What am I missing?

Mauricio Tavares raubvogel at gmail.com
Wed Mar 30 19:26:23 CEST 2016


On Wed, Mar 30, 2016 at 1:13 PM, Peter Lebbing <peter at digitalbrains.com> wrote:
> (I think this is too far off-topic actually, but hey)
>
> On 30/03/16 15:46, Robert J. Hansen wrote:
>> I try not to get involved in conspiracy theories, but this one's just...
>> outrageous.
>
> Can I ask why the conspiracy theory is "outrageous"? Can't you imagine that the
> FBI, or at least part of it, would like to have a backdoor? They even got the US
> president to say that he would like phones to have a backdoor. (It's clear his
> previous job wasn't in IT security, because he'd then know it would seriously
> weaken the protection of all phones the whole world over.) I hear the police
> here in the Netherlands sometimes outright say they would like easier access to
> suspects' files, not having to crack encryption. Is it hard to imagine that the
> FBI might want the same thing, and that they can decide to use public opinion, a
> case where a lot of innocent people died, as a lever to force a change they'd
> like to see? I don't believe one moment they are so kind-hearted that they would
> never exploit a tragedy for their own gain. (But obviously, you can't say you're
> doing that, because that would be self-defeating.)
>
> There are some really odd things. Everybody with some interest in this area
> knows the first thing you do is make a low-level copy of all storage before you
> begin anything. However, the FBI complains "it will wipe itself after X tries".

      Which is amusing since the old Blackberry also did that. At
least my Storm 2.

> Without a TPM-like chip, just using regular memory chips and software, this is
> not an obstacle for a well-funded shop.
>
      Who is to say the TPM chip does not have a backdoor already?

> And several parties have offered to crack the encryption, but the FBI didn't
> take them up on it. Whereas once you have your copy, you can go crazy on a copy,
> fuck up, make a new copy and ?REDO FROM START. So as long as you are comfortable
> with the third party also reading what's on the phone, you can take them up on
> it without damage. Unless of course it isn't about the data on the phone.
>
> So I definitely did think this was about more than just this one phone. Like I
> said, they even got a statement from the US president that "phones should have a
> backdoor". But then suddenly they drop the case because they cracked the phone.
> That was a major surprise for me. I cannot place it.
>
> You know much more about digital forensics than me obviously. The only thing /I/
> can think of is that there actually /is/ a TPM-like device involved. However,
> I've understood that there is not, that it is simply all software. Perhaps I was
> misinformed.
>
>> ... or would they take on a small company that can't put up as much of a
>> legal fight and wouldn't get as much publicity?
>
> Hmmm, if you want to use public opinion as a force, you'd first need a terrorist
> or child molester or what not who uses a phone made by a small company... Which
> phone would that even be, by the way? Ubuntu phone, Jolla? Because I think most
> people have either Android, Apple or Windows Phone. All three large companies.
> And it wouldn't help to sue Microsoft, as Microsoft is of the interesting
> opinion that the FBI is right, so you wouldn't get a court order with legal
> precedence.
>
      Also, Google already gets data from whoever uses its
services/software/hardware. Who is to day they too are not like
Microsoft and giving it to government agencies?

Now, the amusing thing is: had the FBI won, other nations would have a
valid precedent to demand the very same thing. If you remember, for a
while the Blackberry messaging system was considered highly secure if
both parties were using the BB enterprise thing. But then a few
countries forced RIM, who is smaller than Apple (and Canadian, which
automatically means less clout and money) to put servers in those
networks so they could decrypt the messages being sent.

> And you say the publicity is a bad thing. But they have a lot of sway because
> this is a terrorist. If they just went after a small fish with an uncommon phone
> and the court said "No, you can't have your backdoor", they'd have precedent for
> the wrong outcome! You want to go in strong. For instance, you need to make it
> like your opponent is in favour of terrorists and child molesters. "Smoking pot
> funds terrorism"?
>
> I'm not saying you're wrong; I don't know. I think there is more than just this
> one phone, it doesn't add up without a good TPM chip deterring them. But that
> they dropped the case doesn't seem to make sense in that scenario, which is in
> favour of your view. I /am/ surprised by your vehemency stating it's
> "outrageous". I don't think it's an outrageous view.
>
> My 2 cents,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list