Tuesday, March 15, 2016

Security Roundup

Not only is the U.S. Congress about to vote on anti-encryption legislation, but so is California. The bill going through the CA State Assembly "would ban default encryption on all smartphones" sold in the state.

Those laws could make the push to have Apple build iPhones even it can't unlock moot. Though, some companies - including Facebook and Google - are working to increase privacy protections in the face of the next attack on this front - WhatsApp.

Unfortunately, President Obama is showing that he doesn't understand the importance or technical issues of encryption either. He "keeps mentioning trade-offs, but it appears that he refuses to actually understand the trade-offs at issue here. Giving up on strong encryption is not about finding a happy middle compromise. Giving up on strong encryption is putting everyone at serious risk."

Could the government demand the iOS source code and signing key? A footnote in the DOJ brief says the following:
For the reasons discussed above, the FBI cannot itself modify the software on Farook's iPhone without access to the source code and Apple's private electronic signature ... The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
In other words, "it would be a shame if we had to take that code from you."

Mr. Fart and phone security -- the comparison between cockpit security and phone security is great. 

No comments: