Going Dark - an unmentionable company blows law enforcement

Mon Aug 15 14:43:24 PDT 2016

On Fri, Aug 12, 2016 at 5:41 PM Zenaan Harkness <zen at freedbms.net> wrote:

> Cause for both cautious optimism - this might result in a competitive
> market for 'full system' 'wholistic' encryption ecosystem -
>
> @pp13 at BlackHat: Reopening the "Going Dark" Debate
> https://lawfareblog.com/apple-blackhat-reopening-going-dark-debate
>
> (The author says some things which sound a bit messed up e.g. "Apple
> built the very thing that they and the privacy community have been
> saying for years is reckless, dangerous or impossible: a high-value
> encryption key secured in a vault such that the key can’t be stolen or
> misused by hackers or malicious insiders" - perhaps he's attempting to
> obfuscate things, or perhaps his own mind is naturally obfuscated.)
>

Apple has created a MUCH higher value target than an individual iPhone, and
I doubt they've made it enough more expensive to crack than an individual
iPhone that they won't eventually be forced to break it. Of course, forcing
them to break it is tantamount to outlawing such a system anyway, so it
doesn't actually have to be impossible to break, just hard enough that the
law has to change in a significant way before they can be force to break
it. In which case they'd just switch to key escrow anyway and we'd all feel
sorry for them because well at least they tried.

Perhaps it's my lack of imagination, but this doesn't seem to move the bar
much on the "reckless, dangerous, or impossible" thing. They were able to
build the vault because its functionality is essentially identical to the
Secure Enclave chip. Its construction, AFAICT, does not prove that one can
build a similarly secure system that could allow selective access, because
the immutability of the system means you would still need some kind of
master key to authenticate to it to get it to decrypt individual secrets.
You still need physical access, of course, but then it's just a plain ol'
HSM, is it not?

The other property that lets this approach work is that even if the device
fails, that just invalidates people's keychain backups. It doesn't destroy
their original keychains. I'm guessing that Apple scales the service and
avoids the possibility of the loss of a single device invalidating all
backups by having a way to add new master keys over time. Such a mechanism
couldn't be used to decrypt any existing backup, but it could be used to
force Apple to add an escrowed key and get every iPhone to reencrypt its
backup with the new key.

Found a nice photo from the talk, by the way: http://imgur.com/a/YO6ak

(Speaking of autonomous, inaccessible, non-updatable systems...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3313 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160815/42a81b3d/attachment-0002.txt>