back to article Cops and spies should blame THEMSELVES for smartphone crypto 'problem' - Hyppönen

Law enforcement and intel agencies have no right to complain about the improved security of smartphones because they brought the problem on themselves, according to security guru Mikko Hyppönen. Policing and government officials on both sides of the Atlantic have been vociferous in their complaints about Apple and Google's …

  1. James 51

    No mention of BB in all of this. I know their market share is small but given their niche market would be companies and goverments I thought they would be targets for this sort of thing too.

    1. Neil Alexander

      It is already well-known that BlackBerry have been more than complicit in servicing government information requests for BlackBerry Internet Service (BIS) users, and BlackBerry Enterprise Service (BES) has been pretty much broken despite the encryption too.

      1. Anonymous Coward
        Anonymous Coward

        Obama's Snooping

        This is another case of Obama having total disregard for people's privacy.

        And before you fanbois get cranky, any U.S. social studies textbook will explain that the NSA, CIA, and FBI are all part of the Executive Branch which is headed by the President and operate under his direct and total control.

        1. Anonymous Blowhard

          Re: Obama's Snooping

          "the NSA, CIA, and FBI are all part of the Executive Branch which is headed by the President and operate under his direct and total control"

          Or could it be vice-versa? Politicians only have power if they get elected, and you can't get elected if your opponents get help from TLAs about your vices and indiscretions; democracy has more to fear from uncontrollable secret agencies that have huge resources and no accountability than it does from a relatively small number of terrorists with less fire-power than an NRA convention.

        2. Anonymous Coward
          Anonymous Coward

          Re: Obama's Snooping

          "This is another case of Obama having total disregard for people's privacy.

          And before you fanbois get cranky, any U.S. social studies textbook will explain that the NSA, CIA, and FBI are all part of the Executive Branch which is headed by the President and operate under his direct and total control."

          And massive spying on the American people has been around since the Patriot Act signed by Republican president George Bush.

          1. Anonymous Coward
            Anonymous Coward

            Re: Obama's Snooping

            And massive spying on the American people has been around since the Patriot Act signed by Republican president George Bush.

            Massive spying? Not according to Snowden. It's Obama that has taken warrentless spying to an unheard-of level.

            But still I have to ask, what is your point? Are you saying you approve of Obama continuing to do spying?

            Tell me, what is more important to you, personal privacy, or politics? Do you think Obama is wrong to escalate the spying? Or would you rather just stick your head in the sand and pretend?

            BTW, the PATRIOT Act (which was enthusiastically endorsed by Democrats when first introduced) was enthusiastically signed and renewed by President Obama. Twice. He even expanded the scope of the spying.

            So what's your point? Please speak into the mic.

            1. Anonymous Coward
              Anonymous Coward

              Re: Obama's Snooping

              The point is that it isn't solely Bush's or Obama's fault, it is institutional, and the next president, whether it is Hillary or one of the republican contenders, will do his/her best to further expand the spying. The government never voluntarily gives up power, and in the rare cases where it is forced to, it takes a big scandal (i.e. Watergate) to focus the public's attention long enough to make it happen.

              Sadly, most people don't even pay attention to further disclosures from Snowden's cache. Unless he's been saving up a bombshell, it is all old news to the typical person, so the window for rolling back the clock has passed and the government knows it. They're probably already trying to figure out new and better ways to violate our privacy and novel ways of interpreting laws or creating secret EOs to get the FISA court's rubberstamp of approval.

              Perhaps as a nod to the scandal they're shutting down to the old spying programs and replacing them, so they can say "we shut down RANDOMCODENAME as detailed by Snowden, yay us!" when it won't change anything as far as the privacy of citizens is concerned.

              1. Anonymous Coward
                Anonymous Coward

                Re: Obama's Snooping

                The point is that it isn't solely Bush's or Obama's fault, it is institutional

                I fail to see your point. It is Obama that that directly oversees these agencies. Spying of this magnitude can't happen without his approval which he has already admitted to doing.

                Is it your point that Obama can't help himself?

                The important question is, how do we stop this? Or do you just throw up your hands and decide that it's in Obama's nature to spy on everyone?

                Remember, Obama can stop this with just one Executive Order. Why hasn't he? His own party has called on him to fire the head of the NSA. Why hasn't he?

                A real Liberal would be outraged at how Barack Obama has betrayed his party, his principles, the U.S. Constitution. Obama fanbois (fake liberals) make excuses and turn away. Blame Bush? Guess what, he isn't President anymore.

                Traditional Liberals, like me, are outraged at how Obama has betrayed the Democratic party. Why aren't you?

                1. Mark 65

                  Re: Obama's Snooping

                  "The important question is, how do we stop this? Or do you just throw up your hands and decide that it's in Obama's nature to spy on everyone?

                  Remember, Obama can stop this with just one Executive Order. Why hasn't he? His own party has called on him to fire the head of the NSA. Why hasn't he?"

                  Surely a better question to ask is "just what hold do these agencies have over him?"

                2. Anonymous Coward
                  Anonymous Coward

                  @AC the "traditional liberal"

                  Well, the reason I'm not outraged by Obama's "betrayal" is because I'm not a liberal, and never said I was, so I don't know why you're faulting me on that. I consider myself a libertarian, so I find a lot of fault in both parties, and the spying program which both parties support is just the tip of the iceberg. I was never under the illusion Obama was going to keep his promises any more than I thought Bush was going to "reach across the aisle", or Clinton was going to do whatever stuff he claimed he would during the 1992 campaign.

                  The democrats had control of congress when Obama took office, and democrats like Feinstein (who few would accuse of being a "fake liberal") knew about the spying program. Why didn't she talk to her colleagues and say "I can't tell you the full extent of what we're doing, but its bad, let's make some laws that won't allow it to happen any more"? Because the democrats do support it, just like the republicans. You and your liberal friends might not, but you're too much into the "us against them" dialogue that both parties want and encourage to tell your nose from your ass, and don't see the democrats are every bit as corrupt as the republicans, and support anything that helps insure their continued power.

                  Yeah, there are some democrats who want to see it end, just as there some republicans who do. But not enough to make it happen. If you think Obama is so terrible in his support of this, who you are going to vote for in 2016? Certainly not Hillary, she'll support this stuff even more than Obama. Some fringe candidate like Kucinich? That'll just hand the election to the republicans, it would be the democrat equivalent of nominating Palin.

                  There's your problem, there isn't anyone who can reasonably win the democratic nomination who will stop this. Your best would probably be Rand Paul, though I think he's too much outside the orthodox republican view that the party machine will put a stop to him like they did McCain in 2000, and he'll either have to compromise his views like the new and disimproved McCain in 2008, or be called "crazy" and "dangerous" and relegated to fringe status like his father.

              2. Mark 65

                Re: Obama's Snooping

                "so the window for rolling back the clock has passed and the government knows it"

                Not entirely. With everything starting to move to encryption as a first though rather than an add-on what exactly will they now be hoovering up? They are their own worst enemy. If they'd kept it all nicely transparent and through the legal system they'd likely not have the problems they will shortly be facing. There are plenty of eyes now on the problem of creating greater security and anonymity. More than there would have been. I believe Tor use will start becoming more widespread and may well end up being baked in to linux distros in an easy-to-use fashion so that noobs can easily use it. What then?

                Let's not forget they never stopped 9/11 despite all the things that they actually knew at the time. They didn't prevent the Boston bombings and the attacks in Madrid and London seemed to have gone quite well given the extra security the public are supposed to receive in return for the last vestiges of their privacy being shredded.

                Stupid is as stupid does.

        3. Thorne
          Big Brother

          Re: Obama's Snooping

          Obama's fault?

          Pretty sure it was going before him. Will be going after him and is done by every single government in the world........

      2. paulc

        Official backdoors into the servers...

        http://www.heydary.com/publications/Inside-the-Rim-Decrypting-the-Blackberry.html

      3. James 51

        The London riots being a case in point. But if Apple and Google are scrambling to prevent themselves being able to implement warrents for information, what are Blackberry doing? Are they making any changes at all? The removal of BIS from BB10 might be a blessing in disguise.

      4. Daniel B.
        Boffin

        FUD

        BlackBerry Enterprise Service (BES) has been pretty much broken despite the encryption too.

        Nope, BES isn't broken at all. In fact, that was one of the main reasons why BlackBerry (formerly RIM) ran into trouble with the Indian government, as they wanted access to both BIS and BES.

        Now that BB10 devices are no longer tied to BIS, it's possible that they are now harder to tap than the old devices. Also notice that the NSA was able to h4xx0r Merkel's Nokia handset ... but they weren't able to do the same to her BB Z10. Quite interesting...

  2. WonkoTheSane
    Black Helicopters

    2-part security?

    Since Plod will take a phone immediately as evidence, but leave jewellery until a suspect is booked, auto-wiping might be achieved by pairing with an NFC ring ( http://nfcring.com/ ) or similar device.

    If NFC ring <> connected then return phone to factory settings.

    Placing the phone in an RF-shielded bag would obviously break the connection between phone & NFC device.

    1. James 51

      Re: 2-part security?

      There was a story on the BBC about phones being remotely wiped after being taken suspects. Either someone already has an app for that or they aren't handling them properly after taking them. Opens a lot of ways a creative legal mind could exploit, for a suitable fee of course.

      1. Yet Another Anonymous coward Silver badge

        Re: 2-part security?

        Or the plod accidentally erased them, or took blank phones from completely innocent people and are happier to have a story of "battling super cyber criminals needs extra powers" rather than "we are, and always have been, idiots when it comes to technology"

      2. Stratman

        Re: 2-part security?

        www.windowsphone.com -> Select phone you want to wipe -> Find my Phone -> Erase -> Confirm

        From the Windowsphone site

        "To erase your phone

        If you're certain that you can't get your phone back, or if you have sensitive information on it that you want to protect until you recover it, you can erase your phone remotely.

        On your computer, go to windowsphone.com.

        Point to the phone in the top-right corner, then click Find My Phone. If you're prompted, sign in with the same Microsoft account you used to sign in on your phone.

        Click Erase.

        If you're absolutely, positively sure, tick the I'm sure! Please erase my phone now checkbox, then click Erase."

        1. Charles 9

          Re: 2-part security?

          How does remote wipe work if the phone is kept in a Faraday bag and only removed when in a Faraday cage?

          1. WonkoTheSane

            Re: 2-part security?

            Wipe would be initiated when phone _cannot_ see the security token.

            Old school version would be the old "If anything happens to me, the information I have goes to the papers".

      3. Anonymous Coward
        Anonymous Coward

        Re: 2-part security?

        "There was a story on the BBC about phones being remotely wiped after being taken suspects."

        The old bill are usually not the brightest and I'd assume they weren't always switched off or placed in RF shielded bags when they were taken, nor shielded when switched on again for examination. Since both ios and (I think) Android allow for remote wipe, and ios and Blackberry will wipe the device after X failed password attempts (again, I'd imagine android does this), it's easy to imagine a curious copper either switching it on or even having a go at the password. They get canned for far more brainless crap than that.

        The almost scary thing about the story as presented on the BBC was that the cops seemed to be clueless about how it might happen.

    2. Bronek Kozicki

      Re: 2-part security?

      I understand NFC link only works on short distances - you might not be able to put your phone to a pocket without erasing it ...

  3. The Man Who Fell To Earth Silver badge
    WTF?

    Google has since promised to do something similar with Android smartphones.

    Eh? Then what does the Settings -> Security -> Encrypt Device on my Android 4.1 phone do? Or the Settings -> Security -> Encrypt external SD card ?

    1. Anonymous Coward 101

      Re: Google has since promised to do something similar with Android smartphones.

      "Then what does the Settings -> Security -> Encrypt Device on my Android 4.1 phone do?"

      It makes Google send a message to plod that you are a paedophile or a terrorist, complete with GPS coordinates and full name and address.

    2. WonkoTheSane
      Headmaster

      Re: Google has since promised to do something similar with Android smartphones.

      "Eh? Then what does the Settings -> Security -> Encrypt Device on my Android 4.1 phone do? Or the Settings -> Security -> Encrypt external SD card ?"

      Nothing unless you switch it on. Which is what Google will do in Android L (default ON instead of OFF).

      1. Yet Another Anonymous coward Silver badge

        Re: Google has since promised to do something similar with Android smartphones.

        It ensures that you get 5years unless you hand the password over to the plod.

        1. John Tserkezis

          Re: Google has since promised to do something similar with Android smartphones.

          "It ensures that you get 5years unless you hand the password over to the plod."

          Sometimes, the perps see this as a best of a bad situation. Especially if they're looking at more than a mere 5 years in the event the plods find out exactly how far and wide the illegal activity has gone.

          1. Mark 65

            Re: Google has since promised to do something similar with Android smartphones.

            That's the stupidity of the "reveal your key" laws. Anyone who's a serious wrong-un will take the punishment for not revealing the key over that for revealing what is concealed. Terrorists and security being the weakest strawman - if you were accused of being in the final stages of planning an attack (and you were) it's highly unlikely you're going to hand over a fucking encryption key.

            1. Anonymous Coward
              Anonymous Coward

              Re: Google has since promised to do something similar with Android smartphones.

              Except that as I understand it the (UK) two years for not handing over the password is recurring - two years inside, and if they're feeling mean, if they ask you again and you refuse, back to court, rinse and repeat ad nauseum.

              1. Mark 65

                Re: Google has since promised to do something similar with Android smartphones.

                "Except that as I understand it the (UK) two years for not handing over the password is recurring - two years inside, and if they're feeling mean, if they ask you again and you refuse, back to court, rinse and repeat ad nauseum."

                I'd like to see the rinse-repeat part pass the EU courts, Human Rights etc etc. That clearly counts as persecution.

                1. James 51

                  Re: Google has since promised to do something similar with Android smartphones.

                  That's what happened in N.Ireland for decades. Suspects could be held for so many days but if they hadn't broken down and confessed to what ever they needed them to confess to, they were rearrested at the front door of the station.

  4. Diskcrash

    Misdirection

    The real underlying complaint that the snoopers and their government handlers have is not that stronger encryption protects the evil but that it protects the average. Terrorists, criminals and paedophiles know and use technology in ways to protect what they are up to and are not bothered by limits or restrictions put in place by the government or the manufacturers, since after all they are evil.

    What the snoopers want to achieve is the second, third and beyond level of contacts. The mothers, the brothers and friends are who they want to snoop on and they want to cast their net wide in order to come up with as many possible links as possible. The fact that many innocent people may be looked at and even incorrectly associated is not their concern.

    Current police and investigation powers are more than adequate to target specific individuals but this is not what they want, they want the ability to snoop on everyone and everything. Except themselves of course.

    The ever increasingly shrill cries sounds less like reasoned concern and more like a child caught with their hand in the cookie jar. The criminal made me do it, no the terrorist made me do it, no wait, wait think about the children the paedos made me do it. Waaaaaaaaaaaa.

  5. Anonymous Coward
    Anonymous Coward

    And then there is the big hindrance ...

    I think it is appalling that the police are required to get a warrant, with evidence, before they can enter and search your house.

    Clearly, the restrictions on searching private property, random pedestrians and the like play right into the hands of terrorists and criminals.

    T. May is already thinking positively: arrest people who could be a danger before they do enough to be proved a terrorist or criminal or sympathiser with the wrong people.

    Change language to heighten the impressions government and meida want, whether it is using extreme Americanisms or to vilify the less well-off just for expecting fair pay or to demonise those who do not fit the required mould.

    Orwell was on the right lines (particularly read his appendix about language and New Speak or Anthony Burgess on the same theme); but he could have no conception in the 1940s of how the vast majority of people become avid, willing collaborators and adopters of the language, patterns of thought and behaviour foisted upon them.

    A wonderful example: leaving the EU and so trapping British subjects within the most overcrowded islands in Europe is described as regaining "freedom", as opposed to the enormous restriction on freedom to live and work where one wants across the whole of Europe. The rights and freedoms of 2 million Britons living, working or retired, in mainland Europe are disregarded.

    Yes, to safeguard our freedom, let any government apparatchic, plus private sector contractors with the government, have free access to your home, your pockets, your car, your mobile, your computer, what you read or write (perhaps a permit to read books or write anything), perhaps public burnings of the wrong books, removal of internet or telephone access. Actually, just adopt the old East German approach complete with their rather efficient Stasi. You know, control migration minutely, imprison or shoot illegal emigrants.(I mean EMigrants), as is already the case in some cases albeit with a sheen of legality.

    1. Anonymous Coward
      Anonymous Coward

      Re: And then there is the big hindrance ...

      Exactly, how can the FBI protect me from ISIS unless they have real time access to my Netflix subscription without a warrant.

    2. Anonymous Coward
      Anonymous Coward

      Re: And then there is the big hindrance ...

      "I think it is appalling that the police are required to get a warrant, with evidence, before they can enter and search your house."

      Do they? A solicitor once explained that when an investigation is not going where it should - then some UK police forces are apt to mount a "fishing expedition". This involves arresting second degree contacts in the hope that their computers etc will contain something incriminating.

      The bit that surprises me is that apparently they don't have to get a magistrate to sign off a warrant for a dawn raid - which might be difficult with no evidence. It is my understanding that If they arrest the person on "suspicion of conspiracy to" - then that automatically confers the power of a search.

      If they find nothing then they will claim that it was a lawful arrest - and leave the victim to be advised by their solicitor "off the record" about the personal risks in complaining or suing.

      If it sounds like an abuse of power - then it must be remembered that "the end justifies the means" has always been the mantra of those whose jobs, and self-worth, depend on "getting results".

  6. Schultz
    Unhappy

    Breaking trust

    The true price of the boundless secret spying won't be evident for a long time and will be due to the loss of trust within and among states. We thought we lived in some kind of international utopia and could travel and trade without boundaries. Now the three letter agencies reminded us that you can't trust anybody -- not even the government of an apparently enlightened state.

    If you ever wondered whether the next century belongs to the Chinese or US model of governing -- stop wondering, they nicely converge.

  7. Stuart 22

    It's all over now

    Anybody watching The Code (BBC4) will have spotted the leak of pre-prepared embarrassing information on a cabinet minister.

    Its hard to imagine that the Director of GCHQ doesn't already have a dossier of resign quality data on every minister (or potential minister). That's leverage that's hard to put down. Even the most honest/moral of us leave trails that, as Hyppönen claims, can be construed as 'awkward'.

    As Ted Heath once asked "Who Rules Britain?" It sure ain't trade unions.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's all over now

      There was a TV drama serial many years ago - with Tom Bell? as a long-serving CID detective. He and his partner are deployed to investigate child prostitution. In the process they happen to recognise one of the customers as a very senior government minister. (Home Secretary?)

      IIRC the end was very downbeat. The detective finally realised that his investigation had been a set up by the intelligence services wishing to bring down the politician - without being seen to do so.

      1. Yet Another Anonymous coward Silver badge

        Re: It's all over now

        "A very British Coup", MI5 are reporting to the cabinet office on their spying on the new far left government."3 adulterers, 2 crooks, a couple of poofs and a communist",

        "sounds like every cabinet since the war" says the weary cabinet secretary.

  8. ecofeco Silver badge

    I have never met a bully...

    ...who didn't think they were the victim.

  9. Sanctimonious Prick
    Trollface

    What Freaks Me Out...

    Is that there are now people out there actively searching for all those back doors, White Hats, Black Hats, and the Greys.

    So what we need is Web v3.0 - and tell that Linus dude to piss off! - that guy makes me angry!

    1. Daniel B.
      Boffin

      Re: What Freaks Me Out...

      Everyone has always been looking for those backdoors. Remember NSA_KEY? The hacker community has been very suspicious since the early 2000s. We probably only need better SSL/TLS protocols or just use them for everything, as it seems that is spooking more the spooks.

      1. Charles 9

        Re: What Freaks Me Out...

        Using them for everything won't work. The state has the resources to keep a quantum computer in a black project, store everything since the advent of the PC, and probably even be working on a way to break lattice and other post-quantum encryption. And you can't stop them OR convince them to stop since EVERY state and state leader behaves like Damocles: as if under perpetual existential threat. Under such an environment, NOTHING is taboo since the one that can destroy you can come from ANYWHERE at ANYTIME.

        1. intrigid

          Re: What Freaks Me Out...

          Governments aren't gods. Nobody will be brute-forcing AES-256. Someone figured out the theoretical minimum amount of *energy* required to *iterate* through a 256-bit sequence on a 100% energy-efficient computer, and all the energy stored in the sun wouldn't even come close.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon