> manufacture.
>
> These are some of the goodies I would expect a manufacturer to provide
> to select customers, such as LE an GOV. I would expect that the
> information would be held close to the corporate chest, so folks could
> not discuss it even if they wanted to.
Really? Why?
I don't believe that it is in the interests of a company to shaft its
customers. I'm not saying that none of them do -- I've been to bars where
they water the drinks. I'm saying that the statement, "why *wouldn't* they
water the drinks, it makes sense to water the drinks because you make more
money that way" says a lot about what the speaker knows about business.
You actually make more money by not watering the drinks and not having
specials. It's brilliant. Instead of being in a race-to-the-bottom spiral
of lowering margins as well as the gross cost (which makes for an n^2
income drop), they sell only the high-margin, up-market product at a
competitive price for up-market goods. That way you get a higher margin
on a higher gross, which makes for an n^2 advantage.
Let me ask again -- what could an LE or GOV offer that would be better
than being cool? Being a snitch, being a sell-out isn't cool. Lots of
people don't get that. To them, money is more important than being cool.
And all that means is they aren't cool. Some of those people are rich,
which is good for them, but money can't buy cool.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii
wj8DBQFRVQ3EsTedWZOD3gYRAiMLAKDPjaaBh2c1bxdnJGcn2kCYcp7IvACfY/AI
VbqjxxSpO/ju+7/Qn3bbrKk=
=qWPa
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography[at]randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
|