11.22.63 (103), Better Call Saul (202), Justified (107)
01:48 – 11.22.63 (103)
08:19 – Better Call Saul (202)
15:57 – Justified (107)
The Risk to Apple’s Code-Signing Key
One thing that gets glossed over in the Apple encryption discussion is whether Apple can or cannot make the requested software that it can be used only once. The problem is it’s not a simple yes or no answer.
Technologically, Apple can absolutely make software that will only work on the one phone. Steve Gibson has an excellent explanation of that on Security Now.
“If Apple complies with this case, there would be no risk of “leaking” anything “dangerous”, at least not any more than there is today of Apple’s private key leaking.“
But some experts believe that key is where the problem is.
Bruce Schneier writes “They would need to have stolen Apple’s code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.”
A fair point. But maybe he’s wrong. Maybe, and hopefully, Apple has not lost control of its key. The question then becomes could this case make it harder to protect the key
The EFF thinks so. “If the government begins routinely demanding new phone-specific cracking software, this could overwhelm the security of this process by requiring many more signatures. This is another valid reason why Apple is right to fight this order.”
Also the court processes for validating an ‘instrument’ like this puts the code through many more hands, meaning more risks for the key to get out. The risks are lined out by Jonathan Zdziarski
To create a forensically sound tool that would hold up in court, it must be peer reviewed and validated by third parties.
But even then the key can be protected. Lets assume, optimistically, that even with multiple agencies handling the software, the key remains uncompromised because best practices are always followed by everyone involved.
The risk gets greater as more people handle the code. And more people will handle the code if these kinds of request were to become routine.
The best summary of this issue came from Susan Landau in her testimony to Congress.
“The FBI statements that the update will be under Apple’s control and can be tied to work only on Farook’s phone are factually correct. But they miss the point of the risks involved.
She alludes to the risks that Zdziarski illuminates and also expands on the risk of this becoming a routine process if law enforcement regularly needs to break into encrypted phones.
“All it takes for things to go badly wrong is a bit of neglect in the process or the collaboration of a rogue employee. And if the FBI, CIA, and NSA can suffer from rogue employees, then certainly Apple can as well.”
So there you have it. Technically the FBI is right. Software can be made that will work only one time in this one case with no danger of causing harm to other phones.
The question is then how often you believe the process would happen and how well Apple can protect its key in that case.
Today in Tech History – March 2, 2016
In 1908 – Gabriel Lippman proposed using a series of lenses at a picture’s surface instead of opaque barrier lines, allowing three dimensional pictures. He titled his presentation to the French Academy of Sciences “La Photographie Integral”.
In 1983 – CBS Records launched the first major compact disc music marketing campaign, launching 16 titles. CDs had gone on sale to the public the previous October in Japan.
In 2004 – Review site Engadget launched with a post about T-Flash, a new memory card format, by founder Peter Rojas.
In 2010 – The Federal Constitutional Court of Germany rejected legislation requiring electronic communications traffic data retention for a period of 6 months as a violation of the guarantee of the secrecy of correspondence.
Like Tech History? Get the illustrated Year in Tech History at Merritt’s Books site.
245 #245 – Terry Pratchett Helps Us Feel Better
We’re very excited about the debut of our first Sword and Laser Inkshares collection book, The Life Engineered by JF Dubeau. We’re a little bummed that Tom forgot to bring more than water to drink. We’re super-excited about the Nebula Award nominees. And we were a little bummed at some of the reactions to The Sword of Shannara. But Vickie helped us out with an amazing Terry Pratchett quote, and all was well in Swordandlaserville.
#245 – Terry Pratchett Helps Us Feel Better
We’re very excited about the debut of our first Sword and Laser Inkshares collection book, The Life Engineered by JF Dubeau. We’re a little bummed that Tom forgot to bring more than water to drink. We’re super-excited about the Nebula Award nominees. And we were a little bummed at some of the reactions to The Sword of Shannara. But Vickie helped us out with an amazing Terry Pratchett quote, and all was well in Swordandlaserville.
DTNS 2701 – A Hack of the Clones
Microsoft is promising to make Xbox Games playable on Windows 10 as universal apps. But they have a long way to go. Patrick Beja and Tom Merritt try to figure it out.
Using a Screen Reader? Click here
Multiple versions (ogg, video etc.) from Archive.org.
Please SUBSCRIBE HERE.
Follow us on Soundcloud.
A special thanks to all our supporters–without you, none of this would be possible.
If you are willing to support the show or give as little as 5 cents a day on Patreon. Thank you!
Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!
Big thanks to Mustafa A. from thepolarcat.com for the logo!
Thanks to our mods, Kylde, TomGehrke, sebgonz and scottierowland on the subreddit
Show Notes
To read the show notes in a separate page click here!
Today in Tech History – March 1, 2016
In 1896 – Henri Becquerel discovered images of uranium rocks had appeared on a photographic plate without exposure to the sun. He had discovered natural radiation.
In 1995 – A little over a year after starting the website in January 1994, Jerry Yang and David Filo incorporated Yahoo!
In 2006 – English-language Wikipedia reached its one millionth article, “Jordanhill railway station.”
Like Tech History? Get the illustrated Year in Tech History at Merritt’s Books site.
Cordkillers 110 – Oh the Humanity!
Is HBO really falling behind Netflix? Do we want Chromecast built into our TVs? Does YouTube need humans?
DTNS 2700 – Heavy is The Head That Wears the Hololens
The Microsoft Hololens costs $3,000 making the Vive and Rift seem cheap. But it’s a developer edition and Augmented Reality not Virtual Reality. Tom Merritt and Veronica Belmont discuss whether that makes a difference.
Using a Screen Reader? Click here
Multiple versions (ogg, video etc.) from Archive.org.
Please SUBSCRIBE HERE.
Follow us on Soundcloud.
A special thanks to all our supporters–without you, none of this would be possible.
If you are willing to support the show or give as little as 5 cents a day on Patreon. Thank you!
Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!
Big thanks to Mustafa A. from thepolarcat.com for the logo!
Thanks to our mods, Kylde, TomGehrke, sebgonz and scottierowland on the subreddit
Show Notes
To read the show notes in a separate page click here!
Today in Tech History – February 29, 2016
In 1860 – Herman Hollerith was born. He would grow up to build the first punched-card tabulating machines as well as found the company that was to become IBM.
In 1940 – Ernest O. Lawrence delivered his 1939 Nobel Prize in Physics banquet speech in Berkeley, California, instead of the usual Sweden, so he could keep raising funds for his cyclotron research which got him the prize in the first place.
In 1996 – Microprose released Civilization II, a sequel to Sid Meier’s Civilization, and the version that would launch the franchise to widespread popularity.
In 2012 – Orders began for the small and inexpensive Raspberry Pi computer.
Like Tech History? Get the illustrated Year in Tech History at Merritt’s Books site.