Later On

A blog written for those whose interests more or less match mine.

Archive for February 25th, 2016

Very interesting report on GOP campaign tactics

leave a comment »

Written by LeisureGuy

25 February 2016 at 7:01 pm

Posted in Election, GOP

Running the government like a business rather than a publicly supported organization working to help the public

leave a comment »

The concluding paragraph of Hentry Petrowski’s column in the NY Times:

So why has the federal government reversed itself on Clearview? According to background information in the Federal Register announcement, Clearview does work well for white lettering on a dark background, but not so well for dark lettering on a light background. Also, the highway administration found that the “retroreflective” material used on highway signs created more of a problem than did typeface choice when it came to nighttime readability. Thus, the agency found no benefit that could not be achieved “within the established practice,” that is, by means of a modification of Highway Gothic.

Maybe. I for one find Clearview a huge improvement over Highway Gothic in terms of legibility, and I feel much safer driving in places where it’s on roadside signs.

Still, I can’t help wondering if something else is afoot. To use Clearview, state departments of transportation had to pay a licensing fee. Highway Gothic, by contrast, is in the public domain, and therefore free to use. In these times of tight budgets, money can surely make the difference, especially when it comes down to subjective judgments about clarity, legibility and reading between the lines.

Written by LeisureGuy

25 February 2016 at 6:26 pm

I wonder if this sort of thing will accompany the election season: At Least Four People Killed in Shooting at Kansas Factory

leave a comment »

I wonder when the American people decide that the death toll is too high and that we have to take major steps—cf. Australia. At any rate, here’s another. And how can we be so accepting of this continuing slaughter and yet so fearful of terrorist attacks, which in fact kill relatively few Americans? I’m not saying we’re wrong to fear terrorists, but rather wondering at how easily we seem to accept domestic slaughter.

Written by LeisureGuy

25 February 2016 at 6:17 pm

Posted in Daily life, Guns

The FBI Should Ask the NSA to Hack Shooter’s iPhone: That Sort of Thing is Exactly What We (Over)Pay NSA For

leave a comment »

Joshua Kopstein has the article in Motherboard.

You notice something about our government? Government officials rarely are held accountable, even when the offense is grievous: the CIA torturers, for example, as well as those who ordered the torture. Another example of no accountability for grievous harm: Taking the nation into war, resulting in hundreds of thousands of deaths, on a lie. Ignoring the quite clear warnings that Osama bin Laden was going to strike in the US within weeks, not months.

So when you have a government whose officials can do almost anything with impunity, what’s that called?

Written by LeisureGuy

25 February 2016 at 6:04 pm

The Apple-FBI fight is not about security vs. privacy

leave a comment »

Brian Barrett has a very interesting article in Wired:

Throughout the ongoing fight between Apple and the FBI over custom access to an iPhone used by one of the two terrorists who killed 14 people in San Bernardino, the government has framed the argument as a simple trade-off: You must surrender a little privacy if you want more security. The scales don’t balance quite so neatly, though; there’s nothing secure about giving the FBI their way. Still, it’s been an effective way for the government to win over the public, on its way to trying to win over the courts.

FBI director James Comey most recently pushed the dichotomy in an op-ed for Lawfare. “We have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety,” he writes. “That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living.”

It also should not be framed as an absolute. Doing so presents the issue to the American public in a way that makes the FBI’s request palatable while obfuscating the potentially dangerous precedent it would represent.

The case against the FBI’s insistence that it is not asking for all that much has been made repeatedly, both here and elsewhere. In fact, a team of researchers offered a version of it last year when they published the prescient paper “Keys Under Doormats.” [.pdf]

“As computer scientists with extensive security and systems experience, we believe that law enforcement has failed to account for the risks inherent in exceptional access systems,” the group wrote in July. The risks of that type of backdoor include adding complexity to an already intricate system that’s difficult keep secure, and the impossibility of creating access that would be used solely by the FBI. Any backdoor accessible to law enforcement can and also would be used by a hacker for any number of nefarious reasons.

“It would be great if we could make a backdoor that only the FBI could walk through,” says Nate Cardozo, an attorney with the Electronic Frontier Foundation. “But that doesn’t exist. And literally every single mathematician, cryptographer, and computer scientist who’s looked at it has agreed.” . . .

Continue reading. It’s an important and clarifying article.

Written by LeisureGuy

25 February 2016 at 2:13 pm

Journalist Gets Hacked While Writing Apple-FBI Story

leave a comment »

In a clear case of whose ox is gored, a journalist who didn’t think the hacking/encryption stuff was all that big a deal has a sudden and profound change of heart after being hacked. From Michael Grothaus’s story in Fast Company (and read the whole thing):

. . . The fact that Petrow was hacked mid-flight isn’t so shocking. It’s easy to get hacked on a public Wi-Fi network like Gogo. What was most shocking to Petrow was how this in-flight hacking clarified his stance on the Apple-FBI battle.

“My mind raced: What about my health records? My legal documents? My Facebook messages? That’s why this story is so important to everyone. It’s about everyone’s privacy,” he writes. “I may have been wearing my jacket, but I felt as exposed as if I’d been stark naked.”

Now just imagine what would happen if a backdoor into an iPhone was as easy to get through as the backdoor on a public Wi-Fi network.

“For me, I felt as though the stranger on the plane had robbed me of my privacy—as was explicitly his intent. He took the decision of what to share out of my hands.”

“I realize now it’s not that I have things that I need to hide but it is things that I expect to be kept private,” Petrow said in a video speaking about the experience, “and it was disturbing and I have to say I’ve learned quite a bit.” . . .

Written by LeisureGuy

25 February 2016 at 2:04 pm

The next step in iPhone impregnability

leave a comment »

I blogged earlier a story that showed that James Comey, the FBI director, simply cannot be trusted:

FBI Director James Comey reversed himself on Thursday when he acknowledged that the outcome of a California court order compelling Apple to write new code to unlock a terrorist’s phone could “be instructive for other courts” when interpreting how far third parties have to go in helping the government hack their products.

Just as recently as Sunday, Comey wrote that “the San Bernardino litigation isn’t about trying to set a precedent or send any kind of message. It is about the victims and justice.”

That is not a person one can trust. UPDATE: And here’s another reason to distrust him.

In the meantime, work is proceeding to make the iPhone secure. Two stories discuss this. John Gruber has a post at Daring Fireball:

Matt Apuzzo and Katie Benner, reporting for the NYT:

Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.

If Apple succeeds in upgrading its security — and experts say it almost surely will — the company would create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, Calif., rampage. The F.B.I. would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple. […]

Apple built its recent operating systems to protect customer information. As its chief executive, Timothy D. Cook, wrote in a recent letter to customers, “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a password. Apple designed that feature to make it easier to repair malfunctioning phones.

The way the iPhone works today, when put into recovery mode you can restore the operating system without entering the device passcode. The only restriction is that the version of iOS to be installed must be properly signed by Apple.

I just tried it here with my old iPhone 6, which had been turned off for weeks. I powered it up, but did not unlock it. I put it in recovery mode, and then updated it to iOS 9.3 beta 4. Then it restarted. Now it’s running iOS 9.3 beta 4, and I still have not unlocked it. All my data is still on the phone — but it’s running a new version of iOS, without my having unlocked it.

What the FBI wants Apple to do is . . .

Continue reading.

Joshua Koptstein reports at Motherboard on what it means if Apple makes an iPhone it can’t hack:

ven if the US government forces Apple to help break into the iPhone of San Bernardino shooter Syed Farook, the company reportedly has plans to design its new devices to prevent it from being technically capable of assisting the feds in future cases.

Unfortunately for Apple and its privacy-conscious customers, this change would only go so far in protecting companies from being forced to write software for the government if the company loses its case in court.

According to a report Wednesday night from the New York Times, the company’s public spat with the FBI over encryption has accelerated efforts to improve its security even more. If you’re just tuning in, Apple is currently resisting a court order that would force it to write new software that bypasses security features in iOS—specifically, mechanisms that wipe the device after 10 unsuccessful passcode entry attempts and introduce delays between each attempt. With those features removed, the FBI would be able to “brute force” the device by trying every possible passcode combination.

The court order in the San Bernardino case hinges on the government installing a special version of iOS through the iPhone’s Device Firmware Upgrade (DFU) mode, a recovery mode that can be reached by pressing multiple buttons while turning the phone on.

The Times report suggests that Apple is now working on a feature that would require a passcode before installing any updates in that mode. That means that a government, cybercriminal, or other entity would be unable to install any software that could disable the device’s protections, even if that software was written and signed by Apple itself. For the FBI and its long-standing campaign against strong encryption, it would mean going back to the drawing board.

There are actually several ways Apple could add the extra passcode protection with the firmware in its current devices, according to Jonathan Zdziarski, an iOS forensics expert. But the most comprehensive approach would be to build new hardware that changes how the system boots. . .

Continue reading.

UPDATE: Also in Motherboard, Lorenzo Franceschi-Bicchierai reports “Apple Reveals The Manpower And Time It Would Take To Comply With FBI’s Order.”

Written by LeisureGuy

25 February 2016 at 1:49 pm

%d bloggers like this: