This is how police should get around the problems presented with encryption. This is real policing.
The PR barrage and faux posturing by the FBI to weaken encryption has always seemed like just lazy policing to me.
If anything, the hacking attacks on industrial centers has better illustrated than anything why encryption is necessary, and this new triumph has demonstrated that police can continue to function, even thrive in a world that permits encryption.
> By adding a backdoor to E2E encryption? That is pretty much what they have been asking for :)
Not really. At least in Australia's case they asked for the ability to access data on the end point while it is unencrypted, which it must be when a human consumes it. They didn't want to backdoor encryption, just bypass it. And they didn't just ask for it - they got it.
Specifically, the Assistance and Access bill (2018) [0]. The "Assistance" in the title allows them to demand assistance from a software company (eg, Google / Microsoft / Apple) in developing an app (or a modified version of an existing app) that that won't trigger the OS's warnings while it provides access to data while it is unencrypted. The "Access" in the bills title refers to the fact they can they demand the software developer force the app to be "upgraded" to the "spy" version on targeted devices via their normal security patch mechanisms.
As you can probably gather from the date of the bill, this law has been in place or about 2 years now. But it probably wasn't in place when this started, as the law was passed New Years Eve, 2018, which explains all this social engineering cloak and dagger stuff.
When I first saw the story I thought it was odd they publicising a hack that only works when nobody knows about it. But now I think about it, my guess is they publicised it because they won't need to use it again. They've legislated far easier ways to spy on a phone.
tl;dr hacking is allowed, abusing gov't authority to compel is cheating.
I don't think it's really the same as "what they were asking for" at all.
a.) they didn't compel a company to secretly do it for them
b.) the back door is targeted, I.e. not mass surveillance
As far as I understand, they did the work themselves (modified android OS), and their methods were targeted. A "bad guy" could only get this special, hacked phone, from other "bad guys". This wasn't the same thing as, sending a mole to get work at Cisco and install an undetectable zero-day in all communication infrastructure switches world-wide. And it's definitely a far cry from forcing apple to make a modified iOS on their behalf.
No, they pretty much did what hackers do, and as far as I'm concerned, that's fair game.
The PR barrage and faux posturing by the FBI to weaken encryption has always seemed like just lazy policing to me.
If anything, the hacking attacks on industrial centers has better illustrated than anything why encryption is necessary, and this new triumph has demonstrated that police can continue to function, even thrive in a world that permits encryption.