If the FBI can force decryption backdoors, why not backdoors to turn on your phone's camera?


Just don’t go out in the pod and expect him to open the door when you get back - he might read BB. Remove those memory modules first!



You just make it more difficult to get behind your cause, when you use untruths to back it up. The Jeep hack could NOT be used to drive your car off the road. Not unless you’re already driving in reverse, at 3 MPH. The ability to take over steering could only occur when the automatic parking is engaged, and that can only happen when in reverse, at very low speeds.



The whole argument is a bit hyperbolic.

Why not claim that they could force the company that makes the McDonald’s kitchen equipment to install a backdoor that they could use to undercook your food, give you food poisoning and kill you! Or demand Honeywell or Nest give them access to your thermostat so they could turn off your heat and freeze you to death! Or access hospital equipment that automatically doses painkiller medicine to overdose you!

The nature of the slipper slope means this WILL happen. Right Cory?




Actually my kid uses a bus pass with a mag strip over the back camera. The rubbery Speck case holds it in place, and the mag strip is opaque across the visible wavelengths and probably beyond.

I suspect that there are quite a few readers here who are middle-aged bourgeoisie like me, and have teen-aged girls. The ‘use a case’ argument does nothing to make covering the front camera easy and does nothing in re the mike. It therefore does nothing to further the interests of those of us whose dependent minors use these appliances (iPods included).

The point, which oddly escaped ‘Enso’, is that the standard user of a communication appliance should not need to spend any time or thought on ‘securing’ it. User security should be the default, starting with the hardware, and ending with peripherals and accouterments like cases. There is no legitimate counter-argument.

I’ve reached the conclusion that opinionators on the net and in the media who poo-poo these unremarkable concerns are just men who like free naked images of girls. Given the socially sanctified hysteria about “child porn” – that’s being used so effectively now to erode personal liberty – pointing this out repeatedly may be of use. ‘Bird’ watching is a common practice in places where covert surveillance of the general population is SOP. There was good media coverage of the issue in Britain ~15 years ago, shortly after they first installed CCTV cameras in all public places.

I found the topic fascinating at the time, and still do. In order to disregard it, you need to work very hard to ignore the inevitable effects of imbalance of power and how it corrupts those who have insufficient oversight.

1 Like


So your iPhone isn’t secure out of the box with no extra installed apps and with default settings? Strange.



The standard user of a communication appliance should not need to spend any time or thought on ‘securing’ it. User security should be the default. There is no legitimate counter-argument.

1 Like


Christopher Soghoian is killing it on Twitter about this:

See also: Lavabit.



I feel like the argument being less said without being understood is that the FBI is asking Apple to destroy the user experience of the security system they have built. They are trying to describe the interface that makes a pin code good crypto security as a “tripwire that can be disabled”. Instead this backdoor into iPhone security that the FBI wants from court order, compromises the end user’s security from a threat model that would not be possible without Apple’s cooperation. The fact of the matter is, without good UX, security is not used. This is an unreasonable burden.

If a team of six engineers responsible for the security of a company were to spend their efforts over a few months sabotaging their company’s security, they would very reasonably be able to cause billions of dollars in damages. As recently as 2007, a T.J. Maxx data breach cost the company an estimated $256 million. As recently as last month, the FBI lost their personnel data to hackers because of poor data security. If security is hard, people won’t use it, and currently - they’re not.



Why not an update that removes that restriction? If there’s no physical connection between the steering wheel and wheels, that means it’s controlled by software. If the software can be changed, then the steering can be controlled. etc.



OMG.If the government has the ability to compel anything in principle it could make you measure the length of your penis and take a picture. Yes it could, if it can do anything. In principle. This kind of hysteria does the opposite of what it purports to advance. The real privacy rapists are the transnational corporations who seek to have no limits or laws ever placed on them. Doctorow and these fake privacy advocates are corporate fanboys advancing the far darker agenda of global oligarchs.



Man, I need to quote this for my crazy wall! :slight_smile: Thanks!

Would you say that you’re disappointed in @doctorow and Boing Boing, by extension?



What, you thought those electronic thingies on urinals are just automatic flushers? They have built in cameras and connect to an international visual tracking network - terrorists may change their faces, but they won’t change their genitals. :wink:

The FBI has already demanded a manufacturer surreptitiously turn on a microphone for spying purposes, and that was a decade ago. The request to turn on the OnStar mics was only overruled by a court because turning on the mic would have disabled the ability of the user to use OnStar for emergency purposes.

So that parade of horrible Apple has mentioned? Already been done. Not speculation. The FBI will use the All Writs Act again and again if they win this case. There is no question whatsoever.



I grew up with BSD from 4.1, which was pretty secure out of the box. Of course, this did mean spending rather a lot of time with chown and chmod in order to get it to actually do anything. When the first IBM PCs and Macs appeared in the company they had no security at all. None whatsoever. Guess which computers people preferred to use?
Hint: Not the one with user names, passwords and vi.

Now in early Unixes, every file was just a text file till you deliberately made it executable. There was none of this graphics stuff. It was up to your programs to understand the file and do something with it, and as they were running in userland they could not interfere with operating system files or anybody else’s data. Share a file? You’re going to have to learn to use chgrp.

The code of early Unix was so compact that in theory anybody who wanted to could read more or less all of it. Despite that, there were bugs. In those days they hardly mattered.

As time has gone on, Unix has complexified. The UI has to recognise file formats and has to be told how to handle them. The size of the code has ballooned. Imagine if full user security was the default. Then we would need:

  1. No application talks to any other one unless the user pipes it through explicitly.
  2. Definitely no cut and paste between applications.
  3. A much higher standard of code - a very slow release cycle as bugs are ruthlessly eliminated.
  4. No auto-invocation of programs to deal with file types.
  5. No files with a mix of executable code and data, like Flash or webpages with javascript.
    …and a few more I can’t be bothered to remember.
    We would end up with a phone which could make phone calls if you keyed in the phone number, made text messages, and perhaps allowed plaintext-only POP3 and SMTP. Perhaps there would be an address book, but it would not be readable from the phone or text messengers. Definitely no camera, like a bank Blackberry. How many would we sell? Practically none. Practically nobody would want to spend ages putting in the necessary links. You can’t do it by simple check boxes because then there would be a mechanism to modify the checkboxes without user intervention.

@enso is right and you are wrong. In the real world, people demand convenience. E very increase in convenience is a decrease in security. Software designers have to decide where is “enough” security to balance the desires of users and their annoyance at security breaches. It is not easy. You may not consider it a legitimate counter-argument to say “make things too strict and the product won’t sell”, but the market disagrees with you. Just as the market for cars limited to three mph and surrounded in big rubber airbags is a bit limited.
Some people will want more security than the default product, some will want less. But the idea that the default should be 100% security, or even that this is attainable in a usable product, is literally fantastic.



AFAIK, the Jeep does not use steer-by-wire technology. So your point is moot. And I believe it is a mechanical requirement that the car be at a full stop before the auto-parking can be engaged (the only time steering can be controlled by software). So the statement that someone could make your Jeep veer off the road remotely, remains untrue. And this vulnerability has been patched, so any other “what if” scenarios are also moot.



I don’t want to get flamed for merely sharing praise here - but this particular article came in-handy when discussing this exact type of “invasion of privacy” (as my old school hard-core republican uncle calls it - though I tell him his notion of “privacy” is archaic) - so thanks again to Boing Boing! In addition, a friend (lawyer, DC) claims this whole thing is a show - that the government and Apple have backdoors in-place. Conspiracy theorist perhaps??

1 Like


Right, that is why I mentioned paint and the mike specifically. It isn’t an argument, I’m not disagreeing with you. I’m just making suggestions for people who are forced to deal with reality as it is, ugly though that may be at the moment. Real organized criminals have know for years that you have to take the battery out to have a secure conversation because the FBI can turn on the mic. Except you can’t remove the battery in most current generation phones.

1 Like


I really wish cases would come with a sliding lens cover. It would serve two valid purposes A) keep the lens from getting dirty or scratched and B) make it less practical for hackers (government or indy) to use your cameras for malicious purposes.)

But, that being said, I wish that phone makers, and computer makers, would include a hardwired air-gap switch for the camera’s and microphones. At the very least, a tally light should be hardwired to the camera so that the light will come on if the camera is powered.



Are we being too naive. They can already do all this stuff, just not legally. This whole Apple FBI thing stinks of ulterior motives.

1 Like


We are at an inflection point in history on many (most?) fronts.



I hate to break it to you, but your phone is not secure - no phone is right now.

1 Like