- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Sat, 20 Feb 2016 16:32:40 +0000
- To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
- Message-ID: <CAM1Sok1VjoEzUCk-pourS8Y4ZjRrvdkKv=SQoRgHJL8YB-YXUQ@mail.gmail.com>
Apologies... You'll find appendices closer to the end, and I particularly enjoyed the first page (also found it useful to see the actual document, rather than the reports of it) But, yes. 'Subject device'. Which IMHO, makes me think/dream about WebID-TLS denoting the device and the 'subject' and a set of creds denoting access rules in relation to that device, whereby the person (subject) relates to the device. The other interesting aspects I found in the document related more to SoLiD where the points were discussed about how Apple has positioned itself. Additionally, I pondered whether contract law may be used to restrict further use of any software produced, as government is in itself subject to rule of law and could therefore be sued for misuse / outside of contract terms use, of copyright related materials. Equally, perhaps not. Not sure if that applies to gov. I'm investigating similar ideas with the hope to pursue via ISOC for storage of personal data on SoLiD / Credentials related software platforms operated by service providers. It's all good and well trying to help maintain people's rights, yet, once it's operating on service provider infrastructure, often all they need to do is change their TOS then use the data however they want, which when considering SoLiD like technology stacks, might result in unintended honeypots for commercial use... Theory is, contract law is demonstrated via various means to provide the capacity via commercial disincentives, to effectively manage and fund litigation / enforcement costs should it be made necessary... Tim. On Sun, 21 Feb 2016 at 3:21 AM, Steven Rowat <steven_rowat@sunshine.net> wrote: > On 2/20/16 7:54 AM, Timothy Holborn wrote: > > Also note the use of the term "subject"[1] > > > > [1] > > > http://www.wired.com/wp-content/uploads/2016/02/Apple-iPhone-access-MOTION-TO-COMPEL.pdf > > Tim, just to clarify.... (that's a 35-page document, scanned and so > non-searchable, which is a bit daunting without some other guidance). > > You mean the use on page 3 of "...THE FBI'S SEARCH OF THE SUBJECT > DEVICE..." [caps original]. ? > > Steven > > > > > > On Fri, 19 Feb 2016 at 6:06 AM, Rob Trainer > > <rob.trainer@accreditrust.com > > <mailto:rob.trainer@accreditrust.com>> wrote: > > > > > https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption/ > > > > > ____ > > > > __ __ > > > > *Rob Trainer | Vice President of Technology____* > > > > *Accreditrust Technologies, LLC____* > > > > C: 410.303.9303____ > > > > E: rob.trainer@accreditrust.com > > <mailto:rob.trainer@accreditrust.com>____ > > > > W: www.accreditrust.com <https://www.accreditrust.com/>____ > > > > __ __ > > > > TrueCred-Signature-Logo____ > > > > __ __ > > > > *From:*Timothy Holborn [mailto:timothy.holborn@gmail.com > > <mailto:timothy.holborn@gmail.com>] *Sent:* Thursday, February 18, > > 2016 1:50 PM *To:* Dave Longley <dlongley@digitalbazaar.com > > <mailto:dlongley@digitalbazaar.com>>; W3C Credentials Community > > Group <public-credentials@w3.org > > <mailto:public-credentials@w3.org>> *Subject:* Re: Rule of law____ > > > > __ __ > > > > Reviewing the TOS[1] I always find interesting, > > > > Yet essentially, the issue remains including but not exclusive to > > service operators / device vendors, et.al <http://et.al>. > > > > Whilst I entirely agree, accountability is v.important for > > law-enforcement, and, I'm not American, don't get to vote in the > > US, so, I prefer local context that enables me to lobby for changes > > to law should that be necessary; rule of law, kinda needs to be > > supported... > > > > The identifiers in this case include particular FBI representatives > > on particular machines carrying out particular tasks for a > > particular case, with particular court approvals, on a particular > > phone that has an array of other identifiers both identifying that > > Phone to be unique, and that it is indeed associated to the > > court-order related suspect (person). > > > > So, IMHO, there's enough keys there to make those old films scenes > > of the two keys turned simultaneously to launch the weapon, whether > > in submarine or otherwise, look kinda antiquated. > > > > You could put additional requirements, like sensor requirements - > > it needs to see a specially encoded 2d barcode, within a particular > > GPS location, etc. etc. > > > > It's not all or nothing, and any president would want it that way I > > imagine. We all want phones that don't get hacked, but we are > > subject to rule of law for which we are all accountable, no matter > > who we work for or what we do. Isn't that the theory? > > > > I also note, online child sexual exploitation law enforcement teams > > locally, apparently couldn't use semantic / image analytics to > > automatically flag content. If Interpol made that capability > > available, would you allow processing for specific use? Perhaps if > > the gov issue them a credential to including specified capabilities > > for which citizens have a right to fair trial / court / access to > > justice, etc. > > > > Is it Apple, Facebook, Google who that makes the decision about how > > image processing can be used? Do you need to send them your blood > > sample to have it checked? What ads do you get after you've got > > your blood tested? Insurance offers the same? > > > > Market based 'knowledge banking' providers, with really good > > outlines for data ownership. > > > > Yet if the law says 'you've been sent to war'.... If a judge says > > open it. Then to say it's all or nothing, seems incorrect... > > > > We've been working on solutions here... I guess they'll say, no > > solution currently available to market can solve this problem, or > > some similar thing? > > > > Meh. > > > > > > [1] http://images.apple.com/legal/sla/docs/iOS91.pdf____ > > > > __ __ > > > > On Fri, 19 Feb 2016 at 5:29 AM, Dave Longley > > <dlongley@digitalbazaar.com <mailto:dlongley@digitalbazaar.com>> > > wrote:____ > > > > On 02/18/2016 12:50 PM, Timothy Holborn wrote: > >> So, > >> > >> I assume apple[1] can decrypt it. > > > > I think that's a big assumption. Have they said that? I don't know > > how they do their encryption, but if they are using symmetric > > encryption where the key is derived from a password only the user > > knows, then, no, they can't decrypt it. Unless the password is > > easily guessable, it's not feasible to brute force attack the > > encryption. > > > >> So, the issue is how to trust gov? Locally or internationally? > >> > >> Couldn't a bunch of approved credentials be used to present > > something > >> at the phone that in-turn allows that device to say, > > recognise the > >> president said - executive orders - open it. > > > > You could do two forms of encryption: one for the user and one > > using a public key owned and protected by the government. Of > > course, then the government can read everyone's private data. > > > > I suppose you could require a credential from a court (signed by > > the court's public key) indicating a court order was granted to > > the government in order to use their key to read the data ... but > > it's all a little unclear as to whether or not these protections > > would actually be followed, or rather, if they weren't, that a > > violation of them could be easily detected. > > > > > > -- Dave Longley CTO Digital Bazaar, Inc. > > http://digitalbazaar.com____ > > > >
Received on Saturday, 20 February 2016 16:33:17 UTC