DOJ Claims Apple Should Be Forced To Decrypt iPhones Because Apple, Not Customers, 'Own' iOS

from the chilling-implications dept

The DOJ has filed its response to Apple's claims that unlocking an iPhone 5 would be unduly burdensome. This ongoing dispute over an All Writs Act order (the act itself dates back to 1789) is also an ongoing dispute over the use of encryption-by-default on Apple phones running iOS 8 or higher.

The argument started with one of the founding members of the "Magistrates' Revolt" -- Judge James Orenstein -- who, back in 2005, challenged another All Writs order by the DOJ. A decade ago, Orenstein pointed out that the government's use of these particular orders circumvented both the judicial system (by granting it powers Congress hadn't) and the legislative system (which hadn't created statutes specifically authorizing the actions the order demanded). Nothing has changed a decade later -- not even the DOJ's continued attempts to teach an old law new tricks.

The DOJ's argument is this: we've used these orders before to force Apple to unlock phones. Why should this one be any different? The filing cites three other cases in which the FBI used an All Writs order to compel the unlocking of an iPhone. Pointing to these, the DOJ argues that past successes should be indicative of future results, despite Judge Orenstein's assertions that the use of these orders grants powers to the FBI that haven't been given to it by Congress.

The filing also challenges Apple's assertions about the burdensomeness of the request. The government says Apple makes $100 million per day in profit. How can the unlocking of one phone -- no matter how many man hours might go towards testimony and cross-examination -- even begin to make a dent in this pile of money?

It then goes on to compare the present case to 1977's New York Telephone Co. Supreme Court decision, despite Judge Orenstein pointedly unbundling the two in his original order. In the 1977 case, the Supreme Court found that the All Writs Act could be used to compel a telephone company to provide the FBI with leased lines in order to facilitate its pen register order. As Orenstein pointed out in his order requesting input from Apple, that case is unlike this one because while Apple manufactures the phone, it does not own it.

The DOJ, however, argues that while Apple may not own the phone, it owns the software -- specifically, the lockscreen part of the operating system. And that's where the government makes it most unique -- and most dangerous -- assertion:

Apple wrote and owns the software that runs the phone, and this software is thwarting the execution of the warrant. Apple’s software licensing agreement specifies that iOS 7 software is “licensed, not sold” and that users are merely granted “a limited non-exclusive license to use the iOS Software.” See “Notices from Apple,” Apple iOS Software License Agreement ¶¶ B(1)-(2), attached hereto as Exhibit C. Apple also restricts users’ rights to sell or lease the iOS Software: although users may make a “one-time permanent transfer of all” license rights, they may not otherwise “rent, lease, lend, sell, redistribute, or sublicense the iOS Software.” Ex. C, ¶ B(3). Apple cannot reap the legal benefits of licensing its software in this manner and then later disclaim any ownership or obligation to assist law enforcement when that same software plays a critical role in thwarting execution of a search warrant.
If the judge buys this argument, the government will be free to issue All Writs orders to access nearly any electronic device -- bypassing the purchasers and heading straight for manufacturers. As Cory Doctorow points out, this is not the future we want.
Virtually every commercial software vendor licenses its products, rather than selling them. If the DoJ establishes the precedent that a product's continued ownership interest in a product after it is sold obliges the company to act as agents of the state, this could ripple out to cars and pacemakers, voting machines and tea-kettles, thermostats and CCTVs and door locks and every other device with embedded software.
The Internet of Things is now the Web of Government Informants.

Finally, the government argues that approaching the owner of the phone is an "unworkable option." The government wants Apple to do what it can't require the phone's owner to do: unlock it.
This Court’s October 9 order suggests that the government might attempt to compel Feng to unlock the Target Phone, see Order at 7, but that approach is also unworkable. Through counsel, Feng asserts that he has forgotten the passcode, which, if true, renders him unable to offer assistance.

Even if Feng knew the passcode, attempting to compel him to unlock the Target Phone would not provide an adequate alternative to an order directed to Apple. Compelled decryption raises significant Fifth Amendment issues and creates risk that the fruits of the compelled decryption could be suppressed. See, e.g., In re Grand Jury Subp. Duces Tecum Dated March 25, 2011, 670 F.3d 1335, 1349 (11th Cir. 2012) (holding that the Fifth Amendment protects a defendant’s refusal to decrypt electronic storage media). The government should not be required to pursue a path for obtaining evidence that might lead to suppression.
Soon the government may have no choice. As phone encryption heads towards ubiquity, the FBI will have to roll the dice on evidence suppression. The move towards encryption will render these All Writs orders useless. If the DOJ still wants the broad power those orders convey, it will need new legislation written and passed.

The government also disagrees with Apple's claim that the damage to its reputation -- should it appear to be law enforcement's best friend -- is itself a cognizable burden. The court may agree with the government's reasoning, but Apple's assertion sends a strong message to the DOJ: tech companies are tired of facilitating the government's overreach.

Apple has told its customers only they hold the keys to their phones' contents going forward. If the government wants in, it will have to approach them directly. The government doesn't want to deal with the Fifth Amendment implications of prying passcodes out of reluctant defendants, but it probably should have thought of that while steadily abusing the Fourth. By skirting one repeatedly, it has put itself in the position of perpetually falling afoul of another.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: all writs act, doj, encryption, going dark, licensing, ownership
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 26 Oct 2015 @ 8:24am

    The power of One

    How can the unlocking of one phone -- no matter how many man hours might go towards testimony and cross-examination -- even begin to make a dent in this pile of money?

    One phone on it's own may not do much, but the ripple effects could be enormous, as the damage to Apple's reputation in protecting their customers' privacy would be significant. If people know that the encryption set up by a company can be compromised any time the government comes asking the company, then anyone interested in security that actually works is liable to start looking elsewhere.

    And it's not like the government doesn't know what one action, or one person can do to the reputation of a large company, or government. Just see their mad scramble for damage control when a whistleblower leaks some of their actions, and the resulting blow to their reputation and credibility.

    Even if Feng knew the passcode, attempting to compel him to unlock the Target Phone would not provide an adequate alternative to an order directed to Apple. Compelled decryption raises significant Fifth Amendment issues and creates risk that the fruits of the compelled decryption could be suppressed. See, e.g., In re Grand Jury Subp. Duces Tecum Dated March 25, 2011, 670 F.3d 1335, 1349 (11th Cir. 2012) (holding that the Fifth Amendment protects a defendant’s refusal to decrypt electronic storage media). The government should not be required to pursue a path for obtaining evidence that might lead to suppression.

    This? This is all sorts of nasty, in large part because of what it reveals about the ones making the argument. They know that if they were actually doing what they should be doing, that is serving the warrant to the owner of the device, there would be a good chance that any resulting evidence from compelling the owner to decrypt the device would be tossed out as having violated the person's Fifth Amendment rights.

    They flat out admit this.

    And yet, despite admitting that forced decryption would likely be treated as a fifth amendment violation, they instead choose to completely ignore the fifth amendment, and force someone else to do the decryption, so that they can use the resulting evidence, hands squeaky clean.

    They're not even pretending to respect the constitutional rights of the public, they're flat out admitting that they see those 'rights' as obstacles to be worked around when they can't be ignored outright.

    link to this | view in thread ]

  2. icon
    DannyB (profile), 26 Oct 2015 @ 8:38am

    Insecure By Design

    So the DOJ is going to tell Apple how to design its OS?

    This is a clear admission that the DOJ is telling Apple that it should deliberately design its OS to be insecure.

    Maybe cars should be designed to do law enforcement's bidding? Homes should be designed to be easy for government snoops to enter without leaving a trace.

    Maybe all brands of cell phones, not just Apple should have to be designed to be insecure?

    The government could promote this with a marketing / advertising campaign "Insecure By Design" to educate the sheeple how this is good for us.


    Microsoft could consult on Insecure By Design. After all, Jim Allchin testified in the DOJ vs Microsoft trial that Windows 98 is "inherently insecure". (not necessarily the same as by design, but why didn't they tell everyone that before they bought it.)

    link to this | view in thread ]

  3. icon
    pixelpusher220 (profile), 26 Oct 2015 @ 8:41am

    Re: Insecure By Design

    "Homes should be designed to be easy for government snoops to enter without leaving a trace."

    I hear the TSA has this great universal key...should be easy enough to require all doors to use this lock too right?

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 26 Oct 2015 @ 8:55am

    They don't need a key to your house. The NSA has XBOX Kinect to both view and listen.

    link to this | view in thread ]

  5. icon
    That One Guy (profile), 26 Oct 2015 @ 8:59am

    Re: Insecure By Design

    This is a clear admission that the DOJ is telling Apple that it should deliberately design its OS to be insecure.

    Not just should, but should be required to.

    'The filing cites three other cases in which the FBI used an All Writs order to compel the unlocking of an iPhone. Pointing to these, the DOJ argues that past successes should be indicative of future results,'

    Depending on how you want to read that summary, they could 'just' be arguing that the fact that they've forced decryption in the past means they should be able to do so in this case, but based upon other parts of their argument, I could totally see them arguing that Apple and other companies are flat out required to be able to decrypt a device without the user knowing about it, which would necessitate built-in security holes.

    The 'public' debate over encryption may be shelved while they wait for people's attention to wander to other things, but the private 'debate' continues.

    link to this | view in thread ]

  6. identicon
    kallethen, 26 Oct 2015 @ 9:00am

    Craaaaazy thought here

    Virtually every commercial software vendor licenses its products, rather than selling them. If the DoJ establishes the precedent that a product's continued ownership interest in a product after it is sold obliges the company to act as agents of the state, this could ripple out to cars and pacemakers, voting machines and tea-kettles, thermostats and CCTVs and door locks and every other device with embedded software.

    I had a crazy thought. Let's say the DOJ win this on this premise...

    Could this lead to software vendors dropping the liscencing model and we actually own the software we purchase again?

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:04am

    Re: Craaaaazy thought here

    It would mean that you own the music on your CDs, though. The RIAA would through a massive tantrum before they let that happen.

    link to this | view in thread ]

  8. icon
    That One Guy (profile), 26 Oct 2015 @ 9:06am

    Re: Craaaaazy thought here

    Highly unlikely. Though there would be an opening for companies willing to take the 'hit'('You buy the device, you buy the software that comes with it'), most would probably bank on people not really having any other choice. 'If you want the electronics, you get the legal tether that comes with it. Don't like it, have fun finding an alternative that doesn't present the same terms.'

    link to this | view in thread ]

  9. icon
    Violynne (profile), 26 Oct 2015 @ 9:07am

    The DoJ is right. I've yet to find any of the "Big 3" software OS companies not keeping a copy of the key for themselves. Apple, Google, and Microsoft all make copies of these keys and stores them on their servers.

    Doesn't matter if the keys are encrypted. The fact duplicate keys exist makes individual security impossible.

    In fact, Windows doesn't even allow you to encrypt directly unless you own the "pro" version of its software. Once encrypted, Microsoft tells you to keep the key in a secured location while it uploads a copy to its servers.

    The DoJ knows full well all three of these companies keep these keys, even if they can't read them.

    The device, not a person, decrypts the key. Whomever gave the device the copy/original doesn't matter.

    That's the angle the DoJ is going for and thanks to the bullshit known as the EULA/ToS, users can't waive the software requirements imposed by the very companies "fighting" the DoJ.

    It's amazing how these companies say "protecting" our data is their top priority and they destroy this very protection by copying the master key.

    If you want your data encrypted and safe: use a third party tool.

    I sure as hell wouldn't rely on anything made by Google, Apple, or Microsoft.

    link to this | view in thread ]

  10. icon
    lucidrenegade (profile), 26 Oct 2015 @ 9:08am

    Re: Craaaaazy thought here

    I don't think there's a snowball's chance in hell of that happening.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:08am

    I've always thought the entire "licensed" thing was bull anyway. Now maybe the gov't has found a hammer do smash that ridiculous nail...

    link to this | view in thread ]

  12. icon
    A voice in the crowd. (profile), 26 Oct 2015 @ 9:10am

    What's good for the goose....

    Hmm, then by that logic the DOJ and other government agencies should release all its records of stingray use, and No-Fly, and other watch lists to the public, because the the people "license" power to the government.

    link to this | view in thread ]

  13. identicon
    kallethen, 26 Oct 2015 @ 9:11am

    Re: Re: Craaaaazy thought here

    Yeah, I do realize I have a better chance of hitting the lotto (note that I don't play). Still, it's nice to dream...

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:26am

    Re: Re: Re: Craaaaazy thought here

    Be sure you want what you'd be getting. If you 'own' the software the next time a bug in YOUR unpatched firmware causes your car to collide with 10 pedestrians and kill them all, forget the manufacturer being held liable. You own it, your responsible for the consequences and for keeping it up to date with all known patches. This will result in the inevitable slump in TV viewing (as everyone is busy patching their devices), which will kill the advertising industry, the cables companies, the movie industry, the whole US consumer economy if not the entire great-big universe.

    link to this | view in thread ]

  15. icon
    hij (profile), 26 Oct 2015 @ 9:28am

    What does ownership have to do with it?

    I do not understand the ownership thing. So the DOJ is saying that anything Apple owns is something that Apple has to hand over if there are suspicions about a third party using it? Not just hand over but break into. If I rent a back hoe to dig a hole in my yard, do the police get to come back later and dig up the hole because the owner of the tractor says it is okay? What does ownership even mean? Can lien owners chime have a say too? Does my bank have an obligation to protect my rights if I get pulled over by the police, and they want to open my trunk?

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:36am

    Re: The power of One

    How can the unlocking of one phone -- no matter how many man hours might go towards testimony and cross-examination -- even begin to make a dent in this pile of money?

    That is a thin edge of a wedge argument, each request is only for one phone, whether the total number of requests is for one phone or very phone.

    link to this | view in thread ]

  17. identicon
    David, 26 Oct 2015 @ 9:36am

    Just start executing them for treason

    The filing also challenges Apple's assertions about the burdensomeness of the request. The government says Apple makes $100 million per day in profit. How can the unlocking of one phone -- no matter how many man hours might go towards testimony and cross-examination -- even begin to make a dent in this pile of money?

    Starting to execute random employees of the Department of Justice cannot be wrong. How can the execution of one man even begin to amount to an injustice compared to what this pile of bullshitters inflict on the U.S. and its Constitution?

    They are paid to represent the U.S. government, not a crime syndicate if you can see the difference. Oh well, try squinting. It's a question of the right viewing angle I think. I had it a moment ago.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:40am

    Re: Craaaaazy thought here

    Could this lead to software vendors dropping the liscencing model and we actually own the software we purchase again?
    No. Free Software exists, and you can buy it if you want. But as long as most people are willing to agree to hundreds of pages of legalese to use a computer, proprietary software vendors aren't going to change.

    link to this | view in thread ]

  19. icon
    Mason Wheeler (profile), 26 Oct 2015 @ 9:40am

    Every time this case comes up, Techdirt makes sure to point out how old the All Writs Order is, that it dates back to 1789, the clear implication being that it's ridiculously outdated.

    Without going into any specifics on the details of this particular case, does anyone else find that line of argument a bit hypocritical, coming from a site that defends the First and Fourth Amendments at every opportunity?

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:41am

    Re: The power of One

    It's just one phone now until it's thousands of phones tomorrow.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:41am

    Apple has been decrypting stuff for the feds since they first asked. They've done good work making it difficult if not impossible for them to do so by offering encryption, but older software is still vulnerable. The only reason they're stopping now is for PR. They should just admit they didn't care about user privacy pre-Snowden.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:42am

    We really need some clear, explicit laws that protect consumers' data against government seizures. It seems the government believes that as long as YOUR data is on someone else's servers, they can just bypass the 4th and 5th amendments by going to the third-party service provider to get YOUR data.

    And now, with this new argument, it's even worse. They're saying that any tech product you BUY is NOT YOURS, therefore they can once again bypass any protections you may have thought you have, in order to get that data from a third party.

    It's unacceptable, and people need to fight to change this. We need real ECPA reform that demands the government has to go to the OWNER OF THE DATA with a warrant, not any third party company.

    link to this | view in thread ]

  23. icon
    DannyB (profile), 26 Oct 2015 @ 9:47am

    Re: Re: The power of One

    But we're only going to use one or two nuclear weapons to end the war.

    So there will only be those two. No more.

    No need to worry about there being more than those two.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 26 Oct 2015 @ 9:48am

    Re: The power of One

    The government should not be required to pursue a path for obtaining evidence that might lead to suppression.
    IOW, the DOJ wants backdoors in phone encryption so that they can keep using backdoors in the Constitution.

    link to this | view in thread ]

  25. icon
    That One Guy (profile), 26 Oct 2015 @ 9:54am

    Re:

    No, not really. 'Free speech' and 'Protection against unreasonable searches and/or seizures' are equally applicable today, a century ago, or a century in the future. They're ideas that age pretty well.

    An order or law regarding communications on the other hand can absolutely be outdated, as the situations envisionable by those that wrote the original law are likely to be vastly different than the situation even decades later, never mind centuries later.

    When 'communications' means letters and physical records, and when there's a limit to what can be realistically stored and produced with regards to information or details, an order to produce 'all' of it with regards to an individual is only going to end up producing so much info. Notably, such an order is not likely to result in the handing over of the 'key' to all of a person's personal data, from friends to any messages they've sent and received.

    However, when 'communications' are digital on the other hand, such an order has the potential to produce incredible amounts of data, much of it personal, and which would otherwise require a warrant to access.

    The difference in scope between what could be acquired via the All Writs Order when it was put into place, and what it can compel to be released now are enormous, so I'd say it's pretty fair to say it's outdated and needs to be tossed.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 26 Oct 2015 @ 10:01am

    "Through counsel, Feng asserts that he has forgotten the passcode, which, if true, renders him unable to offer assistance."


    Feng is a smart man. No indefinite detention in a jail cell for Feng, due to refusal of complying with a judge's order to unlock his phone. He's simply incapable of complying with that order due to his memory loss.

    The worst thing you can do is admit to knowing the passcode, but refuse to unlock the phone. That stupid move will land you in jail indefinitely without a trail until you comply with the Judge's order to produce the passcode.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 26 Oct 2015 @ 10:06am

    Re: What does ownership have to do with it?

    I was wondering about this, too. OK, if I'm licensing it then maybe I don't own it. But does Apple really 'own' the copy of software on my phone, or do they just control it?

    I'm licensing the right to use the software, not the right to have a copy of it on a device that I possess. After all, if I smash my phone Apple doesn't sue me for destruction of property; if I get a new phone, they don't make me 'return' my old copy of iOS.

    link to this | view in thread ]

  28. identicon
    Rich Kulawiec, 26 Oct 2015 @ 10:12am

    Re:

    This is so apropos, so on-the-money, so deadly accurate that it rates as quite possibly the best security advice I've ever read on Techdirt.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 26 Oct 2015 @ 10:30am

    Re: Re: Re: Re: Craaaaazy thought here

    If you 'own' the software the next time a bug in YOUR unpatched firmware causes your car to collide with 10 pedestrians and kill them all, forget the manufacturer being held liable.


    Nope. Owning the software does nothing for liability. You own the hardware, too, but that doesn't mean the manufacturer isn't liable if the hardware causes your car to kill 10 pedestrians.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 26 Oct 2015 @ 10:33am

    Obligatory

    It seems that the DOJ agrees with the bottom line from this protester
    Your computer is our computer
    -Apple "Security" Administration

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 26 Oct 2015 @ 10:48am

    Re:

    The Bill of Rights specifies in general terms a set of things the government cannot do. Since these are restrictions on government, for the presumed benefit of the citizenry, non-authoritarians believe that resolving ambiguity in favor of the citizenry, by reading the rights broadly, is a good thing.

    The All Writs Order specifies a set of things the government can compel non-governmental entities to do. Since these are burdens upon the citizenry, non-authoritarians believe that resolving ambiguity in favor of the citizenry, by reading the compulsions narrowly, is a good thing.

    The authors could expressed a bit more specifically that old laws which help citizens should be read broadly and old laws which burden citizens should be read narrowly, but I see no inherent hypocrisy in the idea that government power should be confined until Congress specifically legislates otherwise.

    link to this | view in thread ]

  32. identicon
    Logos, 26 Oct 2015 @ 11:15am

    Why are they trying so hard?

    I honestly don't understand the effort the government is putting into this fight. Isn't virtually all of the information from your phone available with a legal warrant to the service provider?

    They'll have your browsing history, the content of every text (even the ones erased from the phone), GPS info, every single call that's been made, probably your contact list, ect. While I can imagine a couple scenarios in which a suspect has an incriminating photo on the phone that they haven't texted to someone else or uploaded to the internet, that can't possibly be often enough to warrant all this fuss.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 26 Oct 2015 @ 11:24am

    Re: Craaaaazy thought here

    They'll probably just move credential storage into hardware, making it even more difficult to extract.

    They are already doing this with fingerprints, so it's not much of a stretch.

    There is a huge irony here that the gov'ts demands for en-mass global decryption is actually leading to vastly more secure and harder to hack encryption....

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 26 Oct 2015 @ 11:30am

    Re: Re: Craaaaazy thought here

    Well, since both iOS and Android are largely built on open source...

    Matter of fact, Apple's open source allowed us to track down a bug in iOS 9's security infrastructure last week.

    Yeah, there is proprietary crap on top of it, but it's a hell of a lot better than it used to be. And it's not like you are NOT agreeing to pages of licensing terms with some open source licenses....

    FYI, here's the source for iOS/OSX cryptography routines...
    http://www.opensource.apple.com/source/Security/Security-57031.30.12/Security/libsecurity _cryptkit/lib/

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 26 Oct 2015 @ 11:44am

    Re:

    That's not entirely true, at least on iOS 9. You _can_ have a copy of your credentials sync'd with iCloud, but you can choose not to.

    My team spends a lot of time in the guts of iOS security (we've found & reported several bugs, one last week) and we haven't seen any automated uploads of credentials to Apple.

    Yes, you can backup your credentials to iCloud if you want, but even then it's password protected by both your iCloud password & the login on your phone.

    The login on your phone never leaves your phone, and this is what the DOJ is after as the uploaded credentials are pretty useless without this. What they are asking Apple to do is to insert a 'keyboard sniffer' into iOS so they can capture the login on the phone....

    While it's certainly technically possible for Apple to do this, it would be pretty stupid. You can easily run a iOS in a sandbox and do traffic analysis to figure out what it is sending - we did this just last week. It would be fairly trivial to figure out that a phone was sending a login payload.

    Apple's security, while not perfect, is pretty good and makes every attempt to give control to the user. Which is why the DOJ is pissed.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 26 Oct 2015 @ 11:47am

    Re: Why are they trying so hard?

    The service provider cannot access content that has never transited the network in an accessible form. The DOJ might believe that there are incriminating pictures that the accused only ever moved on/off the phone via local connection to a computer. They might be after content of a third party text messaging app that sends its contents encrypted. They might just have way too much time on their hands because the FBI is not entrapping enough homemade terrorists to keep them busy.

    I won't entertain the fiction that they're after content that the service provider once had and has already discarded, because that would assume the service provider ever deletes anything.

    that can't possibly be often enough to warrant all this fuss.
    It isn't. That's why this whole argument is completely unwarranted. (rimshot)

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 26 Oct 2015 @ 12:01pm

    Re: Why are they trying so hard?

    Legally accessible isn't enough to them anymore. They want all of it, whenever. This is two entirely different things.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 26 Oct 2015 @ 12:08pm

    Re: The power of One

    It all started with just one company claiming it only licensed its software/hardware, now everyone is doing it.

    I'm afraid the government may have a case here on that one point.

    link to this | view in thread ]

  39. icon
    John Fenderson (profile), 26 Oct 2015 @ 12:44pm

    Re: Craaaaazy thought here

    I had the exact same thought. But that's not what will happen. If presented with a choice between giving up their precious licensing model and throwing all of their customers under the bus, major software companies will throw everyone under the bus every time.

    link to this | view in thread ]

  40. icon
    John Fenderson (profile), 26 Oct 2015 @ 12:47pm

    Re: Re: Re: Craaaaazy thought here

    That's because we're conflating two thing here. "Open source" says little about what the licensing arrangement is. It only means that the source is available for exmination and modification.

    "Free software" (as in speech, not beer) says a lot about the licensing arrangement, but doesn't say much about the open source status.

    Most people think of the two as analogous, since most open source software is also free software. But it doesn't have to be, and in many proprietary platforms it isn't.

    link to this | view in thread ]

  41. icon
    John Fenderson (profile), 26 Oct 2015 @ 12:50pm

    Re: Re:

    Violynne overstates the point, but underneath that he does make a valid one.

    "That's not entirely true, at least on iOS 9. You _can_ have a copy of your credentials sync'd with iCloud, but you can choose not to."

    So Apple claims, but unless you can verify this first-hand (and I don't see how that's possible), you have to take their word for it. In the security world, if you have to take someone's word for it, then the security model is broken.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 26 Oct 2015 @ 1:30pm

    Re:

    "Every time this case comes up, Techdirt makes sure to point out how old the All Writs Order is, that it dates back to 1789, the clear implication being that it's ridiculously outdated."

    The implication is in your mind.

    link to this | view in thread ]

  43. icon
    Geno0wl (profile), 26 Oct 2015 @ 1:58pm

    I actually kinda agree with the government's arguement here

    I mean how can Apple, or any company, make the claim they "own the software" and we are "only licensing" it?
    I mean it flat out says that in the EULA right?
    So then they want to turn around and claim no responsibility and they can't do anything because the user "owns the device wholly"?
    Sounds like they want their cake and eat it too.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 26 Oct 2015 @ 2:11pm

    Re: I actually kinda agree with the government's arguement here

    Apple owns the software, but the software is only a part of the issue. If I own a safe, but all the keys to it are lost, then it is as difficult for me to get into it as for the government or for any thief. As the owner, I would have an implicit right to damage it in the course of entering it. If the government secured the right kind of warrant, they would have an explicit right to damage it in the course of entering it -- but that does not make it easier for them to enter, or for me to assist them in entering. It only makes it lawful for them to use destructive methods of entry. In this case, they are claiming that the owner of the software should provide them easy access on the theory that the owner can get in more readily than a government investigator.

    A manufacturer of safes might well have tools that could let them into my safe in a less destructive manner than I would resort to, but that does not mean the manufacturer should be required to maintain such tools or to make them available just because the government would find that to be more convenient than a crowbar.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 26 Oct 2015 @ 2:22pm

    [clearly the] DOJ [needs to] Claim [china Should Be Forced To collect and Decrypt [all paper and derivatives there of documents Because [clearly china owns the world IP on that device], Not Customers, 'Own'[paper]

    link to this | view in thread ]

  46. icon
    John Fenderson (profile), 26 Oct 2015 @ 2:38pm

    Re: Re: I actually kinda agree with the government's arguement here

    "A manufacturer of safes might well have tools that could let them into my safe"

    This is an interesting analogy.

    First, the manufacturer of a safe does not have copies of keys or combos that would allow them entry, and there is no "backdoor" -- that is, no master key or combo.

    Second, safe manufacturers will help you open a safe you own if you lose the key/combo -- but they will do so using the same methods that safe-crackers use. The advantage (and it's not a small advantage) that the manufacturer has is that they intimately know how the thing is built, so they know the right spot to drill, for example.

    In the end, a safe manufacturer does not have any ability to open their safe beyond what a skilled and knowledgeable safe cracker has. I find it interesting that the DOJ is demanding more concessions from the like of Apple than they demand from safe manufacturers.

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 26 Oct 2015 @ 3:02pm

    Re: Re: Re:

    > ... unless you can verify this first-hand (and I don't see how that's possible) ...

    > You can easily run a iOS in a sandbox and do traffic analysis to figure out what it is sending - we did this just last week.

    Careful reading can lead to answers.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 26 Oct 2015 @ 3:13pm

    Re:

    [You] are trying to hard to [make a joke].

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 26 Oct 2015 @ 3:31pm

    Re: Re: Re: Re:

    How did you decrypt the encrypted traffic originated within the OS? All such analysis can say is that passwords were not visibly transmitted to apple.

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 26 Oct 2015 @ 3:34pm

    Re: The power of One

    Besides they say it's just one phone but if they get one phone they then make the assumption that "past successes should be indicative of future results".
    Give them a finger, and they'll take the whole hand.

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 26 Oct 2015 @ 3:40pm

    While Apple might own the iOS, does it own my personal data when used by the operating system?

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 26 Oct 2015 @ 4:36pm

    Destroy the EULA

    Apple needs to lose this case,and appeal the validity of the EULA. Put forward a very weak argument for the EULA, and then find the EULA invalid. Tell Justice: our EULA is invalid, we don't license the software, the end-user owns it.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 26 Oct 2015 @ 4:41pm

    Re: Destroy the EULA

    Well, as long as you are destroying the EULA, try this:

    1. Software should be subject to the first sale doctrine. Once it's sold, it's yours to do whatever you want. If you brick it, flash it, whatever, it's yours. It shouldn't matter if it's software, hardware, or firmware. I should be able to disassemble, reverse engineer it, or whatever strikes my fancy.

    2. If you want to continue using the software *and* get support or new versions, you have to pay. Jut like buying a book, you don't get the 2nd printing for free.

    3. If you use copyrighted code in your reverse-engineered competitive product, the company *might* have a copyright claim against you, but not a license violation. It would be hard to prove, since the competitor won't have seen the source code.

    4. If you modify the code and get paid apps for free in iOs or Google, that's a theft issue.

    Set software free from EULAs.

    link to this | view in thread ]

  54. icon
    Walid Damouny (profile), 26 Oct 2015 @ 4:44pm

    Re: The power of One

    How can the unlocking of one phone -- no matter how many man hours might go towards testimony and cross-examination -- even begin to make a dent in this pile of money?


    Imagine if someone made the same argument when walking out of a store without paying for off the shelf items, or not paying medical fees to a hospital.

    How can the cost of a cereal box make a dent on a supermarket's pile of money.

    How can the cost of cancer treatment make a dent on a hospital's pile of money.

    How come only the FBI gets away with making such a claim.

    link to this | view in thread ]

  55. icon
    Walid Damouny (profile), 26 Oct 2015 @ 5:00pm

    Conflation

    So the FBI is conflating what software copyright means and what tool usage is. If I encrypt something with software created by somebody else it won't be possible for the software creator to decrypt my data.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 26 Oct 2015 @ 5:00pm

    Re: Re: Craaaaazy thought here

    I'd say "so pit the RIAA against the FBI" but they'd just use their lobbying arm to carve out a very specific exemption.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 26 Oct 2015 @ 5:03pm

    Re:

    >The DoJ is right. I've yet to find any of the "Big 3" software OS companies not keeping a copy of the key for themselves. Apple, Google, and Microsoft all make copies of these keys and stores them on their servers.

    Google and Microsoft, yes -- Apple, no. Every time I upgrade my OS, I'm prompted to "upload my keychain to iCloud" -- every time I choose not to.

    Apple has a copy of my developer key and the hashed value associated with my AppleID, and that's it. The rest I store elsewhere.

    link to this | view in thread ]

  58. icon
    TechDescartes (profile), 26 Oct 2015 @ 5:07pm

    Target Phone

    After the 2013 credit card breach, you’d think Feng would have been smart enough not to buy a Target Phone in the first place.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 26 Oct 2015 @ 5:11pm

    Re: Re: Re: Re: Re:

    At some level, you need to trust, but you can verify the data access chain such that only approved running processes read the encrypted password, and those processes do not directly communicate with Apple's servers. Now it's possible that they could be loading it into memory in a way that another process could grab and send to Apple -- but that's a lot of work for a key that's pretty large. I can see ways that Apple *could* do it, but every way I think of would provide them 0 benefit and significant development/testing/QA cost. I see malicious software attempting to do this kind of thing all the time, and the common theme is that their QA sucks. The technique always gives itself away eventually, and usually breaks something else through whatever nefarious means are used.

    This is not a game Apple would want to play, when they can make money hand over fist by NOT doing it.

    The only alternate argument I can think of is that this is all security theater, and the US government has required that ALL major US companies provide them with back doors for years. This would be the coverup. But due to the fallibility of people and the fact that this has never been caught out on the people side of things, it probably hasn't happened.

    link to this | view in thread ]

  60. icon
    bugmenot (profile), 26 Oct 2015 @ 6:53pm

    Government

    This is why i loathe Government and Law Enforcement

    link to this | view in thread ]

  61. icon
    CanadianByChoice (profile), 27 Oct 2015 @ 12:59am

    Wouldn't getting the manufacturer to unlock a device to prevent 5th ammendment problems be sorta like when a home owner won't grant permission for a warrentless search, they go get a locksmith to open the house door and invite them in?

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 27 Oct 2015 @ 2:41am

    Re:

    It would be like getting a locksmith *from the company that built the house*.

    EULA and DMCA biting Apple right back in the ass? Color me uninterested. The government will do whatever it wants to anyway, after all they're the ones in power.

    link to this | view in thread ]

  63. identicon
    Wendy Cockcroft, 27 Oct 2015 @ 5:29am

    Re: Re: The power of One

    NOW can we stop ascribing property rights to patents and software? Pretty please?

    link to this | view in thread ]

  64. identicon
    Wendy Cockcroft, 27 Oct 2015 @ 5:32am

    Re: Re: Destroy the EULA

    Ban copyrighting code. End of problem. Anything that allows anyone to own a thing you bought after you've paid for it as a sale, not an explicit licence or rental, is going to allow these kinds of shenanigans. Shut. It. Down.

    link to this | view in thread ]

  65. icon
    Walid Damouny (profile), 27 Oct 2015 @ 6:47am

    No, but the FBI is pretending that it does and doesn't want to acknowledge anything otherwise.

    link to this | view in thread ]

  66. identicon
    Anonymous Coward, 27 Oct 2015 @ 7:13am

    Re: I actually kinda agree with the government's arguement here

    The infrastructure that telecoms use to service pen-registers, is built for the convenience of the telecom, by the telecom. They service the request for information. The tap itself is not the result of the subpoena, only the resulting information is.

    The DOJ is presuming authority to compel Apple to engineer a product specifically to gather data that Apple doesn't doesn't want, and doesn't have. The difference is that the technology for the tap is not derived from the evolution of being a "witness", but is instead a compulsory demand for engineering services.

    The DOJ would correspondingly have to find jurisdiction for that that demand somewhere else, like the commercial code or some sort of selective service act. And last time I checked, the army doesn't draft people just because somebody at the DOJ learned BASIC.

    In a nutshell the DOJ is presuming they can nationalize Apple. And frankly this smells of a game of "screw thy competitor". So there needs to be some investigation into their motive. My guess is you'll find somebody who has been promised a board seat in Redmond.

    link to this | view in thread ]

  67. identicon
    E. Nigma, 27 Oct 2015 @ 8:35am

    i Has a Bucket

    So, if Bob made an iBucket and allowed me to use it under his terms (none of which make claims to any of the objects I place inside) and I fill my iBucket with water is it not still my water even if someone takes the bucket away?

    Hence, even if Apple did gain access to the device for the DoJ are they not invading the person's privacy in some sense?

    Taking this a step further: What if he has intellectual property on the phone that he owns the copyright to and does not want it released as of yet. Would he still be forced to unlock the device and risk his IP being stolen/seen?

    I think too much maybe.

    link to this | view in thread ]

  68. icon
    pouar (profile), 27 Oct 2015 @ 8:37am

    Actually Apple does own it. They shouldn't, but they do.

    link to this | view in thread ]

  69. icon
    Bergman (profile), 28 Oct 2015 @ 7:38am

    Re: Re: Re: The power of One

    Conveniently 'forgetting' to mention that as soon as they use one or two of the two they're allowed to use, they'll build another and 'forget' that they already used any.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.