[Matt J]

I think once Marshmallow is released and we have the ability to turn off specific app permissions, all devices will be more or less as private as we want they to be.

As far as security is concerned ... well, if the FBI can't get into an iPhone, the Priv is probably as good.

When you use Gmail or cloud services, we should just assume that is totally non-private and non-secure.

As far as messaging apps, I think BBM Protected is the most secure and private out there. WhatsApp is owned by Facebook...enough said there.

I think there has just been a general convergence in these areas. All devices are probably equally secure, more or less.

Posted via the CrackBerry App for Android on my BlackBerry Priv

[southlander]

The problem is that smartphones are made to be intentionally not secure most of the time, since only "regulated" industries are entitled to security and privacy. People are potential terrorists and therefore must be permanently surveilled, as the FBI vs. Apple and John Chen's BlackBerry indicate.
Why did blackberry not clearly state that it cannot decrypt an encrypted BlackBerry phone after they made such a fuss about the privacy and security of the priv?

Making something too secure no matter its use case can also make it too inconvenient to use. Apple's approach lets you customize it to what you need. So does BlackBerrys. The user is the issue in most all of these cases.

[TgeekB]

They have to be secure for ALL cases. It only takes one security breach to lose your data. They cannot be secure some of the time, as in one day per month when they submit the security patch.

Nothing is absolute. Nothing can stop every security breach, every home invasion, or every bank robbery.

[southlander]

Nothing is absolute. Nothing can stop every security breach, every home invasion, or every bank robbery.

Not to mention folks that have to live and get things done don't want absolute security anyway. It should be tailored to each situation. The people who need high security need to educate themselves and take proper measures or make sure someone else is on their behalf.

If the iPhone in question has a long passcode that has numerics and alpha characters, then that's a different ball game than if the terrorist was typically lazy and used a 4 digit numeric one. The FBI is gambling that the guy used a 4 digit numeric. Probably a reasonable gamble.

There's an 80ms delay to processing any passcode submission through the OS. So each attempt (assuming Apple disables the limit) takes time, and 80ms x the number of possibilities can turn into a very long time with a better password.

So ... the question would then become is there another route in? If not then I would call that pretty damn good security.

[TgeekB]

Not to mention folks that have to live and get things done don't want absolute security anyway. It should be tailored to each situation. The people who need high security need to educate themselves and take proper measures or make sure someone else is on their behalf.

If the iPhone in question has a long passcode that has numerics and alpha characters, then that's a different ball game than if the terrorist was typically lazy and used a 4 digit numeric one. The FBI is gambling that the guy used a 4 digit numeric. Probably a reasonable gamble.

There's an 80ms delay to processing any passcode submission through the OS. So each attempt (assuming Apple disables the limit) takes time, and 80ms x the number of possibilities can turn into a very long time with a better password.

So ... the question would then become is there another route in? If not then I would call that pretty damn good security.

I fully agree.
As for not everyone needs or wants absolute security, it would be like saying I need as many secret service around me as the President. I don't and it would totally interfere with what I need to do every day. Being careful is all I need.

[deadcowboy]

I have never had an issue where I have trouble deciding, like this. It's because the use cases either way are horrific.

If someone is plotting to kill thousands of people by coordinating on their phone, should governments be allowed to gather intel?

If someone is using a photo to distribute child pornography involving 4 year olds, should law enforcement be able to access the phone to get evidence and lock them up?

What if a government wants to snoop on political dissenters to squash them down?

In truth, both sides have room for horrific things to happen if it's allowed or disallowed.

Ugh

is apple's standard encryption really the biggest hurdle in the way? sounds like laziness, rather. and encryption isn't going away. criminals and terrorists will simply use different measures, different apps, self-implemented encryption. this will only affect good, honest citizens of the world. what's being debated is tantamount to dystopian double-speak.

Posted via CB10

[byex]

Stumbled across this article. It showed up in a news feed.

http://yournewswire.com/apples-littl...n-your-iphone/

Apple�s Little Secret: There Is Already A Backdoor Installed On Your iPhone


A leaked White House memo reveals that the NSA already have a tool that allows them to*bypass security on iPhone devices and access private user data.*

The current media frenzy about Apple�s stance on user privacy*is likely to*be a deliberately orchestrated distraction from the fact that the government*already routinely accesses private information*from*Apple and Microsoft products.

Apple CEO Tim Cook�s �protests� against FBI�s demands*are a ploy to distract the public*from the reality that there�s already a backdoor on every new iPhone that ships around the globe: the ability to load and execute modified firmware without user intervention.

Counterpunch.org reports:

Ostensibly software patches were intended to fix bugs. But they can just as easily install code that compromises sensitive data. I repeat: without user intervention. Apple isn�t alone in this regard. Has anyone noticed that the auto-update feature deployed with certain versions of Windows 10 is impossible to turn off using existing user controls?

Update features, it would seem, are a bullseye for spies. And rightly so because they represent a novel way to quietly execute malicious software. This past September the Washington Post published a leaked memo from the White House which proposed that intelligence agencies leverage �provider-enabled remote access to encrypted devices through current update procedures.� Yep, the same update procedures that are marketed as helping to keep users safe. And it would appear that the spies are making progress. There�s news from Bloomberg of a secret memo that tasked spymasters with estimating the budgetary requirements needed to develop �encryption workarounds.�

And, finally, please notice throughout this whole ordeal how the Director of the NSA, unlike the vociferous FBI director, has been relatively silent. With a budget on the order of $10 billion at its disposal the NSA almost certainly has something equivalent to what the courts have asked Apple to create. The NSA probably doesn�t want to give its bypass tool to the FBI and blow its operational advantage. After all, the NSA is well versed in the art of firmware-level manipulation. Experts have opined that for a few million (a drop in the bucket for a spy outfit like the NSA or CIA) this capability could be implemented. NSA whistleblower William Binney tends to agree. When asked what users could do to protect themselves from the Deep State�s prying eyes Binney replied:

�Use smoke signals! With NSA�s budget of over $10bill a year, they have more resources to acquire your data than you can ever hope to defend against.

This has to be addressed in law and legislation. Call your local governmental representative and complain, otherwise, if you sit and do nothing� you are ****ed!!!�

So while Apple manufactures the perception that it�s fighting for user privacy, keep in mind that the media�s Manichean narrative of �good vs. evil� doesn�t necessarily explain what�s transpiring. Despite cheerleading by Ed Snowden and others Apple is not the companythat it would have us believe it is. Apple has a long history of helping the government crack iPhones and security researchers have already unearthed any number of hidden services lurking below the iPhones surface.

The public record over the past several decades informs that ersatz public opposition often conceals private collusion. And Apple, dear reader, is no stranger when it comes to clandestine government programs. The sad truth is that government spies and corporate data hoarders assemble in the corridors of the American Deep Stateprotected by a veil of official secrecy and sophisticated propaganda.

Posted via CB10

[TGIS]

Stumbled across this article. It showed up in a news feed.

http://yournewswire.com/apples-littl...n-your-iphone/

Apple�s Little Secret: There Is Already A Backdoor Installed On Your iPhone


A leaked White House memo reveals that the NSA already have a tool that allows them to*bypass security on iPhone devices and access private user data.*

The current media frenzy about Apple�s stance on user privacy*is likely to*be a deliberately orchestrated distraction from the fact that the government*already routinely accesses private information*from*Apple and Microsoft products.

Apple CEO Tim Cook�s �protests� against FBI�s demands*are a ploy to distract the public*from the reality that there�s already a backdoor on every new iPhone that ships around the globe: the ability to load and execute modified firmware without user intervention.

Counterpunch.org reports:

Ostensibly software patches were intended to fix bugs. But they can just as easily install code that compromises sensitive data. I repeat: without user intervention. Apple isn�t alone in this regard. Has anyone noticed that the auto-update feature deployed with certain versions of Windows 10 is impossible to turn off using existing user controls?

Update features, it would seem, are a bullseye for spies. And rightly so because they represent a novel way to quietly execute malicious software. This past September the Washington Post published a leaked memo from the White House which proposed that intelligence agencies leverage �provider-enabled remote access to encrypted devices through current update procedures.� Yep, the same update procedures that are marketed as helping to keep users safe. And it would appear that the spies are making progress. There�s news from Bloomberg of a secret memo that tasked spymasters with estimating the budgetary requirements needed to develop �encryption workarounds.�

And, finally, please notice throughout this whole ordeal how the Director of the NSA, unlike the vociferous FBI director, has been relatively silent. With a budget on the order of $10 billion at its disposal the NSA almost certainly has something equivalent to what the courts have asked Apple to create. The NSA probably doesn�t want to give its bypass tool to the FBI and blow its operational advantage. After all, the NSA is well versed in the art of firmware-level manipulation. Experts have opined that for a few million (a drop in the bucket for a spy outfit like the NSA or CIA) this capability could be implemented. NSA whistleblower William Binney tends to agree. When asked what users could do to protect themselves from the Deep State�s prying eyes Binney replied:

�Use smoke signals! With NSA�s budget of over $10bill a year, they have more resources to acquire your data than you can ever hope to defend against.

This has to be addressed in law and legislation. Call your local governmental representative and complain, otherwise, if you sit and do nothing� you are ****ed!!!�

So while Apple manufactures the perception that it�s fighting for user privacy, keep in mind that the media�s Manichean narrative of �good vs. evil� doesn�t necessarily explain what�s transpiring. Despite cheerleading by Ed Snowden and others Apple is not the companythat it would have us believe it is. Apple has a long history of helping the government crack iPhones and security researchers have already unearthed any number of hidden services lurking below the iPhones surface.

The public record over the past several decades informs that ersatz public opposition often conceals private collusion. And Apple, dear reader, is no stranger when it comes to clandestine government programs. The sad truth is that government spies and corporate data hoarders assemble in the corridors of the American Deep Stateprotected by a veil of official secrecy and sophisticated propaganda.

Posted via CB10

Who's going to upload that to iMore?

 Priv... cue the comeback!

[RubberChicken76]

Making something too secure no matter its use case can also make it too inconvenient to use. Apple's approach lets you customize it to what you need. So does BlackBerrys. The user is the issue in most all of these cases.

That makes sense. There's no place for making sense on CrackBerry! ;-)

[RubberChicken76]

Certifications. BlackBerry Android doesn't have the levels that BlackBerry 10 does.

I suppose. But not sure that means it equates to "X is secure" and "Y is not" but rather "X is suitable for use cases A, B, C, D, E, F and G" while "Y is also suitable for use cases H and I"

[sorinv]

If that were not the case, BlackBerry would clearly state, just like Apple, that they have no way of accessing the data on my phone without my permission, even if they received a legal warrant.
I heard Mike Lazaridis state that on BBC World News in 2011.
John Chen is not doing it.

[/QUOTE]
So did I. That's why I don't trust Chen and predicted when he was hired that one of his missions was to weaken BlackBerry's security.
It's one thing to intercept BBM communications through BlackBerry servers, it's quite a different matter to extract the files from an encrypted BB10 phone, when the phone has automated OS update turned off.
If BlackBerry can do that, then there is a backdoor and the phone IS NOT SECURE.

[sorinv]

That makes sense. There's no place for making sense on CrackBerry! ;-)

No it doesn't.
The phone must be designed in good faith to be secure and only the user, not the government or Apple or BlackBerry or Google can choose to change its security settings to make it less secure if he/she so desires.
It's as simple as accepting cookies in the browser or not. The user decides. Some websites might not work, but it is up to the user if that is acceptable or not.

[conite]

I still see this the same as any other form of privacy.

With a valid warrant, the police can enter my home, office, or off site storage facility, and access all of my personal information and property. I cannot hide from a valid warrant. I see no difference with online/device privacy.

I believe in a right to privacy. I also believe in a right to live in a safe place and to be reasonably protected from criminals.

[RubberChicken76]

So did I. That's why I don't trust Chen and predicted when he was hired that one of his missions was to weaken BlackBerry's security.
It's one thing to intercept BBM communications through BlackBerry servers, it's quite a different matter to extract the files from an encrypted BB10 phone, when the phone has automated OS update turned off.
If BlackBerry can do that, then there is a backdoor and the phone IS NOT SECURE.

1. I didn't write that
2. I'll leave you to put on your tinfoil hat and discuss your conspiracy theories with others

[RubberChicken76]

The phone must be designed in good faith to be secure and only the user, not the government or Apple or BlackBerry or Google can choose to change its security settings to make it less secure if he/she so desires.
It's as simple as accepting cookies in the browser or not. The user decides. Some websites might not work, but it is up to the user if that is acceptable or not.

That's your opinion. Tell the people who were hit by shrapnel during the Boston Marathon. Ask them how they feel about terrorists coordinating attacks on a phone having to accept cookies on whether the government can survey those phones!


Or how about the parent who discovered some whack job was storing naked pictures of their five year old on a phone and sharing them with others?

Note: I'm not agreeing or disagreeing with Apple or the government. As I said in my first post, I hate this issue because I find there is room for this to be horribly abused no matter what happens.

[sorinv]

That's your opinion. Tell the people who were hit by shrapnel during the Boston Marathon. Ask them how they feel about terrorists coordinating attacks on a phone having to accept cookies on whether the government can survey those phones!


Or how about the parent who discovered some whack job was storing naked pictures of their five year old on a phone and sharing them with others?

Note: I'm not agreeing or disagreeing with Apple or the government. As I said in my first post, I hate this issue because I find there is room for this to be horribly abused no matter what happens.

Then tell the Chinese or the Russians not to ask for the same permission to spy on US phones.
Terrorism has been around since at least Roman times. It's carried out with weapons, not with phones.

Make sure those weapons don't fall into the hands of terrorists. They are far fewer than the number of phones in the world.

It's much more sensible than trying the spy the heck of every phone on the planet. It takes a much bigger budget and will ruin the taxpayer.
It did ruin the Soviet Union and the other East European communist states.

[sorinv]

1. I didn't write that
2. I'll leave you to put on your tinfoil hat and discuss your conspiracy theories with others

"So did I" referred to: I heard Lazaridis deny it on BBC world News in 2011.

I did not attribute anything else to you. Relax, no one's going to go after you for thinking Chen is weakening BlackBerry's security. I said that.

[anon(6038817)]

I still see this the same as any other form of privacy.

With a valid warrant, the police can enter my home, office, or off site storage facility, and access all of my personal information and property. I cannot hide from a valid warrant. I see no difference with online/device privacy.

I believe in a right to privacy. I also believe in a right to live in a safe place and to be reasonably protected from criminals.

What if they don't have a valid warrant and do it anyway?

What about criminals who decide to invade your home or your phone? Who is responsible for protecting your property and privacy?

Do you leave the back door to your home unlocked?

Posted from my  Z10 via CB10

[conite]

What if they don't have a valid warrant and do it anyway?

What about criminals who decide to invade your home or your phone? Who is responsible for protecting your property and privacy?

Do you leave the back door to your home unlocked?

Posted from my  Z10 via CB10

I'm not sure how this connects with my post.

I'm just saying I like the compromise position of not giving the keys to anyone, and a manufacturer complying with the specific requests of a court ordered warrant. Same as my home.

[RubberChicken76]

Then tell the Chinese or the Russians not to ask for the same permission to spy on US phones.

Agree. But that's exactly my point. There are crappy, horrific use-cases no matter what happens here. Which is why i hate the topic. Perhaps you view this as black and white, but I don't. All i know is I hate the outcomes either way because they really do get into some of the ugliest aspects of humanity.


I'm bowing out of this now.

[Rustybronco]

" Unfortunately, we learned that while the attacker�s iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services."

it would not surprised me that the LEA has done it on purposed just to go in court against Apple...Which is purely not right

Once they did that, they basically lost access to any new device data that would have otherwise been automatically backed up to icloud.

So... now they're asking for a way to break into the device.


Sounds like Apple did collaborate in the way they can (provide access to their server data), and the investigators messed up.

Posted via CB10

These are my thoughts exactly. Why would the FBI change the devices password knowing full well what the consequences would be. Do you really think (in this case) their forensic's department is that incompetent?

It reeks of DOJ intervention.

[MmmHmm]

I'm not sure how this connects with my post.

I'm just saying I like the compromise position of not giving the keys to anyone, and a manufacturer complying with the specific requests of a court ordered warrant. Same as my home.

I get what you are saying but I think a warrant to search a home (an issue that's been around for a very long time) is different than a warrant to search a smartphone. The privacy issues are different with the new technology.

It used to be that most things in your life were private and the government and anyone else could only get them if you wrote it down on a piece of paper, or someone overheard you, or the government had a warrant to tap your phone or something.

Now, nearly every citizen carries around a tracking device everywhere he goes, with a camera, microphone, GPS that constantly logs the location, messaging apps that log your conversations, etc. A thorough search of my phone would tell you pretty much everything I've done today, and the day before that, and the day before that... You'd see my conversations with my wife (some of them very private), where I went to lunch, who I had meetings with, even what games I played.

These things are now tracked 24 hours a day on nearly every citizen and now a warrant can be issued on any of us after the fact to find all the details about our lives. The government doesn't need to get a warrant and then plant a microphone to investigate your conversations anymore. They just get a warrant to search your phone and they can see nearly everything you've done for quite awhile, long before you were ever even a suspect.

I'm not saying there should never be warrants to search phones. But I am saying that there should be a more serious consideration of privacy issues in the modern world and the issues are not the exact same as searching a house or other effects.

[conite]

I'm not saying there should never be warrants to search phones. But I am saying that there should be a more serious consideration of privacy issues in the modern world and the issues are not the exact same as searching a house or other effects.

I would agree to that. A properly executed warrant must be specific as to what information is being requested. It should not be a carte blanche to unravel your entire life.

[anon(9607753)]

Apple and BlackBerry Priv (unlike BB10 phones) sync all your data unencrypted in Apple's and Google's cloud, respectively.
If Apple and BlackBerry really cared about the privacy and security of their users' data, they would at least warn them about not using cloud services to backup their phones.

Not if you disable it.

Posted via CB10

[Elephant_Canyon]

These are my thoughts exactly. Why would the FBI change the devices password knowing full well what the consequences would be.

The FBI didn't change the device's password. Someone at the FBI requested that the San Bernardino County Health Department change the iCloud password. This would have disabled the auto-backup function, if it was even enabled at the time anyway (which is doubtable, because the phone had not been backed up to iCloud for two months). It would not have allowed the FBI to unlock the device.

Hanlon's Razor applies.