Amazon douses flames, vows to restore Fire OS fondleslab encryption Amazon has U-turned on its decision to remove filesystem encryption from Fire OS, which powers its Fire and Kindle slabs. We've been told that a version due out within the next month or two will return support for encrypting documents stored on the devices. This decision to restore the feature comes just days after it emerged …
You would be shocked at the number of people who seem to think ROT13 is unbreakable.
I can recall a project in Grad School, Security Management class, where we were supposed to provide a simple security problem, suitable for Beginners in Security.
The start was a username, password, and website on a slip of paper, in ROT-13. Leading to a photo with a steg'ed message embedded, and the decrypt program and decrypt password in the HTML headers.
22 students in the class. 20 were stumped. 19 never got past the ROT-13. . . .
Professor had it solved in about 5 minutes, 3 of which were downloading and installing the Steganography program. One other in the class took about 8 minutes.
The rest ? Top Men, I tell you. . . . TOP Men. . . . (evil grin)
A related anecdote:
Circa 1988 I attended a course in some BIG company, relating some big system. It was a self-learning thing, where I was left alone with a terminal -running an OS simulation- in a room. As you'll probably guess, it got boring at times, and in one of these occasions I decided to test whether the system had bug similar to one that had been known and patched in UNIX more than a decade before.
It worked, and I found myself with admin rights. Tinkering a bit with the 'control panel', I noticed that the system I was using had a mail system (sort of) that was sending files to -probably- the USA. The filenames included bank names, and the contents of the files were gibberish.
You probably have guessed where this is going. The files were encrypted using f***ing ROT13, and the files contained data about financial transactions, including account numbers and identity info. I closed the thing immediately.
Yes, top men, indeed! :-)
. . . and I can recall a pen test at an un-named Federal Agency here in .us.
Quick nmap scan showed a UNIX server (Solaris 9, as I recall) running FTP.
In the FTP directory was a Kickstart file. With the root password, for what turned out to be many, many servers.
Game, set, and match in under 5 minutes.
Even MORE Top Men. . .
"At least we live in times where opposing encryption is PR suicide."
Yes, but worryingly we also live in times where it took the largest company on the planet to stand up to government oppression. This shouldn't have been necessary given all of the references to freedom in American law. I know I'll get some down votes for this, but before you click that thumbs down take a moment to consider how many people became terrorists who were happy and free. The best and only way that we can stop terrorism is to work towards everyone globally feeling like they are genuinely free and out of poverty. Religion may be the banner, but wealth and freedom is most definitely the driver.
Of course there are the other types of "terrorist" which could be prevented by better care for the mentally ill.
The terrorist in question were apparently living in a somewhat free country rather than the slim filled waste land they would have apparently preferred. So why did they not take their freedom to travel and slide off to such a slim lagoon? Oh I know why, they thought freedom gave them the 'right' to kill and the freedom to hide their activities. Sorry your mad apology for their mindless stupidity made no sense to me. My serious regret is that 'the government' was a little late in granting them their one way ticket to hell.
What is with this childish obsession that people's every witter on the witter net has to be so protected?
It all sounds pretty pathetic to normal people.
Nothing wrong with opposing terrorism at all, but to stop it you need to fix root causes. I don't know anything about the circumstances of these people, and neither do you. What we do know is that they lived in a country with free uncontrolled access to firearms. We also know that due to circumstances or mental health issues they chose to buy and use those firearms on innocent people.
Destroying the privacy and rights of the other 6 billion people on the planet as a result would only seem to drive more problems. Perhaps start with controlling the guns? Then maybe set about dealing with the mental health issues, education issues and poverty issues etc. Which lead people to harm their fellow citizens.
Also, destroying privacy will not and can not prevent future attacks. That is the nature of terrorism, it works within any system you care to construct unfortunately so we may as well be free if we can't be safe. Privacy removal has been shown over and over to cause harm directly or indirectly to large portions of society, and that is why it's important to push for it. Many people have died fighting wars for your freedom, honouring them takes more than a minute silence on Memorial Day.
One can argue over whether 'wealth and freedom' is a cure for terrorism or not but it is pretty hard to argue that western meddling in the middle east, especially that of the US, has made it a prime target.
Compare with Switzerland, who is also a rich and free country that people who "hate us for our freedom" would presumably want to attack. Yet there has never been a terrorist attack on Switzerland (I think there were a couple incidents with flights leaving there bound for Israel, but it is pretty obvious the latter was the actual target)
Every time we do something in the middle east it always hurts us in the long run. Can anyone come up with an example of the US or Britain meddling in the middle east that made things indisputably better in the long term? Examples from 1990 or earlier please - sometimes it takes a long time for the blowback (i.e. overthrowing the democratically elected government in Iran to replace with the Shah took 26 years before it blew up in our faces) Had we not done that yeah maybe it hurts US companies a bit not getting the contracts the Shah handed to us. We could have and should have been the friend of a naturally occurring democratic government in the middle east, since that is supposedly one of our goals when we publicly overthrow a government (when we do it in private, it is usually to set up an evil dictator who will do our bidding)
Iran would have exercised its influence throughout the Arab world and probably resulted in similar governments springing up. Who knows, maybe Saddam Hussein never rises to power and Iraq is a democracy today. Or maybe not, but the people of both would probably be a lot better off today regardless. Maybe Iran's new government didn't want to choose sides in the Cold War, but a modern democracy in the middle east would have been a great trade partner over the years, and the US economy probably would have ended up ahead in the long run even if the oil companies didn't get their great deals that provided short term gains but caused long term harm.
How do you go about that without risking making things worse? Let them solve their own problems, provide non-military aid if requested to help them solve their own problems but leave them in control of their own destiny. If that destiny is civil war, well that's too bad, but the west should not be taking sides in them. We can provide humanitarian aid, subject to guarantees it actually reaches the people who need it regardless of which side they're on. We can help them rebuild when the fighting is over. We should not be supplying weapons or military advisers. We definitely should not be encouraging civil war, or the violent overthrow of any legitimate government (even if that legitimate government is run by a petty tyrant)
Roddenbury's "Prime Directive" from Star Trek was a not so subtle hint at how the US should be engaging with other countries from a time when Vietnam was in the process of escalating.
The phrase you are quoting is "feeling like they are genuinely free" which needs an awful lot of twisting to extract "feeling like they are in America", so back off a bit.
And while you are at it - where is your example of the best freedom to be had on the planet. For myself, I would suggest Monaco - but only if you are very, very rich.
Britain was pretty free 20 years ago. Freedom of movement, no requirement to carry ID, reasonable levels of education, employment and other niceties. 20 years ago we didn't have a whole lot of nutters either. As the controls have descended however we've seen more and more people becoming agitated to the point of violence.
Back to the original issue though - would I prefer a world where terrorists and paedophiles have a safe haven on their phones and the police need to have evidence to arrest them before searching their home and devices (in UK you're legally obliged to provide the decrypt key when served with a court order). Or would I prefer a world where terrorists and paedophiles have access to everyone else's devices through the government back door, giving them access to countless "sext messages" and selfies as well as information usable in planning terror acts, as well as the government and its agencies having unfettered access to search for potential crimes in the making. Hmmm, let me think. I'll go with privacy please Bob.
Surely the compromise would be for Amazon to make available an API which provides such functionality? This presumably would shift the responsibility for back-door accessibility to the organisation that provided the bolt-on. In many cases this would be in-house or sub-contracted developers employed by the corporate who rolled out the hardware to its staff. The FBI will therefore go knocking on the door of the corporate, not Amazon. It also absolves Amazon of blame for making the irrevocable decision that ROT13 was strong enough for everyone (see comment #1).
iPaedoPhone, iJihadiPhone, iRAPhone ... the tabloids and reactionary lunatics will apply all of those labels and they'll be right: in their own terms.
All those groups will probably have an easier time of it than they would if the TLAs had unfettered access to everything in exactly the same way that the 4th Amendment makes their lives easier: there would be more child molesters, drug dealers and terrorists behind bars if the authorities could search anywhere, anytime with no warrants or probable cause issues slowing them down.
My point was that you have to eventually admit you are prepared to sacrifice a few lives (including children) in order to protect the principles society stands for. If asked: "Is Apple prepared to see a child molester go free in order to uphold the principle of individual privacy and security?" the answer has to be "Yes".
I thought it was quite clear: both encryption and the 4th Amendment can serve to conceal wrongdoing and that makes life easier for paedophiles, drug dealers and terrorists.
I phrased it the way I did to see how many "Paedoggedon/THINK OF THE CHILDREN!!" merchants there are out there who can't face facts.
People who whine about "oh noes! Apple is giving terrorists and pedos a perfect tool to communicate undetected" need to realize a couple things:
1) Apple (and US companies in general) don't have access to 'better' encryption than other countries. If you make iPhones less attractive to terrorists and pedos by allowing the US government a way in, it isn't like they'll keep using them and get caught. They'll use something else - products and/or software developed outside the US government's ability to control. Many non-criminals outside the US will abandon US products in favor of those better products that aren't damaged by the US government's influence. So you don't catch any more terrorists, and you hurt the US economy.
2) The legal system in the US is founded on the principle that it is better to let guilty parties go free than have innocent parties convicted. That's why you have the 4th and 5th amendments, why torturing suspects to gain a confession is not permitted, why the rules of evidence can make something inadmissible due to a technicality, and why conviction requires evidence 'beyond a reasonable doubt' not merely 'a preponderance of evidence' as in civil cases (I took a couple law classes back in the day, and the professor said you can think of 'beyond a reasonable doubt' meaning you are 99% sure while 'preponderance of the evidence' means you are 51% sure) Heck, the presumption of innocence itself is a pretty powerful statement towards this goal.
Anyway, if I was a terrorist why should I believe all this stuff about the FBI being unable to get into an iPhone? Maybe I think that's all a trap from those crafty infidels, and will probably want to stay away from anything like the iPhone where the hardware and software are both designed by a US company.
Judging by the downvotes, yours might well be the most misundestood comment in elReg's forums to date.
I'd like to add that whoever thinks that TLAs and LEAs don't have their share of paedos/narcs/criminals/whatever, and that giving these people that amount of power is not a societal suicide should wake up and smell the coffee ASAP.
It's New Coke all over again. Amazon pulls Encryption because, heck, who wants it? Oh, people want encryption, well, here you go, here's your encryption. We've replaced the sugar with corn syrup, and added in some backdoors for the Feds while we were at it.
Why else would it take a couple months to restore a basic feature of the OS?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
