Blog Ipsa Loquitur

Woodrow Hartzog, of Stanford Law School’s Center for Internet and Society, on the FBI’s claim that iPhones are the first warrant-proof devices in history:

This is a curious argument. For most of mankind’s history, the overwhelming majority of our communications were warrant-proof in the sense that they just disappeared. They were ephemeral conversations. Even wiretapping was limited to intercepting phone transmissions, not retrieving past conversations. For law enforcement purposes, encrypted phones are equally inaccessible: no one can recover information from them. But Comey’s description of warrant-proof technologies is vague enough to apply to many different things. We should use a different term if we care about the preserving the ephemerality of some communications. Otherwise we might end up with a requirement to store everything.

Hartzog makes a good point, but I’d go further than that. A piece of paper outlining my criminal conspiracy—which I light on fire after the successful commission of my crime—is warrant-proof. A hard drive with selfies I took at the crime scene, but which I erased when the police knocked on my door, is warrant-proof. Police can get a warrant for the screwdriver used in the commission of a crime, but if I tossed the evidence into a lake, that’s a little warrant-proof; I don’t have to dive in and get it for them. The police have to go looking. They might not find it!

Everything the criminal knows is also warrant-proof, because the government can’t force anyone to testify against themselves.

Simply put, warrants are not magical evidence-summoning devices. Warrants are magical documents that judges give the police so officers can go looking in a particular place for particular evidence. Criminals destroy evidence because they know getting caught with evidence, while a great way to speed your trial along, usually ends with Not Passing Go and Not Collecting $200.

So this whole kick that the FBI is on, about how the iPhone is the first time in history the police have had warrants thwarted? That’s ridiculous. The FBI doesn’t think that criminals kept contraband and incriminating evidence neatly piled up on their coffee tables, ready for a properly executed search warrant, riiiiight up until the invention of the iPhone.

Weirdly, it’s not just the FBI. City police departments are acting like the iPhone is the first consumer device in history that can be rendered inaccessible to a warrant, too. I’m going to invite the reader to scroll up a few paragraphs, and remember that sheets of paper are consumer devices which are quite flammable. How exactly are we supposed to trust the police with the keys to every iPhone in the country, when they can’t even be trusted to describe the scope of the issue accurately? My friend wants to borrow my car keys, but he insists it’s only because the last thirty times I’ve driven, I’ve crashed and killed us both each time. Your assessment of the situation is suspect enough that I think I’d like to keep my keys.

These folks all have such long-term memory problems; maybe they should be writing all this stuff down!

Published on under Digital Forensics for Dummies

The American Civil Liberties Union’s Daniel Kahn Gillmor on why the FBI can easily circumvent the “auto-erase” feature of iPhones without forcing Apple to build a custom OS:

So the file system key (which the FBI claims it is scared will be destroyed by the phone’s auto-erase security protection) is stored in the Effaceable Storage on the iPhone in the “NAND” flash memory. … The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes.

NAND flash storage is an extremely common component. It’s found in USB thumb drives, mobile phones, portable music players, low-end laptops—pretty much every portable device. Desoldering a chip from the circuitboard is straightforward enough that there are many clips on YouTube showing the practice, and reading and writing a bare NAND chip requires a minor investment in hardware and training that the FBI has probably already made.

This isn’t some hypothetical “imagine if cryptography is like a bear with roller skates but your grandmother is like a boat with hands and they’re having a pie-eating contest” situation. This is literally how encryption works: the FBI can copy the encrypted files (text messages, emails, etc.) from the iPhone into a NAND chip. The files aren’t “locked” by encryption, they’re just scrambled. You can make as many copies of the scrambled files as you want.

Gillmore explains that the FBI can put these scrambled files into a different computer as a backup, so if the FBI guesses ten times at the password and the phone erases itself, the FBI can just copy the scrambled files back into the phone. Physically prying the NAND chips out of the circuit board and making a perfect digital copy of the 1s and 0s on them means that the phone’s operating system has no idea you’ve made backups or restored the data.

This sounds pretty obnoxious, though, right? You make ten guesses, and then you have to yank computer chips out of circuit boards and shuffle them around to make ten more? No wonder the FBI wants Apple to build them a custom OS to do all this work for them!

One last quote from Gillmore:

If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.

If the FBI doesn’t have the equipment or expertise to do this, they can hire any one of dozens of data recovery firms that specialize in information extraction from digital devices.

I would expect nothing less than a cogent analysis and impassioned defense of the Constitutional principles at stake from the ACLU. I wasn’t expecting such a detailed technical breakdown of how absurd the FBI’s position is. The more technologists weigh on this, the more disingenuous the government’s request for help circumventing encryption becomes.

Published on under Digital Forensics for Dummies

Premise: hedge funds are usually a waste of money. Hedge funds are, almost without exception, unable to pick winning stocks for more than a year or two in a row. Worse, the hedge fund managers charge you to let them play with your money. If they lose your money, you pay their salary. If they win you money, you pay them a bonus.

From where I’m sitting, the smarter play is to just invest in all the stocks, because over the long term, the stock market goes up even if individual stocks go down. This is the sort of strategy that investment firms like Vanguard use. Here’s Ben Carlson noting that major universities’ endowment funds have chosen… poorly:

Vanguard beat the average [university’s fund] over the past 5 years for every endowment size and came up just shy of the ‘$1 billion and over group’ over 10 years while besting the rest of the group averages. Think about these results for a minute — these endowment funds hire the biggest investment consultants, have huge investment committees, connections with alumni at some of the best money managers in the world and fully-staffed investment offices in many cases.

All that work, all of those due diligence trips, all of those extra fees paid to money managers and the majority of these funds still couldn’t beat a low-cost Vanguard index portfolio that was simply rebalanced once a year.

It could be worse, though. Take New York City’s pension fund: that’s the money used to pay 715,000 current and future retirees. The city can make each employee’s savings go farther if, instead of letting that money sit around, it invests the money while waiting for employees to retire. By and large, the Wall Street firms paid to invest that money on NYC’s behalf do an okay job.

Until NYC gets the bill:

Over the last 10 years, the return on those “public asset classes” has surpassed expectations by more than $2 billion, according to the comptroller’s analysis. But nearly all of that extra gain — about 97 percent — has been eaten up by management fees, leaving just $40 million for the retirees, it found.

Pretty amazing coincidence that the cost of making $2.5 billion was almost exactly $2.5 billion, eh?

Super PACs, man

But finance isn’t the only industry in which you can pay lots of money to get almost nothing in return. David Frum, former speechwriter for President George W. Bush, wrote a great article in February on what he sees as a slight issue with Republican political spending:

Increasingly, super PACs look like the political world’s equivalent of hedge funds: institutions that charge vastly above-market fees to deliver sub-market returns. […] In an interview on election night 2012, Chris Wallace challenged Karl Rove: “[American] Crossroads, which you helped found, spent—what?—$325 million, and we’ve ended up with the same president, the same Democratic majority in the Senate, and the same Republican majority in the House. Was it worth it?”

Now, most of that money was spent by Karl Rove’s 501c4, which is forbidden under federal law from supporting or opposing a specific candidate. But virtually all of the $110 million spent by Karl Rove’s Super PAC supported losing candidates and/or opposed winning candidates. It’s left as an exercise for the reader to determine whether the c4 backed the same horses.

Frum notes that it’s not just Karl Rove and it’s not just the 2012 election:

Late Sunday night, CNN reported a remarkable allegation. An anonymous Jeb Bush bundler estimated that Mike Murphy, the director of Bush’s Right to Rise, had billed the super PAC $14 million for his services—more than 10 percent of all the super PAC’s revenues. Murphy fiercely disputed the claim, and the next day CNN updated the original post with additional information.

Sidebar: “Jeb” is actually J.E.B.: John Ellis Bush. When you call him Jeb Bush, it’s John Ellis Bush Bush. It’s like saying PIN Number or ATM Machine. That always bothered me.

Realistically, though? Saving $14 million for more ads probably wouldn’t have helped Jeb. There’s no limit to the amount of money a Super PAC can take from donors, so if Right to Rise was doing well, they probably could just have raised more money from the same crop of investors.

Which brings me to maybe my favorite bit of Frum’s column:

A long time ago, I wrote a history of the 1970s. One of its sub-themes was the emergence of the post-Watergate campaign-finance system. I was surprised to learn that some of the strongest proponents of limits on campaign donations were the donors themselves. Many had felt extorted by the 1972 Richard Nixon re-election campaign.

That campaign had targeted executives in federally regulated industries, notably aviation, with a strong message of “Nice little price-regulated airline you have here, it would be a shame if the president’s appointees disapproved your requests for fare increases to keep pace with inflation.”

You know, it’s this sort of Machiavellian maneuvering that really threatens to tarnish Nixon’s legacy.

It certainly sounds like the 1970s were a nightmare for our most vulnerable citizens: the extremely wealthy. Thank goodness we as a society have done away with unlimited political spending, and the rich no longer get fleeced by unscrupulous political operatives.

Published on under This Doesn’t Add Up

Jonathan Zdziarski, on how badly the FBI bungled the investigation into the San Bernardino shooting by (1) resetting Syed Farook’s iCloud password and (2) powering down his phone:

  1. [It prevented the FBI from] talking directly to Siri, and asking her to display call records, contacts, email, and other information.

  2. If the iOS was 9.0.1 or lower, a known lock screen bypass bug would have potentially allowed them access to a significant amount of data on the device (data that is unlocked “after first user authentication”)

  3. Dozens of known vulnerabilities exist for older firmware that may have been able to penetrate the device with a PoC, that otherwise couldn’t be used if the encryption is locked. Simply reading Apple’s release notes would have provided contact information for a number of researchers and universities who likely had PoC exploit code they would have loaned to FBI.

He goes on like that for quite a while, and explains what the FBI should have done in this case. Zdziarski isn’t an armchair expert on this stuff: he literally wrote the book on iPhone forensics back in the day, and still consults with law enforcement agencies who want to break into phones. What the FBI missed is absurd.

Look, if local police in a tiny town in the middle of nowhere had screwed up this badly, we’d wonder why the FBI wasn’t entrusted with this. But the FBI made their jobs a lot harder; this can’t be their first time at the iPhone Evidence Rodeo, so how could they have locked themselves out of the phone?

Published on under The News

How a Single Mechanical Failure Sparked 625 MTA Delays:

The train’s operator called in to the Rail Control Center, the MTA’s mission control, located on a high floor of a skyscraper in midtown. Unlike much of the MTA’s century-old infrastructure, it’s modern looking, with a bit of a Star Trek vibe, ludicrously high ceilings, and lots of people on computer consoles staring at large screens. RCC dispatchers are essentially the air-traffic­ controllers of the subway system, and their challenge is often as complex. When faced with an incident, they must decide — in consultation with four levels of supervisors — whether to hold a train while the problem is resolved, allowing other trains to stack up behind it, or begin rerouting trains, which can prevent a backup but only by throwing thousands of commuters off their routes. And the dispatchers must choose in which way they’ll inconvenience commuters as quickly as possible. […]

To make matters even more complicated, the RCC has to order service changes without being able to detect precisely where every train is at any given moment. Calandrella calls that “the shocking part” of the place. “For 67 percent of the railroad” — that is, every lettered train line except the L — “we don’t actually see train movement or control any signals and switches from the control center.” Instead, they do it the same way they’ve been doing it for decades: train crews communicating by radio with a dispatcher. If there’s a delay, the dispatcher phones it in on the “6 wire,” an open party line, and awaits instructions.

I can’t imagine life in New York City without the subway, even in its current state of disrepair. This is a harrowing look at just how embarrassingly low-tech many of their systems are. It’s a miracle the whole thing hasn’t broken down already.

Published on under Nightmare Fuel

Margaret Talbot’s brief note on the death of Jusice Scalia is a postscript to her decade-old profile of him. In that profile, Scalia was the man. This was before his most apoplectic dissents in the Obamacare cases, as well as the Windsor and Obergefell cases, which ultimately recognized the universal right to marry. (He was pretty irate in Babbitt, though.)

That profile of Justice Scalia is a wonderful glimpse at Scalia near the zenith of his legal career, but this bit from the postscript really resonated with me:

I saw Justice Scalia speak a number of times, when I was profiling him for the magazine, in 2004 and 2005, and the question he hated most was how he would have ruled on Brown v. Board of Education. Scalia was committed to an originalist approach to jurisprudence, but a literal reading of the Fourteenth Amendment’s guarantee of equal protection would not seem to require a ruling to desegregate schools. […]

To law students who pointed out that it was the flexible, not the originalist approach that enabled Brown and other civil-rights breakthroughs, he’d reply that “Even Mussolini made the trains run on time,” or “Hitler developed a wonderful automobile. What does that prove? I’ll stipulate that you can reach some results you like with the other system. But that’s not the test.” In short, he never did reconcile originalism with Brown. And any legal philosophy that cannot be squared with that moral high point of the modern Supreme Court is fatally flawed.

That’s as a beautiful and succinct a metric for any judicial philosophy as I’ve ever read. Of course, sometimes people also reach conclusions you like by appliying a philosophy you may not like. As my friend Keith reminded me the other day, I concurred with Scalia’s recent raft of Fourth Amendment opinions. And in law school, there were certainly a handful of opinions in which I agreed with Scalia. It was always traumatic.

Jeffrey Toobin—also in the New Yorker—pulls fewer punches about Scalia’s philosophy and legacy. After a positively scathing indictment of the justice’s neolithic views on homosexuality, Toobin gets to Heller, a gun control case where Scalia read the original text of the Consitution and neatly sidestepped the whole bit about militias:

Scalia spent thousands of words plumbing the psyches of the Framers, to conclude (wrongly, as John Paul Stevens pointed out in his dissent) that they had meant that individuals, not just members of “well-regulated” state militias, had the right to own handguns. Even Scalia’s ideological allies recognized the folly of trying to divine the “intent” of the authors of the Constitution concerning questions that those bewigged worthies could never have anticipated.

None of this would have been remarkable if not for Scalia’s lifelong obsession with the plain language of the Constitution, and the legitimacy which he pretended that lent his legal opinions. But his inability to explain why an originalist justice would have been on the right side of Brown, and the fact that Scalia abandoned that philosophy when the stakes were highest, mar his legacy.

Regardless, constitutional law classes will be less exciting for want of more Scalia dissents.

Published on under The News