With symmetric encryption, when you encrypt with the same encryption key, you WILL get the same output that can be decrypted using the same key.

With password based encryption, you start with a passphrase and a salt, The passphrase and salt are combined and then run through a secure hash an agreed number of times. The resulting hash is the encryption key that is used with the cipher to perform the actual encryption. The salt and iteration count are why you can reuse the same passphrase.

In this context, if you alter the salt or number of iterations, you will get a different encryption key for the same passphrase and the resulting cipher text will be different. Of course, you should never encrypt using a straight block cipher but rather should use something like cipher block chaining (CBC) which uses the results of the previous encryption to seed the encryption of the next block to encrypt. This action helps to make cryptanalysis harder on the resulting encrypted code.

In simpler terms:
CipherText = Encrypt(passphrase, salt, interations, ciphermode, Plaintext).
PlainText = Decrypt(passphrase, salt, interations, ciphermode, CipherText)

This is nothing new - I have written about it my responses for years. I worked for a company that developed a system that was being considered by Homeland Security when I left in 2009.

In the early 2ks, there were a multitude of records management systems in use by public safety. Our system was designed for small and medium size departments- large cities were not our forte.

There was a lot of data and no way to correlate it among departments in the same counties, let alone state or federal levels. The system we devised worked seemlessly with our customer's and it allowed them to decide what information they desired to share. And, more importantly, they could just as easily shutdown that access. We adapted our system to be able to pull dta from other vendor systems. And, it was noticed. Every incident, ticket, arrest was instantly searchable...from a national level in under seven seconds. It didn't use links.

Our system wasn't the first, just one that worked...welll..really well. States were receiving grants from the Feds and a lot was funneled into academic research. GJXDM and subsequent NIEM models were built. The FBI also was looking at a system of their own design.

States such as Ohio, Wisconsin, Florida, PA, NJ and others all had systems...they just werent unified. I would suspect that, if the article is true and NCIS became the keepers, it was for national security reasons.

None of this is new. How many of you knew that most departments couldnt communicate with those in other counties by radio because of lack of standards? Legislation was passed to help them all be able to communicate in the interest of national security. We were in two wars and fighting an unseen one. Yet, a cop who pulled someone over in one county might not know that when the same vehicle was pulled over again...five minutes away.

Our system alerted an officer to one such routine stop. First time, there was no probable cause to search the vehicle. A few minutes later, the vehicle was pulled over again. But, the last stop was in the system and the officer approached the car with caution. Shots were fired as the officer approached and he was hit - but, not before neutralizing the threat. He had a vest and lived.

NCIC would not have had the realtime data. Our system did. I suspect the system in question is also near-realtime.

Is it spying? Perhaps at some level. But, it is a database of public safety info. Yes, your tattoos and tramp stamps are in the system if you were arrested. They help identify gangs or indicate when a rival gang is moving into a new territory, believe it or not.

Is the system here collecting more information about ongoing investigations or public information or information pertinent to law enforcement doing their duty?

And, FYI, a cop doesn't need permission to run your plates - that rule varies state by state. Often, it is a hit against a state run DMV or parking authority that gives the probable cause to run a full check. Do some abuse this power? Maybe. Most cops I knew

No. Refusing to do a task is insubordination and grounds for termination. Under those conditions, you can apply for benefits but may be rejected and the company can fight to keep you from getting benefits. They might lose. But, you still have to live while you appeal. The alternative is to quit. In that case, you get no benefits . Stuck between a rock and a hard place.

Correct. While some may not appreciate this, it's the compilation and interpretation of the links that provides value.

I learned this, first hand, when I had opportunities to read published "classified" documents as part of my military duties. My first thought was, like, "No Shit Shirlock...this is common knowledge." The information sources that were cited in the paper were all public domain or common, open sources, and readily available and even were the subject of discussions I had made with my peers. However, it was the analysis of the information, the common threads, and the meaning the analyst derived from that information that made it a classified document.

The point I took away from this article is not that there is not a shortage of capable works. Instead, it's a shortage of capable workers willing to work at the salaries and rates being offered. The VISA opportunities, as stated in the article, have enabled positions to be filled with qualified individuals at a substantially lower cost. In many cases, the job positions are created with the specific goal of filling with someone offshore. While this works out well for corporations, Sadly, this puts American workers at a serious disadvantage since they still have to live in this environment.

I have no qualms with hiring someone from overseas who has a passion for the work and willing to work for a little less. I do have issues hiring someone just because they can do it cheaper. My experience is the latter costs more in the end while the former can be a great bargain. Nonetheless, I still would prefer to see those jobs go to Americans first, those with passion second, and finally qualified but lower-cost last.

I had mod points but couldn't decide to respond with "Funny" or "Insightful". Seriously. There are elements of both in your statement.

Being an old fart myself, I grew up in the era of C, C++, VB, DELPHI, JAVA, JS. Today, the platform of choice is not the desktop, it's mobile. The SPA style makes it possible to target mobile either as responsive format or as a hybrid using something like PhoneGap/Cordova. Granted, someone still needs to write the frameworks and interpreters to run the SPA so the other tools and skillsets are still a necessity. But, a programmer can make a good living if they know how write a SPA.

As for learning new tricks? I see two approaches: 1) Refactor, redesign and recode an existing program you've written and know well in the past using the new paradigm or 2) Start with something new.

In the early 80's a friend of mine decided to learn to program. He decided to write a game for the Commodore PET (okay, you KNOW I'm old). He started with an idea, asked for assistance when he needed to learn a new construct for the hackers around him. His game was character based (we didn't have the graphics cards at school). The game became immensely popular among students and evening adult students. One morning, he came and the disk he shared (for him, he considered it PD) and was developing on was missing (they only gave us one). Our guess is that someone really liked it. Two years later, a game came out on the early Mac. It had REAL graphics. But, it was HIS game now being sold commercially.

Moral? Just because you don't know something now, you can still make a contribution.

Glad somebody modded it up. That really was funny.

Let us all know if this works....The deer and rabbits decimate my wife's garden every year. Somewhere in my basement, I have a 200KV power supply....a little motion sensor to kick off the spark gaps...hmmmmm.

Wow! Someone states an apparent truth and it gets marked down to -1 so nobody sees it - it's not the message the Android and Samsung fans want to hear, apparently. But, the original poster is correct, if this happened on with Apple, there would be no "mis-understanding" as to whether this was intentional or not on this site.

And, legislators quickly ammended the law to close the loophole and is on the governor's desk awaiting signature. Unfortunately, the guy will get off (more was than one). Next guy won't be so lucky.

Uh no. It will give you access to many things and help pave the way. If the policy of a company is not disclose the information without a court order, the Executor can request one on behalf of the Estate. If the court agrees the request is reasonable (in this case, it probably is), you get the order. Just make sure to file in the right jurisdiction so the order will be followed. Often, this is based on the state where the company filed their incorporation papers.

That's why you designate an Executor in your Will and Last Testament. The Executor doesn't have to be a family member so the responsibility doesnt have to fall upon a grieving family. Executorship gives them the legal authority to act on the deceased's behalf with the courts. But, I am not sure that every state or other countries have to honor that authority. And, if you don't have a Will, the responsibility goes to the State's Probate Court - seldom a good idea. Write a Will and assign an Executor.

No. Never said anything of the sort. I said that for Apple to legally comply, they would require a court order and to make sure that the machine is legally the property of the Estate and that DRM protected items remain as such, and privacy is not violated. When Apple gets the court order, they will comply with that order and within the letter of the law. If they don't, that's another story altogether, isn't it?

It should give you time to pause and reflect to make sure that you have your affairs in order when it comes to your digital assets should you pass away. The fate of digital assets when someone dies is still, pretty much, a crapshoot, with few companies having stated policies on the matter or legal precedence set.

Clearly, the owner of the device has passed and the license for the DRM is non-transferrable. Apple has an obligation, under contract, to protect that content since the original licensee - has, sadly, passed away. This is is an issue that should be taken up by the higher courts and resolved as our laws have not evolved as quickly as technology. Yes, I feel for the family and I understand their frustration. At the same time, I can see Apple's reluctance to just unlock the device because someone arbitrarily says so and risk opening themselves up to litigation.

And, I would encourage you to think about such things as you prepare your own Will so as to prevent such a situation for those in your family when the time comes. Make sure that important account information is left in the Will or with people you trust. It's not something most people think about, is it? Maybe, its time we do.

So, how exactly, does that make Apple or me a bunch of douche bags?

I have read most of the comments up until now. Frankly, most seem as if they were written by a bunch of Apple haters.

The article clearly states that while Apple acknowledges the woman is dead and the person to be the executor of her account, they require a court order and/or proof she is the rightful owner of the device. Why?

We have no reason to doubt the the executor or the heirs that the device belonged to her. But, being unable to provide the unlock code to her iPad nor her Apple Id and associated password (which, could instantly demonstrate it was her device via their FindMyIPhone service), Apple is unwilling to unlock it. They demand further proof of ownership (or, prior ownership).

Why?

First, there are DRM considerations. When a person uses an Apple device and "purchases" certain products through iTunes, they have a non-transferable license to use that material. Unlocking the device, without court order, could subject Apple to litigation by the owners of the DRM software.

Let's assume that the person presenting the iDevice is the legal heir to the device (i.e. it belonged to the deceased and bequeathed to them). Apple is asking for a court order directing them to access the device and remove their legal liability for providing such access to the data on the device and the the violation of privacy. If it were a house or vault, would you not want to make sure that the person you are giving the keys has a legal right to enter the premises?

Next, let's consider the owner has email accounts. The iDevice will, likely, automatically access those email accounts. Services such as FaceBook, Yahoo!, Hotmail, and GMail try to protect the ownership of the private content of those systems - people have a right to an expectation of privacy - even after death. It's in their terms of service. As an heir, you may or may not have a legal right to access those accounts of the deceased individual.

Just last year, I think it was, there was a case where the family of a deceased soldier wanted access to his email. It was denied by the company until a court order was granted.

If Apple unlocks the device and such services are accessed without human interaction (originally, the grandmother had access since she knew the code), you have just violated her privacy (dead or not). Would YOU want to be on the receiving end of a lawsuit where there was information in those private accounts that caused harm to another individual she communicated with via those email accounts? Perhaps, she had a secret life and wanted it kept that way? Maybe she was the mistress of a married man and the disclosure would bring that to light, destroy what was left of his marriage, or open him to a civil litigation? Or, maybe, even a claim against the family of the deceased woman which might go after her assets.

We all kick and scream here about privacy. And, when a company, such as Apple ACTUALLY tries to do the right thing in protecting it, they are scorned and hated. That's why I say it sounds like most of the posts here are from Apple haters.

Let the family produce a court order to have Apple access the device. Apple can look up the serial number (assuming she registered the device) and find the associated Apple ID. And, one would presume they could then unlock the device if in their physical possession (assuming, there isn't some master unlock command they can send). They would, legally, have to wipe the DRM material from the devices or follow other instructions in the court order. And, to keep themselves out of trouble, delete the email accounts and other apps that might automatically log in to a private system BEFORE turning it over to the Executor (unless, the court order grants them legal and civil protection).

Pictures and documents might be stored on cloud services vs on the device itself. In that former case, I hope the family has the passwords to those services so they can access them.

As I get older, I realize that there is a possibility I could die anytime. And, I have to consider what I would want others to know about my "private" life or whether I would want full disclosure upon my death. It makes me think that it might be prudent to have instructions written into my Will and Last Testament so the Executor can carry out those final wishes with my electronic devices and online accounts without ambiguity. Definitely, something to think about.

People in our office respect the privacy of others. But, when collaboration is needed, having the people there makes all the difference - either for a quick discussion or to setup a conference room (so, as not to disturb others who are also working).

Besides, it keeps me from going nuts working out of my home office all day without seeing or speaking to another soul - humans are meant to be social creatures.

It's going to snow again tonight....I miss the office already...sigh.

They might be able to file for the business sake. But, technically, they are still on the hook for the lost value of the bitcoins. Bankruptcy doesn't free you of negligent or fraudulent action. Wouldn't want to be them.

I had an interesting run-in with the former head of our school board - seems he didn't care for a comment I made regarding issues of outsourcing. Turns out, he represented himself for years (10) as a local recruiter and project manager. Nobody challenged him during his tenure - they took him at his word that he represented US workers (vs US corporations). Turns out, he acts as a project manager for offshoring jobs. His website stated this rather clearly. Yet, nobody knew.

Our school district, once a very good one and highly rated, has had few students accepted in Ivy League and top tier schools since he took office. They programs were changed. And, while STEM was still taught, the level at which they are taught was subpar. This made it far easier for him to fill positions that should have been local with offshore workers where more emphasis was placed on STEM. Thankfully, he is no longer at the helm. But, the damage has been done and it will take years for the 10,000 students he and the rest of the school board disadvantaged during his tenure.

And, don't get me started on the change in curriculum that demphasised the arts and extended the school day with useless electives due to a deficit that was proven to be a $133M surplus but hidden in the budget.