Author Topic: [Online] Privacy vs Government spying  (Read 4064 times)

0 Members and 1 Guest are viewing this topic.

atommo

  • Tier 7
  • *
  • Posts: 719
  • Gender: Male
  • Awesomeness :D
  • Current Mood: cool cool
[Online] Privacy vs Government spying
« on: March 30, 2016, 07:18:21 PM »
This has been in the news quite a lot lately. Mass spying and all that (NSA, GCHQ and other departments of governments doing things they should not have been doing). Apple refusing to let the FBI hack their phone OS because of privacy but then the FBI hacked it anyway.

So. Are you for or against spying?

Few of points from me:

-Governments advocated for increased online spying after the Paris attacks even though the terrorists used unencrypted communication (source https://www.techdirt.com/articles/20151118/08474732854/after-endless-demonization-encryption-police-find-paris-attackers-coordinated-via-unencrypted-sms.shtml and you can find others if you search around)

-This may be controversial to some, and I must stress this is just my view, but to me it feels like terrorism is being blown out of proportion by governments. They seem to be using it as an excuse for pretty much anything controversial related to privacy. Having said this, terrorism does still kill people. However, this should not be an excuse to have our privacy rights stripped away from us.

-The whole case from Apple vs FBI seemed sketchy. If you searched enough, you would've found sources demonstrating the FBI could get into the iPhone even without Apple's help. Then why did the FBI claim it needed Apple's help? To get backdoor access to ALL the iPhones in the world? It does make you wonder... (source https://theintercept.com/2016/03/08/snowden-fbi-claim-that-only-apple-can-unlock-phone-is-bullshit/)

So how do others feel about this?
The sentence below is false
The sentence above is true

Eli

  • *
  • Tier 7
  • **
  • Posts: 833
  • Gender: Male
  • Det. Meddlesome
  • Current Mood: tired tired
Re: [Online] Privacy vs Government spying
« Reply #1 on: March 31, 2016, 11:10:59 AM »
Thanks for starting serious discussions especially regarding privacy :)

So. Are you for or against spying?
I'm against mass surveillance and spying on people without a warrant that has gone through a thorough legal process for each person that will be spied on, so of course I'm against vague warrants that may allow spying on an unlimited number of people.

-Governments advocated for increased online spying after the Paris attacks even though the terrorists used unencrypted communication
I agree that it is actually about mass surveillance and not really because terrorists use encrypted communication, it doesn't matter if they do or not.

-This may be controversial to some, and I must stress this is just my view, but to me it feels like terrorism is being blown out of proportion by governments. They seem to be using it as an excuse for pretty much anything controversial related to privacy. Having said this, terrorism does still kill people. However, this should not be an excuse to have our privacy rights stripped away from us.
I agree.

-The whole case from Apple vs FBI seemed sketchy. If you searched enough, you would've found sources demonstrating the FBI could get into the iPhone even without Apple's help. Then why did the FBI claim it needed Apple's help? To get backdoor access to ALL the iPhones in the world? It does make you wonder...
As a privacy advocate and an Apple user, I closely followed news regarding this case.
I think FBI was meaning to set a precedent so in the future they could easily force any company to comply with their unlawful requests.
And they chose this phone so public opinion would support them on cracking a phone used by "terrorists", even though Farook has destroyed their personal phones and this one was from the workplace.

Here is some background:
- The iPhone in question was an iPhone 5C (using Apple A6) from Farook's workplace, running iOS 9.

- Apple has extracted contents of iPhones in the past, but it was prior to iOS 8's encryption, starting from that version, Apple claims it can't extract data without knowing the encryption key (which is unique to the device based on the passcode a user chooses).

- Other than software security features, more recent iPhones include the Secure Enclave coprocessor:
Quote
The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series
processor. It utilizes its own secure boot and personalized software update separate
from the application processor. It provides all cryptographic operations for Data
Protection key management and maintains the integrity of Data Protection even
if the kernel has been compromised.
https://www.apple.com/business/docs/iOS_Security_Guide.pdf

But iPhone 5C uses the older A6 which does not have the secure enclave.

- That iPhone 5C had iCloud backups enabled, and there were unencrypted backups on iCloud up to a few weeks before the attack.
Apple did deliver the backup data to FBI, but data from the last few weeks was missing because that iPhone was not backed up to iCloud during that period (an indication that it was not even used).
All FBI needed to make new backups happen was to bring the iPhone to a previously known Wi-Fi hotspot, Farook's workplace for example, and let the phone backup, even when locked.
Why it didn't happen? FBI asked Farook's workplace to reset the Apple ID password a few hours after the phone was in FBI's custody!
The iPhone was locked with a passcode, so FBI couldn't enter the new password in iCloud settings of the phone, therefore new backups were no longer possible even with known Wi-Fi networks.
(Some people theorize that FBI has asked Farook's workplace to reset the password in order to prevent new iCloud backups from happening and therefore ask Apple to unlock the device or make a backdoor instead).

- Apple said they can't decrypt the data on the iPhone without knowing the key (which requires knowing the passcode) because the phone is running iOS 9.

- FBI asked Apple to do something else instead, create a new version of iOS that allows them to use brute-force attack to find the correct passcode.
(Farook's work phone was set to wipe data after 10 incorrect passcodes).

- Apple said:
a) Apple needs to assign programmers to create such an insecure OS, and they don't already have such an OS.
b) FBI is trying to set a precedent, if they comply this time, hundreds of other iPhones will be brought to Apple to update their OS to this insecure version.
c) Once this insecure iOS is made and signed by Apple, it is very likely that hackers and other governments will try to steal and use it on iPhones on their hands, it would be the digital equivalent of a master key with the difference that it can't be destroyed.

- FBI didn't expect Apple to fight over this, and after weeks of war on public opinion they probably feared that they may lose this battle, so they decided to withdraw and ask third parties to unlock the iPhone.

Now, how can a third party do it?
Some people think of exploits like those used for jailbreaks, some speak about NAND duplication and trying brute-force on the clones.
I (and many others) think that FBI was already aware of such options and was trying to set a precedent.

Jade

  • Tier 3
  • *
  • Posts: 63
  • Gender: Female
  • Current Mood: alright alright
Re: [Online] Privacy vs Government spying
« Reply #2 on: March 31, 2016, 11:52:12 AM »
OMG This is exactly the main argument in Korea these days.
Korea government proposed anti-terrorist legislation which allows NIS to spy on whoever if judged to be doubtful.
If the legislation is adopted, my calling history as well as my message history and even Internet activities could be censor target.

To be honest, i don't think i can agree that willingly....

atommo

  • Tier 7
  • *
  • Posts: 719
  • Gender: Male
  • Awesomeness :D
  • Current Mood: cool cool
Re: [Online] Privacy vs Government spying
« Reply #3 on: April 14, 2016, 04:00:19 PM »
Just came across a relevant video:

Safe and Sorry – Terrorism & Mass Surveillance
The sentence below is false
The sentence above is true