Schneier on Security

Clive Robinson • February 6, 2026 11:09 AM

@ ALL,

Remember we’ve been through this routine before…

The FBI and DOJ ended up taking Apple to court thinking Apple would cave or loose in court thus president would be set that they could hit the rest of the industry with.

Tim Cook for reasons he’s never made clear decided to fight not just in court but publicly.

It became clear that “the psychopaths” in the DoJ and FBI were lying to the magistrate in many respects in particular about what might be on the phone. In effect trying to falsely argue exigent circumstances of cataclysmic potential etc etc.

They quickly began to loose as the Magistrate fairly clearly was not buying into their nonsense. And the adverse publicity ment that there was no way the magistrate could double back…

So at the last minute before what would have been a vary adverse for the DoJ president was handed down some how miraculously a company came up with a solution and the DoJ Psychos pulled the rip cord…

And as they say –when people don’t believe such things happen–,

“How very convenient for them!”

So the DoJ and FBI were left with a status quo they were very unhappy with awaiting a new opportunity to get something they can use to make case law with…

And so far they’ve not been given it or more likely have decided to “keep their powder dry”.

So things have moved on. The use of E2EE has tacit approval from other parts of the US Gov and the battle ground has shifted to “Client Side Scanning” which unfortunately Apple started then botched then stopped.

However both Google and Microsoft are just about “all in” for Client Side Scanning… Because it gives them “oh such more” access to confidential and private information on peoples phones and computers they can commoditize to Data Brokers and worse, a lot worse, organisations like Palantir run by what someone described as the “Psycho-Overlord” with “Skin so thin and a desire for revenge that can not be slated”… With the Hulk Hogan case used to explain that the Palantir owner is not just venal and crazy but a full on nut job.

With recently a French streamer getting their bank account frozen just a very short time after they joked about the crazy and Thiel had a significant investment in the bank “Qonto”…

https://m.youtube.com/watch?v=7wjFK59kt5Q

https://xcancel.com/Ced_haurus/status/2018716889191498172

(Sorry neither are in english)

You can find a less “bat shit crazy bio” of the Palantir founders at,

https://www.newstatesman.com/culture/books/book-of-the-day/2025/11/all-your-data-belongs-to-us-the-rise-of-palantir

It kind of matches what I’ve been warning about for some time now on this blog and other places…

Clive Robinson • February 6, 2026 12:03 PM

@ ALL,

It would appear that the FBI are being very coy about the strong arm tactics they used and say an agent “assisted her” and she apparently has no legal right of saying currently who or what they did…

As I keep pointing out,

1, Convenience trumps security.
2, Of the three authentication factors only “something you know” had anything remotely like security.

It’s why some time ago I added to sub-factors to “something you know” of,

1, A geospatial “place you know”
2, A temporal “at a time you know”

That kick in after a preset time you know. And any attempt after that time to use ordinary access methods causes the “in chip RAM” held keys to be toasted.

It’s not perfect because of the very poor security approach by all consumer and commercial OS’s and Apps, but it’s kind of a start.

Some years ago now @Nick P and myself had a series of conversations on this blog about using duress systems that could not be compelled because they were “out of jurisdiction” and used “M of N key shares” encrypted under the devices “PubKey” with the “Privet Key” generated and held only on the device in a volatile way. Thus the defendent could reasonably argue in court that,

1, They never had access to the key
2, It could be shown why they could be prevented from knowing it by “policy”.

Now of course we have to look at how to cone up with strong ways to prevent “Client Side Scanning”…

It’s something that “AI with everything” makes the perfect tool for Microsoft and Google to steal every “personal and private” piece of Information you would want to keep “private” and have a right to do so in many places.

But the reality is we are loosing these battles as “Big Tech” of Silicon Valley etc has to “Deal with Guard Labour” because Governments are not “fiscally responsible” and increasingly “authoritarian”.

If you know people from pre 1989 of Russian occupied / or aligned mafia government countries, it might be worth while chatting about how they evaded “Social Surveillance”. Mostly I suspect by well tested “old school OpSec methods” and an abundance of caution that would make a betrayal by a second party to a third party effectively fully deniable.

There are ways to do it but currently they all have issues. As,

“Bretrayal usually starts with Collusion.”

Of things like “Key Material”(KeyMat) prior to the first party transmitting a message.

Clive Robinson • February 6, 2026 12:57 PM

@ Bruce, Moderator,

I’m seeing increasing numbers of “429” reports when posting…

Sometimes when I’ve not posted for hours.

Clive Robinson • February 6, 2026 6:45 PM

@ Let_me_assist_you!

The story is behind a paywall so I’ve not seen it on 404 Media.

However just doing a DuckDuckGo search on the articles title pulls up many other more technical sites, that are not Paywalled.

Each one appears to have different parts of the story in more depth than others so you can “read around” you could start with the ARSTech site,

https://arstechnica.com/tech-policy/2026/02/fbi-stymied-by-apples-lockdown-mode-after-seizing-journalists-iphone/

In there you will find that the journalist said she did not use bio-metrics when asked by the FBI and she apparently does not on her personal devices. However the FBI say that after compelling her her finger opened the laptop. They then go on to make a big play that she was obviously lying…

The thing is she probably does not use biometrics on her work supplied computer if she does not use them on her own devices (there is case law on this sort of behavioural evidence). So it’s more than possible she was required by “Employer Policy” to set up biometrics at the time it was issued and she has not used biometrics since.

Most “Employer Policy” is vague to give ICT-Suppprt lattitude in how devices are set-up. And making a change to such a configuration can get you dismissed by some employers…

As foe the WaPo offices or other WaPo or Journalists devices I have no knowledge. However if you read the ARS article it sais the suspect not the journalist gave consent in some way for the FBI to send messages to the journalist under their over-watch.

Normally that would be a big No No, and I suspect it was “compelled” even though the FBI say “consent”. Because “compelling” if sufficiently proved would give rise to questions about Entrapment and Fruit of the poisoned vine which the FBI / DoJ really do not want brought into court and you can bet a $2bill that they will spend a very large chunk of tax pay money arguing this out, if for no other reason than to bankrupt the defendant (lets just say it’s “standard policy” as are generic conspiracy charges and similar).

As for why did she keep the work PC with her, probably WaPo Policy… And due to restructuring she may not even have a designated work space in the office…

I suspect there will be conversations with the WaPo accountants at some point but remember who owns the WaPo and their more usual Corporate Policy…

It has previously been argued it was a vanity purchase but from,

https://en.wikipedia.org/wiki/The_Washington_Post

It’s all the indicators of being asset stripped with bureaus being closed and focus shifted to just Washington politics. As a result it now has a shrinking circulation that is now well below 100k/day.

To be honest I’ve not looked at any of it since Kashogi got butcherd by a House of Saud employee. I followed the political fall out and attacks from the House of Saud on the owner in other MSM outlets.

As you ask with,

“Anyone care to comment about the wisdom of that practice?”

Since before this blog existed I’ve commented on the stupidity of neo-con short term thinking, that has hollowed out many Western corporations and Nations leaving them not just vulnerable but fragile. And it’s no surprise that China and the US are in the positions they are in…

China does not actually have to do very much to bring the US down. It is now powerful enough to stop trading in USD… The fact that it has not says much about how China sees it’s future in short time scales. It realises that it can wait for the executive to burger it’s self to death and the US GOP to fall into disfavour with an increasingly disenfranchised US Population…

With the EU kicking the tax avoiding US corporates and having lost interest in investing in the US markets, for the same reasons things are not going well in the US economy…

Though if it was me, I’d be getting rid of US assets reasonably quickly. The US clearly does not have a “Golden Goose” with AI and as the “churn” in the US economy appears to be on worthless “nothing burger AI announcements” for VC’s without resources to back their plays, as there is no money… The promise of data centers happening and earning any profit at all is at best slim. I’ve seen realistic projections that OpenAI probably won’t exist in a couple of years due to it’s “burn rate” and increasingly useless activity unless either Microsoft or the USG buys it out then Oracle will very likely fold if it starts to “build” and likewise other Current AI LLM and ML Systems will likewise fail.

Put simply LLMs and ML as currently put together are not scaling up, and the input garbage for training data is increasingly the CRUD early AI’s have generated, thus a downward spiral is all but guaranteed.

The simple fact is the Current AI LLM and ML Systems are doomed for “general use and AGI etc” because they are being designed wrong…