[147001] in cryptography@c2.net mail archive
[Cryptography] About those fingerprints ...
daemon@ATHENA.MIT.EDU (Andrew W. Donoho)
Wed Sep 11 12:32:54 2013
X-Original-To: cryptography@metzdowd.com
From: "Andrew W. Donoho" <awd@DDG.com>
Date: Wed, 11 Sep 2013 08:16:48 -0500
To: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1489371812751612559==
Content-Type: multipart/alternative; boundary="Apple-Mail=_0987376A-BF50-471B-A5C0-ACA7C15BBC59"
--Apple-Mail=_0987376A-BF50-471B-A5C0-ACA7C15BBC59
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Gentlefolk,
Fingerprint scanners have shipped on laptops and phones for =
years.
Yesterday, Apple made the bold, unaudited claim that it will =
never save the fingerprint data outside of the A7 chip.
Why should we trust Cook & Co.? They are subject to the laws of =
the land and will properly respond to lawful subpoenas. What are they =
doing to ensure the user's confidence that they cannot spread my =
fingerprint data to the cloud? (POI frequently have fingerprints on =
file. Finding out which phone is used by whom when you have fingerprint =
data is a Big Data query away.)
These questions also apply to things like keychain storage. Who =
has audited in a public fashion that Apple actually keeps keychains =
secure? How do we know whether Apple has perverted under secret court =
order the common crypto and other libraries in every phone and iPad? iOS =
7 supports keychain storage in iCloud. Why should we trust Apple to keep =
our keys safe there? Where is the audit of their claims?
Why should we trust Cook & Co. without verifying their claims?=20=
IOW, where is the culture of public audit around security? Why =
did we ever trust the Canadian company RIM with our email without a =
public audit? Why do we trust Apple, MS, Google and others?
The culture of secrecy around the security stack inside popular =
OSes needs to stop. (I am proposing "after the fact" audits of shipping =
OSes. They should never be an impediment to any organization shipping =
software in a timely fashion.) Sunlight on the libraries being used is =
the best disinfectant for security concerns.
President Reagan had it right: "Trust but verify." Why should we =
trust Apple? Because their executives said so in a video? We need =
something stronger.
Anon,
Andrew
P.S. All you Android fanboys know how to globally replace Apple above =
with Google/Samsung.
____________________________________
Andrew W. Donoho
Donoho Design Group, L.L.C.
awd@DDG.com, +1 (512) 750-7596, twitter.com/adonoho
Download Retweever here: <http://Retweever.com>
No risk, no art.
No art, no reward.
-- Seth Godin
--Apple-Mail=_0987376A-BF50-471B-A5C0-ACA7C15BBC59
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
">Gentlefolk,<br><br><br><br><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>Fingerprint scanners have shipped =
on laptops and phones for years.<br><br><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>Yesterday, Apple made the =
bold, unaudited claim that it will never save the fingerprint data =
outside of the A7 chip.<br><br><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>Why should we trust Cook & =
Co.? They are subject to the laws of the land and will properly respond =
to lawful subpoenas. What are they doing to ensure the user's =
confidence that they cannot spread my fingerprint data to the cloud? =
(POI frequently have fingerprints on file. Finding out which phone =
is used by whom when you have fingerprint data is a Big Data query =
away.)<br><br><span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>These questions also apply to things like keychain storage. Who =
has audited in a public fashion that Apple actually keeps keychains =
secure? How do we know whether Apple has perverted under secret =
court order the common crypto and other libraries in every phone and =
iPad? iOS 7 supports keychain storage in iCloud. Why should we =
trust Apple to keep our keys safe there? Where is the audit of their =
claims?<br><br><span class=3D"Apple-tab-span" style=3D"white-space:pre"> =
</span>Why should we trust Cook & Co. without verifying their =
claims? <div><br></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>IOW, where is the culture of =
public audit around security? Why did we ever trust the Canadian company =
RIM with our email without a public audit? Why do we trust Apple, MS, =
Google and others?</div><div><br></div><div><span class=3D"Apple-tab-span"=
style=3D"white-space:pre"> </span>The culture of secrecy around the =
security stack inside popular OSes needs to stop. (I am proposing "after =
the fact" audits of shipping OSes. They should never be an impediment to =
any organization shipping software in a timely fashion.) Sunlight on the =
libraries being used is the best disinfectant for security =
concerns.</div><div><br></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre"> </span>President Reagan had it right: =
"Trust but verify." Why should we trust Apple? Because their executives =
said so in a video? We need something =
stronger.<br><br><br><br>Anon,<br>Andrew<br><br>P.S. <span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> </span>All you =
Android fanboys know how to globally replace Apple above with =
Google/Samsung.<br><br><div apple-content-edited=3D"true">
<div style=3D"orphans: 2; text-align: -webkit-auto; text-indent: 0px; =
widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"color: rgb(0, 0, =
0); font-family: Helvetica; font-size: medium; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; =
word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; ">____________________________________<br>Andrew W. =
Donoho<br>Donoho Design Group, L.L.C.<br><a =
href=3D"mailto:awd@DDG.com">awd@DDG.com</a>, +1 (512) 750-7596, <a =
href=3D"http://twitter.com/adonoho">twitter.com/adonoho</a><br><br>Downloa=
d Retweever here: <<a =
href=3D"http://Retweever.com">http://Retweever.com</a>></div><div =
style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px; orphans: 2; text-align: -webkit-auto; =
text-indent: 0px; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: =
space; -webkit-line-break: after-white-space; "><br>No risk, no =
art.<br><span class=3D"Apple-tab-span" style=3D"white-space: pre; "> =
</span>No art, no reward.<br><span class=3D"Apple-tab-span" =
style=3D"white-space: pre; "> </span><span class=3D"Apple-tab-span" =
style=3D"white-space: pre; "> </span>-- Seth Godin</div><div =
style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px; orphans: 2; text-align: -webkit-auto; =
text-indent: 0px; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: =
space; -webkit-line-break: after-white-space; "><br></div></div><br =
class=3D"Apple-interchange-newline">
</div>
<br></div></body></html>=
--Apple-Mail=_0987376A-BF50-471B-A5C0-ACA7C15BBC59--
--===============1489371812751612559==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1489371812751612559==--
