Apple has no real leverage in China. It does is a supposedly free country that it is home that is supposed to obey the 4th Amendment. There are many things I don't like so much about Apple. But in this case they are taking an admirable ethical stance and I am deeply grateful that they are.

That's because they use public-key encryption. It basically requires two encryption keys (think really long passwords) to decode anything. One of the keys gets transmitted to the user or is maintained by Apple, but they are unique to each phone. That one Apple could ostensibly get a hold of. The other, however, is unique to the phone itself and of such a binary length that hacking it is impractical to say the least. If you are not the user of the device with the proper key, you can run cracking algorithms against copies of the device literally for decades on an array of supercomputers and still not get anywhere.

Self interest. China offers Apple business opportunities. Us govt just offers hassles

understand. . I heard 2 new things tonight, about
this. . one is that Apple told the feds not to try to
change the password, and they tried anyway. . the
second is that the feds have only asked Apple to
retrieve the information from the phone, and Apple
has said that they cannot. . the first was from a
major cybersecurity expert on Fox News, and the
second was from their former CIA guy Mike Baker.
there is definitely more to this than the lawyers
on TV are telling us. -- j
.

I think that's the place where the hidden messages
occurred. . interesting, but not likely true. -- j
.

If it has not been posted here yet, here is the court order to Apple dealing with the phone.

https://assets.documentcloud.org/docu...
To me it looks like there is a loophole where Apple can keep the phone and just turn over the data, or maybe not.

Exactly. Crucial. You're onto it. And you can imagine the frustration of statist narcs when they're trying to force someone's mind :)

So you went the 'superfile route'. I can see that would work. Clearly the partition structure itself must be encrypted since the goal of plausible deniability is to hide the very existence of data. The person doing the cracking must not be able to determine the size of the actual data.

Good point, William, and deserving of a prompt answer.

How this is addressed is by the Plausible Deniability Encryption (PDE) software pre-creating a large file of random gibberish, feeding for entropy from user mouse movements, keyboard, plus other system PRNG sources. The user declares their maximum requirement for data storage, and the system allocates an entropy file 3-10 times bigger (though the user can change this), and allocates the user's chosen partitions within it. The data used by the partitions is non-contiguous, and the partitions and chaff are all AES256 encrypted, with separate keys.

Then, when a partition is used, its directory structure is AES256 encrypted using a hash of the user's password. The use of separate symmetrical keys, plus the rolling cipher, offers protection against birthday attacks,

This means there is tremendous cost of discerning AES-encrypted white noise from AES-encrypted plaintext. This cost can be raised further by random download and utilisation of text in the user's native language as a source of 'chaff', similarly encrypted but with yet another key.

Once the one big monolithic file is created, it should never grow or shrink in size and, ideally, should not be hosted on magnetic media. SSDs are fine. This eliminates the risk of extracting deltas from residual magnetic charge on disk sectors.

its not a hack if Apple makes their own backdoor for their own use to provide needed information when the government lawfully requests it.

I think his statement, in this venue, aligns more with blaspheming or defamation that it does with proselytizing. I'm not 100% up on this guy but isn't he the one contending that Rand came to God on her deathbed or something similar?

Interesting. Aside from the practical issue of having to remember a lot of passwords there is the issue of hiding the existence of files from someone who can do a binary dump of the storage medium.

Presuming you use a standard operating system data structure to manage your disk files the existence of a file must be in the directory or at the very least it has to be ruled out of new allocations. I suppose you could go the 'superfile route' but there is still the ability to compare the data present and not present and detect that you are holding out.

Be it known, Ladies and Gentlemen, that there exists a class of encryption technology which by its essence will stop agencies like the FBI in its tracks, and will even disarm their legal powers.

It's called Plausible Deniability Encryption, and was invented by a small team of people led by software developer, WikiLeaks founder and political fugitive Julian Assange.

How Plausible Deniability Encryption works is by letting the user set as many different passwords as they like. Each password, if entered, reveals different areas of data. Unless a password is entered, there is no technical or mathematical proof that an area of data even exists. Government agents, when inspecting a Plausible Deniability data store, will just see random gibberish. They will have no idea whether there are zero, one, two or even 30 separate data areas. The only way to prove a data area actually exists is to first posses the password which unlocks it.

If a suspect is being detained and pressured to disclose "the decryption password", they can provide one or two passwords to unlock a couple of the data areas, but only ones of low to medium sensitivity. For instance, a political activist may choose to unlock a semi-sensitive area that will expose them to a month in prison, but the feds won't be able to prove that more sensitive data - the 20 years in supermax kind - even exists.

I'm not sure how many Plausible Deniability Encryption products there are out in the wild - fairly few if any at the moment I'm guessing.

I wrote a working proof-of-concept prototype for one, inspired by aspects of Assange's first version, but mothballed the project due to lack of funds. At the time, it got a good write-up in the tech blogs, so it was sad to let it go. What are your thoughts about the commercial viability of such a project, were I to resurrect it and fundraise for it?

I agree that that is what we must prevent. If Apple could hack the phone, enter a new password and then remove the OS change before handing the phone back to the gov, then the FBI would have access to the material in the phone but not to the master key.

Jan

Ha! Love it!

It's like that, except it's like the locksmith from then on having a master key to every door like yours, and there's millions of them, and the government can then demand that the locksmith hand over the key to any door it chooses, or the key can be stolen from the locksmith.

If he used the fingerprint scanner they'd be fine. They could even use the dead guy's finger, if it's available.

There are three factors the FBI wants Apple to circumvent:
The automatic delete
The limitation on entering the password only through the screen, not through a device
The automatic pause between password attempts.

Many people have asked this question. The consensus I see from security experts I trust is that yes, it's possible for Apple to do it.

I have been trying to keep track of this issue, and for me it now boils down to, "The owner of the phone has asked that it be unlocked." so the Feds asking Apple to help access the contents of the phone is akin to the cops coming to my home and calling a locksmith to open my front door when I have accidentally locked myself out:
'I' as the owner, have requested access to something that is 'mine' and, in this case, the gov is working with 'me' (aka County of San Bernadino) to accomplish that.

Insofar as China is concerned, the article offered suppositions but no proof. I think that it is going to do more damage to socialism in China for people to have iphones even if their gov has one more way of keeping track of their people. Do you know about the codes that the Chinese people are spontaneously developing to keep from being tagged by trigger word searches? https://www.youtube.com/watch?v=yrcaH...

Those river-mud-horses are not able to keep the lid on the Chinese people.

Jan

The password to the phone is 4 digits, unless he uses the fingerprint scanner, the password to an encrypted file can be up to 24 alphanumeric plus special characters. That's a lot more difficult. Decoding a mirror file would not self destruct after 10 tries.

the "service at the request of the govt" -- hacking their
own equipment and providing the information?
that is the service which I wish the FBI would
accept, in this case. -- j
.

there is a statement about proselytizing in the rules ....... -- j
.

IF apple has given its source code to china, then
the FBI should have it by now. . or else, they are
falling behind in the international spy race. -- j

p.s. whatever happened to the world in which
the FBI worked inside the u.s. and the CIA
worked outside?
.

maybe, but google also made major concessions to China to gain their market.