|
|
Post by NamelessStain on Feb 8, 2016 13:41:12 GMT
In my personal opinion, there is no "need" for social media unless it is for a business. There are so many vulnerabilities in their software it is not even funny. For example, if you have all your settings locked down for friends only, but a friend of yours has their settings wide open, then someone can get your info through their account. Just stupid.
|
|
|
|
Post by NamelessStain on Mar 7, 2016 13:00:43 GMT
|
|
|
|
Post by scbrian on Mar 7, 2016 21:59:21 GMT
As much as I cant stand apple **Cough**Cough**Fanboys** I hope they stand firm on this and lead the tech companies in this coming battle. Nameless - your the best around here with cyber - what's to stop the .gov folks from forcing the phone providers (Verizion, tmobile, etc) to weaken their OS security with a focus on corrupting any encryption added on the phone? Ie - I know idealy you want to generate your PGP keys on a secure linux system because of known exploits in windowz?
|
|
|
|
Post by dannusmaximus on Mar 8, 2016 2:26:51 GMT
Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. * * * * * * * * * * * * * * * * * * * * * * * A prosecutor is in possession of a cell phone that was seized from an individual who was making suitcase bombs. The cell phone sits on the prosecutor’s desk and encryption on the phone prevents it being searched. Slippery slope arguments aside, I see no protection under the law in the IV Amendment that would prevent the searching of his phone. Compelling the phone maker, under the supervision of the court, to make the contents of the phone available for dissemination to the proper parties, seems to me to be “reasonable” if conducted on a case-by-case basis. |
|
|
|
Post by scbrian on Mar 8, 2016 12:34:12 GMT
The problem is the 'slippery slope' especially with regards to our gov't that has been so forthcoming and follows the constitution.
The you toss in China, the middle east, etc. Countries with a notoriously evil outlook on human rights and privacy and what's to stop them from demanding the same. Pretty soon, the programming is out there in the wild, waiting to open ANY Iphone.I'd be interested to see if the gov't has ever 'compelled' any safe manufacturer to crack their own safe for them...
|
|
|
|
Post by NamelessStain on Mar 8, 2016 15:21:01 GMT
As much as I cant stand apple **Cough**Cough**Fanboys** I hope they stand firm on this and lead the tech companies in this coming battle. Nameless - your the best around here with cyber - what's to stop the .gov folks from forcing the phone providers (Verizion, tmobile, etc) to weaken their OS security with a focus on corrupting any encryption added on the phone? Ie - I know idealy you want to generate your PGP keys on a secure linux system because of known exploits in windowz? Right now the only thing stopping them is Apple and their lawyers (and those who support them). I read somewhere that a NY prosecutor has hundreds of phone he wants unlocked and is waiting for this to resolve itself. If Apple loses, there is now president and he'll submit his phones to be unlocked since they were in possession of criminal during a crime. So when would it end? Little Billy Jaywalked, unlock his phone? I have never used PGP, so I have done little reading on it. As others have said, the real problem may not necessarily be our gov, but some of the dictators and repressive regimes around the world. Again, once one gets it, they all want it. Once a back door is created, it is open for all. So encryption becomes useless to all. Once the tool is developed to access the phone, it would be put on some network server and when that server is hacked (and we all know it would eventually happen) then the world has it, not just governments. Now France had made a law which would require them to unlock the data for terrorist phone. www.bloomberg.com/news/articles/2016-03-08/france-votes-on-bill-that-could-make-apple-unlock-terrorist-dataApple's response? They are upgrading the encryption so even THEY cannot unlock it. So you can't make them do it if it is not technically possible. What people don't realize is that encrypted correspondence still have some information in the metadata which identifies some of the key pieces of info such as sender and receiver of the message. You KNOW that gov agencies note this information and put both people on a watch list. Even more stupid is terrorist are using their own special version of encryption which immediately puts them on a watch list and marked for investigation. It is like sending up a flare in the middle of the ocean on the darkest night. Encryption and data protection is a one way street, either we all have it, or we don't. Yes, I do not like not unlocking a terrorist's phone, but it will also keep my phone safe from terrorists/hackers/foreign gov/etc. Shit, I've thought about going low tech and get a Motorola Razr again, lol. |
|
|
|
Post by NamelessStain on Mar 9, 2016 11:39:04 GMT
|
|
|
|
Post by NamelessStain on Mar 9, 2016 12:16:29 GMT
|
|
|
|
Post by scbrian on Mar 10, 2016 0:39:33 GMT
Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. * * * * * * * * * * * * * * * * * * * * * * * A prosecutor is in possession of a cell phone that was seized from an individual who was making suitcase bombs. The cell phone sits on the prosecutor’s desk and encryption on the phone prevents it being searched. Slippery slope arguments aside, I see no protection under the law in the IV Amendment that would prevent the searching of his phone. Compelling the phone maker, under the supervision of the court, to make the contents of the phone available for dissemination to the proper parties, seems to me to be “reasonable” if conducted on a case-by-case basis. From NS link above: www.bloombergview.com/articles/2016-03-08/the-crime-you-have-not-yet-committed"Now they’re going another step: using vast data sets to identify individuals who are criminally inclined. " "Press accounts say the system amasses data not only on past crimes but on web searches, property records and social networking posts." So, if we are allowing computers to make these determinations, what do we do with the 4th or the 14th amendment? And this is the government you trust to hold the key to encryption, or even the authority to demand it? Because they have such a great track record? |
|
|
|
Post by dannusmaximus on Mar 10, 2016 2:39:33 GMT
"And this is the government you trust to hold the key to encryption, or even the authority to demand it? "
Well, 'trust' is a stretch, but otherwise, yeah. Note that I said cell-phone code cracks should only be done on a case-by-case basis, and only if a warrant has been issued for a specific item. I'm not an advocate of giving the gubmint a master key to every house in the U.S., but I am certainly okay for them to enter and search a house that has had a valid search warrant issued. Apple knows the password to every iPhone out there, just like your ISP knows what computer you are working from, what user name is connected to what real person, etc. If a valid warrant is issued for an iPhone, Apple should have to comply with the law and open up the item named in the specific warrant. Maybe that thinking makes me old-fashioned?
As far as the data gathering, guess what? It's done right now, and has been since mankind started policing each other. Any decent beat cop 'gathers data' on folks in their area, listens to what other folks on the street are saying, asks around, checks out leads, etc. Why wouldn't they do stuff like use computer searches to investigate gang links, figure out where known accomplices are living, yadda yadda? Computers aren't determining shit, they are helping law enforcement predict criminal behavior. Every department of any size uses data mapping to determine areas that need extra patrols, or to identify areas of high gang activity, or predict what days of the week and times of day crimes tend to happen, and they deploy resources accordingly.
Honestly, Brian, what powers do YOU think the police should have to investigate and try to prevent crimes? Just ask pretty please, and if the bad guy says to get fucked, say 'Well, we tried!' Should they have ANY search powers? How is an iPhone different than any locked cabinet?
Electronic privacy is a laughable, laughable, laughable myth, and don't think for a single second the techno-oligarchs who run our nation's tech companies give a twiddling damn about your privacy. They use promises of privacy to gain market share, knowing full well that it's an illusion, and only because they are afraid that people who have been suckered into believing in the illusion of privacy will change platforms to a company that offers a BETTER illusion of privacy. That would cost them a percent of their golden parachute, and we can't have that!
Does anybody on this board seriously think, for one single second, that anything they do online or over their smartphone is untouchably private? Seriously? Like, seriously seriously?
TLDR: Newsflash: police agencies are using computers to analyze data. Who here wouldn't instantly change doctors if they were told they were sick, but the doctor wasn't going to use any computer generated data to help cure them, or if their mechanic refused to use computer analytics to diagnose a funny engine noise? But we don't want police agencies using computers? Is there something I'm missing here?
|
|
|
|
Post by LowKey on Mar 10, 2016 5:05:31 GMT
.. what powers do YOU think the police should have to investigate and try to prevent crimes? Precognition.
You know, maybe of we could get everyone to wear smart watches linked to a big computer that monitors the activities of the wearer for any signs of criminal behavior,flags such cases to have a search warrant issued by a pet judge for LE to review the data, and if the reviewing LEO determines that criminal charges are warranted he/she (however it chooses to "self identify") can trigger a sedative injector in the suspects smart watch, along with a strobe light and siren to alert other monitored citizens to stay away from the crime scene.
Then the suspect can be picked up by the police without any risk of physical confrontation.
Why should anyone object to something like this? They can already track all of the data in your smart phones and remotely turn on your web cameras and microphones. We should just formally recognize this and grant this horrible invasion of our privacy progressive common sense public safety tool legality and statutory recognition. We can even create a club of cronies to rubber stamp all of our actions an oversight committee to prevent abuses of this power.
See nothing to worry about.
Next up, we can explain to a person being raped that they should just relax and try to enjoy it because it's inevitable.
|
|
|
|
Post by scbrian on Mar 10, 2016 12:45:28 GMT
"And this is the government you trust to hold the key to encryption, or even the authority to demand it? " Well, 'trust' is a stretch, but otherwise, yeah. Note that I said cell-phone code cracks should only be done on a case-by-case basis, and only if a warrant has been issued for a specific item. I'm not an advocate of giving the gubmint a master key to every house in the U.S., but I am certainly okay for them to enter and search a house that has had a valid search warrant issued. Apple knows the password to every iPhone out there, just like your ISP knows what computer you are working from, what user name is connected to what real person, etc. If a valid warrant is issued for an iPhone, Apple should have to comply with the law and open up the item named in the specific warrant. Maybe that thinking makes me old-fashioned? No, I dont agree. If the Gov't want to sit for the next 5 years and crack the phone, have at it. Forcing a company to develop software to make the .gov job easier, and the end product weaker - no. I cant recall any instance of a safe company being compelled to install a master combination, or crack their own safe. The idea is the same, the technology has advanced is all. As far as the data gathering, guess what? It's done right now, and has been since mankind started policing each other. Any decent beat cop 'gathers data' on folks in their area, listens to what other folks on the street are saying, asks around, checks out leads, etc. Why wouldn't they do stuff like use computer searches to investigate gang links, figure out where known accomplices are living, yadda yadda? Computers aren't determining shit, they are helping law enforcement predict criminal behavior. Every department of any size uses data mapping to determine areas that need extra patrols, or to identify areas of high gang activity, or predict what days of the week and times of day crimes tend to happen, and they deploy resources accordingly.
And I have no problem with human-int out there on the streets asking around about who is buying what from whom. But a blanket collection of data the .gov't can go into and look around whenever they feel like it - no. Honestly, Brian, what powers do YOU think the police should have to investigate and try to prevent crimes? Just ask pretty please, and if the bad guy says to get fucked, say 'Well, we tried!' Should they have ANY search powers? How is an iPhone different than any locked cabinet?
Why do you keep making this about the police? Search powers? Sure, right after a court order. If I remember for a locked cabinet, you need a search warrant and a crowbar or a key to the lock. At no point is someone forcing the cabinet manufacture to come down and open it up. It's left to the cops to open.
Electronic privacy is a laughable, laughable, laughable myth, and don't think for a single second the techno-oligarchs who run our nation's tech companies give a twiddling damn about your privacy. They use promises of privacy to gain market share, knowing full well that it's an illusion, and only because they are afraid that people who have been suckered into believing in the illusion of privacy will change platforms to a company that offers a BETTER illusion of privacy. That would cost them a percent of their golden parachute, and we can't have that!
I agree, but weakening the privacy that is there, shouldn't even be on the table. And as long as the CEO's and the company's interests align with mine, I'll ride the train until a better one comes along.
Does anybody on this board seriously think, for one single second, that anything they do online or over their smartphone is untouchably private? Seriously? Like, seriously seriously?
Untouchable private? No. But I can make it damn hard for them. TLDR: Newsflash: police agencies are using computers to analyze data. Who here wouldn't instantly change doctors if they were told they were sick, but the doctor wasn't going to use any computer generated data to help cure them, or if their mechanic refused to use computer analytics to diagnose a funny engine noise? But we don't want police agencies using computers? Is there something I'm missing here?
As a mechanic that uses a computer to diagnose problems, I have a problem with it. If I dont use the computer right, or the computer is wrong and spits out a diagnostic for a $1500 engine job instead of a $1.50 tail light, there are issues. With the link from above, they are using a computer to predict who MIGHT commit a crime again and incarcerate them or deny parole. You see popup adds or imbeded ads when your on the web all the time. Most of these are 'targated' to you specifically. How correct are they? 50%? 25%? Remember, this is a smart computer deciding you may be interested in buying tampons instead of bullets... The Software in use? This is the equivalent of someone arresting someone only for how they look... Yes, I have a problem with it. I also have a problem with Apple developing a master key. Perhaps if the .gov was more trusting and hadn't had such a horrible track record of infringing on privacy rights I'd be more inclined to trust them. |
|
|
|
Post by NamelessStain on Mar 10, 2016 12:55:07 GMT
"And this is the government you trust to hold the key to encryption, or even the authority to demand it? " Well, 'trust' is a stretch, but otherwise, yeah. Note that I said cell-phone code cracks should only be done on a case-by-case basis, and only if a warrant has been issued for a specific item. I'm not an advocate of giving the gubmint a master key to every house in the U.S., but I am certainly okay for them to enter and search a house that has had a valid search warrant issued. Apple knows the password to every iPhone out there, just like your ISP knows what computer you are working from, what user name is connected to what real person, etc. If a valid warrant is issued for an iPhone, Apple should have to comply with the law and open up the item named in the specific warrant. Maybe that thinking makes me old-fashioned? As far as the data gathering, guess what? It's done right now, and has been since mankind started policing each other. Any decent beat cop 'gathers data' on folks in their area, listens to what other folks on the street are saying, asks around, checks out leads, etc. Why wouldn't they do stuff like use computer searches to investigate gang links, figure out where known accomplices are living, yadda yadda? Computers aren't determining shit, they are helping law enforcement predict criminal behavior. Every department of any size uses data mapping to determine areas that need extra patrols, or to identify areas of high gang activity, or predict what days of the week and times of day crimes tend to happen, and they deploy resources accordingly. Honestly, Brian, what powers do YOU think the police should have to investigate and try to prevent crimes? Just ask pretty please, and if the bad guy says to get fucked, say 'Well, we tried!' Should they have ANY search powers? How is an iPhone different than any locked cabinet? Electronic privacy is a laughable, laughable, laughable myth, and don't think for a single second the techno-oligarchs who run our nation's tech companies give a twiddling damn about your privacy. They use promises of privacy to gain market share, knowing full well that it's an illusion, and only because they are afraid that people who have been suckered into believing in the illusion of privacy will change platforms to a company that offers a BETTER illusion of privacy. That would cost them a percent of their golden parachute, and we can't have that! Does anybody on this board seriously think, for one single second, that anything they do online or over their smartphone is untouchably private? Seriously? Like, seriously seriously? TLDR: Newsflash: police agencies are using computers to analyze data. Who here wouldn't instantly change doctors if they were told they were sick, but the doctor wasn't going to use any computer generated data to help cure them, or if their mechanic refused to use computer analytics to diagnose a funny engine noise? But we don't want police agencies using computers? Is there something I'm missing here? OK, I think I can help clear up some misconceptions. If security is done properly, no one "stores a password". What is stored is a hashed password. Now here's the difference between hashing and encryption. Hash is one way and you cannot reverse it to get the original password. So if you password was 'dog' and you run it through the hashing algorithm (which there are ones that go up to 512 bit) your stored value may be 'Adf7aFF139!^Afds%@' or something like that. So when you log onto a system, they take your password of 'dog' run it again through the hashing function and then check the database for a userid and hashed password value. Now, if they REALLY do it right, they don't query the DB for your userid and return the hashed password and compare it to the value. They should do a query to count the number of entries with the userid and hashed password and should get a returned value of 1 if it successful. If an attacker can get the DB table with the passwords, they can use what is called a rainbow table with common passwords already hashed to try and find a match. Encryption allows for two way communications of data. So, when data is encrypted you can decrypt it back to its original values using some key specified when the data is originally encrypted. Encryption can also use what is known as a 'salt' to prevent brute force attacks. A 'salt' is a bit of info injected by the system into your encryption key to prevent stupid people from using common words. So if some idiot decided to use 'password' as his encryption phrase, a system may have an injection set of '!@#$' so in reality the encryption phrase may me 'pa!ss@wo#rd$'. Now each system specifies its own salt value which makes it even more difficult to decrypt. Medical service providers are required to be HIPAA ( www.hhs.gov/hipaa/ ) compliant (btw, dannus, this includes your fire department medical staff). If not, they are open to law suits. To your points made in TL;DR, a doctor has physical access to me and my consent, the mechanic has physical access to my vehicle and my consent, with what they are trying to create with electronic devices they do NOT necessarily need to have physical access NOR my consent. Sure a search warrant may allow physical access to my residence or vehicle without my consent, but there is nothing stopping me from rigging up something to destroy evidence if any entrance not authorized by me occurs (just think how Mel Gibson rigged up his place in the movie Conspiracy Theory). As to your question of "Does anybody on this board seriously think, for one single second, that anything they do online or over their smartphone is untouchably private? Seriously? Like, seriously seriously?". No. But I bet I could get damn close and almost disappear, but I have also actively avoided certain aspects of the Internet. I do not have any social media accounts, no additional apps on my phone, I sure as all hell do not BANK on my phone, and last time I checked I wasn't on the first 20 pages of a google search on my name. I could probably disappear quite quickly if I needed or wanted to do it. |
|
|
|
Post by NamelessStain on Mar 10, 2016 15:03:06 GMT
|
|
|
|
Post by LowKey on Mar 10, 2016 18:45:21 GMT
Nameless makes very good points (it is his area of expertise, after all).
This isn't opposition of the idea that .gov should be able to try and decrypt a phone with a warrant in hand. It's that the phone company should be made to give them an all access key to any phone made.
Let's try a meat-space analogy,
Should lock manufacturers be required to give .gov a master key that will work on every lock they make, to be carried by every LEO wit the promise that it will only be used if a warrant is issued?
|
|
