What am I missing?
Peter Lebbing
peter at digitalbrains.com
Wed Mar 30 19:13:05 CEST 2016
(I think this is too far off-topic actually, but hey)
On 30/03/16 15:46, Robert J. Hansen wrote:
> I try not to get involved in conspiracy theories, but this one's just...
> outrageous.
Can I ask why the conspiracy theory is "outrageous"? Can't you imagine that the
FBI, or at least part of it, would like to have a backdoor? They even got the US
president to say that he would like phones to have a backdoor. (It's clear his
previous job wasn't in IT security, because he'd then know it would seriously
weaken the protection of all phones the whole world over.) I hear the police
here in the Netherlands sometimes outright say they would like easier access to
suspects' files, not having to crack encryption. Is it hard to imagine that the
FBI might want the same thing, and that they can decide to use public opinion, a
case where a lot of innocent people died, as a lever to force a change they'd
like to see? I don't believe one moment they are so kind-hearted that they would
never exploit a tragedy for their own gain. (But obviously, you can't say you're
doing that, because that would be self-defeating.)
There are some really odd things. Everybody with some interest in this area
knows the first thing you do is make a low-level copy of all storage before you
begin anything. However, the FBI complains "it will wipe itself after X tries".
Without a TPM-like chip, just using regular memory chips and software, this is
not an obstacle for a well-funded shop.
And several parties have offered to crack the encryption, but the FBI didn't
take them up on it. Whereas once you have your copy, you can go crazy on a copy,
fuck up, make a new copy and ?REDO FROM START. So as long as you are comfortable
with the third party also reading what's on the phone, you can take them up on
it without damage. Unless of course it isn't about the data on the phone.
So I definitely did think this was about more than just this one phone. Like I
said, they even got a statement from the US president that "phones should have a
backdoor". But then suddenly they drop the case because they cracked the phone.
That was a major surprise for me. I cannot place it.
You know much more about digital forensics than me obviously. The only thing /I/
can think of is that there actually /is/ a TPM-like device involved. However,
I've understood that there is not, that it is simply all software. Perhaps I was
misinformed.
> ... or would they take on a small company that can't put up as much of a
> legal fight and wouldn't get as much publicity?
Hmmm, if you want to use public opinion as a force, you'd first need a terrorist
or child molester or what not who uses a phone made by a small company... Which
phone would that even be, by the way? Ubuntu phone, Jolla? Because I think most
people have either Android, Apple or Windows Phone. All three large companies.
And it wouldn't help to sue Microsoft, as Microsoft is of the interesting
opinion that the FBI is right, so you wouldn't get a court order with legal
precedence.
And you say the publicity is a bad thing. But they have a lot of sway because
this is a terrorist. If they just went after a small fish with an uncommon phone
and the court said "No, you can't have your backdoor", they'd have precedent for
the wrong outcome! You want to go in strong. For instance, you need to make it
like your opponent is in favour of terrorists and child molesters. "Smoking pot
funds terrorism"?
I'm not saying you're wrong; I don't know. I think there is more than just this
one phone, it doesn't add up without a good TPM chip deterring them. But that
they dropped the case doesn't seem to make sense in that scenario, which is in
favour of your view. I /am/ surprised by your vehemency stating it's
"outrageous". I don't think it's an outrageous view.
My 2 cents,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list