Security of data

I am worried, as I am sure many others are, by the moves towards a scenario where everyone's data is stored perpetually and open to snooping by the authorities without the need for a High court warrant. My worries about this encroachment into our privacy is exacerbated by my worry that the organisations who hold our data may not be capable of securing the data, and that less scrupulous individuals or organisations could obtain and use that data in many unacceptable ways.

However, I have to come down on the side of the US Authorities in this particular case. It may well be that Apple (as it claims) is unable to decrypt the data, or unable to decrypt without giving the authorities the ability to hack into anyone's phone. That would be a different scenario. However, I cannot support Apple's decision not to give access to a phone belonging to a proven terrorist. This particular (deceased) individual has, by his actions, lost any right to privacy as far as I am concerned. That data that the authorities would be able to access might well prevent future similar attacks. An 'open and shut' case in my opinion.

I do not support the stance Apple has adopted. The need to investigate criminal activities trumps personal privacy in every instance in my opinion.

ATB from George

Terrorist & criminals forgo their human rights .......... phone call records, internet activity,  e-mails, bank accounts are all open for investigation,  so what's so precious about a terrorists phone.   

George, my issue is that once you create back doors then you have no effective security - it has been a fact of life - so you either have security or you don't there just is no effective half way house. I am afraid security can't differentiate between the good guys and the bad guys. However there is more to this story than is being publicly shared I'm sure. The authorities will have the meta data - i.e. who communicated with whom and when - just not the content of the message.. Therefore this is the same as saying you have the right to remain silent but in doing so it may harm your position..but they the authorities will almost certainly know who the communication was between - if not the message. In the second world war meta data was often far more useful for intelligence that decoding the message itself, and so I understand has been the basis for much intelligence gathering today.

What little privacy there might be left nowadays will be gone for all if FBI succeed in this. 

Here's where Tim Cook explains "what is at stake." The big deal is that the FBI isn't just asking for help on one phone. What the FBI is specifically asking for is "a new version of the iPhone operating system, circumventing several important security features." The implication being that it could be used on any iPhone in future investigations. The FBI wants a universal "backdoor" to any iPhone.

Simon,  you're right & wrong ......  Go get arrested on suspicion of being a bad guy,  robbery, drugs, etc  & like I said in my post above ........ phone call records, internet activity,  e-mails, bank accounts are all open for investigation & that's exactly what happens.  The banks, ISP's & anyone else will give the police access,  I understand many of the sex deviants cases would not have been successfully carried through without such access.  So what is so special about a dead terrorists phone ??? 

For info, this is one aspect of the issue - http://appleinsider.com/articl...nt-hands-apple-says-

Also, Apple's operating cost would go up in handling data requests globally.

Jude

Mike-B posted:

Simon,  you're right & wrong ......  Go get arrested on suspicion of being a bad guy,  robbery, drugs, etc  & like I said in my post above ........ phone call records, internet activity,  e-mails, bank accounts are all open for investigation & that's exactly what happens.  The banks, ISP's & anyone else will give the police access,  I understand many of the sex deviants cases would not have been successfully carried through without such access.  So what is so special about a dead terrorists phone ??? 

Mike - nothing, but you miss my point. You either outlaw personal data security or you enable it. In IT security there is no half way house and no differentiation between the good and the bad guy - no matter how awkward that reality is. Private keys could be held in some sort of government escrow as they are for encrypted networks in some parts of the world - but it is then seen as a major security compromise, and many clients partition the security networks between truly secure and those where the private keys are hold in escrow by an authority. 

ISPs provide meta data access - and so do telcos unless a warrant is used for lawful intercept. However if the call is encrypted - which it absolutely can be - it can't be un encrypted by the telco.

IT security becomes fascinating - and there getting an 'appreciation' of what some of the activities that the home office are funding is fascinating... however I have no idea what is happening in the US.

Simon

Simon-in-Suffolk posted:

George, my issue is that once you create back doors then you have no effective security - it has been a fact of life - so you either have security or you don't there just is no effective half way house. I am afraid security can't differentiate between the good guys and the bad guys. However there is more to this story than is being publicly shared I'm sure. The authorities will have the meta data - i.e. who communicated with whom and when - just not the content of the message.. Therefore this is the same as saying you have the right to remain silent but in doing so it may harm your position..but they the authorities will almost certainly know who the communication was between - if not the message. In the second world war meta data was often far more useful for intelligence that decoding the message itself, and so I understand has been the basis for much intelligence gathering today.

 

Dear Simon,

There must be a way for the legally appointed authorities to investigate criminality, and if that means that all data held on iPhones become open to the authorities, I am happy to accept that. The innocent person has nothing to fear from this. 

The innocent of of no interest to the authorities and except in a Police State will not be subject to any invasion of privacy as the general rule.

In a World full of criminals and deviants it is a small price to pay compared to the damage these people continue to do.

I quite see that my point of view may not be universally shared, but it is held in heartfelt fashion all the same.

Best wishes from George

George Fredrik Fiske posted:

Simon-in-Suffolk posted:

George, my issue is that once you create back doors then you have no effective security - it has been a fact of life - so you either have security or you don't there just is no effective half way house. I am afraid security can't differentiate between the good guys and the bad guys. However there is more to this story than is being publicly shared I'm sure. The authorities will have the meta data - i.e. who communicated with whom and when - just not the content of the message.. Therefore this is the same as saying you have the right to remain silent but in doing so it may harm your position..but they the authorities will almost certainly know who the communication was between - if not the message. In the second world war meta data was often far more useful for intelligence that decoding the message itself, and so I understand has been the basis for much intelligence gathering today.

 

Dear Simon,

There must be a way for the legally appointed authorities to investigate criminality, and if that means that all data held on iPhones become open to the authorities, I am happy to accept that. The innocent person has nothing to fear from this. 

The innocent of of no interest to the authorities and except in a Police State will not be subject to any invasion of privacy as the general rule.

In a World full of criminals and deviants it is a small price to pay compared to the damage these people continue to do.

I quite see that my point of view may not be universally shared, but it is held in heartfelt fashion all the same.

Best wishes from George

At which point is someone proved innocent or guilty , I.e. Before release of the data or after?

That's a practical issue.

Also, what lessons have been learned from the UK a Press phone tapping scandal?

George, I share your feelings on this  - and seeing technology abused by criminals can be heart breaking - but it has always been thus. You know what they say, crime, pornography and war are some of the greatest drivers for technical innovation.

 But there can be other ways of gaining information, its just the successful methods  often don't make the headlines - funny that 

But I if I am honest i think it was good what Snowdon did, even though the outcome has caused awkward impacts - at least it has got the topic more in the open..

To be fair, the point you raise is why we have Courts Of Law. I would rather the evidence the FBI/MI6 might gather on me be tasted in a Court Of Law than being blown up on the London Underground system for example. 

It is one of those distasteful things that have arrisen with advanced technologies, and must be debated and addressed for certain.

ATB from George

George Fredrik Fiske posted:

To be fair, the point you raise is why we have Courts Of Law. I would rather the evidence the FBI/MI6 might gather on me be tasted in a Court Of Law than being blown up on the London Underground system for example. 

It is one of those distasteful things that have arrisen with advanced technologies, and must be debated and addressed for certain.

ATB from George

George, Mike, the issue is not about the legality of court orders etc - that is fine. The issue is the ability to undermine the security. As I say whether its by a court order or a criminal it makes no difference. If it can be done by one it can be done by the other.  The technology doesn't differentiate. And arguably such back doors will make it easier for the criminals.

However what it does do is breed many many security seminars and events pondering over these issues....

I agree a terrorist, by his actions, deserves to have all his activities and records searched.  A dead terrorist should forfeit any right to privacy.  The acts of Snowden were a different matter altogether, it was irresponsible and put the fight against terrorism back, endangering us all. Interesting insights from Jude2012 - thanks for providing the link.  It is good that Apple sticks to its principles but rather than provide an open route in to every iphone, perhaps they could handle the work in-house themselves so the authorities don''t have carte blanche access to everyone's phone.  Not ideal, but probably the best solution in this case.

Dear Simon,

What the Snowdon affair has done is uncover an issue that really does require a deep debate about how we as nations concerned with the security of the people, deal with what is certainly private and confidential material.

Even Apple as one of the most powerful organisations in the World, must collaborate with the organisations of Law, Order and National Security, however inconvenient for them. Complying with Law is something every person and every organisation, large or small must be obliged to do without exception.

Of course greater minds than mine will be searching for optimal solutions, but no organisation can be allowed to be exceptional, and defy the Law when the Law requires something essential for the combatting of criminality. However inconvenient for the profit and loss sheet.

As for the implications of this opening a back door, perhaps people should really consider how long it is going to be before criminals learn to decrypt the information in any case. I would never entrust confidential details to any electronic device, be it a phone computer, or cloud based system. If it is important, then paper must suffice.

Just my view, and I have no problem accepting that other may not share it.

Best wishes from George

Simon-in-Suffolk posted:

George Fredrik Fiske posted: George, Mike, the issue is not about the legality of court orders etc - that is fine. The issue is the ability to undermine the security.

Mike, the problem here is that when the box is opened there is no control anymore (and going back either for that matter). In a way authorities will be just joining to the bad guys…

I don't agree Osprey,  there are plenty of controls in place - I've seen it first hand,  & IMO its long overdue to be modernised - all it needs is a robust, structured & open system.   Problem is with terrorism its more than likely a matter of national security & the secrecy that involves;  but whatever its all possible & needs to be done - ASAP.

Mike, perhaps no control was too strongly said but if there is a backdoor it will be surely at some point be utilized by hackers for criminal activities (always have been so far). So one crime solved and a way to another one opened… difficult call.  

osprey posted:

Mike, the problem here is that when the box is opened there is no control anymore (and going back either for that matter). In a way authorities will be just joining to the bad guys…

Exactly - and this is a dilemma in the industry currently, the only effective counter is outlaw personal data encryption - but that could undermine much of the use of the internet for commerce and probably is unenforceable. There are many ways to effectively transparently encrypt data on top of other data.

Having seen realtime attacks in action exploiting vulnerabilities and known back doors, possibly being undertaken by a country - there is no differentiation between the bad guys, bad countries, and the good guys and good countries.

Internet and data security is a fascinating area, and one of the fascinating areas that is practically possible now and is in development is quantum encryption... that way one can see if somebody has looked or read the shared encryption key and if so you can assume the encrypted payload is compromised as it inevitably will be given time and enough resources, however it looks like governments are discussing what safety measures to install at the photon repeaters for interception...which to me will undermine the value of the quantum encryption.

Simon

Leaving aside the main argument, I can't help but think this episode reflects rather poorly on the technical proficiency of the supposedly all-powerful US security services.  If they can get past a four-digit PIN on an i-phone, what does that say about their capabilities to tackle terrorist and state-sponsored cyber-crime and espionage?

George Fredrik Fiske posted:

Dear Simon,

What the Snowdon affair has done is uncover an issue that really does require a deep debate about how we as nations concerned with the security of the people, deal with what is certainly private and confidential material.

Even Apple as one of the most powerful organisations in the World, must collaborate with the organisations of Law, Order and National Security, however inconvenient for them. Complying with Law is something every person and every organisation, large or small must be obliged to do without exception.

Of course greater minds than mine will be searching for optimal solutions, but no organisation can be allowed to be exceptional, and defy the Law when the Law requires something essential for the combatting of criminality. However inconvenient for the profit and loss sheet.

As for the implications of this opening a back door, perhaps people should really consider how long it is going to be before criminals learn to decrypt the information in any case. I would never entrust confidential details to any electronic device, be it a phone computer, or cloud based system. If it is important, then paper must suffice.

Just my view, and I have no problem accepting that other may not share it.

Best wishes from George

 

George, if criminals will be able to compromise Apple's security so inevitably, and if it is not safe enough for you to trust your data (and paper strikes me as the least secure way possible) why are the US security services with all of their resources unable to do so.  Perhaps the CIA needs to employ some of these criminals? 

George Fredrik Fiske posted:

I do not support the stance Apple has adopted. The need to investigate criminal activities trumps personal privacy in every instance in my opinion.

ATB from George

Can't agree. The benefits of hacking this phone are so trivial, and the risks so great that it simply doesn't make sense, even if the probability of the "hack" of this one phone compromising general information security is small. The problem with people's thinking is that they have been taught to believe that terrorism is a significant threat that is so severe that we must give up privacy and freedom to combat it. Terrorism is an absolutely trivial risk in the hierarchy of stuff we should worry about.

Winkyincanada posted:

"Terrorism is an absolutely trivial risk in the hierarchy of stuff we should worry about." 

Winky,

This may well be the case in Canada, but in mainland Europe (in particular) the threat is very real indeed. I agree with George and others that the fight against terrorism should over-ride our concerns about everyone's rights to privacy.