Profile

Cover photo
Wes Winham
Works at PolicyStat
Attended Rose-Hulman Institute of Technology
Lives in indianapolis, indiana
535 followers|236,953 views
AboutPostsPhotosYouTube+1'sReviews

Stream

Wes Winham

Shared publicly  - 
 
King Y would probably get my vote. Kings are one of the things you vote for, right?
When the University of Chicago polls 50 top economists on subjects like fiscal stimulus and the minimum wage, I am often appalled by the results. In contrast, I wish Eliezer Yudkowsky were made King of the World (assuming there was a King of the World, which I'm opposed to).
1
Add a comment...

Wes Winham

Shared publicly  - 
 
 
Some Questions and Answers About the Apple Order

Let me start out with a pretty simple preface: I work for Google. But I am not speaking for Google. If you'd like to read someone speaking for Google, read someone whose job that is. (It isn't mine.)

Because this is the field I work in, I have been interested in what's going on with Apple. So, with that in mind, some questions and answers about what's going on.

Q: So, what's Apple being asked to do?

A: They're not being asked to decrypt the phone. They're being asked to make it so that attempts to decrypt the phone the easy way don't wipe the storage and render the device unusable. There's a difference, and the newer the Apple device, the more important that difference becomes.

Q: I am an engineer. What's Apple being asked to do?

A: Okay, so, this is going to be a little TL;DR for some of you, and I am not an engineer. I merely play one on TV. As I understand it, here's what's going on:

This is an older Apple device. On newer devices, the security flow seems to be relatively similar, except that much of this occurs within the secure enclave, which is a neat little piece of hardware which handles most of the cryptography directly.

So, Apple devices from this generation have hardware-assisted encryption. In order to generate a valid key to decrypt the storage, you need three components: the device key, the password or PIN, and the intermediate key that's in effaceable storage. How these three components relate is unclear to a lot of security professionals.

From a forensic perspective, this means that you need physical access to the device in order to attempt passwords. You can't just write everything to an image and attempt to brute-force the crypto on a second device. You actually need to be running everything on the device you're trying to crack open.

If you've ever looked at an iPhone PIN, you'll see that it's only a couple digits. If you're going to brute-force something, working your way through twelve bits is going to be a lot easier than working your way through the (much larger) device key. Which is why an iPhone will wipe the storage if you fail ten times.

If you could update the firmware, you could get around this restriction. Unfortunately, the government can't update the firmware without Apple's key. (Maybe.) Which is why they're asking.

Q: So, does the government have to go to court to get information out of Apple?

A: Probably not. This is an older device, and there are established forensic techniques for getting information out of older iPhones. Especially if it's ever been synced with a desktop. In addition, there are established legal techniques for getting information which has been uploaded to iCloud.

There have been some public papers on extracting hardware keys -- even ones where the difference is only in the n- and p-type silicon -- from hardware-locked devices. It is likely that these techniques are available to the government as well. (Though I'd presume they don't want to disclose them.)

Q: So why are they asking?

A: To get a favorable precedent, because they can't get Congress to pass a favorable law.

Q: There's got to be some legal basis for this.

A: Yeah. It's a weird one: the All Writs Act of 1789.

Q: Is that weird? How does the government usually get information from third parties in criminal cases?

A: By subpoena.

Q: So, why are they using the All Writs Act?

A: If this were a subpoena, the applicable rule would be F.R.Crim.P. 17(c)(3).

But they can't do that. The government can subpoena evidence from third parties. But they can't subpoena investigative tools from third parties. They especially can't subpoena investigative tools which haven't already been written from third parties.

So, the All Writs Act lets them do this?

A: Uh. Good question. Here's what the All Writs Act says:

(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.

So, really, it doesn't say much.

Q: That seems like a weird little law. What was it even meant to do?

A: The All Writs Act is an odd little beast. In early American law, courts were given a very limited, enumerated set of legal verbs. If a particular sort of relief didn't fall within the scope of a particular writ, then the person ordered to comply could frustrate the court's order. And the court could do nothing to stop it. What the All Writs Act does, in practice, is allow courts to order particular results. Its primary use is in civil injunctions. There's a much smaller body of law addressing its use in criminal cases.

Q: So, it means that a court can do anything it wants?

A: No.

Given an empowering law which mandates a particular result, the All Writs Act lets federal courts order that result. It also stops there from being legal orders for which there is no legal remedy. For those of you that are engineers, not lawyers, it's basically there to stop there from being court orders which are legal no-ops.

Underneath the surface, the question is, "Is there an empowering law which permits, in general, federal prosecutors to order third parties to actively participate in an investigation to which they do not have any particular connection." And while there are some laws which might do this in other cases (CALEA, for instance), there is no general authority to order third parties to participate in criminal investigations.

This is not a super-strong legal argument.

Q: So, they'll probably lose?

A: I'm not making predictions. But if you'll look at the link attached below, this isn't the first time the government has made this argument. It has not universally gone well.

It's also relatively early days. Right now, the case is in front of a federal magistrate. The next level of appeal is to the federal district court, and then to the 9th Circuit. It's possible that this could go away at the district level, in which case this would be a tempest in a teapot. If Apple chooses to skip to the 9th Circuit Court of Appeals (and I believe that it can?), a lot would depend on the composition of the panel.

Q: What are the consequences for Apple if this goes wrong?

A: Pretty bad.

If Apple can be compelled to use its key to alter the properties of effaceable storage or the secure enclave in order to empower brute-forcing, their technical remediation methods become more limited. Both forcing longer user passwords (to remove the entropy bottleneck) and disabling their ability to make changes to the secure enclave (to disempower themselves) have consumer-facing impact. The first makes accessing the phone relatively annoying. The second makes updating the device extremely annoying, and makes security holes in the secure enclave permanent.

It's not as bad as banning strong device-level encryption, but it's pretty close.
39 comments on original post
1
Add a comment...

Wes Winham

Shared publicly  - 
 
After doing a lot of research and buying one to test, this is the USB Type C wall charger I'm buying en masse to replace my existing chargers.

* Has a normal USB port that can push 3 Amps for quickly charging other devices (e.g. iphones)
* The Type C port pushes 3 amps and triggers "Rapid Charging" on my Nexus 6p
* The prongs fold in for easy travel and durability
* It feels well-made and has an 18-month warranty if that fails to hold true
1
Add a comment...

Wes Winham

Shared publicly  - 
 
I'm adding a new phrase to my vocabulary:

The "last responsible moment". That's when I will endeavor to make all decisions.
Paradoxically, it’s possible to make better decisions by not deciding. I’m a world class procrastinator, so what’s to stop me from reading this as carte blanche? Why do today what I can put off until tomorrow?
3
Add a comment...

Wes Winham

Shared publicly  - 
 
Zing!
3
Add a comment...
Have him in circles
535 people
Julio Cesar Hegedus's profile photo
Nate Bohney's profile photo
David Ford (FirefighterBlu3)'s profile photo
Mitch Crane's profile photo
Keely Reyes's profile photo
Evan Hazlett's profile photo
Luis C Piedrahita (lmseo)'s profile photo
David Ichim's profile photo
Andrew Stobbe's profile photo

Wes Winham

Shared publicly  - 
 
If you had to predict on whether this is a result of:
A) hospitals taking action to improve quality and patient outcomes in response to regulatory incentives
B) hospitals taking action to superficially change the measured metric in response to regulatory incentives

What would your probability breakdown look like? Mine in the comments.
1
Wes Winham's profile photo
 
70% A
30% B

There probably really was some low-hanging fruit to pick for B (since they previously were actually incentivized to have more re-admissions, it was unlikely to have been a priority). With a change this sudden and smooth, my naive instinct is to look at ways where hospitals can game this measurement. I don't know how much room there is for that, though, so I could be completely wrong.

My instinct is based on the prevalence of police departments gaming crime statistics.
Add a comment...

Wes Winham

Shared publicly  - 
 
PsyCrypto: Who will be the first EDM artist to take advantage of this at a concert?
About 18 months ago I had a really cool idea: What if we could communicate with people who are high on LSD in such a way that sober people can’t understand?* I call this idea psychedel…
1
Wes Winham's profile photoAndreas Schou's profile photo
3 comments
Add a comment...

Wes Winham

Shared publicly  - 
 
If you're looking for USB type C cords and chargers, check out this Google engineer's thorough reviews.
1
Add a comment...

Wes Winham

Shared publicly  - 
 
"Thank you" is much more powerful than "sorry". I need to make this change in my language. 
3
Add a comment...

Wes Winham

Shared publicly  - 
 
Just unboxed my new Nexus 6p (project fi) and I'm super impressed with the language agnostic setup graphic. IKEA, eat your heart out. 
4
Add a comment...

Wes Winham

Shared publicly  - 
 
The First Order fails mostly because of poor engineering culture.
 
Capsule Review, the Force Awakens: The First Order continues the Empire's tradition of excellent engineering vision combined with slapdash execution. Among the problems which might have been addressed if the Imperial Navy had a robust postmortem culture:

(1) Once again, an Imperial superweapon project is crippled by poor attention to HVAC design and insufficient redundancy. Maybe install some grates?

(2) It doesn't matter how good your biometric scanners are if they can be bypassed by shooting them. Also, Han, are you sure it's a good idea to have an airlock to your cargo bay that opens when you shoot it?

(3) Bottomless pits are the most common cause of death among Sith Lords. Maybe you need one. But if you want to add flair to your lair, have you considered a water feature? Or maybe install a railing on the catwalk.

(4) Someone in the Imperial research corps said, "We thought Stormtroopers were too accurate, so we took away the eyeholes." Then they gave them flamethrowers. This man was an idiot.

(5) If you need to keep a star inside a planet, have you considered building two of the thing which keeps the star in there? It seems like it would be bad if it got out.


23 comments on original post
1
Add a comment...
People
Have him in circles
535 people
Julio Cesar Hegedus's profile photo
Nate Bohney's profile photo
David Ford (FirefighterBlu3)'s profile photo
Mitch Crane's profile photo
Keely Reyes's profile photo
Evan Hazlett's profile photo
Luis C Piedrahita (lmseo)'s profile photo
David Ichim's profile photo
Andrew Stobbe's profile photo
Collections Wes is following
Education
  • Rose-Hulman Institute of Technology
    Software Engineering
Basic Information
Gender
Male
Story
Tagline
Software entrepreneur in Indianapolis who likes nerding, ultimate, beerpong and economics
Work
Occupation
Software Entrepreneur
Employment
  • PolicyStat
    VP of Product, present
    I'm responsible for ensuring that we're building awesome things for our customers, that we're building them for the right customers, that we're awesome at building those things, that our time spent building those things is fulfilling and that we're continuously increasing our average level of awesome.
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
indianapolis, indiana
Previously
spencer, oklahoma - chickasha, oklahoma - terre haute, indiana - bloomington, indiana
Wes Winham's +1's are the things they like, agree with, or want to recommend.
HTML5 UP! Responsive HTML5 and CSS3 Site Templates
html5up.net

Responsive HTML5 and CSS3 site templates designed by @n33co.

The Venture Bros
market.android.com

Once a child prodigy, Dr. Venture now fails as both a scientist and a father. Luckily, his twins, Hank and Dean, are too stupid to care. And

NASN Radio
market.android.com

Listen to the only free 24 hour American soccer radio network "NASN Radio" with the new NASN Radio Android app. Listen to your favorite NASN

American violence is higher than you think
marginalrevolution.com

From Christopher Glazek: …the figures that suggest that violence has been disappearing in the United States contain a blind spot so large th

Conservative White America, you need a new Grand Strategy
noahpinionblog.blogspot.com

Time for a (mostly) non-economics post/rant. Warning: Contains oversimplified history, sketchy data, and sweeping generalizations. In 1396,

Responses to objections on cash transfers | The GiveWell Blog
blog.givewell.org

The GiveWell Blog - Exploring how to get real change for your dollar.

John Wall’s Contract and the Risks of Running an NBA Team
wagesofwins.com

The risks that entrepreneurs take, I think, are social risks [...] The risks they take are not material risks, they're very often using othe

The highest ROI way to increase signups: Make a minimal homepage (Guest ...
andrewchen.co

Mattan Griffel has written some great essays on user growth over at Growhack, and you can follow him on Twitter at @mattangriffel. In partic

Pocket
market.android.com

When you find something on the web that you want to view later, put it in Pocket. It automatically syncs to your phone, tablet or computer s

Greg Mankiw's Blog: Observations on the Great Gatsby Curve
gregmankiw.blogspot.com

In recent years, some economists have drawn attention to a correlation that has been dubbed the Great Gatsby Curve. In particular, countries

John Resig - Gittip at Khan Academy
ejohn.org

For a while now I've been a huge fan of Gittip. I think they've created one of the most interesting models for funding Open Source developme

Somerville, MA rebels against minimum parking requirements
feedproxy.google.com

In a city where people can spend hours searching for parking, Boston officials are pursuing a strategy that seems as galling as it is counte

on conference calls with the client - thisadvertisinglife
thisadvertisinglife.tumblr.com

on conference calls with the client - Thanks for the gif, Molson.

No One is Innocent
feedproxy.google.com

I broke the law yesterday and again today and I will probably break the law tomorrow. Don’t mistake me, I have done nothing wrong. I don’t e

Overcoming Bias : Whistleblowers Think Far
www.overcomingbias.com

Rita Handrich: The “highly conscientious” … are more likely to work hard to achieve their goals [both personally and on behalf of their orga

Industry of Mediocrity
feedproxy.google.com

AP: Washington: The nation’s teacher-training programs do not adequately prepare would-be educators for the classroom, even as they produce

Feedly - Your News, RSS, Google Reader
chrome.google.com

Feedly is a news reader for creative minds. Syncs with Google Reader and Twitter.

Analyzing Yahoo's PRISM non-denial
paranoia.dubfire.net

Today, Yahoo's General Counsel posted a carefully worded denial regarding the company's alleged participation in the NSA PRISM program. To t

End Piracy, Not Liberty – Google
www.google.com

Millions of Americans oppose SOPA and PIPA because these bills would censor the Internet and slow economic growth in the U.S.. Two bills bef

Front desk staff was very friendly and helpful. We were buying bandaids in the convenience store and they offered to give us some for free instead. A small thing, but generally indicative of their helpfulness. I also definitely recommend a room with access to the concierge suite if you're going to be there during the week. Solid breakfast in the morning and desserts plus drinks in the evening.
Public - 4 years ago
reviewed 4 years ago
Great food with good prices and quick, friendly service. Right off the highway (google maps was wrong). Went there for breakfast with group of five. Seated right away and served quickly. Standard breakfast menu fare with some twila's-themed special items. Food arrived very quickly and was universally good. We had twila's omelette (great usage of sweet peppers), french toast, cinimon toast, hash browns (crispy and very good), scrambled eggs. bacon (crispy, good), and toast. All food was good, service was great, prices were great. Plan on stopping here again.
• • •
Public - 5 years ago
reviewed 5 years ago
3 reviews
Map
Map
Map
Service was friendly, but incredibly slow. Went for lunch with a group of 5 at 11 with 3 other tables in the place. Hamburger and tuna melt took 15 minutes with a turkey sandwich and philly cheese steak taking 20 after that (first two were basically finished). Waited 15 after that and they forgot about the omelette (with 15 customers in the whole place). Home fries were bland. Philly cheese steak was ok. Tuna melt was good. Burger wasn't quite as good as wendys. omelette was good. Prices were high for the quality ($6 for turkey lunch meat sandwich with no cheese) Keep driving if you're on the highway, otherwise bring a book and get the tuna melt.
• • •
Public - 5 years ago
reviewed 5 years ago