"Tim Cook, the C.E.O. of Apple, which has been ordered to help the F.B.I. get into the cell phone of the San Bernardino shooters, wrote in an angry open letter this week that “the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create.” The second part of that formulation has rightly received a great deal of attention: Should a back door be built into devices that are used for encrypted communications? Would that keep us safe from terrorists, or merely make everyone more vulnerable to hackers, as well as to mass government surveillance? But the first part is also potentially insidious, for reasons that go well beyond privacy rights.
The simple but strange question here is exactly the one that Cook formulates. What happens when the government goes to court to demand that you give it something that you do not have? No one has it, in fact, because it doesn’t exist. What if the government then proceeds to order you to construct, design, invent, or somehow conjure up the thing it wants? Must you?"
You go to prison. For anyone familiar with what happened in Russia during the Stalinist era the US's current trajectory is clear. It doesn't matter that what the state is telling you to do is impossible - the only relevant fact is that you're not complying, and are therefore an enemy of the people (the state).
We'll be finding out how Tim runs a secret paedophile ring, or how he has been laundering money, or how he has been supporting IS through action and/or inaction. HUAC will return, lazarus like, but you'll call it the centre for American improvement or some such shit. Remember Chaplin?
Anyway. That's one potential future, an actual past, and while the apparatus is more subtle this time, it's the same old forces doing the same old things.
That works for Qwest's CEOs, but probably not Apple's.
If this is the endgame, it's good that computers exist. Without Twitter, the public might believe absurd lies.
Nowadays, the lies would have to be pretty nuanced to have an effect.
Of course, there's something to be said for overwhelming power. If those in the government really want their way, and all three branches refuse to yield, and none of us can control who are in those branches, is there really anything we can do to stop it?
Luckily, this is roughly as likely as the moon disappearing. For now.
> Nowadays, the lies would have to be pretty nuanced to have an effect.
You mean like "Iraq has weapons of Mass Destruction, honest! So USA must preemptively invade a sovereign nation." Or, "Obama is a Muslim!" which 29% of polled people believed as late as 9/2015.
You vastly overestimate the sophistication of the American populace.
The romans were already capable of creating pretty nuanced lies. I'm very certain we are, too.
As for control of public opinion in the age of the internet, I don't think it's hard at all. First of all, we have several industries that are focused on just that - PR, advertising, political spin-doctors - and secondly those industries get more and more sophisticated tools through modern data collection...
> That works for Qwest's CEOs, but probably not Apple's.
For everyone else's sake, this appears to be a reference to Joseph Nacchio [1]. I hadn't heard of him before. It's a weird feeling to have sympathy for someone who has resources enough to bring their criminal case through appeals all the way to the Supreme Court. From the wikipedia article alone, I have no idea what to believe.
> It's a weird feeling to have sympathy for someone who has resources enough to bring their criminal case through appeals all the way to the Supreme Court.
Why would that matter?! Do you seriously believe that because someone has the financial ability to actually protect his rights that they're somehow beneath your ability to have sympathy?
People often believe "facts" more due to their own preconceived biases than due to logical investigation. So any reports that support their position are obviously the truth. Likewise, they dismiss reports that are contrary to their position.
There are lots of examples one could use as proof - recently Donald Trump. Notice there's absolutely no one in the middle? You're either fully behind him or your completely against him. Any time you see a highly polarized issue, I'd recommend asking yourself why there's no middle ground. Often it's because there's also no rationale for the extremes.
How do we use the scientific method on issues like this? Even our historical perspectives hold biases - and sometimes it's hard to collect a large enough sample size to have confidence in your conclusion.
This is very important for us because we think we can change the minds of people (at least the people who do not have a direct. malicious motivation). We think that if the facts are out, people will support the facts. This is not the complete truth (if it is true at all):
> Facts don’t necessarily have the power to change our minds. In fact, quite the opposite. In a series of studies in 2005 and 2006, researchers at the University of Michigan found that when misinformed people, particularly political partisans, were exposed to corrected facts in news stories, they rarely changed their minds. In fact, they often became even more strongly set in their beliefs. Facts, they found, were not curing misinformation. Like an underpowered antibiotic, facts could actually make misinformation even stronger.
One hypothesis imho worth exploring: how much does presentation matter? can we present the same facts in a way that is more pallatable? what if we tried to coax the audience into believing they came to the conclusion from the facts themselves?
I think I identified the problem. Hey, let's boil down all complex answers to complex problems along a 1-dimensional axis and then completely and voluntarily ignore half that axis! What could possibly go wrong?
> how much does presentation matter?
A lot, in my experience trying to change minds.
> can we present the same facts in a way that is more pallatable?
Humor is perfect for this. "If you want to tell people the truth, make them laugh, otherwise they'll kill you." -Oscar Wilde
> what if we tried to coax the audience into believing they came to the conclusion from the facts themselves?
This is much easier to do on an individual basis than en masse. You basically hand-hold someone down their line of thinking until you get to the dissonance, then comes the important bit, you take a step back. If the person feels coerced in any way, they will push back, which is why you simply try to walk them down their own train of thought. Eventually they will stumble, especially if you gently lay some facts in the way... At all times you must respect their opinion.
All of this would be much easier if people didn't tie their egos to their beliefs so tightly.
Definitely presentation is a huge factor. Presidential elections are great examples. If a good orator says something enough times, with conviction in a nice package people will believe it.
During Bill Clinton's first run for office against H.W.Bush, Al Gore said over and over, "Folks tickle down economics just don't work. We have proof.... " He was lying through his teeth yet people believed it. History clearly shows that despite record spending 10 out of the twelve years Reagan and bush were in office they lowered taxes and had an increase in income revenues.
> You're either fully behind him or your completely against him. Any time you see a highly polarized issue, I'd recommend asking yourself why there's no middle ground.
Easy enough. Some people take principled stands on issues, even when it's not always politically convenient. If you disagree with them, you are wrong, even if you are well-meaning. Even their political enemies can be seen giving them respect - Scalia and Ginsburg were good friends!
Some people take populist stands on issues, appeal to one group by attacking another - the Establishment Candidates in Washington, the 1%, immigrants, whoever. If you disagree with them, you are stupid or a bad person. "Neutral ground" is enemy territory.
This would have been better for apple if it kept its mouth shut like its other sister companies who mostly have been mute despite it all over the years lol
"Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity."[0][1]
I'd love to believe that twitter could be a counterbalance, but it can also be an amplifier - any lie repeated long and loud enough becomes truth - particularly when twitter streams are "algorithmicly driven", and can therefore be filtered to give whatever sentiment more precedence.
> Nowadays, the lies would have to be pretty nuanced to have an effect.
Actually no. Most people are jaded or just don't care. Lots of things the govt says are easily demonstrable lies but not enough people that matter care so they lie with impunity. The quality of the lie doesn't matter as long as not enough people (or the people that matter) care.
>> If this is the endgame, it's good that computers exist.
>> Without Twitter, the public might believe absurd lies.
>> Nowadays, the lies would have to be pretty nuanced to
>> have an effect.
I completely disagree. Just look at the presidential candidates: someone who is regarded as a serial liar, someone who wants to give everything for free yet is ridiculed for not understanding economics, a billionaire who takes opposite sides of issues even on the same day, a brain surgeon who is forgotten in the polls, etc.
People believe many things even without a single shred of proof. "Crowdsourcing of truth" should be the meme of Twitter.
It very much annoys me to see headlines posted as the fact of what someone said. I actually watched the interview just now to verify, because the headline didn't sound like something Nacchio would say.
"I give Apple a lot of credit for being principled." - Joe Nacchio (starting 1:44)
Nacchio is saying Apple is going to lose, and that he fears they will retaliate against Apple. But he's not saying Apple is wrong to push back. He's saying Apple picked the wrong case to fight.
A simple gloss of the shooter's Facebook would have showed a rabid sympathizer for anti-American terrorists and a strong support of violence against civilians. The FBI can' be assed to check Facebook, but they want access to all our encryption to stop terrorists?
And the Boston bombers had been specifically pointed out to US law enforcement by more than one foreign intelligence agency, and they made no move to stop them.
Saying they need more power to surveil us is just ludicrous given they ignore in your face public data, or credible tips already.
I think the biggest problem is that the USA seems to be in the business of creating terrorists. We send troops all over the world and undermine governments - even the US diplomats say that they are responsible for US "economic interests". That value system is creating this unstable world.
Do you think they would actually be doing a good job if you (public) knew about the instances surveillance helped? If you were tasked with catching terrorist, what would you do?
Yes, if the TSA had stopped a single terrorist, they'd be at least stating a number, if not the facts. Given they won't even give a ball park number is pretty good evidence it is a big fat zero like all the investigative journalism has found. Not like organizations like the TSA can keep a secret.
Why would they be stating the number? How can they know if they intimidated or prevented attacks by mere existence? Statistically, mere police patrol presence reduces crime, which is not directly related to detective work.
But, TSA is kind of parallel to surveillance, my question was about whether we could possible judge the success of that, and other intelligence in the most secretive of government operations.
"Here, Apple engineers are effectively being conscripted to build forensic software — a hacking app — for the FBI." "Instead of being asked to hand over its own information, Apple is being instructed to help hack into someone else’s — someone whose only connection to the company was owning a phone that Apple produced."
"That’s a particular stretch because (as Apple argues in another ongoing case) Congress has already passed a federal law outlining exactly what companies must do to help police spy on digital messages: the Communications Assistance for Law Enforcement Act of 1992." (1)
A "hacking OS" more precisely. Now compare what is being requested with the apparent legal basis for it:
"(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction."
-
That's really the whole act!
Which FBI claims to simply mean "we can order anything to anybody" including ordering Apple to make "a special operating system," and then later, obviously, even the special chips to allow FBI to snoop continuously, if they want. It's not an accident.
Should this particular act be allowed to be used to effectively ban encryption? That's how much is at stake.
It was suggested to me that Apple could argue against "we can krder anyone to do anything" using the 13th amendment which abolishes "involuntary servitude". It's a stretch, and according to Wikipedia, the amendment is rarely used, but the same could be said for All Writs...
No tinfoil intended here, but it strikes me as very unfortunate that the Supreme Court Justice most likely to be opposed to this recently passed away last weekend.
In my not-a-lawyer opinion, I think that Apple will absolutely take this as far as it can. With only an 8-member court, Anthony Kennedy becomes even more important than ever.
We should be lobbying SCOTUS harder now than ever before. We need them to rule against this far more than we need to be calling congress people.
We need the Supreme Court to act with the effect of precedent. But I'm not optimistic. We would need Roberts and Thomas to back off their national security platforms, and we need RBG and Kagan to understand the problem better.
Kennedy is a wildcard, but if we can explain the issue in plain English to those key people and get them to agree, this is doable. Alito and Sotomayor will fall in line.
If we do our jobs as members of the body politic, write amicus briefs, and hound the members of the court, this is doable.
Thomas and Roberts can be swayed. So can RBG and Kagan. It would be an easier 5-4 decision with Scalia still around, but this is possible without him, and we need to focus our efforts.
I'll be putting my money where my mouth is over the weekend and creating a website that submits comments to the individual justices. I'll also be asking for help/edits on the boilerplate I'm offering as a starting point.
Did you see Robert Cringely's article where he comes to a very similar conclusion? Ironically, although he sees the same gambit, the two of you seem to be interpreting the situation completely opposite. If I'm reading you both right, you believe Scalia was the most likely to side with Apple, whereas he thinks Scalia was a sure vote for the FBI?
What’s going on is Justice Antonin Scalia is dead.
Had Justice Scalia not died unexpectedly a few days ago
(notably before the Apple/FBI dustup) and had the FBI
pursued the case with it landing finally in the Supreme
Court, well the FBI would have probably won the case 5-4.
Maybe not, but probably.
With Justice Scalia dead and any possible replacement
locked in a Republican-induced coma, the now eight-member
Supreme Court has nominally four liberal and four
conservative justices but at least 1.5 of those
conservatives (Justice Kennedy and sometimes Chief Justice
Roberts) have been known to turn moderate on certain
decisions. This smaller court, which will apparently judge
all cases for the next couple years, is likely to be more
moderate than the Scalia Court ever was.
So if you are a President who is a lawyer and former
teacher of constitutional law and you’ve come over time to
see that this idea of secret backdoors into encrypted
devices is not really a good idea, but one that’s going to
come up again and again pushed by nearly everyone from the
other political party (and even a few from your own)
wouldn’t right now be the best of all possible times to
kinda-sorta fight this fight all the way to the Supreme
Court and lose?
If it doesn’t go all the way to the Supremes, there’s no
chance to set a strong legal precedent and this issue will
come back again and again and again.
That’s what I am pretty sure is happening.
I did see that, and I think that Cringley is--like many other people who haven't paid attention--seriously misinterpreting Scalia's history on the court.
My own, admittedly amateur, interpretation is that he's largely internally consistent with his ideas of protecting person freedoms and advocating in favor of judicial restraint.
I see citizens united as an exanpsion of Scalia's attitude about protecting personal freedoms (and this is an expansion I disagree with, btw). His logic in Bergofell was that the court doesn't have the authority to meddle further in religious matters than it already has and needs to exercise restraint.
In my opinion, the argument is stronger in Bergofell than it is in Citizens United, even though I agree with the result of the former and disagree with the latter.
I could be incredibly wrong, but I think that over 30 years, Scalia has been a champion of individual rights and protections more often than not. Much to various people's chagrin at different times.
That has sometimes led to good results and sometimes led to bad. I feel comfortable in this case making the assertion that Scalia would have definitively come down on the side of Apple, and done so in the heavy-handed manner that he was known for and probably persuaded a fence justice like Kennedy to side with him in this case. But possibly also bringing RBG in with him at the same time.
Yes, it's all prognostication at this point, and I know that. But in my opinion, the bigger picture of Scalia outside of Citizens United and Obergefell are the history of someone who would have opposed the order against Apple.
Cringley is just being Cringely: bigoted, hateful, and wrong. As usual.
But then again, I could be really wrong. It does happen sometimes.
Not everyone's individual rights. I didn't see Scalia standing up for my right to do what I want with my female body, for instance. (I know the counterargument is that fetal rights are more important, but then the fact remains: not my rights.)
Scalia also didn't think that women were protected from discriminatory laws under the equal protection clause of the 14th amendment (interview in California Lawyer, 2011).
I just have to conclude he thought some individuals (and corporations) were more equal -- and have more rights -- than others.
Because he's a strict Constitutionalist. I would suggest a review of his actual written opinions. They are spectacularly in favor of a strict interpretation of the Constitution. His Obamacare dissent is a great recent example: the civil liberty to not be compelled to buy a product.
Also look at Texas v Johnson, Maryland v. King, Kyllo v. United, Florida v Jardines.
Scalia would almost certainly be on Apple's side in this because it represents not a question of legislation but a question of the power of the state.
It's easy to dislike Scalia based on decisions not going the way one's personal convictions would hope, but in questions regarding the power of the state, Scalia is very clear. Remember Scalia defended flag burning as well as opposing thermal imaging into a private home without a warrant. He also opposed involuntary DNA submission -- definitely read the opinions and not simply examine the outcomes.
I love how people keep going back to him being a defender of state's rights, but conveniently forget about cases such as the Bush vs Gore recount, where he specifically took away the state's right to recount, with some disastrous consequences
And there are other examples as well.
People want/like to think of him as a defender of the Constitution. Great. But consistent, he never was.
Just thinking back in recent history, U.S. v. Jones (2012) [0], Scalia writing for the majority of the court [1]:
> The Government physically occupied private property for the purpose of obtaining information. We have no doubt that such a physical intrusion would have been considered a “search” within the meaning of the Fourth Amendment when it was adopted.
But additionally, he argues that without the physical intrusion, long term tracking via GPS may be permissible:
> The concurrence posits that “relatively short-term monitoring of a person’s movements on public streets” is okay, but that “the use of longer term GPS monitoring in investigations of most offenses” is no good. ... That introduces yet another novelty into our jurisprudence. There is no precedent for the proposition that whether a search has occurred depends on the nature of the crime being investigated. And even accepting that novelty, it remains unexplained why a 4-week investigation is “surely” too long and why a drug-trafficking conspiracy involving sub-stantial amounts of cash and narcotics is not an “extra-ordinary offens[e]” which may permit longer observation.
So at a clip, I'd go with my usual and say that Scalia had an independent mind that tried to balance a original reading of the Constitution with federal law. How he'd land on the Apple case is entirely unclear.
Scalia was hoping mad about the Obamacare decision that, among other things was an attempt by the state to force a citizen to buy a product. I won't rehash the arguments, they are well known, but the short answer is that Scalia would likely be opposed to forcing a company to build something. If the 'something' existed already, there might be a different argument to make considering that there isn't a 4th Amendment question (as the perpetrator is dead.) The idea of the state to compel an entity to build something (which is the same as forcing them to buy something as they must spend money buying the labor to build it,) would be, in Scalia's view, against the Constitution.
The plaintiffs would have to prove with substantial weight that there is a national security issue (i.e. An imminent threat.) That would be hard to prove as the government is really just investigating and fishing as opposed to having proof there's a nuclear launch code on the phone. I would suspect the 9th Circuit would rule in favor of Apple.. As such a 4-4 Supreme Court would by default result in the 9th Court decision standing.
I tend to agree with you. It is strange in the sense that the government is free to build such software itself, and subpoena Apple for such knowledge to do so, but instead is compelling Apple to act in a substantial way. For Scalia's reductio ad absurdum, could the govt use All Writs to force a safe maker out on the battlefield in Afghanistan to open a safe? If Apple had a working quantum computer, could they be compelled to use it to aid the govt? What's the limit on All Writs if this instance were upheld?
What is the ruling that prevents this exactly? There needs to be some basis, and considering the circumstances (individual warrant, not even property of the terrorist) I have a hard time seeing the constitutional argument here that is related to any right to privacy.
Based off of the ruling handed down by the judge, it sounds like you could only rule that the work demanded of Apple is too onerous... I feel like that won't accomplish much though. I feel like this situation is pretty orthogonal to a ruling against any "Mandatory Backdoor" laws (which is the holy grail for us at this point)
"(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction."
a reasonable legal ground in this case to demand from a company to develop anything, in this case a special version of the operating system? Does this act mean "we can order anything to anybody"? Especially when there is "the Communications Assistance for Law Enforcement Act of 1992."
If anything goes, as "All Writs" is tried to be used by the FBI now, we don't need any other laws. "All Writs" rules.
> No tinfoil intended here, but it strikes me as very unfortunate that the Supreme Court Justice most likely to be opposed to this recently passed away last weekend.
I know Scalia fans like to believe this, but you are dead wrong. It would all depend on how the Republican/Conservative establishment feels. If the Republicans agreed with the Feds, you can bet your ass Scalia would side with them.
The man had no principles, he was just an anti-Democrat and anti-Liberal.
I am not an expert on this stuff but hardcore conservatives are falling in line with law enforcement on this issue. I'm not so sure he would have sided with Apple here.
If Apple wins, DOJ gets to turn around and push legislation mandating backdoors on the basis that terrorists are winning in their courts. The public will eat it up, because who the hell wants to side with some guy that murdered 20+ people in San Bernardino?
Conversely, if Apple loses, there are no real lasting effects. Encrypted phones are the new norm, and the 5C is weaker than its successors. If Apple actually can't undermine the encryption (ie: like the newer iPhones), the courts can't force them to do anything. The precedent of being able to force them to undermine underminable phones is meaningless.
I don't need the Supreme Court to tell me what my natural rights are regarding privacy.
The answer is to reject this perverse notion of Judicial Review. This is what we should be lobbying for.
I do not care what SCOTUS or a private corporation does or says. If you attempt to diminish natural rights you should be forwarned; I am coming after you directly to either alter or abolish the policies and government you have unjustly imposed over me and society.
I don't care about these silly irrelevant constructs. My rights to privacy preexisted government, Apple, encryption and the Bill of Rights.
If the DoJ ot FBI disagrees, then we should abolish them. I am no fan of the FBI and their fascist organization built by an oppressive corrupt criminal named Hoover.
One day they will no longer exist and neither will this idea that little men in robes need to tell people what their obvious natural rights are.
He is suggesting that the FBI sees this as an opportunity to set a precedent and doesn't care about the data?
If so, in FBI logic, in the future there could be a more legitimate need for Apple to comply because a suspect could have a WMD. But so far no such threat exists.
However, let's distort the issue and exploit this opportunity now knowing few will go against law enforcement tactics against the San Bernardino killers?
Because they will need the power in the future but the public has to be scared into acting now to prevent the real hypothetical future attack?
No, the public has to be scared into standing by while the courts force Apple to unlock a phone for the FBI, so there will be adequate precedent for doing so later in in more mundane cases, like drug dealers, gangs, and so on.
The thing that scares law enforcement is that in recent years, they've been handed piles of easy evidence that is recorded permanently and easy to access. While before you actually had to do an active man-in-the-middle attack, known as "wiretapping", and that required a court order with good evidence, now there's a ton of communication that is already recorded on persistent media, and all they have to do is find some excuse for taking a look at it to get a lot of extra information without much trouble.
Perfect description of how we "just" need to see a return of "good-old police work" combined with modern high-level training.
This stuff is hard and should be hard - apropos jobs and automation: it's also a great opportunity for politicians to align income levels with the private sector to attract only the best of the best (humans vs. "high-tech" toys).
This was raised and discussed in another thread and I believe this to be the case. Walt Mossberg, a pretty well known verge reporter who wrote one of the articles that was circulating a few weeks ago about the decline in Apple software, was discussing this on his podcast.
The idea that actors move forward with a specific case was new to me, but I obviousloy never thought much about it and it seems pretty intuitive when considered. Roe v. Wade and the Rosa Parks case were raised in the other thread as well as, IIRC the Brown v. Board of Edu.
What happens is that the prosecution or another actor can Appeal to the supreme court (or choose what case to prosecute etc.) with the ultimate goal of timing sentiment, finding the perfect array of facts and discovery, and having everything align perfectly. They then push up to the supreme court with the best chance of getting a binding ruling that would become defacto law.
In this scenario (and from here forward is my non-expert opinion) the data is probably in a best case scenario for the FBI slightly useful. However, not getting this data is pretty much meaningless. So they are likely to:
* Use public sentiment and the recent terrorist attacks as a catalyst for their demand (you quite correctly raised this point).
* The suspects are dead. So while they may not be guilty in the court of law, it is pretty obvious that they did it thus there is no risk of them being acquitted.
* Most evidence suggests a fairly lone wolf attack scenario, so if they were working with anyone the data would likely be on a computer or in call logs. Thus the minimal gov't gain which would be maybe mapping a name to some of the numbers.
* They have a successful narrative to frame and this coincided with a bill to limit encryption.
So yes. This was a strategic move. If John McAfee is to be believed, and on one hand he sort of fucking isn't, but on the other hand I actually do but mostly on faith, he and his team can successfully decrypt the phone.
He has publicly offered (possibly taking out an editorial but I did see the article at least) that he would unlock the phone for free if they would drop the case. Now, even if they gov can't get in (and they can), it isn't unreasonable to not give the phone to a suspected murder.
That said I think John McAfee and probably a few people on here could get in, so the tl;dr is ya they coming for that secure enclave.
That said I think John McAfee and probably a few people on here could get in, so the tl;dr is ya they coming for that secure enclave.
Small note - in the case of this particular phone it doesn’t have a secure enclave. But yes, I’m sure parts of the US government want to use this case as a stepping stone to gaining access to the secure enclave via legally mandated means.
Once they have a legally enforced backdoor, that’s a mechanism that the security services can use worldwide to compromise any phone they’re interested in, as we’ve seen with the mandated wiretap accesses built in to phone switches.
> Small note - in the case of this particular phone it doesn’t have a secure enclave.
Correct. Should have said this explicitly. They could use the precedent of bypass functionality in this instance to have it ship with new phones bypassing SE.
I think the enclave is probably an enclave, but if it is secure they are going to want access to it. Picking a 5c in this instance and getting the Supreme Court to grant this would be a good way to make a defacto law that applies to a markedly different set of technology sets.
the logical extension is that the government passes a law forbidding encrypted devices that don't have a backdoor from access to cell and wireless networks. This would include the sale of any encrypted devices within its borders and bringing one in would be illegal.
Once they convince the American public that encryption is a threat to both their security and privacy they will have it in the bag. How will the convince that encryption is dangerous to their privacy? Some FUD attack that public behavior studies government wonks will come up with. For the children might work.
Basically, the FBI shot themselves in the foot by changing the password for the iCloud account within a day or two of the incident, instead of consulting with Apple. This meant the phone couldn't auto backup data which is why the snapshot of the data is not necessarily the most recent. Had they not done this they would have been able to connect the phone to a power outlet and a wifi connection, and it would have uploaded the data to Apple's servers from which they could have asked Apple to acquire the data.
Both Apple and the FBI have been requested to appear before a bipartisan committee to answer specific questions about the case.
"The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said."[1]
That's actually the best piece of news coming out of the whole affair at this point: despite almost 10 years of practice, authorities still don't have a consistent procedure to deal with iPhones, not even relatively old models. Some groups here and there might know it, but it has not trickled down to average grunts.
The DOJ had a chance to make that detail clear in their filing to the court, and they did not. It's hard to believe that was an unintentional omission. The judge will probably wag a finger at them -- although in the previous case in October they stonewalled and pissed off the judge royally but still won.
I hadn't really looked at the details, because the fundamental question of "Can the courts compel work/backdoors from Apple?" is much more important IMO, but this really makes it feel like a fishing exercise from the FBI. Though possible, the chance that the attackers used an employer-owned phone to discuss/plan/coordinate the attackers seems rather remote if they a) had personal phones, and b) took the time to destroy them.
Which likely means it contains no useful information there. But the FBI wants to use the case to give it one more go at pushing for backdoors.
The fact that Apple wanted to keep this private, but the FBI wanted it to be public (which they almost never do in cases where it's about revealing how they hacked into something), just confirms that to me:
>But the FBI wants to use the case to give it one more go at pushing for backdoors.
Really? The FBI said it was 100% totally fine with giving the phone to Apple and just having remote access to the phone in this one specific case. That is to say, not having Apple turn over the tools of the trade.
I feel like a lot of people here should try to play devil's advocate on this case. I'm (kind of) for Apple in this case, but I think the general representation of the gov't's stated request has been completely morphed from what was asked.
The devil's advocate is that this is an Apple PR move. Apple spent a bunch of time trumping up how safe their new phones are against this very thing, and that they even backported most of it. But the fact is that Apple _can_ install a backdoor without even requiring the phone PIN code! On the older phones at least. The FBI asked for the contents, not the tool to get the contents.
A thing that has been mentioned elsewhere, but: by fighting this case (a single phone unlock with a specific warrant), we are mixing this case with the more dangerous and important fight of having backdoor laws be codified. As it stands, Apple _can and should_ make the most un-backdoorable phones possible. Legislation that could be enacted because of this fight could make us lose the war on the right to not have backdoors.
The fact is that the iOS update mechanism _is already a_ backdoor. Which exists for many reasons (and, to my understanding, is already mostly fixed by asking for a PIN code when updating now).
(Ooh, you almost lost me. They say all kinds of stuff. You should not necessarily take it at face value.)
They are fine with having Apple do it because what they really care about is being able to say, next time, "what's the fuss, you've already done it once for that other phone that other time."
To achieve that goal, where the software sits doesn't matter.
Honestly, assuming that Apple had a magic way of getting to the information on the phone that is guaranteed to not be exploited (Tim Cook's fingerprint or something. Bad example for obvious reasons ;).... is there another issue here?
From where I stand, the argument against bulk data collection was "they need a warrant! and not from some kangaroo court!".
Here, the government has a warrant, for this specific phone. Apple is defending itself because (as sibling mentioned) it's likely that if Apple acted on this request in the ordered way that there's a very high chance of undermining all iPhone security.
But absent the (very important) technical context , do people really have a problem with the FBI wanting to look at the phone's data? If there was no encryption I doubt there would be much of a debate here. If you couldn't get a warrant for the phone used by a guy who just shot up a bunch of people, I don't know what you could get a warrant for.
From where you stand, you have your opinion, and that's fine, but you ought to consider the fact that Apple has thought about this stuff a hell of a lot more deeply than you have.
Watch the Tim Cook interview, where he explains the stuff you aren't thinking about.
The FBI said it was 100% totally fine with giving the phone to Apple and just having remote access to the phone in this one specific case.
It's really up to the court to decide that, and this post makes the argument that it may not be possible to keep the tools under wraps if the case progresses: http://www.zdziarski.com/blog/?p=5645
Thanks for that read. The amount of validation required for the tool to be used in court seems to really cause the danger of a leak to go sky high... I think the DoJ might be discounting that risk with their reasoning of "Apple can just delete it"
As an aside, I find it funny that the author finds it "stupid" that the jury is allowed to ask questions in a California court. I would almost declare that a constitutional right (judged by a jury of the peers)
The author finds it stupid that the jury was allowed to ask questions to the author of a forensics tool about the technicalities and inner workings of the forensics tool, like "Wouldn't it be easier if you just jailbroke the phone?"
As a defendant, you do have a constitutional right to be judged by a jury of your peers. As a professional providing a highly specialized service to a court, it doesn't make a whole lot of sense to have non-peers (laymen) ask technical questions about the inner workings of a tool that, for all intents and purposes, is basically magic levers and knobs.
Edit: I don't mean to imply that juries shouldn't question forensic evidence gathering methods (far from it actually), but I can see where the author finds the practice comical at best, and dangerous at worst.
If it's basically the output of magic levers and knobs and processes which are not allowed to be inspected or questioned or understood by the jury, then one could make a pretty persuasive argument that it can't really be considered to be "evidence", in any meaningful sense of the term.
> If it's basically the output of magic levers and knobs and processes which are not allowed to be inspected or questioned or understood by the jury
I specifically edited my comment to say that I was not trying to imply that juries should not question processes of evidence gathering. To state so is disingenuous.
Look at it this way: If can assume that few readers of HN are in chemistry, and any of us were on a jury of a case where a chemist was comparing trace chemicals found in a container that was owned by a defendant on trial for some heinous crime, we would want to know the methods used to gather and inspect those trace chemicals. But what would you think if you were the chemist and you were asked "Why couldn't you just use a cotton swab and look at them under a big microscope?" when the process involved a complex series of baths to hydrate the residue on the container and then separate and concentrate the combined compounds into individual and inspectable forms? I know, if I had spent most of an afternoon talking about the process I had taken to do my work, and was asked that question, I would feel frustrated and defeated. Clearly that juror had no idea of what I was talking about.
Looks like MDM was in effect because the San Bernadino Health Dept remotely changed the iCloud password of the phone after the attack, locking the FBI out of accessing the most recent backup of the phone.
Forgive me if I nit-pick this a bit, as we are probably saying the same thing two different ways.
iCloud backups are not protected by your iCloud password. I know this because I've personally reset my password and then successfully recovered an iCloud backup to a new phone with the new password.
However, the auto-backup feature, which would have pushed the most recent data from the phone onto iCloud just by leaving the phone powered on... apparently that is disabled when the iCloud password is reset. Which makes sense if you think about it, the phone still has the old iCloud password, and it would need the new password in order to authenticate to iCloud. So they inadvertently disabled the backup feature by locking the phone out of iCloud!
The first question this raises is can the auto-backup be made to start working again by Apple changing their backend iCloud authentication code to specifically allow this device to login to iCloud with the "wrong" (old) passsword? That would not involve touching the phone and seems like a much cleaner solution. Unless there is code on the phone which disables or destroys the iCloud authentication token / stored password after encountering a login error, which really would surprise me, because API errors could be spurious, but I guess it's possible if they are looking specifically for an "invalid login" return code and then dumping the old token in order to trigger a UI prompt to enter a new password.
The second question is why are the existing backups a month and a half old? Doesn't this imply the device was not even turned on or connected to the network for that last month and a half?
The other interesting tidbit in the article you linked is the statement the FBI was able to verify that the phone was never paired with any devices to obtain data. How in the world could they know that?
By changing the iCloud password, the device is no longer able to upload a backup to iCloud, since the device doesn't know the new password yet! The new iCloud password IS required to re-enable auto backup, but you need to get past the PIN screen first to enter the new password.
"Chaum’s proposed Privategrity system would use nine special servers in nine different countries to encrypt users' data. The theory is, the system would almost always prevent mass government surveillance but would allow government access to combat terrorism or child sex abuse."
If Feinstein is weighing in on any issue with any technical depth, look carefully at what she's proposing and what she's opposing. More often than not, she's wrong, and her true motivation is likely to pander to a knee-jerk emotional reaction, without careful regard to the technical implications.
As I wrote in my InfoQ piece (linked from another of my comments elsewhere) he has since backed down from his stance and will not be filing that legislation.
He claims that the FBI already has all of the suspect's communication records as retrieved via service providers, but ignores the important detail that iMessage uses end-to-end encryption, rendering any such records unobtainable by the service provider.
Yes, the last backup was six weeks prior to the phone being seized, but this only means that the phone may well include six weeks' worth of pertinent evidence. And there is nothing to suggest that the FBI is only interested in messages between co-workers.
Ultimately, the phone's data would need to be decrypted and analysed to see if the first four assumptions that Snowden makes are actually true.
The final assumption is that there are other feasible technical measures that could be taken to crack this phone. This would perhaps be the most interesting point, but Snowden chose to not expand upon it at all.
Normally I don't like Snowden, but in this case I think he raises great points all around, the biggest being that the non-work phone (Operational Phone) was completely destroyed. Do you think with that sort of OPSSEC that they slip up and use a work phone? Doubtful.
But hey, the FBI exists to turn over every stone. The real story here is that they specifically chose this case to go after Apple because they suspected the backlash if Apple tried to fight it would be more than they could handle.
Even if there's less likelihood of useful evidence on the suspect's work phone, it's still worth checking.
The FBI's request isn't too bad really. It's not like they are requesting Apple to build a new mass surveillance tool or anything similarly far-reaching. This is limited to the domain of digital forensics, and how best to extract data in a criminal investigation, against firmware that is hostile to cracking. Given that, by design, the phone has been locked down to only accept Apple-signed firmware, then Apple is really the most feasible choice to assist in bypassing this.
Unless we believe that individuals and corporations are at least somewhat autonomous. If this were Apple's device then sure, I think they should be compelled to make an effort to unlock it, but it's NOT Apple's device, and it hasn't been since it left the warehouse. Apple, in this case, is just an industry expert that happens to know quite a bit about the device. If you couldn't compel MSFT to hack the phone, you shouldn't be able to compel Apple to hack the phone. If you get a warrant to open my safe you can compel me to give you the combination, you can HIRE a locksmith, but you can't compel the locksmith. Compelling the locksmith is a completely foreign legal precedent.
I think you are rather downplaying Apple's capabilities here.
Apple is the only entity who can reliably alter the firmware to remove the forensics-thwarting restrictions, due to updates requiring a chain of trust all the way up to Apple's root certificate.
The physical device may not be owned by Apple, but the firmware installed upon it certainly is, both legally (due to copyright law) and cryptographically.
I believe there is precedent for companies having to share/reveal their own encryption keys or in this case the certificate necessary to create a firmware update. The certificate is something Apple owns.
> Do you think with that sort of OPSSEC that they slip up and use a work phone? Doubtful.
After 5 minutes of search I cannot find the story. But there was a super interesting story (in The Atlantic maybe?) about an investigation into an assassination plot where the major break was exactly this slip-up.
Maybe I'm too far-out there, but what do we really know about the NSA's quantum computing abilities?
Given their budget and their ability to keep things under wraps (eg: consider the scope of PRISM and how they ran that for close to a decade), is it that crazy to think this is a debate they don't care about winning?
Teams at universities made 16 qbit machines something like 5 years ago. D-wave claims 512 qubits today. I don't think it's out of the question that NSA is far ahead of both of them. D-wave employs "100+ people" according to Wikipedia. NSA is estimated to have upwards of 30,000.
It makes a lot of sense, then. NSA got caught with their pants down, naturally backlash from it is still happening today. So if your opponents are going to be winning some ground back, the best PR move is to have them win ground that doesn't matter. (Or that won't matter in a couple years.)
I think these debates about the necessity of key escrow and modified firmware are conversations they're having with the intention of losing, to prevent meaningful pushback but to still provide the illusion of it.
It just doesn't make sense to me that they would invest billions into dragnet infrastructure with the knowledge that something as inevitable as letsencrypt or an iPhone passcode could make it all useless.
> D-wave claims 512 qubits today. I don't think it's out of the question that NSA is far ahead of both of them.
I don't doubt that NSA have some techniques that are not public knowledge, but is it feasible that they are that far ahead of academia/industry? (IIRC, D-Wave cannot run Shor's algorithm, so is not particularly useful in breaking cryptography). Even if they are, I would expect them to be having these legal battles hoping to win - if there is a plausible, non-classified, way to access the data, maintaining secrecy of these techniques is much easier.
> that something as inevitable as letsencrypt and an iPhone passcode could make it all useless.
Widespread, well-implemented crypto is probably less inevitable than this makes it sound. letsencrypt etc. probably make the surveillance dragnet less useful, but sloppy implementations and unforeseen weaknesses (e.g. Heartbleed) probably render it still rather useful.[1] Encryption usage, through increasing, is also not a given for people who may be targeted by NSA et al.[2]
[1] In terms that it can be used to gather information. Whether it is actually useful from a security standpoint, and if it is price worth paying, is something I strongly doubt.
Yes, it would seem that maintaining plausible deniability about their methods (through something that amounts to a kind of parallel construction with an unwitting party) would make a lot of sense. Even if they don't have the capability, there are game theoretical benefits towards pursuing this.
> It just doesn't make sense to me that they would invest billions into dragnet infrastructure with the knowledge that something as inevitable as letsencrypt would make it all useless.
Never underestimate the stupidity of massive bureaucracies.
We're talking about 256-bit AES, not public key crypto. Unless additional flaws are found in AES, quantum computing only weakens 256-bit AES to requiring on average 2^128 AES encryptions on the quantum machine.
I don't think the NSA would resort to quantum if simpler techniques would yield results effectively; in the case of the iPhone, decapping the chips and reading the keys directly from the hardware is something that isn't even "NSA-level" in the sense that even small reverse-engineering companies in China can probably do it for a few K$.
That's a part of what I'm saying. Their public strategy of late seems to be calling for things that don't make a whole lot of sense. They don't really need Apple's cooperation, and the politicians asking for key escrow are being ridiculous. You can be almost certain that people working at NSA know that. So how did those politicians find these ideas in their platform?
Washington is keeping conversations about the NSA in favor of their opponent, and I think they're doing that to avoid debates on things that really matter.
The assumption that I'm making is that NSA doesn't really care about Apple not giving them firmware and doesn't really care about key escrow.
One possible explanation for why those things don't matter to them is that they're much further on quantum computing than we think. A more boring answer is that they're willing to trade these things in order to satisfy the public.
Remember when everyone wanted transparency and public accountability? This is what that entails.
There is literally nothing wrong with this request. It is a model of how legal searches of this nature should be conducted. The methodology is open, the company has a right of appeal to the demands, and the basis of the request is well-stated and has undergone judicial review.
We know that it isn't anymore advanced than everyone else's. How do you think they figure out most if not all of the quantum breakthroughs? By either stealing the information or reading the public papers themselves like all the other scientists.
I think Google will be the first to have a small useful (but not crypto-breaking) quantum computer by 2020. D-WAVE can't break encryption.
You don't think they are doing independent research at NSA?
When I look at the technical problems they solved 10 years ago when they were first setting all of this up, I'm nothing short of amazed. Say what we will about the ethics behind it, I have no doubt that they've got a handful of the best minds in the country over at NSA.
Like I said, this is all conjecture on my part. They probably can't break all of our encryption. But the places that NSA is drawing lines seem a bit out of place to me.
I used to think, in such moments, that I was on the way to getting paranoid. These days, I more often think that maybe I should be a lot more paranoid.
It has become really hard to figure out what to believe and what not. The whole affair could simply be a PR stunt. Maybe the FBI wants to create a precedent so they can get an easy access to everybody's phones where they consider it convenient. But maybe, they actually do not want that phone at all and want to create precedent where people think, "Oh look, now I know for sure the Feds cannot get at my iPhone". At times, it all seems like plots within schemes within hidden agendas.
> It has become really hard to figure out what to believe and what not.
This. Thankfully it is also becoming obvious to more people the necessity of end to end encryption and open source software. Then - depending on the level of paranoia - we would only need to deal with the encryption tech.
Back when I was 16, playing Shadowrun, we used to say that paranoia was not a disease, but a survival strategy.
There are moments when I get close to freaking out about it. I am currently reading Gravity's Rainbow, and now, for the first time, I get the paranoia in that book, I feel it. It is even less pleasant than I had imagined.
And even with FLOSS and the best encryption technically possible, we have to ask ourselves, what does it lead to?
In a society where the state no longer trusts the citizens, where citizens need to use military-grade encryption to keep the intelligence services from accidentally flagging them as potential terrorists because they have a gross sense of humor or a weird hobby, the very fabric that holds society together begins to erode.
If we go down this road, we will become even more estranged and isolated than we are now.
Plausible. However, they already have admitted to NSA intercepts[0](which inconveniently show how completely ineffective mass surveillance is).
What's more plausible is that this is a CYA operation. The FBI fucked up, and let San Bernardino's Health Department change the password on a health department issued device. They got locked out, and fucked up the chain of custody.
It's hard to imagine an organization or unit whose middle management doesn't have a running wish list of what it would do with a bigger budget, more staff, and more authority.
I think you are mixing up the law enforcement and intelligence community.
These request are coming from the law enforcement side of the government, not the intelligence community. Given their mission, the intelligence community has no interest in having a public discussion around backdoors, since the last thing they want is for the people they are targeting to be aware of any backdoors in their mobile devices.
The line between the two is gone today. The CIA now both collects information (spy drones) and acts on it (armed drones). The FBI both investigates crimes and acts as a go-between between federal and local agencies via fusion centers. Since 9/11 everyone is all about information sharing. That means law enforcement now give intel to the intel community and that the intel community does likewise. Even lines between military and civilian worlds are blurred as contractors bounce between the two. We really are slipping into a world where feds are feds and the letters on the hat no longer matter.
> The Patriot Act is huge and I remember someone asking a Justice Department official how did they write such a large statute so quickly, and of course the answer was that it has been sitting in the drawers of the Justice Department for the last 20 years waiting for the event where they would pull it out.
-- Richard Clarke (former National Coordinator for Security, Infrastructure Protection and Counter-terrorism)
Often political changes are artifacts of opportunity. I don't personally think that its evil that the justice department had a laundry list of civil rights violations waiting for an opportunity to propose them. It's the responsibility of the public and earnest lawmakers to be aware of efforts to exploit sentiment and resist bad law regardless of when it's proposed.
Of course different people have compiled different "wish lists" and other proposals which will then pop up when some news event (etc) gives the opportunity.
It's not really any evidence of conspiracy, or such. Simply that different organisations and people have ideas that they prepare, and put forward when there is an opportunity.
Similarly, the fact that e.g. Russian or American army has written a plan for how to go through Fulda Gap or capture Kiev or close the Bosphorus is not really evidence that the said army is actually about to do such thing. They are simply doing their job by preparing for scenarios.
And there'd be nothing wrong with that. From their perspective, these are powers that will help them do their job of keeping us safe. I often disagree with their proposals, but I don't question their motives.
You see it as them taking advantage of fearful people. They see it as people getting a dose of realism when disaster strikes. It's no different with any perennial political issue. People forget about problems until some event reminds them. Activists use this opening of awareness to push for change.
Indeed. Much of the time, what we perceive as "that person proposes a bad thing because he has bad intentions and bad motives" is wrong: people have good motives and they mean well, but they should see that what they propose with good intentions will eventually have bad outcomes.
You are exactly right about this. The same way that the two-party political system "disagrees" and "clashes" with each other while perpetuating the same essential policies, the "good guy" Apple and the "bad guy" FBI will put on a circus that makes us clap and cheer while our data is fat-piped to the NSA data center in Utah.
Your comment is too short for me to understand your point. What do you mean? (in particular "this issue" refers to what? which viewpoint is irresponsible? and why?)
If the government hacks the iPhone themselves, they don't get the legal precedent they are so desperate to establish in this case. This paves the way for legislation that forces technology companies to install backdoors in software/hardware. This case is not about the data on the phone itself, the government is simply continuing its march towards comprehensive surveillance systems.
Secret Memo Details U.S.’s Broader Strategy to Crack Phones
"Silicon Valley celebrated last fall when the White House revealed it would not seek legislation forcing technology makers to install “backdoors” in their software -- secret listening posts where investigators could pierce the veil of secrecy on users’ encrypted data, from text messages to video chats. But while the companies may have thought that was the final word, in fact the government was working on a Plan B.
In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision."
> This paves the way for legislation that forces technology companies to install backdoors in software/hardware
But... the fact that Apple can do anything is a result of the OS update backdoor in the first place in this case! If this were a 5S this entire court case wouldn't be possible. This court ruling is not "Apple needs to install a backdoor". It's "Apple needs to exploit the backdoor they have a key to".
The argument is that once they have this precedent in hand, they can then use it to force Apple to alter the code in the secure enclave of all current Apple devices so that the security services can gain access to them on demand.
Or else, even if this case doesn’t give them sufficient precedent to force that kind of access, it’s certainly a legal stepping stone along that route, which is precisely why the FBI is taking the case all the way even though it’s clearly not necessary in this specific case - the NSA is perfectly capable of gaining access to the phone in question if they want to & according to Snowden they even have the legal right to do so since it was a work-issued phone where the issuee had signed over the right to scrutinise it at any time.
>The argument is that once they have this precedent in hand, they can then use it to force Apple to alter the code in the secure enclave of all current Apple devices so that the security services can gain access to them on demand.
Sure... if there's a warrant for a specific phone, and that Apple even has a way to update the Secure Enclave (my understanding is that updating the Secure Enclave wipes the contents).
One overreach I could see happening from this precedent is getting Apple to participate in a targeted wiretap: Target brings phone to iStore, Apple "accidentally" wipes Secure Enclave (installing backdoor), and target could now have phone hacked later. Contrived, but I think this would be precedent.
But in no way is this ruling a precedent to push out a backdoor to every iPhone ever made. And the precedent that Apple must help unlock an iPhone has existed for over 100 years I think. Based off of the whole "digital key" == "Physical key" logic of the courts, if Apple didn't want to help exploit the backdoor, a judge could probably rule to force Apple to hand over its actual signing keys for updates. Awful, but the precedent is totally there
In the medium term, my guess is that they want to force Apple to alter the code in the secure enclave of all iPhones manufactured so that in the future the phones can be backdoored on demand either by Apple under warrant or the FBI themselves. In the former case the NSA would of simply acquire the necessary keys by whatever means they preferred.
At the moment, for phones with a secure enclave, this isn’t possible: Apple intention was to create a system that they themselves can’t crack precisely in order to prevent anyone else from being able to crack their phones. It’s possible that the NSA has physical attacks that can work around the secure encalve now, but these are always vulnerable to future improvements in the devices - the government would vastly prefer to have some kind of mandated access.
Winning this case is a step along the path of building up the legal precedent for them to be able to do this. Sure, by itself it won’t be sufficient, but they don’t expect it to be - it’s a stepping stone along the route.
Bingo. Not enough people in here are understanding the legal side of this.
Someone in this community could quite reasonably root against apple, on the basis that a DOJ loss would give the DOJ a lot of fuel to push for legislation mandating backdoors.
It's a very different situation when Apple can reasonably do something to undermine encryption and when there's nothing they can do, and the precedent going forward from this case is negligible considering that the 5C is the last holdout of an enclave-less iPhone. What we should fear is legislation that bars the creation of truly secure phones. A ruling for Apple might aid in the creation and passing of such legislation.
>Not enough people in here are understanding the legal side of this.
This is just one more step towards winning the Crypto Wars-
The Crypto Wars is an unofficial name for the U.S. government's attempts to limit the public's and foreign nations' access to cryptography strong enough to resist decryption by national intelligence agencies (especially USA's NSA)
Plan B seemed to be "wait till terrorist action occurs and use it to make it look unreasonable to prevent back doors". This always works, in about every country.
In the government's filing, they claim Apple has exclusive technical means to gain access, and FBI is explicitly stated as being unable to. What are the implications of lying to the court in a legal filing?
For the first link, they are talking about working with the chip directly, which may or may not be possible.
For the second link, where they suggest turning off the phone after a passcode attempt, I believe that hole was patched with an iOS update at some point.
As I noted in my InfoQ piece (linked elsewhere in another comment) the FBI prevented themselves from being able to get recent automated backups by asking the owners to change the iCloud password. The phone stopped backing up at that point.
I would like to see some clarification on point #5. The only other option I see for the FBI is to continue manually bruteforcing PINs, the arduousness of such a task being why they requested Apple's help in the first place. Is he talking about 0days?
The FBI is asking that Apple provide them the ability to bypass the PIN timeout limits.
In modern iphones, those limits are handled by the secure enclave. However on the 5C in question, the limits are done in iOS and can be disabled by flashing a custom version of iOS. That's what the FBI is requesting.
Just one way I can think of would be to dump the contents of ROM chip, bruteforcing the encryption key by checking all possible PINs and comparing the decrypted data against some known plaintext that would be present on all iOS devices. (this would require the FBI to know what key derivation algorithm is used on pre-secure-enclave devices, but that's not outside the realm of possibility).
It's not that simple. The encryption key is not just the PIN. It's the PIN combined with a very strong unique key that is burned into the hardware, making hat particular brute force attack unfeasible.
> From a technical standpoint, it would be possible to craft the cracking software to only run on Farook's phone by checking its hardware ID. The court order was actually quite specific that this is all that is being requested.
Note that the court's order presupposes that the hardware ID is already available through some means. The court's order was crafted after a period of inquiry regarding actually technically feasible work.
It's not certain how the machine id of a particular phone is known without being able to query it, but the case assumes it is known.
The keyphrase is combined with the machine id and a hash is generated and compared against the stored hash to allow access. The stored password hash is stored on the flash drive and is readable since it's ordinary flash memory that can be directly read if one has physical access.
So the hash and the machine id are available, and it is likely Apple uses a known and vetted secure hashing algorithm rather than roll their own. From this, one can do a brute force search using external computers to determine what the keyphrase is.
There are different hardware IDs. Your quote is probably referring to something readily available through software like the UDID. The IDs necessary to decrypt the NAND are not readily accessible.
That's true for devices with a Secure Enclave, which the iPhone 5C does not have. As far as I know the key derivation is done entirely in software on older iPhones, but even if there was device-specific keying material it would be possible to dump that as well.
The CPU contains both the UID and GID on all iPhones (old and new). The Secure Enclave, if available, contains it's own UID for it's own key derivation.
Everytime I hear such stories remember about Overton window [1], its a way from unthinkable to policy,
Around 10-15years ago privacy issues were almost unthinkable (phase #1) (average person didn't think about privacy too much), then wikileaks came out, then Snowden (phase #2, radical) and so on.
Sure FBI has access to phone calls in San Bernardino case, but they are making buzz in news, in order to step to next level, probably from sensible phase into popular, then naturally next step would be `policy phase` and surveillance would be totally legal and everyone will accept this, if not we, then next generation would accept it.
If Snowden's allegations are true, then it seems pretty clear that the FBI already has all information they claim they need, and doesn't need Apple's help. Rather, this seems to be a "land grab" by the DOJ/BHO Administration to secure government access to all communication devices, all in the name of "National Security". Not unlike the 2001 Patriot Act. Very sad.
This may have already been stated, but in case it hasn't ...
If Apple, as a legal "person" [1], can be compelled against their will to create something that does not exist at the government's will, then what is holding the government from compelling an individual to do the same?
The lies that so many of the citizenry buy into are far from nuanced. Rather, they are bald-faced. Often, the liars simply rely on Status Conferral, Ignorance, and Indifference to get by. I contend that Twitter is as much hindrance as help.
It has been a long time since the citizenry last needed to fully engage the Check Boxes of Government: Soap, Jury, Ballot, Ammo. A lot of folks are having a hard time believing the last one is an option. Know Your Roots, indeed.
I am more concerned about the idea that the phone password was changed after the government obtained the phone. How is that story not gaining more traction?
Off topic, but this is exactly the scenario that Twitter wants to replace by expanding the tweet size limit. Instead of a picture of text, we could expand to real (presumably searchable) text.
I think it would be nifty to treat it as if it were a specialized form of embedded media like pictures and videos. Wall of text as a media type, and maybe even support links to, say, pastebin-type sites (or don't, this parts not critical). Then you still have tweets as the basic unit of Twitter and preserve some consistency.
I'm a fan of snowden, but this is wrong on so many levels it's hard to understand why anyone thinks his points are valid? This is about privacy and technology - depending on the specifics. I'm not sure what these points are speaking to, because it's none of the relevant issues...I guess it's just to contradict the FBI?
1. Can't prove all when there's data that hasn't been retrieved (encrypted data). What they do have is irrelevant.
2. What they do have is irrelevant...is this a pattern?
3. What they do have is irrelevant. Also, coworkers aren't what they are looking for...wtf
4. Irrelevant...wtf
5. Unsubstantiated and unlikely that Apple has a way to break it's own strong encryption. Apple probably can disable the bricking-by-attempts. If the FBI are so damn confident the 256-bit AES key can be bruteforced, they can damn well do it themselves.
?? I think he's just saying that this is a pretty unlikely source of intel and not worth creating a massive security back door over. 5 isn't really unsubstantiated. I would be curious to know exactly what version of iOS the device has though
The Dangerous All Writs Act Precedent in the Apple Encryption Case
http://www.newyorker.com/news/amy-davidson/a-dangerous-all-w...
"Tim Cook, the C.E.O. of Apple, which has been ordered to help the F.B.I. get into the cell phone of the San Bernardino shooters, wrote in an angry open letter this week that “the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create.” The second part of that formulation has rightly received a great deal of attention: Should a back door be built into devices that are used for encrypted communications? Would that keep us safe from terrorists, or merely make everyone more vulnerable to hackers, as well as to mass government surveillance? But the first part is also potentially insidious, for reasons that go well beyond privacy rights.
The simple but strange question here is exactly the one that Cook formulates. What happens when the government goes to court to demand that you give it something that you do not have? No one has it, in fact, because it doesn’t exist. What if the government then proceeds to order you to construct, design, invent, or somehow conjure up the thing it wants? Must you?"