Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
It's Friday. Third times the charm, maybe, maybe third times the charm. Um, I started broadcasting over there from my Ds LR set up and of course, that's a good 6 ft from the laptop. Um, better shot, better lighting all that kind of thing. Um But then, uh, it conked out about three minutes, 30 seconds in, um, didn't see it because I took the glasses off when I'm shooting from a ring light.
Otherwise it is a really bad reflection. Um, and I don't normally look at it PC, I'm looking straight down the barrel of the camera to make it more interactive and more intimate. Um, so it cut off halfway through. Um, and then I just tried to fire it up again a second ago and of course it wasn't picking up the audio correctly.
Um, so we're back on the simple cam because I can just make sure that we're broadcasting correctly, um, to make this better easier. So Friday mornings with Mark, um, hit me up online, marknca or in the comments below. Happy to chat about things, but I want to recap real quick is what I was talking about before because it was a great rant.
It was an epic epic rant or actually structured argument. It was not a rant at all. It was a structured argument and it was coherent and everybody would have agreed with me. So I will recap that briefly for you here. Um I want to talk about um iphone encryption and forensic acquisition.
So a company called Grey Key, I believe it is. Let me double check that because I'm actually my PC. So that makes it easier. Um Grey has a device that a bunch of law enforcement agencies around the world. Yes, Grey um are purchasing for relatively inexpensive it 15,000 or 30,000 which is cheap for this type of device to do forensic acquisition on iphones.
Apparently all the way up to the iphone X with the latest Os. So there's obviously a vulnerability here that needs to be addressed and fixed. Um That's concern number one. Um And of course, it's not law enforcement's job to report security vulnerabilities, but there's a question there on the larger society, but it's law enforcement's job to use every tool they can to complete their job, which is enforcing the laws of our society and whether that's wherever you are in a democratic community, that's, that's the goal here.
So you want law enforcement using every tool they can and arguing for more tools to do their job better, which is why you hear this whole going dark argument which is law enforcement's term for the challenges they run into when they see encrypted data, whether that's in transit or unrest and they can't do what they used to do with lawful access legislation around the world where they can get a warrant, go through some level of judicial rigor to then tap communications or intercept data or seize different devices and evidence.
So the interesting thing about Grey Key, we will ignore the going dark argument for a second. But the interesting thing about Grey Key and for the record, yes, we did. Uh no that way there, we did, we did hit the science project that was due this Friday.
Um the gonna wipe the white board and emergency situation here. So um the uh what ended up happening or what ends up happening is a forensic acquisition. This is legally a forensic acquisition. This is not what you would think of in your corporate terms as far as doing forensics, this is the law, the legal definition, which means there are certain rigor, there are certain standards.
Now when it comes to digital evidence, those standards have kind of been in flux, seen a lot of cases in the USA lot of cases in Canada, a couple in the eu that are a little shaky as far as the acquisition of data. And whether or not somebody the forensic practitioner can actually say how it was acquired.
So that's, that's where I did my graduate degrees in forensics I investigator for a number of years. The challenge is, is simple. Well, it's a simple challenge to state, it's a hard one to solve. Um, is that as a forensic investigator, I need to be able to tell you how that evidence was acquired and any changes that resulted as of, um, that came because of that acquisition.
Um, and they need to be predictable and consistent. So it used to be that you couldn't change evidence at all. But now we know better from forensic science in general, not just digital forensics and that obviously, you know, humans being in a crime scene will impact that crime scene.
Um So the easy evidence to think about would be um contamination of a crime scene, right? We, every forensic unit tries to reduce it as much as possible, but there's going to be traces of that unit coming in and we know how to account for it and we know how to rule it out, right?
So if there's an additional footprint, which should never happen, but if there is one, we know how to count it out from the team to ensure that that was reduced and minimized, it doesn't actually impact the evidence that was acquired. Um same thing in the digital world.
We used to say it had to be perfect. You couldn't do an acquisition that impacted the system, but we know the vast majority of stuff we have to capture live, which means while it's running, not while it's shut down, which means there's going to be an impact because you're sending commands to that system and that system has to receive those commands and process them.
So the challenge is you have to be able to account for that and say I ran the following steps and the following things happened. And here's the additional evidence of that happening of that acquisition happening when it comes to a black box service like great key. Yeah, black box service like Grey where you're buying something from another party, not having that as a part of the submission of how the evidence was required is a little shaky sometimes.
So this is going to be really interesting. This is good that new law enforcement has a tool to do what they need to do it normally generally a positive thing. Um But what we are going to be really interested in seeing is how this progresses through court, um how they disclose the methodology here because um they could disclose it simply and say uh you know, privately to the court.
But then the argument from the defense would be, well, we want an expert to be able to contest that. We want our expert to be able to give their opinion on how that worked. Um Which means then Grey's competitive advantage is gone, which means the vulnerability can go public, which means it can get fixed, which means the devices will no longer work anymore.
It's a nice little cycle there, there's an argument there and you can be sure that that's the argument that law enforcement is going to make, that they can't reveal the methodology because it's going to put that tool at risk. We've seen that with the stingrays, with the cell interceptors and a number of other things when it comes to the digital realm.
I'm a huge fan of transparency. I'm a huge fan of law enforcement, being able to do their job when it goes through proper judicial steps, don't get that wrong in any way, shape or form. But I'm also a big picture thinker when it comes to this, especially with the encryption debate.
So Apple and the FBI tussled a little while ago, which is why this is particularly interesting because currently the FBI had access to these devices at that time and still push to get a backdoor built in. But I think it's really easy for people to lose perspective in law enforcement.
Their job is to catch criminals and people who are breaking the law and they, we want them to do that pedal to the metal as much as they possibly can um within the constraints that society has given them. And I think that's the real challenge here is we as a society need to have an active discussion to say these are constraints and when it comes to things like secure systems and end to end encryption there are millions and millions and millions of people using these systems every day, their protection and their safety versus capturing a small percentage of criminals.
Um Compared to the larger population, that's something that needs to be evaluated and not in a political scenario, not in a um you know, emotional scenario. You need to look at the logic and the numbers and say, wait a second. Yes, there's some reprehensible criminal acts or there's some things that are negative.
But should we break the entire system for something else? Because the challenges that have come up around the going dark, this is not a rant on going dark. I'll cover that in other rants and more eloquent essays, hopefully in the near future. But the challenge is, you know, looking at that big picture.
So right now, the really interesting thing is this grey device will see how it proliferates through law enforcement, whether or not the vulnerability that it exploits gets put out. Because right now, that's my main concern is that I have an iphone, I have a number of ios devices around the house and they're obviously vulnerable to something they're vulnerable and there's a known exploit.
It's being sold commercially to law enforcement. It's a matter of time before that gets out and someone with more malicious intention um starts to leverage that um that, you know, I'm a big fan of responsible disclosure and moving forward. Obviously, this company has discovered something and has decided to profit from that.
That's their right. That's fine. Um You know, from their perspective, I'd like to see it fixed for the hundreds of millions of I OS users. Hopefully we get there. Um Anyway, some deep thoughts. Um, couple takes a couple of steps to get this going. Um Always interesting.
You learn something new with streaming even though this is episode 33 or something. Uh First time it's con out halfway. Uh All good. I hope you guys have a Great Friday and a great weekend. Next week, I am in San Francisco for RS A USA 2018. Um uh Andrew Hay from Leo Security and myself are cohos the ransomware destructive attack seminar on Monday, come by and check it out.
Um I'll be there through the week. I'm a social ambassador for the conference themselves. So I'll be uh on uh R A social media handles. I'll be tweeting from marknca. Um I'll be trying to keep Mornings with Mark going. Um I think it works well when I go west, it's easier.
I am an early riser. So um sort of 6:30 a.m. gives me my 930 Eastern uh broadcast. We'll see though. I may adjust the time a little bit but fully intend on, on doing the normal um mornings with Mark next week. If you're at Rs A, if you're at RS A hit me up on Twitter, um meet up for a beer or something like that. Uh, it's all about social in the hallway conference there. Um, and I can't wait to see everybody in San Francisco next week. I hope you're set up for a Great Friday and a fantastic weekend. We'll talk to you soon.
