- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Sat, 20 Feb 2016 15:54:28 +0000
- To: Dave Longley <dlongley@digitalbazaar.com>, Rob Trainer <rob.trainer@accreditrust.com>, W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAM1Sok18N07Vy9pWmwD+mW-V7OQeBccSw6zSC2FWcRLXDMu6gA@mail.gmail.com>
Also note the use of the term "subject"[1] [1] http://www.wired.com/wp-content/uploads/2016/02/Apple-iPhone-access-MOTION-TO-COMPEL.pdf On Fri, 19 Feb 2016 at 6:06 AM, Rob Trainer <rob.trainer@accreditrust.com> wrote: > > https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption/ > > > > *Rob Trainer | Vice President of Technology* > > *Accreditrust Technologies, LLC* > > C: 410.303.9303 > > E: rob.trainer@accreditrust.com > > W: www.accreditrust.com > > > > [image: TrueCred-Signature-Logo] > > > > *From:* Timothy Holborn [mailto:timothy.holborn@gmail.com] > *Sent:* Thursday, February 18, 2016 1:50 PM > *To:* Dave Longley <dlongley@digitalbazaar.com>; W3C Credentials > Community Group <public-credentials@w3.org> > *Subject:* Re: Rule of law > > > > Reviewing the TOS[1] I always find interesting, > > Yet essentially, the issue remains including but not exclusive to service > operators / device vendors, et.al. > > Whilst I entirely agree, accountability is v.important for > law-enforcement, and, I'm not American, don't get to vote in the US, so, I > prefer local context that enables me to lobby for changes to law should > that be necessary; rule of law, kinda needs to be supported... > > The identifiers in this case include particular FBI representatives on > particular machines carrying out particular tasks for a particular case, > with particular court approvals, on a particular phone that has an array of > other identifiers both identifying that Phone to be unique, and that it is > indeed associated to the court-order related suspect (person). > > So, IMHO, there's enough keys there to make those old films scenes of the > two keys turned simultaneously to launch the weapon, whether in submarine > or otherwise, look kinda antiquated. > > You could put additional requirements, like sensor requirements - it needs > to see a specially encoded 2d barcode, within a particular GPS location, > etc. etc. > > It's not all or nothing, and any president would want it that way I > imagine. We all want phones that don't get hacked, but we are subject to > rule of law for which we are all accountable, no matter who we work for or > what we do. Isn't that the theory? > > I also note, online child sexual exploitation law enforcement teams > locally, apparently couldn't use semantic / image analytics to > automatically flag content. If Interpol made that capability available, > would you allow processing for specific use? Perhaps if the gov issue them > a credential to including specified capabilities for which citizens have a > right to fair trial / court / access to justice, etc. > > Is it Apple, Facebook, Google who that makes the decision about how image > processing can be used? Do you need to send them your blood sample to have > it checked? What ads do you get after you've got your blood tested? > Insurance offers the same? > > Market based 'knowledge banking' providers, with really good outlines for > data ownership. > > Yet if the law says 'you've been sent to war'.... If a judge says open it. > Then to say it's all or nothing, seems incorrect... > > We've been working on solutions here... I guess they'll say, no solution > currently available to market can solve this problem, or some similar > thing? > > Meh. > > > [1] http://images.apple.com/legal/sla/docs/iOS91.pdf > > > > On Fri, 19 Feb 2016 at 5:29 AM, Dave Longley <dlongley@digitalbazaar.com> > wrote: > > On 02/18/2016 12:50 PM, Timothy Holborn wrote: > > So, > > > > I assume apple[1] can decrypt it. > > I think that's a big assumption. Have they said that? I don't know how > they do their encryption, but if they are using symmetric encryption > where the key is derived from a password only the user knows, then, no, > they can't decrypt it. Unless the password is easily guessable, it's not > feasible to brute force attack the encryption. > > > So, the issue is how to trust gov? Locally or internationally? > > > > Couldn't a bunch of approved credentials be used to present something > > at the phone that in-turn allows that device to say, recognise the > > president said - executive orders - open it. > > You could do two forms of encryption: one for the user and one using a > public key owned and protected by the government. Of course, then the > government can read everyone's private data. > > I suppose you could require a credential from a court (signed by the > court's public key) indicating a court order was granted to the > government in order to use their key to read the data ... but it's all a > little unclear as to whether or not these protections would actually be > followed, or rather, if they weren't, that a violation of them could be > easily detected. > > > -- > Dave Longley > CTO > Digital Bazaar, Inc. > http://digitalbazaar.com > >
Attachments
- image/png attachment: image001.png
Received on Saturday, 20 February 2016 15:55:07 UTC