Monday, February 29, 2016

The FBI can (almost certainly) crack the San Bernardino iPhone without Apple's help

The title kind of says it all.  How do I know?  Because of this photo:


That's a picture of the logic board of an iPhone 5C, the same model as the San Bernardino phone.  The chip with the red outline is a Toshiba THGBX2G7B2JLA01 NAND Flash chip.  That's the phone's memory chip.  All the data on the phone is stored there.  It's encrypted, but here's the thing: the encryption key is also (almost certainly) stored in the same chip.  So all the FBI needs to do is de-solder the chip, mount it in its own hardware, and read out the data.  Unless the FBI is completely incompetent, it should be able to do this in less than a day.  And again, unless they are completely incompetent, having read out the contents of the chip they should be able to decrypt its contents in a matter of minutes if not seconds.  And even if they are completely incompetent, they could use a copy of the chip to try five different PIN codes, and then replace the chip with a fresh copy of the original and try five more.  Lather, rinse, repeat.  At worst this would take about a week or so.

How do I know that this is possible?  Because one of the highly touted features of the iPhone 6 is that it has a secure enclave where things like encryption keys can be securely stored in a way that does not make them accessible using the technique I just described.

The FBI knows this.  Everyone in the security community knows this.  But not everyone in the general public knows this, and the FBI is counting on that ignorance to cover up the fact that their lawsuit against Apple is a charade.  They are not worried about the data on the San Bernardino iPhone, because if they were they would have had it by now.

What they are worried about is the secure enclave in the iPhone 6.  That is much harder to crack than the external memory chip on the 5C, which any competent hobbyist could do.  Cracking a secure enclave requires actually getting inside the processor chip itself, a process known as decapping.  That's possible too (the NSA can probably do it) but it's much, much harder and requires very expensive and specialized (and probably classified) equipment.

What the FBI is really trying to do here is to set a legal precedent that will let them use the power of the law to do an end-run around the secure enclave, and any other security technology that any company might produce in the future.  This is not about catching some potential terrorists, this is about effectively eliminating legal access to encryption technology.  Attempts have been made in the past to regulate encryption technology through the democratic process, and they have all failed.  So now the FBI is trying to get a court to do what Congress has on multiple occasions refused to do.

If democracy is to survive in the United States they must not be allowed to succeed.

[UPDATE:] Some commenters on Hacker News are saying that my analysis is wrong because the encryption key has additional entropy in it in the form of the processor's 256-bit unique ID.  While this is true, it does not make the 5C secure.  The limiting factor on attacking the PIN is the fact that the phone only gives you 10 attempts before wiping the flash.  But if you have a copy of the flash, you can just replace the wiped flash with a copy and make another 10 attempts.

Sunday, February 21, 2016

PSA: Beware of low rate limits in letsencrypt

I've been noodling around with letsencrypt, the Mozilla foundation's new free SSL certificate service.  It's pretty cool.  There's no reason to ever pay for (or wait for!) an SSL certificate again.  However, there is a hidden trap in the public beta which I discovered the hard way: there's a rate limit of five certificates per domain per week, and there's no warning about this until you hit the limit.

So... if you use letsencrypt (and you really should!  It's easy!) use a dummy domain or their staging server for experiments, and plan your actual certificate issuance very carefully.  The rate limits should go up eventually, but there's no telling when that will happen.


Saturday, February 20, 2016

The end of an era

Google is removing ads from the right-hand side of search results.  Ordinarily I wouldn't care about where Google puts its ads, but this is a little bittersweet for me because I was on the team that launched the original AdWords platform back in September 2000 and started the whole ads-on-the-right phenomenon.  It makes me just a little melancholy to see that come to an end.


Monday, February 15, 2016

Scalia is dead. Good riddance.

I know it's bad form to speak ill of the dead, particularly those who have dedicated their lives to public service, but I'm sorry, Antonin Scalia was not the great scholar and man of principle that some pundits are making him out to be.  He was a delusional hypocrite, and in the position of power he occupied with no one to answer to but the Reaper, he was dangerous.  I would rather have seen him impeached than dead, but if God wants to fill in where Congress fails to act, well, who am I to question His judgement?

What made Scalia delusional was that he believed he knew the One True Way to interpret the Constitution, and that the One True Way was Originalism.  What made him a hypocrite was that he was perfectly willing to chuck originalism out the window when it didn't lead to the result he wanted.

One could surely write a book about Scalia's hypocrisy, but I don't have time for that so I'll just cite a few particularly egregious examples.  Let's start with Gonzales v. Raich.  That was the case where the Court ruled, with Scalia concurring, that the Commerce Clause gives Congress the power to make it illegal for an individual to grow marijuana for personal medical use even in a state where such use is legal under state law.  That this is untenable under an originalist interpretation of the Constitution is so obvious that a first-year law student would have no trouble making the case.  You may recall that the U.S. federal government tried to impose prohibition once before, but before that first disastrous experiment could be conducted the U.S. had to pass the 18th amendment to the Constitution.  Manifestly then, prohibition was not among Congress's enumerated powers prior to the passage of the 18th amendment.  There are only two possible ways you can squeeze a prohibition power out of the Commerce Clause: you can read something into it that the founders clearly did not intend, or you can argue that the whole sordid affair of passing the 18th amendment and then repealing it again 13 years later was unnecessary, just a colossal waste of time because not a single legal mind in the entire country realized that Congress could just, you know, pass a law.

Another example that sticks in my craw because it hits close to home is Scalia's blatant disregard for the separation of church and state.  In October 2014, Scalia gave a speech where he said:
I think the main fight is to dissuade Americans from what the secularists are trying to persuade them to be true: that the separation of church and state means that the government cannot favor religion over nonreligion. That’s a possible way to run a political system. The Europeans run it that way, and if the American people want to do it, I suppose they can enact that by statute. But to say that’s what the Constitution requires is utterly absurd.
This past January he doubled down on that position:
Government support for religion is not only justified by the Constitution, it was the norm for hundreds of years... 
Slavery was the norm for hundreds of years too, but let's not get sidetracked here.  Let's look at Scalia's claim that government support for religion is justified by the Constitution.  Where exactly is that justification?  The word "God" does not appear anywhere in the Constitution.  The word "religion" appears once, in the First Amendment:
Congress shall make no law respecting an establishment of relgion...
And then the word "religious" appears once:
...no religious Test shall ever be required as a Qualification to any Office or public Trust under the United States
And that's it.   So where exactly is the Constitutional justification for Scalia's claim that government support for religion is justified by the Constitution?  It's not there.  He has to extract it from history somehow, which I suppose is not entirely unjustifiable, except that whenever someone does the exact some thing to support a position that he opposes, all of a sudden that's not allowed:
One case was Romer v. Evans, in which the people of Colorado had enacted an amendment to the state constitution by plebiscite, which said that neither the state nor any subdivision of the state would add to the protected statuses against which private individuals cannot discriminate. The usual ones are race, religion, age, sex, disability and so forth. Would not add sexual preference — somebody thought that was a terrible idea, and, since it was a terrible idea, it must be unconstitutional. Brought a lawsuit, it came to the Supreme Court. And the Supreme Court said, “Yes, it is unconstitutional.” On the basis of — I don’t know. The Sexual Preference Clause of the Bill of Rights, presumably. And the liberals loved it, and the conservatives gnashed their teeth.
Just for the record, the justification for ruling an a priori license to discriminate against gays to be unconstitutional is the equal protection clause of the fourteenth amendment.  To which Scalia's response was not to explain why he didn't think this was a valid argument, but rather simply to stick his fingers in his ears and say, "Nah nah nah I can't heeeeaaaar you!"

Like I said, one could write a book.  I'll just point out one final example of Scalia's hypocrisy, one which was particularly egregious and consequential.  When it came to issues like abortion and gay rights, his unwavering position was that these issues should be left to the states and to the democratic process.  (I suppose that if one could somehow muster the votes to repeal the 13th amendment, Scalia would have had no problem with that.)  He was constantly complaining about how activist liberal judges were legislating from the bench.  But he had no problem being the deciding vote when it came time to appoint a Republican President of the United States from the bench.

If that's not enough to convince you that the Scalia-worshipping emperor has no clothes, there's this:
This Court has never held that the Constitution forbids the execution of a convicted defendant who has had a full and fair trial but is later able to convince a habeas court that he is 'actually' innocent
It is hard to imagine a more despicable thing a human being could say.  Not only is Scalia saying that executing innocent people is OK as long as they've had a "fair trial" (whatever the hell that could possibly mean in a situation like this), but he's trying to fob the responsibility of it onto "this court" as if he had nothing to do with this sorry state of affairs!  And besides, how could there possibly be any more cruel and unusual punishment than executing an innocent person?

Bah.

Antonin Scalia was the Donald Trump of the Supreme Court: obnoxious, hypocritical, and dangerously muddled in his thinking.  He made for great entertainment, but absolutely terrible law.  May he rest in peace and trouble us no more.

Monday, February 08, 2016

Thursday, February 04, 2016

Not with a bang...

Jeb Bush's campaign for the presidency is literally ending with a whimper:
“I will not trash talk. I will not be a divider in chief or an agitator in chief. I won’t be out there blowharding, talking a big game without backing it up. I think the next president needs to be a lot quieter but send a signal that we’re prepared to act in the national security interests of this country — to get back in the business of creating a more peaceful world,” Bush declared to the crowd Tuesday evening. 
He was met with a long beat of silence. 
“Please clap,” he pleaded, drawing applause and awkward laughter.
Pathetic.