21 September 2014
Apple and Spy Disbelief
John Gilmore on Apple disbelief:
Google and Apple Subverting Device Encryption?:
Date: Sun, 21 Sep 2014 05:46:57 +0000
From: Jacob Appelbaum <jacob[at]appelbaum.net>
To: John Denker <jsd[at]av8n.com>
Subject: Re: [Cryptography] new wiretap resistance in iOS 8?
On 9/20/14, John Denker <jsd[at]av8n.com> wrote:
> On 09/19/2014 09:16 PM, John Gilmore wrote:
>> There must be some other reason, I'm just having trouble thinking
> 1) As the proverb says, don't let the perfect be the
> enemy of the good.
> There will never be perfect security. The measure
> of good security is that it imposes a cost on the
> attacker, out of proportion to the cost borne by
> the user.
I like that proverb but it assumes a baseline standard of good. I think John
(Gilmore) is correct to not fall for the marketing hype. It is false to say
that the measure here is imposing a cost on the attacker - how do you plan
to verify that? How do you know what cost it would impose?
I agree that good is better than none. I might even agree that that we'll
never reach perfect, so it is better to have good rather than obviously bad.
I don't however agree that this is good as that remains to be seen.
Please do consider that they are described as an NSA PRISM partner. Please
do consider that they do appear to have recently lost their warrant cannary.
> The new practice of /not/ escrowing the keys to iOS
> user data does not make the device attack-proof,
> but it does raise the cost of the attack.
How do you know that they don't escrow? We don't know more than what they
claim. Furthermore - do you need to escrow keys to mount an attack? I suspect
> Forsooth, if this initiative fails, it will not
> be because it didn't sufficiently raise the cost
> to the attackers, but rather because it imposed
> too much burden on the rightful users.
Or perhaps it wasn't anything from the start?
> 2) Another proverb goes even farther in the same
> general direction: A journey of 100 miles begins
> with a single step.
> Suppose there is a weakest-link situation, e.g.
> where locking the front door has no measurable
> benefit until you also lock the back door, side
> door, windows, et cetera. You still ought to lock
> the front door! Even if you can't do everything
> at once, take the first step and then proceed
> from there.
If the crypto is bad or if the keys are weak - how will you know that you've
> 3) It is a mistake to focus too directly on the
> threat from the NSA.
That is a bizarre statement.
The threat from the NSA is the same threat as from anyone with similar
capabilities. Consider that the NSA is tasked with compromising an iPhone
deployed in Qatar. Consider that they are the adversary that rather than
helping Apple, they have traditionally attacked Apple. And no, it doesn't
matter if you're a US citizens or a US company.
> Not escrowing the keys makes Apple somewhat less
> of a target for the FSB, Third Directorate, etc.
> etc. etc. etc. Not zero target, but less of a
Just to settle this - Apple has signing keys. They keep those. They use them
to issue updates. They might not be escrowing *your* keys or they might be
doing something different. The protocols aren't open or documented, we can't
implement free and open clients that we can verify. As Gilmore has rightfully
pointed out, they have the capacity to move and you suggest that they won't
move when pushed? Consider the case of Yahoo and the proposed fines?
> If you're worried about Apple Headquarters being
> compelled to subvert your phone, you should also
> be worried about a Clipper-like back door in the
> hardware, which is made in China. Ditto for HTC
> and other brands.
I'm worried about all of those things but Apple headquarters is of course
the PRISM partner - your other comments are speculation. It is well founded,
I agree with it and I don't dismiss it either. Still - here we have evidence
of PRISM and Apple's complicity or victimization. Just above you suggest
that the enemy of the perfect is the enemy of good enough - it may not be
perfect, HTC phones may also be weakened by someone - but if it isn't the
NSA, I'd be happy with that as a good solution. Especially since Apple products
aren't made by HTC. :-)
> Probably the biggest threat from the NSA is more
> /indirect/. I am referring to weakening crypto
> standards and products, again and again over the
> years, thereby creating conditions for a Hobbesian
> war of all against all. For example, IMHO it was
> both arrogant and stupid for the NSA to think they
> would be the only ones who could break 56-bit DES.
Probably the biggest threat from the NSA is that they'll feed your location
data to people who operate drone strikes. Using your nice iPhone, they'll
assist in murdering you.
And yes, they also backdoor crypto, actively exploit software and hardware
To that end - the Hobbesian world is already here. With Apple's help, no
less. Is it willing? How would we know? Is it coerced? How can we verify?
Absent all of that - you suggest that we... trust?
> Tangential remark: Interesting reference:
> Michael Schwartzbeck
> "The Evolution of US Government Restrictions on
> Using and Exporting Encryption Technologies"
> From "Studies in Intelligence" (the secret internal
> (date not obvious; circa 1998)
> Also: CIA FOIA homepage (with search feature)
> Hundreds of "Studies in Intelligence" articles
> were released last week.
I'd encourage a read of
for a healthy dose documents produced by the government for internal information
exchange. I love FOIA but I love Snowden's FOIA process a lot more.
> 4) It's bad practice to support a strong argument
> with a weak one, but since the topic has already
> been brought up, let me address it.
> For the /subset/ of the problem that concerns
> NSA versus Apple, laws matter ... somewhat. Yes,
> there is a long track record of violations, but
> in the spirit of item (1) above, forcing the NSA
> to resort to lawless and unconstitutional methods
> raises the cost to them.
They're spies. They are lawless. At best they claim these days that an executive
order is the same as a law enacted by Congress. They are literally claiming
that EO12333 allows them to do dragnet collection. I've had a senior NSA
person tell me that EO12333 allows NSA to collect on the Tor network in the
US and outside without exception. This has cost them nothing. Alexander,
Clapper and others are all free. They are not punished - they are part of
a culture of impunity.
The NSA and other "Intelligence Community" members have been doing this for
longer than I've been alive. They've been getting caught for ages and no
reform has changed anything except in public perception that it is happening
at all. It costs them nothing and has cost them nothing.
> In particular, if I have information about you,
> I can be subpoenaed to produce it. However, if
> I don't have the information, I cannot easily
> be compelled to break into your house to collect
> it. If somebody wants to break into your house
> badly enough they can do it, but we can take
> steps to raise the cost.
You can however be jailed for failing to produce information if say, a Grand
Jury, believes that you have it. You can be threatened with ever expanding
fines as Yahoo was by the FISA "court" process. Again, this argument you're
making misses the point by a country mile - the State will put a boot on
your neck and you will choke. With a person, it is hard to do that silently.
With technology, it costs them nothing and if you're not checking, you might
not even notice. And to Gilmore's point, how will you check?
> 5) We agree that illusory security is worse than
> none. Tom Mitchell pointed out yesterday that
> Apple does not want to be "directly" complicit
> in pillaging your data. However ... if pillage
> is still going on, a big pretense of security
> would be worse than nothing. It would reflect
> a "Not My Job" attitude:
> So I say let's take a step in the right direction
> today ... and then take whatever additional steps
> are necessary.
Open the protocols, free the implementations, discuss the legal situations,
deploy end to end crypto where a user is the only person with a key, use
ephemeral keys and then address each of the points that Gilmore made.
But whatever is done - let us not remove the pressure - we need more transparency
and above all, we need accountability. To shift from PRISM partner to thumbing
their nose at their partners suggests that they may turn again.
Wiretapped along with the rest of you,
The cryptography mailing list