Database Users

US: Jailbreaking and Rooting officially legal :)

http://www.gamesindustry.biz/articles/us-government-rules-iphone-jailbreaking-legal
(You need to register, it's free but still, here's the article):
The US copyright office has modified the Digital Millennium Copyright Act to allow the bypassing of security measures on various electronic devices – including mobile handsets such as the Apple iPhone.
This effectively means that iPhones and iPads may be legally 'jailbroken', thus enabling the installation of games and programs that Apple has not sanctioned or has actively banned from the App Store.
This is despite the hardware company's previous attempt to claim jailbreaking violates its copyrights.
Similarly, Android devices may now be 'rooted'. The amendment also permits the software modification of "video games accessible on personal computers and protected by technological protection measures that control access to lawfully obtained works."
However, such circumventions are only permitted under specific circumstances. The installation of illegally obtained – i.e. pirated – software remains a no-go, so the exemption solely applies to lawfully-obtained applications that cannot otherwise be installed to a device.
Additionally, the purpose of any bypass should be "primarily to promote the security of the owner or operator of a computer, computer system, or computer network."
In other words, to test for security flaws or vulnerabilities. However, mobile devices carry an additional permission: "enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset."
The extent to which a jailbreak would need to prove either security or interoperability was their purpose in the unlikely event they went to court is unknown for now, as are the repercussions of developers hacking Apple devices to test their as-yet unauthorised applications.
However, it will likely prove a blow to a company that has fought hard to retain tight control of software installations on its portable gadgets.
While jailbreaking is now permitted under certain circumstances, it will still void the warranty of a device
Alec Meer
Deputy Editor, GamesIndustry.biz 27/07/2010 @ 09:04
Click to expand...
Click to collapse

Nice post FRiKiNFRoG i'm loving it, can't wait to get my X10a rooted, just about a week old but hav'nt had the time to sit down and take care of it. Hope it's the same for Canada.

Read this guys

http://www.zdnet.com/blog/open-sour...-becoming-a-political-liability/7588#comments

It's important to note that they got a significant fact wrong.
The ruling did not give users the "right" to put whatever software they want on their phone. The ruling simply said rooters will not be prosecuted *if* they break a security mechanism and do so with the intent of putting whatever software they want on the phone.
It is an exclusion of the Digital Millenium Copyright Act that protects us from prosecution, but it doesn't make the security measures illegal. They still get to secure the devices and we can now legally try to break that security as long as we have a specific intent in mind.

excellent point

the same post was already made...

Regardless, It is not justified to block consumers from uninstalling any bloatwares they DO NOT want.
I bought a BMW and it came with a free baby seat but I don't have any children. So, I want to remove it to save space for my other stuff BUT BMW insists that the baby seat is molded into the chair and I cannot remove it. WHAT THE F*CK!

My rough draft letter to FCC, BBB, and FTC, or anyone else who will listen

I would appreciate any help, guidance or criticism from the community regarding my letter. Please feel free to modify it to you own needs, if it's something you would like to use.
Admittedly, I am redundant. I often beat the dead horse. I am repetitive. I tried hard to be concise and to the point.
Thank you
To whom it may concern,
Verizon insists that a encrypted *boot loader is for the good of the user, and other users on Verizon's network. All Motorola's, sold on Verizon's network have encrypted boot loaders. HTC's do not and up until the latest Samsung Galaxy s3, Samsung did not either. Why did Verizon choose to encrypt the boot loaders? I'd like to offer my opinion- phone sales. Let me explain...
Verizon and cell phone manufacturers are putting out great hardware. For the past couple years, hardware development had hit sort of a stand still. Screens are getting better, but only really to the most critical of users. Most users can't tell the difference between the phones of today versus the phones of last year- with the exception of the operating system. Certainly, technology has progressed but to the average user, the differences are negligible.
A little over a year ago, I purchased a Motorola Droid X, locked encrypted boot loader and all. The hardware is excellent. 1ghz processor, 512 mb of ram, etc etc. The phone, as third party developers have figured out, is perfectly capable of running the newest operating system from Google- Ice Cream Sandwich. The phone launched with Android OS Eclair. The device was upgraded to Gingerbread and there it sat. Admittedly, the phone may run a bit slow and lack some features that the newest Ice Cream Sandwich operating system is capable of, however, the hardware can support the OS. That said, one has to ask why, if the hardware is capable, won't Motorola and Verizon upgrade it to ice cream sandwich? Why is the device encrypted so these OS modifications can not be loaded onto the device by third party developers? The answer is simple- phone sales.
Today's smart phones aren't marketed with hardware specs being the priority as, again, it doesn't mean much to the average user. Instead, they are marketed with what OS comes on the device. My newest phone, the Samsung Galaxy s3 launched with "Ice Cream Sandwich!" We were getting the latest and the greatest from Google and Samsung. The best hardware available, the newest OS available from Google on the best network, Verizon. However, what we also got was a locked and encrypted boot loader which prevents third party development, adding or removing features from the phone at the whim of the developer.
This third party support poses a problem for Verizon, who, ultimately sells phones to the end user. The problem being, if the hardware isn't making leaps and bounds advances anymore, and the phone is open to third party development, why would anyone purchase a new phone when they can simply upgrade their current device? Ah, but a encrypted boot loader prevents this third party development and allows Verizon and the phones manufacturer to simply stop supporting the device. Thus, my Motorola Droid X, which is perfectly capable of running the newest OS, cannot because it's encrypted and locked. As a result, my ONLY solution to step up to an upgraded OS is, to upgrade my hardware as well. Which is unfortunate considering there's nothing wrong with my hardware, at this time.
Apple, did it correctly. They continue to upgrade and support the old devices- sans some features as it deems necessary for hardware specifications. Even the iPhone of yesteryear runs the newest operating system from Apple. They realize that not all consumers can upgrade, or see the need to, however, their hardware specs differ greatly from androids. Apple produces their own phone. There's one manufacturer. There's no competition for the iPhone as its only competition is last years model. Those who enjoy the iPhone quickly flock to the newest hardware, even though they know their old hardware will be supported. Android, is not this way.
New hardware for android comes out all the time, with differing features, differing specs and from many different manufactures. It's similar to the current PC market except that when you buy a PC, you can be reasonably certain that you can upgrade your operating system to the newest Microsoft version without issues, provided the hardware supports it. Certainly everyone knows there's no restrictions at this point that prevent you from even changing the operating system on your PC from say, Windows XP to Windows 7, Linux, or, even, Apples OS even though it's hardware isn't supported officially by the OS. The option to do so is still there, provided the hardware will support the OS. As well, doing this does not void any hardware warranty. You do lose the option for technical software support, provided you've changed the operating system but this is to be expected. This isn't the Android handheld device market created by Verizon.
Verizon has created a situation where, if you want the newest operating system from Google, you've got to purchase a new phone, even though your hardware is perfectly capable of running the newest OS. This is done by encrypting the boot loader, preventing those savvy enough from upgrading the OS, thus, forcing phone sales. Those who are interested in upgrading hardware can do so, but those who are only interested in acquiring the newest OS are prevented. Can you imagine being forced to upgrade any government agencies hardware simply because of a software upgrade even if the hardware itself was capable of running this software upgrade but it's manufacturer encrypted the device, thus preventing said agency from doing so? The behavior is unacceptable in the PC world, as well as the smartphone world.
I hereby request, that Verizon be forced to comply with the terms and conditions it agreed to at the time Verizon purchased block C,
* * *§27.16 Network access requirements for Block C in the 746–757 and 776– 787 MHz bands.
Specifically, paragraph 2(e):
* * *(e) Handset locking prohibited. No licensee may disable features on handsets it provides to customers, to the extent such features are compliant with the licensee’s standards pursuant to paragraph (b)of this section, nor configure handsets it provides to prohibit use of such handsets on other provider's networks.
The encrypted boot loader does in fact prohibit the potential for me to use my device on any network I choose, as well as the encrypted boot loader does in fact disable my ability to chose the operating system of my choice, clearly violating The terms and conditions set forth by*§27.16
I hereby request the FCC take immediate action with Verizon. I hereby demand that Verizon fully release all keys, codes and programs to disable the boot loader encryption for all devices sold across its network which violate the terms set forth in*§27.16. I hereby demand all devices sold by Verizon Wireless unconditionally follow this standard set forth by*§27.16.
I respectfully request the FCC use its full power in taking action against Verizon. It is a fact that Verizon has knowingly, willingly, and repeatedly broken the terms of*§27.16 and I ask the FCC ask Verizon to comply, or, return the spectrum for re-auction to another party who will comply with these open standards.
I am aware of Verizon's official statement:
* * *"Verizon Wireless has established a standard of excellence in customer experience with our branded devices and customer service. There is an expectation that if a customer has a question, they can call Verizon Wireless for answers that help them maximize their enjoyment and use of their wireless phone. Depending on the device, an open (read "unencrypted") boot loader could prevent Verizon Wireless from providing the same level of customer experience and support because it would allow users to change the phone or otherwise modify the software and, potentially, negatively impact how the phone connects with the network. The addition of unapproved software could also negatively impact the wireless experience for other customers. It is always a delicate balance for any company to manage the technology choices we make for our branded devices and the requests of a few who may want a different device experience. We always review our technology choices to ensure that we provide the best solution for as many customers as possible."
However, I must ask that if this is the case, why is Verizon offering the Samsung Galaxy Nexus, which has an easily unlock able unencrypted boot loader, and rumored to be offering the same Samsung Galaxy s3 for use on its network but as a "developers edition?" If Verizon's official statement is to be believed and the encryption/closing of the boot loader was critical to both customer satisfaction and network reliability, why have so many HTC and Samsung devices been released without an encrypted/closed boot loader? Why does Verizon continue to harm their customer satisfaction and potentially harm users of its network by allowing such phones to be activated on their network?*
In conclusion, it is obvious the business model of Verizon Wireless and the true reason, regardless of their official statement, of the encrypted boot loader is, in fact, to render a phones software obsolete long before the hardware of the device is obsolete, thus, increasing phone sales via marketing of the latest and greatest operating system.
Looking forward to your correspondence
AC
Click to expand...
Click to collapse

ancashion said:
I would appreciate any help, guidance or criticism from the community regarding my letter. Please feel free to modify it to you own needs, if it's something you would like to use.
Admittedly, I am redundant. I often beat the dead horse. I am repetitive. I tried hard to be concise and to the point.
Thank you
Click to expand...
Click to collapse
ZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzz....................
Why dont you just leave Verizon ?

Bagbug said:
ZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzz....................
Why dont you just leave Verizon ?
Click to expand...
Click to collapse
Contract, #1
Only provider in my area, #2
Why is it okay Verizon can willingly break the law, and the only recourse those have who are affected by it, or feel wronged by it, is to "leave?"
Lame, man...

Bagbug said:
ZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzz....................
Why dont you just leave Verizon ?
Click to expand...
Click to collapse
Cool response bro.
If people don't complain, how can you expect anything to change? Is it to much to ask for something we pay for (350 - 700) to be like the same phone on other cell companies? At&t, Sprint,Tmobile didn't seem to have a problem with it being unlocked and neither should verizon.
I'm with op. anything is better than nothing even if they just throw it in the trash bin.

ancashion said:
Contract, #1
Only provider in my area, #2
Why is it okay Verizon can willingly break the law, and the only recourse those have who are affected by it, or feel wronged by it, is to "leave?"
Lame, man...
Click to expand...
Click to collapse
1- why sign with them in the first place ?
2- yeah right

Instead of writing a letter that does not particularly offer any pathway to action you should attempt to get Verizon to unlock the bootloader. If they can not you should be filing an FCC complaint.
Bonus points if you organize other people to do the same since Verizon is allocated a certain number of complaints per X hundred thousand users. This would be a good starting point:
http://www.fcc.gov/complaints
As for the letter itself you can delete everything up to your demands and FCC regs. You are talking about collateral issues for the most part that don't bear on this situation. You are going to lose the interest of your reader before you ever get even close to the regs or your demands. Open with A PARAGRAPH OR TWO stating:
that The GS3 has shipped with a locked and encrypted bootloader.
the FCC has taken previous action when Verizon locked hardware features of the phone to boosts its bottme line (see: VZ Navigator issue).
You believe that this action is in violation of following FCC regulations as more fully discussed below
The actions you request including, but not limited to, the unlocking of the bootloader.
Close with a paragraph restating your demand and tying things together.

Bagbug said:
1- why sign with them in the first place ?
2- yeah right
Click to expand...
Click to collapse
1: I was looking for superior customer service and superior phones coming from us cellular. My area is rural to say the least- providers are few and far between. I'll go you one further to say that truthfully, 3G Internet speeds are faster than any other Internet locally with the possible exception of satellite Internet which is a: too expensive and b: way too expensive! Us cellular, locally, sucks as well and is our only other provider.
2: my zip is 96091- check for yourself- don't forget I may be live in one of the roaming zones on any carrier as well . Feel free to report back with your findings!
Furthermore, Verizon accepted the terms of block c. They tried to fight it, and lost. Now, they are refusing to be bound by those terms. What exactly is wrong with wanting a company to be bound by the terms that THEY willingly accepted?
As well, why come in here with such hate to my position? How about, instead, you offer your insight as to WHY it would be in our best interest to drop it? Why do you side with Verizon, exactly?

We should find a way to organize all of the users here to all submit letters like this so they see that Verizon has really caused a problem
also what categories should be picked on that FCC page?

bobloblaw1 said:
Instead of writing a letter that does not particularly offer any pathway to action you should attempt to get Verizon to unlock the bootloader. If they can not you should be filing an FCC complaint.
Bonus points if you organize other people to do the same since Verizon is allocated a certain number of complaints per X hundred thousand users. This would be a good starting point:
http://www.fcc.gov/complaints
As for the letter itself you can delete everything up to your demands and FCC regs. You are talking about collateral issues for the most part that don't bear on this situation. You are going to lose the interest of your reader before you ever get even close to the regs or your demands. Open with A PARAGRAPH OR TWO stating:
that The GS3 has shipped with a locked and encrypted bootloader.
the FCC has taken previous action when Verizon locked hardware features of the phone to boosts its bottme line (see: VZ Navigator issue).
You believe that this action is in violation of following FCC regulations as more fully discussed below
The actions you request including, but not limited to, the unlocking of the bootloader.
Close with a paragraph restating your demand and tying things together.
Click to expand...
Click to collapse
Incredible! Thank you for your insight!
Is the "law" portion of your name at all relavent?

ancashion said:
Incredible! Thank you for your insight!
Is the "law" portion of your name at all relavent?
Click to expand...
Click to collapse
lol its a character from Arrested Development (TV Show)
http://www.youtube.com/watch?v=mwWAsNZTnug

IAmPears said:
lol its a character from Arrested Development (TV Show)
http://www.youtube.com/watch?v=mwWAsNZTnug
Click to expand...
Click to collapse
Arrested Development aka locked boot loader. lol.
Good luck with the loader, gotta try something.
Sent from my SPH-L710 using xda app-developers app

IAmPears said:
We should find a way to organize all of the users here to all submit letters like this so they see that Verizon has really caused a problem
also what categories should be picked on that FCC page?
Click to expand...
Click to collapse
Wireless telephone
Billing, Service, privacy, Number portability and other issues
I presume
This 5 minute wait between posts and captcha are killing me...

ancashion said:
Wireless telephone
Billing, Service, privacy, Number portability and other issues
I presume
This 5 minute wait between posts and captcha are killing me...
Click to expand...
Click to collapse
you've got 11 posts so that restriction should be removed now, 2 minutes between posts tho
i wonder if we could say it was deceptive or unlawful advertising

ancashion said:
Incredible! Thank you for your insight!
Is the "law" portion of your name at all relavent?
Click to expand...
Click to collapse
Perhaps.....let's just say I can't honestly recite the line from Jay-Z's 99 problems, "I ain't passed the bar but I know a little bit....". That said, I'm only a baby lawyer and this is not something I have any expertise in.
Hopefully that is a good starting point for you. Feel free to PM me if you would like further input.
And yes, lawyers can like comedy shows and double/triple entendres as well =)

IAmPears said:
you've got 11 posts so that restriction should be removed now, 2 minutes between posts tho
i wonder if we could say it was deceptive or unlawful advertising
Click to expand...
Click to collapse
You're correct, captcha is gone. Thanks.
If they had advertised that the bootloader was unencrypted we'd have something.
How about the misuse of the web browsers cache? Those who are on tiered or shared data plans are getting hosed on data usage because the browser fully or partially reloads the previous web page rather than call it from cache or memory. I talked to Samsung advanced support about it and they confirmed it. Beings how some are charged for every kb used, it would seem you should have full control over what uses data and when and how much.
Similar to why cars have to state their mpg- can you imagine the restrictions there would be if ford only allowed use of their fuel, or, if Chevy only allowed the use of their fuel? Insane!

Take two:
To whom it may concern,
My recently purchased Samsung Galaxy s3 from Verizon Wireless is encrypted / locked, thus, my ability to choose the software used on my device and take my device to another network are both hindered by this encryption / lock in direct violation of the terms set forth by*§27.16 Network access requirements for Block C in the 746–757 and 776– 787 MHz bands.
Specifically, paragraph 2(e): Handset locking prohibited. No licensee may disable features on handsets it provides to customers, to the extent such features are compliant with the licensee’s standards pursuant to paragraph (b)of this section, nor configure handsets it provides to prohibit use of such handsets on other provider's networks.
I hereby request the FCC take immediate action with Verizon. I hereby demand that Verizon fully release all keys, codes and programs to disable the boot loader encryption for all devices sold across its network which violate the terms set forth in §27.16. I hereby demand all devices sold by Verizon Wireless unconditionally follow this standard set forth by §27.16.
I respectfully request the FCC use its full power in taking action against Verizon. It is a fact that Verizon has knowingly, willingly, and repeatedly broken the terms of §27.16 and I ask the FCC ask Verizon to comply, or, return the spectrum for re-auction to another party who will comply with the standards set forth by the FCC.
In conclusion, it is my opinion, regardless of Verizon wireless official statement, that the true reason to lock /encrypt the device is to prevent future software upgrades to the device once Verizon Wireless has deemed the device "out of date." By preventing the end user the ability to modify the base operating system of the device, Verizon has the ability make obsolete, at it's discretion, any device shipped with an encrypted boot loader.
Respectfully Yours

ancashion said:
Take two:
To whom it may concern,
My recently purchased Samsung Galaxy s3 from Verizon Wireless is encrypted / locked, thus, my ability to choose the software used on my device and take my device to another network are both hindered by this encryption / lock in direct violation of the terms set forth by*§27.16 Network access requirements for Block C in the 746–757 and 776– 787 MHz bands.
Specifically, paragraph 2(e):
* * *(e) Handset locking prohibited. No licensee may disable features on handsets it provides to customers, to the extent such features are compliant with the licensee’s standards pursuant to paragraph (b)of this section, nor configure handsets it provides to prohibit use of such handsets on other provider's networks.
I hereby request the FCC take immediate action with Verizon. I hereby demand that Verizon fully release all keys, codes and programs to disable the boot loader encryption for all devices sold across its network which violate the terms set forth in §27.16. I hereby demand all devices sold by Verizon Wireless unconditionally follow this standard set forth by §27.16.
I respectfully request the FCC use its full power in taking action against Verizon. It is a fact that Verizon has knowingly, willingly, and repeatedly broken the terms of §27.16 and I ask the FCC ask Verizon to comply, or, return the spectrum for re-auction to another party who will comply with the standards set forth by the FCC.
In conclusion, it is my opinion, regardless of Verizon wireless official statement, that the true reason to lock /encrypt the device is to prevent future software upgrades to the device once Verizon Wireless has deemed the device "out of date." By preventing the end user the ability to modify the base operating system of the device, Verizon has the ability make obsolete, at it's discretion, any device shipped with an encrypted boot loader.
Respectfully Yours
Click to expand...
Click to collapse
IMO I liked the first version a lot, but I could see the FCC getting it and basically saying:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Think you nailed it on the second one. :thumbup:
Sent from my SPH-L710 using xda app-developers app

IAmPears said:
IMO I liked the first version a lot, but I could see the FCC getting it and basically saying:
Click to expand...
Click to collapse
lol
It's a delicate balance. You want to tell some back story, you want the person reading to come away having learned something, but you want to keep their attention at the same time and truthfully, boblolaw1 is correct that getting more users on board, the better. My droid x story doesn't apply to all so a version that was straight and to the point, that does apply to all is probably more useful for the simple fact it can be copied and pasted.

I may have thought of a lateral way to achieve the desired result..
"handsets it provides to prohibit use of such handsets on other provider's networks"
One could simply buy out their contract, and request the key due to the law above. When they fail to comply, the FCC would have more grounds to take action.
Just another variable.

California Bill Would Ban Encrypted Smartphones

http://www.cnet.com/news/california-wants-to-ban-encrypted-smartphones/
This will make future Nexus purchases easier for me as I will not need to run "forced unencrypt" boot.img anymore. LOL

mikeprius said:
http://www.cnet.com/news/california-wants-to-ban-encrypted-smartphones/
This will make future Nexus purchases easier for me as I will not need to run "forced unencrypt" boot.img anymore. LOL
Click to expand...
Click to collapse
its happening all over the country.. New York state announced the same 2 weeks ago, if it'll actually happen is anyone's guess. but also it doesnt matter, as google is only selling nexii via their site now.

simms22 said:
its happening all over the country.. New York state announced the same 2 weeks ago, if it'll actually happen is anyone's guess. but also it doesnt matter, as google is only selling nexii via their site now.
Click to expand...
Click to collapse
Regardless of *how* they are selling it, the problem is that they wouldn't be allowed to sell it in those states where it is banned, which means that they won't be able to SHIP it there, or possibly if there is just a billing address in one of those states.
Nice thing about Nexus, though, is that they can make it trivial to add back the encryption. Just make a system property that switches crypto on. echo "ro.crypto 1" >> /data/local.prop
---------- Post added at 09:25 PM ---------- Previous post was at 09:24 PM ----------
mikeprius said:
http://www.cnet.com/news/california-wants-to-ban-encrypted-smartphones/
This will make future Nexus purchases easier for me as I will not need to run "forced unencrypt" boot.img anymore. LOL
Click to expand...
Click to collapse
That was only necessary on Nexus 6 due to lack of CPU support for crypto functions. It only has the proprietary qcom parts available.

Lmao. Not like they have anything more important to deal with. Pretty sure this is wishful thinking
Sent from my Nexus 6 using XDA Premium HD app

rpolito73 said:
Lmao. Not like they have anything more important to deal with. Pretty sure this is wishful thinking
Click to expand...
Click to collapse
When this whole new "don't encrypt" thing started last year, I was under the impression that it was brought up just to make a point about why it is a bad idea, so that it could be put to rest.
But unfortunately, some idiots ran with it, and now its out of control.
If I have to, I will roll my own crypto, and I will do it just because I can.

However, encrypted computer... Just fine. I.E. SSH into your home PC and run your criminal enterprise from it.
Always afraid of people regulating things they don't understand.
Anyways, this wouldn't do away with encryption, or really prohibit any sales. Google would have enough heads up... They would simply be forced to add a "back door" to encryption so that the government could un-encrypt your device with a court order...
I get the spirit of this.... But really, like with so much else, private sector can usually out perform the government and any back door they add will likely be open to being exploited by the smart bad guys too. Data the government can't decrypted has existed for a LONG TIME.... but now that apple makes the news IT MUST BE STOPPED

scryan said:
However, encrypted computer... Just fine. I.E. SSH into your home PC and run your criminal enterprise from it.
Always afraid of people regulating things they don't understand.
Anyways, this wouldn't do away with encryption, or really prohibit any sales. Google would have enough heads up... They would simply be forced to add a "back door" to encryption so that the government could un-encrypt your device with a court order...
I get the spirit of this.... But really, like with so much else, private sector can usually out perform the government and any back door they add will likely be open to being exploited by the smart bad guys too. Data the government can't decrypted has existed for a LONG TIME.... but now that apple makes the news IT MUST BE STOPPED
Click to expand...
Click to collapse
just seems crazy that they were just making such a big deal about the ability to have it encrypted, and now they want to ban it. I understand why they would want that, but you would think the NSA or some other entity would pretty much be able to do whatever they needed to get in.

This would be difficult to regulate. There are certain states that have gun magazine bullet limits in certain states but it seems like a trivial issue and would be hard to enforce

mikeprius said:
This would be difficult to regulate. There are certain states that have gun magazine bullet limits in certain states but it seems like a trivial issue and would be hard to enforce
Click to expand...
Click to collapse
If it passes, they will simply have to add a backdoor or some universal key into the encryption used. They likely wont make versions for each state, so I would guess that if this passes, android and IOs would simply feature some built in mechanism to allow un-encryption by google/apple... will likely end up being in all versions of android.
Just a guess, but I bet they would be more inclined to build one version to meet all regulations rather than fragment.
Then someone will hack into that backdoor... and we will see wide spread panic over the fact that we are unsafe! (meanwhile career criminals will adapt and use off device storage with encryption that isn't vulnerable)

scryan said:
If it passes, they will simply have to add a backdoor or some universal key into the encryption used. They likely wont make versions for each state, so I would guess that if this passes, android and IOs would simply feature some built in mechanism to allow un-encryption by google/apple... will likely end up being in all versions of android.
Just a guess, but I bet they would be more inclined to build one version to meet all regulations rather than fragment.
Then someone will hack into that backdoor... and we will see wide spread panic over the fact that we are unsafe! (meanwhile career criminals will adapt and use off device storage with encryption that isn't vulnerable)
Click to expand...
Click to collapse
According to the DOJ encryption causes children to die LOL
http://gizmodo.com/the-doj-ups-the-ante-says-iphone-encryption-will-kill-1660827774

" (4) "Sold in California," or any variation thereof, means that the
smartphone is sold at retail from a location within the state, or
the smartphone is sold and shipped to an end-use consumer at an
address within the state. "Sold in California" does not include a
smartphone that is resold in the state on the secondhand market or
that is consigned and held as collateral on a loan."
I think the operative phrase "sold and shipped to an end user in California" would simply be interpreted as retailer needing an out of state dispatch center, so all the big guys are safe. Actually I think everyone is basically safe except your local Verizon store....
" (d) (1) The sale or lease of a smartphone manufactured on or after
January 1, 2017, that is not capable of being decrypted and unlocked
by its manufacturer or its operating system provider shall not
result in liability to the seller or lessor if the inability of the
manufacturer and operating system provider to decrypt and unlock the
smartphone is the result of actions taken by a person or entity other
than the manufacturer, the operating system provider, the seller, or
the lessor and those actions were unauthorized by the manufacturer,
the operating system provider, the seller, or the lessor."
So you can sell one of these phones if it's a refurb that broke the warranty, or if everyone is ok with it?
" (2) Paragraph (1) does not apply if at the time of sale or lease,
the seller or lessor had been notified that the manufacturer and
operating system provider were unable to decrypt and unlock the
smartphone due to those unauthorized actions."
So don't sell a phone that you can't unlock.... but only if there's actual notice from both the manufacturer and (not or) the OS provider.
Bull****, toothless (civil penalty, no private right of action), poorly and vaguely written and places potential legal obligations that are not enforceable since the manufacturer and OS maker might not be domiciled in CA... or even the US. Hell, it even specifically states that you can just sell a second hand one and a second hand device has not been defined as "used"
I quote Section 22761 to the Business and Profession Code because this is supposed to be an amendment of it.

Corporate security demands encryption and me I personally like my privacy.
Given a choice to be able to use my device for work encrypted or go with encryption disabled and use it as a personal device only.
I go with encryption.

California has a long history of disregarding the First and Second amendments... why not trample on the fourth while they are at it.

jimtje said:
" (4) "Sold in California," or any variation thereof, means that the
smartphone is sold at retail from a location within the state, or
the smartphone is sold and shipped to an end-use consumer at an
address within the state. "Sold in California" does not include a
smartphone that is resold in the state on the secondhand market or
that is consigned and held as collateral on a loan."
I think the operative phrase "sold and shipped to an end user in California" would simply be interpreted as retailer needing an out of state dispatch center, so all the big guys are safe. Actually I think everyone is basically safe except your local Verizon store....
Click to expand...
Click to collapse
The part I made bold contradicts your interpretation. Basically says that a new smartphone will not be able to be shipped to an end user in the state *at all*.
Now there is an obvious loophole in this, which is to distribute via a reseller, who opens the box, sets up a new randomly generated gmail address, and installs a few programs. Now deemed "resale" and "secondhand", it is legal to send it in.
" (d) (1) The sale or lease of a smartphone manufactured on or after
January 1, 2017, that is not capable of being decrypted and unlocked
by its manufacturer or its operating system provider shall not
result in liability to the seller or lessor if the inability of the
manufacturer and operating system provider to decrypt and unlock the
smartphone is the result of actions taken by a person or entity other
than the manufacturer, the operating system provider, the seller, or
the lessor and those actions were unauthorized by the manufacturer,
the operating system provider, the seller, or the lessor."
So you can sell one of these phones if it's a refurb that broke the warranty, or if everyone is ok with it?
Click to expand...
Click to collapse
This sounds like a roundabout way of saying that the manufacturer must actively "not authorize" any alteration that would result in unbreakable encryption. Note: NOT that they must actively work to BLOCK the modification, just that they must state something to the effect of "Alphabet Inc., does not authorize any modification that will circumvent california law blah blah blah." -- see, there is a big difference between "unauthorized" and "forbidden". There is also a difference between legally and technically. Also, there is absolutely nothing in there about the warranty, therefore no part of the "modification" necessarily voids the warranty.
At least that would give them a strong position when up against the "unauthorized" clause. Though technically, it may be adequate to just say nothing at all. I.e., for someone to "be authorized", takes an intentional act of providing authorization. Such would be the case if, for example, they were to provide *instructions* on what the end user could do to disable the crypto's back door.
However, another interpretation could be that Nexus devices, by definition, authorize the user to "do what they want" with it, including disabling the backdoor.
" (2) Paragraph (1) does not apply if at the time of sale or lease,
the seller or lessor had been notified that the manufacturer and
operating system provider were unable to decrypt and unlock the
smartphone due to those unauthorized actions."
So don't sell a phone that you can't unlock.... but only if there's actual notice from both the manufacturer and (not or) the OS provider.
Click to expand...
Click to collapse
Hmmm... that is very weirdly worded.
On the surface, it appears to be meaningless in the face of the (4) section, since there wouldn't BE such unauthorized modifications made to a device if it is new (hence qualifying for the resale/used exemption of (4)), but what it does suggest, is possibly somehow related to the notion of sending them out to be modified.
Bull****, toothless (civil penalty, no private right of action), poorly and vaguely written and places potential legal obligations that are not enforceable since the manufacturer and OS maker might not be domiciled in CA... or even the US. Hell, it even specifically states that you can just sell a second hand one and a second hand device has not been defined as "used"
I quote Section 22761 to the Business and Profession Code because this is supposed to be an amendment of it.
Click to expand...
Click to collapse
This kind of horrible nonsense is starting to make the Nexus 6's software crypto more and more appealing. With hardware crypto, the problem is that technically, the closed source radio could obtain access to the encrypted data directly. In other words, there could be an over-the-air backdoor that doesn't even interact with Android, and actually, there could be one there *right now*. At least with software crypto, the kernel is in charge. That leaves the backdoor restricted to what is accessible under Linux by the radio blobs, and the good news is that we can firewall those blobs right up the wahzoo as needed.
---------- Post added at 07:58 PM ---------- Previous post was at 07:58 PM ----------
mikeprius said:
According to the DOJ encryption causes children to die LOL
http://gizmodo.com/the-doj-ups-the-ante-says-iphone-encryption-will-kill-1660827774
Click to expand...
Click to collapse
And according to me, the DOJ causes children to die.

doitright said:
The part I made bold contradicts your interpretation. Basically says that a new smartphone will not be able to be shipped to an end user in the state *at all*.
Click to expand...
Click to collapse
Ah, question of statutory interpretation, a sure sign of a poorly written amendment, the fact that we see it differently shows that this legislation is already on the rocks.
Now there is an obvious loophole in this, which is to distribute via a reseller, who opens the box, sets up a new randomly generated gmail address, and installs a few programs. Now deemed "resale" and "secondhand", it is legal to send it in.
This sounds like a roundabout way of saying that the manufacturer must actively "not authorize" any alteration that would result in unbreakable encryption. Note: NOT that they must actively work to BLOCK the modification, just that they must state something to the effect of "Alphabet Inc., does not authorize any modification that will circumvent california law blah blah blah." -- see, there is a big difference between "unauthorized" and "forbidden". There is also a difference between legally and technically. Also, there is absolutely nothing in there about the warranty, therefore no part of the "modification" necessarily voids the warranty.
Click to expand...
Click to collapse
Hence, without teeth. There's no outright ban of encryption, only sale of unauthorized first-hand retail models of phones featuring encryption, so it's either supposed to be construed very narrowly or just turned out that way.
At least that would give them a strong position when up against the "unauthorized" clause. Though technically, it may be adequate to just say nothing at all. I.e., for someone to "be authorized", takes an intentional act of providing authorization. Such would be the case if, for example, they were to provide *instructions* on what the end user could do to disable the crypto's back door.
However, another interpretation could be that Nexus devices, by definition, authorize the user to "do what they want" with it, including disabling the backdoor.
Hmmm... that is very weirdly worded.
On the surface, it appears to be meaningless in the face of the (4) section, since there wouldn't BE such unauthorized modifications made to a device if it is new (hence qualifying for the resale/used exemption of (4)), but what it does suggest, is possibly somehow related to the notion of sending them out to be modified.
Click to expand...
Click to collapse
I think the limitation on what the state's power to regulate interstate commerce made that necessary but it effectively defeats itself. Clearly the law would have little effect and easily circumvented via the exceptions that are specifically given. With no private course of action individuals don't even have standing to bring a claim on their on regarding the viiolation anyway so it really is just words that have very little effect if actually enacted.
This kind of horrible nonsense is starting to make the Nexus 6's software crypto more and more appealing. With hardware crypto, the problem is that technically, the closed source radio could obtain access to the encrypted data directly. In other words, there could be an over-the-air backdoor that doesn't even interact with Android, and actually, there could be one there *right now*. At least with software crypto, the kernel is in charge. That leaves the backdoor restricted to what is accessible under Linux by the radio blobs, and the good news is that we can firewall those blobs right up the wahzoo as needed.
I think the fact that there's so much uncertainty in the plain text of the proposed amendment show that it' a defective work. They obviously don't even
---------- Post added at 07:58 PM ---------- Previous post was at 07:58 PM ----------
And according to me, the DOJ causes children to die.[/QUOTE]
Well, at least in a court of law an expert needs to establish foundation before testifying. You don't need to demonstrate any knowledge to write an amendment like this.
Oh and the big federal agencies all have blood on their hands anyway. DOJ loses prioners. DHS deports American citizens. FDA can find drugs and then send it right onto you. Ain't nothing new, but does make administrative law fun and sad if you practice it.

scryan said:
If it passes, they will simply have to add a backdoor or some universal key into the encryption used.
Just a guess, but I bet they would be more inclined to build one version to meet all regulations rather than fragment.
Click to expand...
Click to collapse
They won't do it. Both Apple and Google have stated that their encryption can't be designed with a "back door" in place, and if they DO build a back door, they'll be forced to accept other countries' requests for the keys, not just US state/federal requests. The burden this would put on Apple/Google, and the fact that it makes the encryption almost pointless, would mean they'll never do it.
Also, when the FBI did a review of device encryption, the three possible methods that they came up with were all too costly and illogical that they ended up saying that there just isn't a viable encryption solution that the government can get behind.
---------- Post added at 07:57 AM ---------- Previous post was at 07:53 AM ----------
Everyone's seriously overthinking this...
If Cali/NY pass a regulation like this, all Google or Apple will do is revert back to Kit Kat-style encryption. With KK, it was still FDE, but it was off by default, so that users had the *option* under security to enable full device encryption.
This way, devices sold to consumers would be un-encrypted at the point of sale and the end-user would be the one actually enabling/using encryption. The question would be whether the user is violating any state regs by enabling encryption, but it sounds like that's not what the states are trying to confront.

Does this ban mean that new Nexus devices will have the ability to be non-encrypted w/o root? The only thing I don't like about encryption is the decrease of performance.

mkygod said:
Does this ban mean that new Nexus devices will have the ability to be non-encrypted w/o root? The only thing I don't like about encryption is the decrease of performance.
Click to expand...
Click to collapse
The performance hit is a lot lower (practically non-existent) on CPUs that support it properly.

So Apple issued an open letter regarding the San Bernardino case regarding the FBI's request:
https://www.apple.com/customer-letter/

mikeprius said:
So Apple issued an open letter regarding the San Bernardino case regarding the FBI's request:
Click to expand...
Click to collapse
That FBI vs. the Fruit company battle is hilarious. Both sides are such complete morons that they are just going to bang at the courts until everybody pays a whole lot more money and ends up getting nowhere.
The first thing to be aware of, is that the phone in question has a SDMFLBCB2 or similar Sandisk eMMC chip.
The thing won't self-destruct unless you actually run the self-destruct code, so pull the chip (bake in oven at 450 F for 20 minutes, then grab chip with tweezers and pull), and install chip in reader.
READ THE BLOODY CHIP, then either (a) run crypto code in emulator and try to brute force password as desired, or (b) write it to millions of replacement chips and reinstall in phone to try passcodes until you run out of guesses.
Note that FBI just wants to be able to try passwords without the phone self-destructing. They aren't actually asking for a backdoor, just to disable the self-destruct routine.
Now next step is to bring it to the APPLE side of stupid. Apple is acting as if they would be CAPABLE of creating an actual backdoor into an already-existing phone, with nothing but a software change. Not just disabling the self-destruct routines, but actually breaking through the supposed "encryption". Is it possible that they aren't *actually* encrypted at all? Or are we talking about something insane, like the crypto key is stored somewhere on the device in PLAIN? While Android has this capability (of using a default crypto-pass in order to obtain the key needed to decrypt and mount /data automatically on boot), it also has the ability to stop mid-boot to demand the passcode when it needs to mount /data. I wonder just how secure that apple crypto really is....
In any case, assuming that they are being truthful about the inability to assist the FBI without compromising *everything*, it tells me that data on an apple device is NOT secure.
The FBI is acting like end-users, when they should be dealing with computer engineers, who can trace the software execution on the device and reverse-engineer the destructo-routines in order to patch their way around them. They should *NOT* be needing or asking for apple's help with this.

Windows 10. Solution for the privacy problem.

Windows 10 is known to collect private data of the users and collect them on to their servers. They are getting huge profits just by selling these data.
There is a github project that is aimed to block this data collection. But it is not always working. Microsoft still manages to collect data even after the user actively trying to block it.
Maybe we have to tackle this problem using a different approach. If we succeeded in blocking the data collection to an extent, the few data that is collected is still valuable to the company. The novel way would be to "Contaminate the data". Figure out a way to generate random private data so that it would be rendered useless.
The software should generate random browser history, and other data. This data cannot be used by telemarketers to target us or used by any other corporations.
I ask the great minds here to start a project using this idea and help put an end to the privacy intrusion. Thanks.

This is why they give us these OS' for free. There not really free as our information is profitable.
Nothing is free when it involves corporate companys.
So what's it worth?....I dont click on them stupid ads!!
The individual resale of a persons information is pointless and worthless, however they sell it all the same as they do their souls and this is where the pennys come from, relatively small companys will buy list for certain areas or places and try to target those people specifically.
Mass collection of data and information is different. This enables companys to do high profiling at a mass level....predicting future rises and falls in technology and every other market known to us. This is where the pounds come in, targeting people on a mass scale....this is where it becomes dangerous and the real soul selling begins.
They not only profile our latest footwear, clothing, and our latest use of technology, etc. Which we already know.
They profile our likes, dislikes, anger, happiness, even fear! They basically profile us as machines and thwn these corporate companies sell it too the "big people"....Governments...Charities and anyone with enough power, money and influence.
This is where it gets bad. Profiling on mass scale enables them to control our enviornment and social interaction.
Even wondered why facebbok gives free internet to poor countries...they dont buy the latest trainers...they dont buy the latest technology.....so why profile them?????
Simply because they want to profile the mind....fear, feelings and everything inbetween the best they can this enables governments and corporate companys to manage different societies differently.
You may think things just "happen", but if they did then the chances of there being a coincidence would be astronomical.
We could go into this in a little more depth, however is there much point...its never been admitted and it will never be. People even find it.
hard to believe. Well...believe this..if they wanted to sell you the latest technology they would...without profiling.
Nike trainers which we buy for over 100£ cost as little as a £ or two to produce...an iphone 6 cost £5.61 to produce [if i remember correctly _ bbc panorama covered this]...so they could just put it on the shelf to see if we buy it and if we dont...so what...lets make another one for a couple of quid and see if they like that!!! you get what I'm getting at!
Only way to stop this is to stop our data leaking out of our laps.
They profile us as robots and create a certain amount of our perception and understanding of our surroundings based on our profiling. We are free thinkers however studies prove that we flock with the crowd thus makes us predictable.
Back to the point...