No, A Judge Did Not Just Order Apple To Break Encryption On San Bernardino Shooter's iPhone, But To Create A New Backdoor
from the slightly-different... dept
So... have you heard the story about how a magistrate judge in California has ordered Apple to help the FBI disable encryption on the iPhone of one of the San Bernardino shooters? You may have because it's showing up everywhere. Here's NBC News reporting on it:A federal judge on Tuesday ordered Apple to give investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters, assistance the computer giant "declined to provide voluntarily," according to court papers.And you'd be forgiven for believing that the court has now ordered Apple to do the impossible. After all, for well over a year, the DOJ has been arguing that the All Writs Act of 1789 can be used to force Apple to help unlock encrypted phones. And that's an argument it has continued to make in multiple cases.
In a 40-page filing, the U.S. Attorney's Office in Los Angeles argued that it needed Apple to help it find the password and access "relevant, critical … data" on the locked cellphone of Syed Farook, who with his wife Tashfeen Malik murdered 14 people in San Bernardino, California on December 2.
Many people are now mocking this ruling, pointing out that with end-to-end encryption it's actually impossible for Apple to do very much to help the FBI, which makes the order seem ridiculous. But that's because much of the reporting on this story appears to be wrong. Ellen Nakashima, at the Washington Post, has a more detailed report that notes that Apple is actually required to do something a little different:
The order does not ask Apple to break the phone’s encryption, but rather to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password. That way, the government can try to crack the password using “brute force” — attempting tens of millions of combinations without risking the deletion of the data.In other words, the order does not tell Apple to crack the encryption when Apple does not have the key. Rather, it is asking Apple to turn off a specific feature so that the FBI can try to brute force the key — and we can still argue over whether or not it's appropriate to force Apple to disable a key feature that is designed to protect someone's privacy. It also raises questions about whether or not Apple can just turn off that feature or if it will have to do development work to obey the court's order. In fact, the same report notes that there is no way for Apple to actually do this:
The order, signed by a magistrate judge in Los Angeles, comes a week after FBI Director James B. Comey told Congress that the bureau has not been able to open one of the killers’ phones. “It has been two months now, and we are still working on it,” he said.
According to industry officials, Apple cannot unilaterally dismantle or override the 10-tries-and-wipe feature. Only the user or person who controls the phone’s settings can do so. The company could theoretically write new software to bypass the feature, but likely would see that as a “backdoor” or a weakening of device security and would resist it, said the officials, who spoke on the condition of anonymity to discuss a sensitive matter.So you could argue that this is effectively the same thing as asking Apple to break the encryption, since it (apparently) has no direct access to turning off that feature. However, the specifics do matter -- and most of the kneejerk responses to the order (and the reporting on it) are suggesting something very different than what the court order seems to say.
I think it's still perfectly reasonable to argue that this order is highly problematic, and not legally sound. However, it is still quite different than what most are claiming. It also seems like something that could be quite dangerous. Apple is being pressured to write code that undermines an important security feature, and will probably have little time to debug or test it overall, meaning that this feature it is being ordered to build will almost certainly put more users at risk.
Update: Okay, we've got the full order and it is, indeed, troubling. Here's the key part:
Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.The order also sets out that:
Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.
If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order.I would imagine that Apple will be taking the court up on that...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: all writs act, backdoor, break encryption, encryption, fbi, going dark, privacy, san bernardino attacks, sheri pym
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
TL;DR
[ link to this | view in chronology ]
Re: TL;DR
[ link to this | view in chronology ]
Re: TL;DR
[ link to this | view in chronology ]
Re: TL;DR
[ link to this | view in chronology ]
Re: TL;DR
...it must be nice to be so damned important that you don't have time to read an article about something as important, and as troubling as this.
Are you actually that important, or are you actually just lazy?
You're going to have to be a bit less lethargic if you hope to make a go of it in the world of stand-up... Especially with jokes like that one.
[ link to this | view in chronology ]
Re: Re: TL;DR
[ link to this | view in chronology ]
Re: Re: TL;DR
Paragraph 4; page3; line3 says Apple can retrieve the data in anyway they want. The FBI only needs the data so they will concur with any technology Apple wishes to use. The court goes on to say Apple doesn't have to give the FBI any of the technology used to get the data.
I am wondering why Tim Cook threw such a hissy-fit in a blog.
[ link to this | view in chronology ]
or maybe it's more calculated than it appears...
And she may well even understand the implications of asking Apple to undermine its own encryption. But the best way to get that in the record is to give Apple a chance to fully explain why it is a bad idea, or impossible. Notice and opportunity to be heard.
And Apple is not likely to say "Yeah, we can write this backdoor brute-force buddy software" because that would mean that someone else could write that software, which would mean that Apple's encryption now has a known point of potential compromise. So Apple will say it can't write that software. And then the US Attys will hopefully shut up about it already.
(It's not easy to become a federal magistrate ...)
[ link to this | view in chronology ]
Re: or maybe it's more calculated than it appears...
This isn't entirely true: as noted in the order, any OS-level software to be run on an iPhone needs to be signed by a cryptographic key held only by Apple unless it exploits a vulnerability in the phone's existing software to install itself (i.e. jailbreaking). It is therefore much easier for Apple to provide this kind of modified software than for a third party. The signature requirement also means that if, as requested in the order, Apple makes the putative custom OS image check the device ID of its host to ensure that it's running on the target device, that check will have teeth because if it's edited out the signature will no longer be valid.
Also, the modified software wouldn't actually weaken the disk encryption scheme itself. It would make it easier to attack weaknesses in the user's choice of key on this particular device, but if the user chose a decent password a brute-force search would still take prohibitively long.
Of course, that doesn't really change the likelihood of Apple complying with this order without a fight. It just affects your reasoning as to their motivations.
[ link to this | view in chronology ]
Re: Re: or maybe it's more calculated than it appears...
The delete key routing is also implemented in hardware so this may not be bypassed either
The other difficulty is the OS would need to be decrypted, loaded, to be patched.
The users on this board saying the phone can be cloned is untrue as the key and uuid are held in the secure enclave in the processor itself, cloning the storage would not be a means to get infinite 10 guesses as the key would not be present to test against.
This is technically impossible for Apple to achieve.
The courts just dont like that.
[ link to this | view in chronology ]
Re: Re: Re: or maybe it's more calculated than it appears...
So with proper equipment it can be done. Expensive and slow. Just the things to keep this being a rarely used option.
[ link to this | view in chronology ]
Re: Re: Re: Re: or maybe it's more calculated than it appears...
Note that the order requires that the new software run in ram, and does NOT alter any of the ROMs on the system. So it looks like the FBI want software that can be used for fishing expeditions in the future, or hope to find evidence to incriminate other people on the phone, otherwise the restriction would not be required as there is no court case to be brought against the deceased owner of the phone.
[ link to this | view in chronology ]
Re: Re: Re: or maybe it's more calculated than it appears...
My understanding is that the phone in question is an old model that doesn't implement the "secure enclave".
But if the data can be extracted then it's just stupid to do the decryption in the phone.
[ link to this | view in chronology ]
Re: Re: Re: Re: or maybe it's more calculated than it appears...
They can't do the decryption outside of the phone.
[ link to this | view in chronology ]
Re: Re: or maybe it's more calculated than it appears...
The FBI appears to believe that a brute force method will work, and I know no reason to disbelieve them. Most people don't, after all, use "decent" passwords. And my understanding is that the allowed password isn't very long. The encryption key is, I understand, from a hash with the device id, but if the latter is known that doesn't increase the number of necessary tries.
[ link to this | view in chronology ]
Re: or maybe it's more calculated than it appears...
[ link to this | view in chronology ]
Re: Re: or maybe it's more calculated than it appears...
Is it easy to become one of those things?
[ link to this | view in chronology ]
Re: Re: or maybe it's more calculated than it appears...
[ link to this | view in chronology ]
Re: or maybe it's more calculated than it appears...
This order is deeply troubling. Getting *any* order overturned is very difficult. Make no mistake - this is not an invitation for Apple to defend itself and win on appeal - it is simply a blunt ruling in the favor of the FBI. And five days for a response is an *insane* timeline.
Your analogy is like saying that a referee making a call that awards points to your opponent minutes before the end of the game is simply an invitation to play harder. It's bullshit.
[ link to this | view in chronology ]
Re: Re: or maybe it's more calculated than it appears...
Obviously the order is troubling, and I agree that five business days to oppose is prohibitively short. But then, perhaps it doesn't take much to show that coding new software for one case is unduly burdensome.
I was going from the basic premise that I have never been before a magistrate who was truly an idiot (which I cannot say about Article III judges), so perhaps there was some calculation behind the otherwise frightening order. (AKA, trying to find reason and order amid the chaos.)
[ link to this | view in chronology ]
Re: or maybe it's more calculated than it appears...
Apple has their own technology and is pivotal to their features like ApplePay, etc. Now, if Apple builds this back door to turn off the security feature....don't you think Hackers will find it pretty quickly and be able to do the same. This will damage Apple's reputation and their business......so yes, they should speak up when the Government makes demands on them.
[ link to this | view in chronology ]
Re: Re: or maybe it's more calculated than it appears...
No, only Apple can do this, because it relies on signing keys that nobody else knows.
[ link to this | view in chronology ]
Re: or maybe it's more calculated than it appears...
Following the Magistrates Act, a name change occurred, where the Park Commissioner whose duties were for the administrative adjudication of civil issues occurring within the jurisdiction of the "National Park", now donned a black robe, to act as an administrative officer for the geographical jurisdiction outside the Federal Park to include the arena of the Federal District Court.
No, becoming a Federal Magistrate is not difficult, for it is first a political appointment.
Secondly, the statutory duties have not changed, for the Park Commissioner who now sits as the Magistrate, is still an administrative officer whose actions are overseen by a a Presiding Politically appointed Federal District Court Judge.
When the Federal Magistrate sat as the Park Commissioner, its decisions were then reviewed by the sitting Federal District Court Judge.
The Park Commissioner, who now sits as a "Federal Magistrate", is required to submit their decisions to be reviewed by the sitting Federal District Court Judge.
One point, is since 1968, the Park Commissioner, now known as a "Federal Magistrate" may be required to be a registered "BAR" Attorney listed on a State Registry compiled by a respective State's high Court.
[ link to this | view in chronology ]
Re: Re: or maybe it's more calculated than it appears...
[ link to this | view in chronology ]
Possible?
[ link to this | view in chronology ]
Re: Possible?
[ link to this | view in chronology ]
Re: Possible?
[ link to this | view in chronology ]
Re: Possible?
[ link to this | view in chronology ]
Re: Re: Possible?
[ link to this | view in chronology ]
Re: Possible?
[ link to this | view in chronology ]
Re: Possible?
[ link to this | view in chronology ]
Apple doesn't follow court orders
See the part "However, the court did ORDER that Mr. Rassbach is the owner of the iPad with serial number F5RKXNH1DFHW and that he is entitled to all incidents of such ownership"
The device was called "lost" by the person it was seized from in a Writ of Replevin and it is locked and otherwise unusable.
It is in Apple's best interest economic interest to keep devices locked so they can attempt to sell a replacement.
[ link to this | view in chronology ]
Re: Apple doesn't follow court orders
Whether or not Apple is invested in avoiding this for economic reasons, in your example they were not ordered to do anything except recognize that Rassbach was the owner of the device. From there, it's up to their own terms and conditions whether or not they have to help him unlock it.
[ link to this | view in chronology ]
Re: Apple doesn't follow court orders
[ link to this | view in chronology ]
Send the phone to NSA
Have 'em also pop the top of the chip and directly probe the memory section with the key.
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
User types in PIN code -> iOS runs 50,000 PBKDF2 key derivation rounds (number of rounds is a guess). This key is then used to decrypt the file system.
Without the PIN, there is nothing to find.
[ link to this | view in chronology ]
Re: Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
I just don't get why they think they have to brute force the passcode.....
Surely they can't be that dumb....
[ link to this | view in chronology ]
Re: Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Re: Send the phone to NSA
[ link to this | view in chronology ]
Now Apple being compelled to help may be a different story and I'm not sure where I stand there. To what extent can the government reasonably compel a private party to provide services they don't wish to provide?
and I don't really see what's the big deal. Isn't the encrypted data stored on some sort of flash memory? Can't the encrypted data just be directly extracted and copied from its storage medium without going through the rest of the device and then be placed on a very fast computer that contains the decryption and verification algorithm minus the delete portion of said algorithm? The computer can then proceed brute force the password at a very fast rate. If apple is claiming this can't be done I call lies.
[ link to this | view in chronology ]
First off, Apple's security scheme assumed that only Apple would have the signing keys to modify the software running on the device, so attackers would not be able to remove the 10 try lockout limit. The court is attempting to force Apple to *perform the attack themselves*. So no, this is not an 'existing vulnerability' per se. It is outside the assumptions made by their security model. Namely, the assumption that Apple themselves would not be trying to crack a particular user's encrypted device.
Second, the data can not be extracted without Apple's help. The iOS disk encryption scheme stores device specific keys to the flash memory somewhere on the motherboard. (it may now actually be on the CPU die at this point) This is so you can not put the memory chip from one iPhone into another and read it. This is in addition to any user-supplied password, and uses encryption that even the NSA can not break with all the computing power on earth (we think). So to get those keys, the device needs to be booted up, and have its software modified to report the keys. Again, modifying the software requires Apple to sign the update.
Just to sure up that last point, reading the keys directly from the chips using xrays/microwaves would involve destroying the chips and risk destroying the keys as well, making the data irrecoverable. So getting Apple's help is a reasonable approach from a technical standpoint.
[ link to this | view in chronology ]
Re:
The "wipe" 'feature' is not a re-setting of the 1's and 0's on the flash memory it is the "forgetting" of the encryption key.
If one can pop the top off the chip and not destroy the place where the key is kept, the key can be read via probes.
Good old fashioned police work should get most of the same data as reading the phone data.
[ link to this | view in chronology ]
Re: Re:
The PIN or whatever that the user enters is not directly used for the encryption. Instead, it gets combined with other device factors (e.g., hardware identifiers), then gets run through a key-lengthening algorithm (e.g., thousands of rounds of PBKDF2), to generate the actual encryption key. The result is that the only way to brute-force decrypt the data, lacking some of the inputs, is to try more encryption keys than there are atoms in the universe.
There could be a flaw in the encryption that makes this easier, of course, but that's now starting to pile up the mistakes that would be required in order to successfully decrypt the data.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Apple
[ link to this | view in chronology ]
Re: Re: Apple
~ People have a right to privacy, and access to technologies that would assure that (e.g. an impossible-to-break phone end-to-end encryption).
~ That said, I don't see a legal reason why the FBI shouldn't be allowed to try to crack open the phones of San Bernadino killers Syed Rizwan Farook and Tashfeen Malik. They're dead and they have no rights.
~ I don't think Apple can be forced to provide an extensive amount of service to the courts to try to crack the phone, through if it is kept secure by algorithm obscurity that is an encryption failing, and it means those phones will eventually be hacked.
Considering the way true encryption works, I can see the courts demanding that Apple de-obscure their phone's password security.
We have ways to turn a password, even short ones (Less than 64 characters) into ciphers that are expensive to crack, and so Apple has no excuse providing a form of encryption that is hobbled so as not to be.
[ link to this | view in chronology ]
Re:
This opens a precedence issue.
[ link to this | view in chronology ]
Re: Re:
Which is bad security. Standard, well tested, algorithms are better than in house built algorithms.
[ link to this | view in chronology ]
Re:
That's what I was wondering. Apple has nothing to do with this case, and they don't own the hardware in question. Why can the government compel them to help? If they decided I had skills that would be useful to them in an investigation, could they have a court order issued that forces me to help in an investigation whether I want to or not? This seems very wrong.
[ link to this | view in chronology ]
Re: Re:
They can compel you on the same grounds that they can draft any random guy into the military and send them to die in combat without consent. Any argument against the federal government being allowed to compel compliance that would stand up in court could also be used as an argument against the validity of conscription.
[ link to this | view in chronology ]
Re:
Screw The FBI: The Model Phone Manufacturers MUST Adopt
http://market-ticker.org/akcs-www?post=231126
So the FBI wants a custom firmware load that will allow:
Any number of password attempts. No "10 wrong and you're done" auto-wipe.
Any means of entering them. No "must key them on the screen."
This then means the FBI can attempt to "brute force" the password using a computer over the USB interface and, they demanded, any other means such as Wifi, cellular or Bluetooth!
The latter would mean that for the future they would not even have to physically posses the device. That's right -- they could hack it any time they wanted, from anywhere, at any time.
(snip rest)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
The government can't hack into it without losing the data. It's not vulnerable. They're trying to make Apple create a vulnerability.
This is an unprecedented request from the court.
[ link to this | view in chronology ]
Re: Re:
Apple can't create a vulnerability post-encryption. The only thing they can do at that point is exploit an existing backdoor or vulnerability.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
TL;DR FBI wants apple to make a OS with a built in backdoor.
[ link to this | view in chronology ]
Re: Apple's back door
[ link to this | view in chronology ]
Oops.
[ link to this | view in chronology ]
Re: Oops.
[ link to this | view in chronology ]
Simple
[ link to this | view in chronology ]
Skip the middleman
[ link to this | view in chronology ]
Re: Skip the middleman
[ link to this | view in chronology ]
Re: Re: Skip the middleman
[ link to this | view in chronology ]
Where's the NSA
I'd think the NSA and FBI have access to something meaty and mainframey that could have a brute-force go at an iOS7 iPhone, and then the whole 20-attempts-and-the-phone-bricks software is moot.
The encryption will be less moot, but that's the real roadblock here.
Also the jurisdiction of the court (is that the right term? IANAL) to turn to an agency (or a company) and say Here, use your big nutcracker to crack this nut.
[ link to this | view in chronology ]
Re: Where's the NSA
How would that be moot? If they start brute forcing it and it wipes itself after 10 tries, all their massively powerful computer will accomplish is to brick the phone faster.
[ link to this | view in chronology ]
They're not playing the ten-guesses game.
The FBI crack software assuredly doesn't give them only a limited number of attempts, and it assuredly doesn't wipe the data.
That's the point of a full phone encrypt. Similarly, Windows account password doesn't encrypt the drive, so when the police nick your desktop PC, they'll probably not even boot it, but analyze the (probably unencrypted) files of the drive.
[ link to this | view in chronology ]
Re: They're not playing the ten-guesses game.
The FBI crack software assuredly doesn't give them only a limited number of attempts, and it assuredly doesn't wipe the data.
I'm not sure what you're getting at. They cannot bypass the phone's security features without Apple's help, or they would just do that. They cannot offload the data and crack it outside the phone because the AES-256 encryption is not susceptible to brute force attacks in a useful amount of time with current technology. They must brute force the phone's access key (not the same as the AES encryption key), which requires the phone hardware. This means they need a way to disable the wipe-after-10 feature.
[ link to this | view in chronology ]
Re: Re: They're not playing the ten-guesses game.
If they can force Apple to bypass the access key and by that break (or bypass) the AES encryption, then that means the encryption is pretty much hobbled. There is a back door (or at least a thin back wall), and people who shouldn't have access to it do.
Apple shouldn't have an option here that will help the court. If Apple does have an option here, then that means people shouldn't be relying on that encryption in the first place. It's a false product.
If this is the case, say that the pin is used to generate one of a small number of AES keys, then the FBI can just have Apple hand over the algorithm, write their own code and attack the data.
[ link to this | view in chronology ]
Re: Re: Re: They're not playing the ten-guesses game.
That's not what they're asking for. They're asking Apple to disable the wipe feature so the FBI can brute force the access key without wiping the device.
[ link to this | view in chronology ]
Do you believe in magic, in a young girl's heart...
There's no reason the FBI is using the phone's operating system. Anything they could do within the phone's device-wiping framework they could do outside it.
[ link to this | view in chronology ]
Re: Do you believe in magic, in a young girl's heart...
That is incorrect. The key system of the phone is partly encoded in the phone's hardware. If they remove the data from the phone, they could no longer access it through the phone's security system, and would be left with brute forcing the encryption directly. This is not feasible.
[ link to this | view in chronology ]
Re: Re: Do you believe in magic, in a young girl's heart...
What kind of magic is this?
Please explain. You obviously know something I don't.
[ link to this | view in chronology ]
Re: Re: Re: Do you believe in magic, in a young girl's heart...
[ link to this | view in chronology ]
Re: Where's the NSA
[ link to this | view in chronology ]
Re: Re: Where's the NSA
Has there been a terrorist attack that was facilitated by encryption? Even one? Has any intelligence agency shown any evidence that any of their investigations have been hampered by encryption?
[ link to this | view in chronology ]
Re: Skip the middleman
[ link to this | view in chronology ]
So Much for Automatic Software Upgrades
[ link to this | view in chronology ]
Re: So Much for Automatic Software Upgrades
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
If apple did this correctly, the encryption chip is a separate component, that can not have its firmware changed. It can even still be in the same package as the CPU. By tightly defining the security element's inputs and outputs you can create an extremely hard to crack system, even if it can't receive firmware updates.
My fear is that the checks, including the counter for number of retries is handled by upgradable firmware. That would mean not only could apple crack any phone, but the next time a bootloader jailbreak is found everyone else could too.
[ link to this | view in chronology ]
Re: Digital Forensics
The decryption algorithm is locked in hardware so a copy of the data is useless
OR
The government doesn't want to let loose they CAN rip data anyways from locked/encrypted devices
OR
They can't actually rip data from the device in any meaningful way
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Once you get to iOS8, you need to enter the password to do anything. You can't update the phone plugging into the computer and using iTunes either without the phone being unlocked. Apple really tighten up security on the iPhone. Part of that reasoning was if someone steals your iPhone, they can't plug it into a PC and wipe it or anything. It's LOCKED UP and worthless at that point without the password. You're less likely to get mugged for your phone if people can't steal it, wipe and and sell it for a couple hundred. If it's locked up, it's almost worthless. Part it out I guess but it would be so very little to make it not worth mugging people over.
To get people to use the Security, Apple made it as simple as possible by adding TouchID and having it built into the home button. It's almost as fast to get onto a iPhone with security on as not using it at all. I use a 8 digit number of my iphone. Good luck trying to brute force that!
[ link to this | view in chronology ]
Free labor for the fbi now?
The judge showed what a fool he is. Another dinosaur making decisions that he has no understanding of.
[ link to this | view in chronology ]
Re: Free labor for the fbi now?
Apple may apply for relief. so your tax dollars will cover it.
The back-door probably already exists anyway, test tools usually include such things.
[ link to this | view in chronology ]
Re: Re: Free labor for the fbi now?
Likewise.
[ link to this | view in chronology ]
Re: Free labor for the fbi now?
[ link to this | view in chronology ]
Re: Free labor for the fbi now?
[ link to this | view in chronology ]
Second, the software that enforces that 10 swipe limit could also be disabled on a phone that clones the memory of the locked phone. So yes, it can always be disabled, if Apple so desires. It's just code, and it can be removed.
Third, love it or hate it, Apple likely does either have a back door or knows the most direct method by which to undo the encryption on their own phones. They created it, they will generally know the answer.
It is quite possible that there is no real way to easily unlock the phone except brute force. Apple may be able to look at the encoded results and perhaps determine a key length or something similar that could narrow the search, but likely they will have to use the same blunt tool the rest of us use, albeit with the advantage of not having to deal with the 10 and fail problem.
I suspect Apple already has a tool, but they aren't going to tell anyone about it.
Is this a good ruling? Well, it's not a terrible ruling. Love it or hate it, it is a very good indication that there are reasons that encryption does present certain drawbacks to law enforcement. This is an extreme case, but it does show the block, and shows that in exceptional cases, perhaps options are needed. I do understand that "options" means that hackers can do the same, but is the price worth the result to do otherwise?
[ link to this | view in chronology ]
Re:
First off, if they have the phone in theory they can clone all of the memory without wiping it. That would mean they could have an unlimited number of 10 times tries. So the limit doesn't really exist, it's just there to safeguard.
This is wrong. The encryption key is embedded in the hardware. Clone the memory and try it somewhere else and you're done.
Second, the software that enforces that 10 swipe limit could also be disabled on a phone that clones the memory of the locked phone. So yes, it can always be disabled, if Apple so desires. It's just code, and it can be removed.
Again, this is wrong. The key is in the hardware and cannot be cloned.
Third, love it or hate it, Apple likely does either have a back door or knows the most direct method by which to undo the encryption on their own phones. They created it, they will generally know the answer.
Apple has always claimed that they throw away the key. If this is NOT true that would be a HUGE discovery and would destroy a ton of trust in Apple.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
That's Mike being polite. Put Tim here and you'd read a giant "BULLSHIT". The general effect is the same but "bullshit" has dat impact ;D
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Apple's system in theory is all that, you are correct. However, much of it hinges on the question if Apple's system does generate truly unique codes that cannot be broken, read, or otherwise accessed. There is plenty of debate online to that question. There is also a question in regards to the repeatability of the process under which the UID is created. There is the potential that the UID could be gleaned or otherwise determined by repeated the process under which is was created (because random numbers are rarely truly random).
The two real security measures that have to be overcome is the 10 attempts pincode limit, and the 5 second delay per failed attempt (there to stop brute force attacks). If there is any way to determine the UID, the rest is a walk in the park. Taking the data out of the phone and putting it into another device with the same UID and no other security would turn this into a short project.
"Apple has always claimed that they throw away the key. If this is NOT true that would be a HUGE discovery and would destroy a ton of trust in Apple."
Actually, Apple is very careful in how they phrase this. As the secure area is created by others, the potential is that Apple doesn't have the method or retain the key, but others do. Plenty of chatter online in those areas as well. One would also have to wonder how Apple would deal with governments in places like China on this topic. There appears to be plenty of wiggle room here for Apple to have been telling the truth in concept but perhaps having outs it doesn't want to talk about.
I actually wonder why Apple would be fighting so hard if they can just simple show that it doesn't work, that they cannot do it, and brick the phone after a particularly bad attempt I think they are very concerned that the government already knows the real answer (that it is in fact possible) and Apple is trying very hard to stick by their "it's impossible" story.
[ link to this | view in chronology ]
Re: Re: Re:
"There appears to be plenty of wiggle room here for Apple to have been telling the truth in concept but perhaps having outs it doesn't want to talk about."
Zero wiggle room, all the legal babble and clever wording in the world won't change that fact that If they crack it once, then it's not secure, and no one will trust them again. Especially after they made a big deal about protecting users data.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
What's that phrase you can't stop using? Physician heal thyself?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
http://abovethelaw.com/2016/02/we-read-apples-65-page-filing-calling-bullst-on-the-justice -department-so-you-dont-have-to/?rf=1
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
The 5th amendment specifically states that you cannot be compelled to give testimony against yourself. IN ANY CASE.
Passwords and encryption phrases are "Products of the Mind" according the the 11th district Court of Federal Appeals. And thus testimony. If the federal government wants to work at entering the Safe, without the Combination, they are given permission to do so. What the FBI wants here is 2 things.
1. Simple access. No need to focus a lot of resources on this, just pop it into the faraday cage, plug in this app, and wallah, we have it all.
2. The precedent that such a App will not be rendered unusable in the future.
Why did this go to a Admin Law Judge? (Or Magistrate?) Because a Real judge would have thrown this out the door based on the 11th district court of appeals ruling.
Cops have a dirty, dangerous, difficult job. It is THEIR CHOICE. Want something easy? Be a burger flipper at McDonalds.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Since to do so would make them the bad guys next on the Chief terrorist makers hit list.
[ link to this | view in chronology ]
Re:
9/11 didn't change the Constitution, nor the bill of rights.
That means every patriot act like law, executive order, kangaroo courts setup post 9/11 are all acts of treason, punishable by death.
When do we start stepping on their necks and balls forcing the arrests that should have already happened?
There are how many millions of us, and only thousands of them, with the military 100% on our side as the honorable veterans swore to uphold the Constitution above all other laws or orders, we've got this in the bag.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
I don't think dead people have constitutional rights.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
But does the government really think he was using a government-issued phone to plan the attacks? If you were planning a terrorist attack, wouldn't a phone officially issued to you by the government, that your contract says is subject to search at any time, be the *last* thing you would want to use?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
They still need probable cause that a particular person was involved in order to conduct a search. They can't just say people died and then search whoever they want. In this case it doesn't matter because he's dead, but the fact that a crime was committed doesn't invalidate the requirement for a warrant.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
what error number will this get
[ link to this | view in chronology ]
This iPhone will self destruct in 5..4..3..2..1..
[ link to this | view in chronology ]
Re: This iPhone will self destruct in 5..4..3..2..1..
Uhhh, that's already IN the iPhone, and the FBI wants Apple to eliminate this feature to make future attempts to unlock phones easier.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Erasing the data after n failed password attempts sure doesn't hurt from a privacy standpoint, but that feature is not what is keeping your data secure.
Politically, this could be a huge deal, since our public policies regarding technology are mostly FUD-driven. Nobody with an IQ higher than room temperature would advocate undermining encryption, but there's a lot of empty bobble heads putting out a lot of sound bites lately.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
It is an essential security feature when the passcode is only 4 digits. Anyone could work their way through an average of 5000 tries, 10000 at most, in a weekend without that protection.
The FBI doesn't have any way of knowing if that feature is turned on for that phone, but they have to assume it is.
Apple can't help the FBI with this because they took the security implementation seriously, and also because helping to create a backdoor would significantly damage their brand.
[ link to this | view in chronology ]
Re: Re:
According to the writ application they filed in court, while they don't *know* whether it's currently turned on, it was turned on when the county issued him the phone, and it was on at the phone's last backup. So it's probably safe to assume that it's on.
[ link to this | view in chronology ]
Stupid Judge
Sorry there judge, but stupid is as stupid does.
[ link to this | view in chronology ]
Re: Stupid Judge
I would be quite impressed if any encryption scheme could pull that off.
[ link to this | view in chronology ]
Re: Re: Stupid Judge
[ link to this | view in chronology ]
Re: Re: Stupid Judge
https://en.wikipedia.org/wiki/BitLocker
There are lots of examples of encrypting the entire OS, they all rely on the similar method, a small boot program outside the OS either in BIOS or a separate partition that is used to decrypt the main drive where the main OS is stored.
[ link to this | view in chronology ]
Re: Re: Re: Stupid Judge
[ link to this | view in chronology ]
Re: Stupid Judge
[ link to this | view in chronology ]
Re: Re: Stupid Judge
[ link to this | view in chronology ]
Re: Re: Stupid Judge
That requirement makes using the DFU mode difficult to impossible to use, as it is likely a special mode to write to the flash memory.
[ link to this | view in chronology ]
Re: Stupid Judge
However, in order for this to happen Apple would need to sign the software so it can infect be installed.
So the brute force method is the best option and thus the demand for apple to sign and install a version that removes both the delay and the wipe feature.
Source: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
[ link to this | view in chronology ]
Infect
Best. Typo. Ever.
[ link to this | view in chronology ]
What will they find?
[ link to this | view in chronology ]
Re: What will they find?
[ link to this | view in chronology ]
"The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE"
This is reassuring. Also, I sure hope these maniacs used an insecure password, because i want the FBI to know as much as possible about these criminals without compromising everyone else's cell phone security in the process.
[ link to this | view in chronology ]
Re:
Except this *does* compromise everyone else. If the FBI can make Apple do it for this phone, it can make them do it for others as well.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
What Apple Gives, Apple Can Take Away
[ link to this | view in chronology ]
Re: What Apple Gives, Apple Can Take Away
[ link to this | view in chronology ]
Re: so that the firmware couldn't be updated until the phone was unlocked
[ link to this | view in chronology ]
Re: Re: so that the firmware couldn't be updated until the phone was unlocked
[ link to this | view in chronology ]
Re: Re: Re: so that the firmware couldn't be updated until the phone was unlocked
"Trusted computers can sync with your iOS device, create backups, and access your device's photos, videos, contacts, and other content. These computers remain trusted unless you change which computers you trust or erase your iOS device."
/var/db/lockdown or %ProgramData% contain a list of trusted devices.
Note: you can only trust a device when your device is unlocked, something the shooters probably did when backing up candy crush to iTunes.
[ link to this | view in chronology ]
Re: Re: What Apple Gives, Apple Can Take Away
So I think it could be possible for Apple to create a iOS7.5 with a good Security certificate. Where the the 10 password fail and wipe is disabled along with the slowing down entering the passcode that way brute force could then be used to unlock and get the Data at that point.
With iOS8 and newer, Apple closed up tight everything. You can't update without a passcode. You can't even just wipe the phone and start over. That's part of the security so that if someone mugs you and steals your phone, it's almost worthless and they'd get only a tiny fraction for it if anything then what they would have gotten before. So not even Apple and install some Modified version of iOS on a iPhone with iOS8 or newer. Security is a huge thing for Apple these days.
This whole error 53 thing is part of that. Replacing the touchID button with a 3rd party installer that doesn't match and then you end up with a phone that won't work.
[ link to this | view in chronology ]
Industry standard algorithms encrypt data with multiple layers so that anyone trying to brute force it must work through multiple layers to see if the guessed password is correct. It, by design, slows down the decryption process to help protect users with weaker passwords.
Link talks about password hashing, but the same general idea applies to disk encryption.
http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#3184 6
[ link to this | view in chronology ]
What are they looking for that
Besides the call logs and text messages stored at the cell carrier, what more are they really hoping to find?
What would they have done before we had cell phones?
[ link to this | view in chronology ]
Re: What are they looking for that
[ link to this | view in chronology ]
Re: What are they looking for that
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Apple is in for Contempt of Court
[ link to this | view in chronology ]
hoi, mike, Apple put out a statement...
-- Truncated important bits (Ie. TLDR)
1) US govt issued court order to break our own encryption (more of the court order itself) Let's have a discussion about encryption NOW.
2) Need for encryption, How everyone uses encryption and what breaking IOS would mean.
3) Apple is shocked and outraged by San Bernadino and has co-operated to the fullest extent of the law (Important bit there)
** Important bits here **
"Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone. Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation."
and a bit further on...
"The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable."
then goes on to describe the legality of using the All Writs Act for this purpose.
**Full article here**
http://abcnews.go.com/US/apple-opposes-judges-order-unlock-shooters-phone/story?id=36993038
[ link to this | view in chronology ]
If they get someone competent in there they can dump the storage on the phone and brute force it all they want. If the data is soooo valuable they can spend the money on the computing power to truly brute force it... But no, lets use this "opportunity" to set the legal president that companies have to defeat their on encryption on demand.
[ link to this | view in chronology ]
Re:
This is how these issues apply here, Apple takes your password (no matter how weak), encrypts it with 256 bit encryption found on a secure co-processor in your phone and uses that result to encrypt your data. Copying the data and using it on another phone or computer system is useless, your password can only be used on your phone due to the encryption key from the secure chip.
All the secure chip does is take one input (your password), run the 256 bit encryption on it, then output that result to the OS to decrypt your data. Neither the firmware, nor the OS can get the encryption key from the chip. It would be possible to write a new key to the chip, which is how it got there in the first place, but this would be useless, since combining it with your password would result in the wrong output to decrypt your data.
Obviously, humans are the weak link here, unless someone is really keen on information security, chances are they have a weak password. Apple has two methods to help reduce this vulnerability. First, 10 tries before they wipe some data needed to recover your data. Second, the encryption chip has a five second delay built into it. Which doesn't seem like much, but if you want to try a few million different combinations to brute force the password, that will seriously increase the time it takes.
In practical terms, it could still take decades or centuries to brute force a simple password, but Apple isn't going to just hand out a system vulnerability on the promise that Law Enforcement won't just give a patch to anyone who "really needs it". LE can't keep control of guns or drugs, much less a small easily copied piece of software.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If forcing Apple or another company to introduce a security vulnerability causes significant problems for the company and it's customers in the future, it's not their problem, they got what they were after.
[ link to this | view in chronology ]
Why this is an impossible request from the court
Within the secure enclave itself, you have the device's Unique ID (UID) . The only place this information is stored is within the secure enclave. It can't be queried or accessed from any other part of the device or OS. Within the phone's processor you also have the device's Group ID (GID). Both of these numbers combine to create 1/2 of the encryption key. These are numbers that are burned into the silicon, aren't accessible outside of the chips themselves, and aren't recorded anywhere once they are burned into the silicon. Apple doesn't keep records of these numbers. Since these two different pieces of hardware combine together to make 1/2 of the encryption key, you can't separate the secure enclave from it's paired processor.
The second half of the encryption key is generated using a random number generator chip. It creates entropy using the various sensors on the iPhone itself during boot (microphone, accelerometer, camera, etc.) This part of the key is stored within the Secure Enclave as well, where it resides and doesn't leave. This storage is tamper resistant and can't be accessed outside of the encryption system. Even if the UID and GID components of the encryption key are compromised on Apple's end, it still wouldn't be possible to decrypt an iPhone since that's only 1/2 of the key.
The secure enclave is part of an overall hardware based encryption system that completely encrypts all of the user storage. It will only decrypt content if provided with the unlock code. The unlock code itself is entangled with the device's UDID so that all attempts to decrypt the storage must be done on the device itself. You must have all 3 pieces present: The specific secure enclave, the specific processor of the iphone, and the flash memory that you are trying to decrypt. Basically, you can't pull the device apart to attack an individual piece of the encryption or get around parts of the encryption storage process. You can't run the decryption or brute forcing of the unlock code in an emulator. It requires that the actual hardware components are present and can only be done on the specific device itself.
The secure enclave also has hardware enforced time-delays and key-destruction. You can set the phone to wipe the encryption key (and all the data contained on the phone) after 10 failed attempts. If you have the data-wipe turned on, then the secure enclave will nuke the key that it stores after 10 failed attempts, effectively erasing all the data on the device. Whether the device-wipe feature is turned on or not, the secure enclave still has a hardware-enforced delay between attempts at entering the code: Attempts 1-4 have no delay, Attempt 5 has a delay of 1 minute. Attempt 6 has a delay of 5 minutes. Attempts 7 and 8 have a delay of 15 minutes. And attempts 9 or more have a delay of 1 hour. This delay is enforced by the secure enclave and can not be bypassed, even if you completely replace the operating system of the phone itself. If you have a 6-digit pin code, it will take, on average, nearly 6 years to brute-force the code. 4-digit pin will take almost a year. if you have an alpha-numeric password the amount of time required could extend beyond the heat-death of the universe. Key destruction is turned on by default.
Even if you pull the flash storage out of the device, image it, and attempt to get around key destruction that way it won't be successful. The key isn't stored in the flash itself, it's only stored within the secure enclave itself which you can't remove the storage from or image it.
Each boot, the secure enclave creates it's own temporary encryption key, based on it's own UID and random number generator with proper entropy, that it uses to store the full device encryption key in ram. Since the encryption key is also stored in ram encrypted, it can't simply be read out of the system memory by reading the RAM bus.
The only way I can possibly see to potentially unlock the phone without the unlock code is to use an electron microscope to read the encryption key from the secure enclave's own storage. This would take considerable time and expense (likely millions of dollars and several months) to accomplish. This also assumes that the secure enclave chip itself isn't built to be resistant to this kind of attack. The chip could be physically designed such that the very act of exposing the silicon to read it with an electron microscope could itself be destructive.
TLDR: Brute forcing the unlock code isn't at all possible through pretty much any means...reasonable or even unreasonable...maybe...JUST MAYBE...it's possible through absurdly unreasonable means.
[ link to this | view in chronology ]
Re: Why this is an impossible request from the court
[ link to this | view in chronology ]
Re: Why this is an impossible request from the court
[ link to this | view in chronology ]
Re: Why this is an impossible request from the court
[ link to this | view in chronology ]
Re: Why this is an impossible request from the court
This point, which I discuss in a post that will be going up soon... does make it clear that the request is impossible *for newer iPhones* but could still apply to older iPhones, including the one in this case.
What's not entirely clear is if there is still a key encoded in the hardware of the 5C which may effectively do the same thing. But that seems to be something that no one is quite sure of.
[ link to this | view in chronology ]
Re: Why this is an impossible request from the court
[ link to this | view in chronology ]
Re: Why this is an impossible request from the court
[ link to this | view in chronology ]
Re: Why this is an impossible request from the court
Granted - this was done on a microprocessor much smaller, and less capable - but maybe brute force is the answer. As is so often the case, insider attacks are easiest:)
[ link to this | view in chronology ]
Anyway, I wouldn't want to be one of those Apple programmers. One slip-up, one bug, one wrong library, and you face possible federal prosecution for triggering the self-erase function.
What would be hilarious is if they unlock the phone only to find third-party advanced RSA encryption on the phone without any private prime-number keys - the only location being inside the criminal's mind, memorised using mnemonics. Because after all that is the only way you can guarantee (for now) that nobody will ever crack your messages.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Which in this case would be a pretty serious issue for the FBI since the criminal is dead.
[ link to this | view in chronology ]
All iPhones are now in danger
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Hmmmmm
Apple should open this phone and any other similarly scummy murderers' phones as required. Murderers should have no secrets -- whether dead or alive. They should have no rights.
What's so hard to understand here?
[ link to this | view in chronology ]
Re: Hmmmmm
And "the full force" is not the same thing as an unstoppable force. Also, you're up against an immovable object by the looks of things.
From the post by Danny above, I highly doubt Apple will be able to do this faster than the FBI can.
[ link to this | view in chronology ]
Re: Hmmmmm
[ link to this | view in chronology ]
Re: Hmmmmm
Well, for me, it's what exactly you mean by "murderers should have no rights." Leaving the encryption thing aside momentarily, that statement by itself is either (a) poorly thought through, or (b) quite radical and monstrous.
Are you saying convicted murderers shouldn't have the rights that protect them from cruel and unusual punishment, for example? What about their ongoing right to due process, including their right to appeal their conviction? Or their right to access the parole process?
What about the right under the 14th Amendment to not be treated unequally based on race, sex or creed? Prisoners retain that right. Should they lose that, so we're free to punish murders more or less based on their race? Do they lose their right to medical care? Do disabled prisoner's lose their right to accessible prison facilities?
Debate the encryption aspect all you want - but "murderers should have no rights" is a barbaric starting point.
[ link to this | view in chronology ]
Re: Re: Hmmmmm
[ link to this | view in chronology ]
Re: Re: Re: Hmmmmm
That's part of it, but it's also about those justly arrested and convicted.
I mean look, I'm not overflowing with sympathy for murderers, and there are certain breeds of human monster that make me feel they deserve any horrors they must endure. But it isn't all about sympathy or what anyone "deserves" — it's about what our treatment of the guilty does to us. It's not healthy for a human being to be able to throw someone in a hole to suffer and die, to stand over a starving wretch and feel nothing, to hurl stones with glee and cheer when they draw blood. It's not healthy for a society to condone those things, or to ignore them. Perhaps one can personally believe that certain people deserve those treatments, because their actions have rendered their humanity forfeit — but there is no way to dish them out without sacrificing your own humanity to do so.
[ link to this | view in chronology ]
Re: Re: Re: Re: Hmmmmm
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Hmmmmm
[ link to this | view in chronology ]
Re: Re: Re: Re: Hmmmmm
[ link to this | view in chronology ]
Re: Hmmmmm
Doing so makes millions of other people's phones also insecure.
Murderers should have no secrets -- whether dead or alive. They should have no rights.
What about everybody else?
What's so hard to understand here?
Indeed.
[ link to this | view in chronology ]
Re: Re: Hmmmmm
[ link to this | view in chronology ]
Re: Re: Re: Hmmmmm
[ link to this | view in chronology ]
Re: Hmmmmm
They create fake terrorist plots, they break laws, ignore citizens rights and you want to trust them with this power?
[ link to this | view in chronology ]
Re: Hmmmmm
This is about giving someone the ability to hack every Iphone ever made. Once this exists the next step will be all phones ever made. Do you want it so that anyone in the world can download a program for 5 bucks that can hack your phone and post all your private photos, texts and notes online then sure lets give the FBI what they want.
If you are like me I don't want anyone to be able to do what they are asking.
Lets put it this way Senator uses an Iphone has pictures he took with a prostitute. Now that China paid an FBI agent 1 million dollars for the program China can Access his phone copy those pictures and black mail a senator.
Movie Star has an Iphone now some sleaze bag who paid 50 bucks online can copy all of his texts to his gay lover and post them online for the entire world to see.
[ link to this | view in chronology ]
Re: Hmmmmm
Sayith what court? Of public opinion?
They should have no rights
Before or after a court has made an adjudication?
What do you do with people who kill others who are from outside the jurisdiction, come into the jurisdiction and do the killing?
[ link to this | view in chronology ]
Re: Hmmmmm
[ link to this | view in chronology ]
Interstellar warp drive, cure for cancer, etc.
[ link to this | view in chronology ]
Apple's security implementation, from Apple itself
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
This is for iOS 9.0 or later, so I don't know if it applies to the phone in question.
But everything in this PDF shows that Danny's comment is correct (and Whatever's is wrong).
[ link to this | view in chronology ]
Why Bother?
[ link to this | view in chronology ]
The REAL questions we are dancing around
Apple could develop (at whose expense?) an OTA update that collects the password the next time the user unlocks the encryption.
But can Apple be compelled to develop this? Even if the government pays, it cannot pay Apple for the lost opportunity cost of diverting resources from developing new products. Money cannot make up for time-to-market.
In this situation, Apple could selectively deploy such an OTA update to a single target. But then this is just the camel's nose under the tent, or the foot in the door.
The real question we're dancing around by suggesting that Apple COULD defeat encryption by expending tremendous resources are really these:
Should Apple (and everyone else) be LEGALLY BARRED from building a secure product?
Even though there may be no such law in writing. The effect becomes just the same. If you can, through tremendous cost and effort, manage to defeat encryption, then you should be required to do so at the government's mere whim and slightest wish.
Other questions:
Can Apple (and anyone else) be COMPELLED to expend tremendous resources to break into a device? At whose expense? Will all of their expenses be compensated, including a lost market because Apple diverted resources away from product development? Is there some level of cost (exact dollar value please) at which Apple is no longer required to break into a device? What if Apple deliberately engineers a device to ensure that the cost to break in will exceed this threshold?
And finally a lesson for those concerned with privacy. Once your phone has been seized, they may not be able to unlock it, but once the bad guys return it to you, it may have been compromised with software such that your next successful unlock of the device will open it up for them to rummage through fishing for, or to manufacture evidence.
[ link to this | view in chronology ]
The DMCA
Seems like the FBI is asking Apple to assist in piracy...
[ link to this | view in chronology ]
Oh really? Then Tim Cook said this ^ why?
[ link to this | view in chronology ]
What could possibly be on this phone anyhow?!
what exactly could be on this phone this is not already known? Is it not true that in the first 24 hours law enforcement all communications to & from this device?
Seriously. What am I missing here? Will there be a to-do list or something? Something other than pictures of their kids or their last vacation?
[ link to this | view in chronology ]
Re: What could possibly be on this phone anyhow?!
[ link to this | view in chronology ]
Re: Re: What could possibly be on this phone anyhow?!
There could be. I have to wonder if the FBI has any reason at all to think that there actually is though.
[ link to this | view in chronology ]
SW dev
Resist.
[ link to this | view in chronology ]
Re: SW dev
[ link to this | view in chronology ]
"I'm a police state apologist."
You'll feel better once you admit it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
all writs
[ link to this | view in chronology ]
I love the security
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Bush's WMD and the Snowden Documents
https://www.youtube.com/watch?v=tHH7gvHXLzQ
Why are the "terrorists" driving slow with their Hazard Lights on??
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
US Government INEPT!
What is Apple supposed to do about it. Had the government had the encryption keys it needs would they still been able to stop the San Bernadino massacre. NO!
Government can go F***** themselves!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Doesn't the government have the tools to break this themselves?
[ link to this | view in chronology ]
Re: Doesn't the government have the tools to break this themselves?
[ link to this | view in chronology ]
There is no such fallacy that gets around what's going to happen.
I have had the same mobile phone since January 2002 – the battery lasts a week, and have recently been considering getting something new (Galaxy, iPhone etc) although I really don’t need the internet, or to read someone’s texts when I'm doing something else I'm sure is more imporatnt, but as I read this post, I was impressed with the ’10 fails it’s gone’ feature you’ve mentioned… I did not know that.
Nevertheless, getting software, hacks, and other little treasures from Apple to get around this, will definitely lead to more audacious requests because it sets precedent, and the FBI won’t really need anything after that – including physical warrants, to access any phone anytime. It also sets precedent in ‘forcing’ other manufacturers to ‘comply’ with the FBI’s ‘requests.
It is not a ‘slippery-slope’. The inevitable bench warrants to access phones for doing anything from watching a .tor to liking Met-Art to finding out why pressure cooker bombs were so popular to learning about the bridges of New York is going to be fair fodder for any request – by any agency… do you think that technology is going to stay locked up in FBI offices and they will be the only ones to use it.
I hope Apple can get around it, through some law that was written in the nineteenth century, and they do not comply with the order. It is a disaster waiting to happen.
[ link to this | view in chronology ]
Re: There is no such fallacy that gets around what's going to happen.
[ link to this | view in chronology ]
U.S. Backdoors Are a Great Marketing Tool
And I'm sure Apple wants to lose the BRIC market place. A great plan for growing a company.
[ link to this | view in chronology ]
why has Apple sent a letter stating a backdoor was requested?
[ link to this | view in chronology ]
Apple's Customer Letter
http://www.apple.com/customer-letter/
[ link to this | view in chronology ]
If you had a locker combo with 3 numbers, someone with a lot of time on their hands could break it, but that time constraint makes you comfortable that nobody will. But now imagine there exists a person who can test 1000 combos a second. To stop such a person, one reasonable option if you use locker combos would be to set a maximum number of tries per a day-- or a maximum number of tries period after which the contents of the locker are considered compromised and are destroyed.
Obviously apple already has a backdoor wherein they can update their OS and have it run on the same data. My guess is if someone was dedicated enough, they could probably exploit this at some great cost. Since the FBI likely lacks both the time and resources to accomplish this for such a relatively small concern of investigating this attack, they are making a move to have apple do the change since they already have the OS source code and would know how to go about making the change in a much cheaper, timely manner
[ link to this | view in chronology ]
VERY misleading headline (doesn't match article's updates)
With the updates you've added to the article, it now reads the OPPOSITE of what the headline actually says. I see what you're trying to say with the headline (that it's essentially worse than what the news media are reporting, or at best, semantics regarding methodology), but it's too long of a headline and most social media truncates it, so every time I post the article as a supportive follow-up, it looks like I'm correcting the info with an urban legends corrective instead of adding more detailed info and a link to the court order.
[ link to this | view in chronology ]
Oh-oh.
[ link to this | view in chronology ]
Involuntary servitude ???
Involuntary servitude or Involuntary slavery is a United States legal and constitutional term for a person laboring against that person's will to benefit another, under some form of coercion other than the worker's financial needs. While laboring to benefit another occurs also in the condition of slavery, involuntary servitude does not necessarily connote the complete lack of freedom experienced in chattel slavery; involuntary servitude may also refer to other forms of unfree labor. Involuntary servitude is not dependent upon compensation or its amount.
[ link to this | view in chronology ]
Re: Involuntary servitude ???
But another interesting thing here is that Apple actually claims to *own* the specific copy of the software on each of their phones. "This software is licensed, not sold". A small part of me wants to make that have a negative consequence for them, for once. You claim you don't sell this software? Then fine, it's yours; but if you retain ownership that means you can't just claim you have nothing to do with it anymore.
[ link to this | view in chronology ]
Re: Re: Involuntary servitude ???
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Apple Is Being Unreasonable.
[ link to this | view in chronology ]
Re: Apple Is Being Unreasonable.
This isn't exactly the first time the government has demanded Apple do something help them break encryption. And once the software is written the government will come back to them every single time it wants them to unlock a phone. You can't treat something as a 1-time request unless it only happens 1 time.
[ link to this | view in chronology ]
Re: Apple Is Being Unreasonable.
The time to respond to the order hasn't even expired yet.
[ link to this | view in chronology ]
Re: Re: Apple Is Being Unreasonable.
[ link to this | view in chronology ]
Re: Re: Re: Apple Is Being Unreasonable.
That's what I meant.
[ link to this | view in chronology ]
Re: Apple Is Being Unreasonable.
[ link to this | view in chronology ]
iPhone sales
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Companies are people too
[ link to this | view in chronology ]
What has happened to this thread?
It'd be nice to read some 'on point' comments again. Sorry, that's just my opinion...
Cheers m8s... :)
[ link to this | view in chronology ]
Apple's response
[ link to this | view in chronology ]
Apple is insulting my intelligence, it cares more for the safety of my private than the safety of my life ?
Apple's decision to protect their customers' privacy had also provided unbreakable protection to those ISIS organizations to be able to continue their operations of terrorism without exposures to US law enforcement system
It's easy for Apple to reject court's request base on a righteous business principal.
I want to ask Apple:
Why Apple want to separate its business interest from its community interest ? Business is unbreakable from community, how do you separate these 2 ?!
What about Apple people's citizen awareness for the public safety, the homeland security and the well being of humanity in general ?
I look at my iPhone and I am very sad for all the money that I paid to its maker.
They don't care about my true concern of life safety, they care more about promoting their unbreakable business image in the name of customer privacy.
[ link to this | view in chronology ]
Re:
This article may put things in a different perspective: https://www.techdirt.com/articles/20160206/06570933540/senator-john-mccain-weighs-going-dark-debate- insists-that-he-understands-cryptography-better-than-cryptographers.shtml
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Apple could give the government a hardware solution.
[ link to this | view in chronology ]
Re: Apple could give the government a hardware solution.
And just how long do you think it would be before such a device was installed in every cop car?
[ link to this | view in chronology ]
NSA
I'd argue its VERY likely this phone was cracked by the NSA, probably weeks ago. But there are other reasons this is happening:
1) If there is incriminating evidence against somebody alive, the FBI will want an alternative chain of custody so NSA agents arent appearing in court. Thats a huge thing- and it happens a lot. NSA passes tips to the FBI who go snooping into they find a plausible tact of investigation they COULD have found themselves, then just treat it like they DID find it themselves. Its legal and happens with lot of evidence that wasnt obtained legally or whos source they want to keep out of the limelight, sometimes the judge will send the prosecution back to go find a path that will pass muster.
2)This isnt about this case. The Feds have been strong-arming tech companies to provide them back doors for years (Google immediately rolled over like a whipped dog). I picture the conversation going "So Apple, what do you think the public will say when we tell them you arent cooperating in this terror investigation? This wouldnt even be an issue if you'd give us a tool to disable the multiple failed login bricking." This is another chess move about encryption.
[ link to this | view in chronology ]
Use the iforgot feature
[ link to this | view in chronology ]
Re: Use the iforgot feature
What is that word supposed to be? And is it really possible to reset the phone's passcode via email? I know it's not on Android because the phone PIN and Google account password are totally separate. This would be a major security oversight by Apple.
[ link to this | view in chronology ]
unlocking iphone
[ link to this | view in chronology ]
Re: unlocking iphone
It would be a security flaw to be able to reset the access code without wiping the phone, IMO anyway.
[ link to this | view in chronology ]
This is a non-issue, isn't it?
I believe these two things to be true (please tell me if these are wrong),
* An update must be signed by a secret key secured by Apple
* S/N in HW can be unspoofably interrogated in signed update
If the signed update says "if s/n equals bad-guy-phone open command pipe over wifi and bypass authentication-attempt delays", why does it matter whether the FBI (or anyone else) has it?
This order should change nothing in either legal precedent or user security, and may be performed with a modicum of low-complexity code.
What am I missing here?
-SM
[ link to this | view in chronology ]
Re: This is a non-issue, isn't it?
The next step, being able to order any company to install a modified operating system on any identified device, totally bypassing all protection given by code signing in proprietary software. The company could be required to do anything to help a government agency break into a device, such as installing a key-logger. Note they would not need physical access to the device, just a unique device identifier for the companies update servers to serve up the modified version of the operating system.
[ link to this | view in chronology ]
Re: Re: This is a non-issue, isn't it?
AC> The next step....
Thanks for replying.
Before we get to next steps, are my two technical assumptions (required key, unspooffable s/n), and the specific inference (the code to be provided in the order can only be used for the one device) correct?
-SM
[ link to this | view in chronology ]
Re: Re: Re: This is a non-issue, isn't it?
[ link to this | view in chronology ]
Re: Re: Re: Re: This is a non-issue, isn't it?
Why is it compromised? That update on your otherwise identical phone will not function, as the serial number check putatively included in the update will fail, won't it?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: This is a non-issue, isn't it?
If the FBI got hold of the update, perhaps they could change the code to work on your phone instead.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: This is a non-issue, isn't it?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
If your suggesting that Apple will weary of protecting its customers and open the flood gates, that is a different discussion. If you are suggesting that the Government will demand Apple covertly install a digital wiretap on a future target, that is also a different discussion.
I am disputing the notion that specific compliance with this order gives the Government a broader capability. Those who say that the Government can change the code appear not to understand code signing, but are numerous in the discussion.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
Also remember there are only two numbers of Interest, one and many, there is only one Earth, but many Iphones that could contain evidence. This would never remain a one time request but could rapidly become such a drain on Apples resources that they give the signed code to the FBI.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
Code signing is not a mere autograph, if it is not signed, it will not run on any Apple device requiring a valid key, correct? The code targets a single device, the signature enables it, the code cannot be modified and still function. Can you not concede this point?
Compromised keys are a separate discussion, and only Apple's problem. They lost this round. Build a better phone next time.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
The real problem is this could set the precedence that the Government can order any company to WRITE and install compromised code on any machine. Then they use terrorism as the reason for demanding that they are given signed code that they can install on any machine to aid an investigation.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
It seems likely Apple would make this one do so.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
I don't know a lot about iOS code, I was just trying to make the point that Apple would put something in this update that would make sure it could only run on this one device. Perhaps that is already understood and I didn't need to mention it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
I'm finding there is a pervasive lack of clarity on the mechanics of code signing and update distribution, so don't feel bad! =D
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
Apple claims that the Government's request is unprecedented. In opposing the order, it is Apple, not the Government, who seeks to make new law.
Apple lost this round when they tried and failed to build a device secure against themselves. It's embarrassing. Too bad. Build a more secure phone next time, boys.
Can you imagine a theory under which a safe manufacturer could refuse to help defeat a safe in the shooters' storage space? "But, then the Government will know how easy it is, and may ask more of us in the future!" The government already knows how easy it is, and yes they might ask more in the future. That's for a judge to decide then, and having opened this safe today won't affect it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: This is a non-issue, isn't it?
[ link to this | view in chronology ]
Move it along folks...
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
The court order which requires Apple to assist law enforcement to open the San Bernardino Terrorism Defendants' Apple IPhones and other devices is correct and will be affirmed and enforced. Apple is embarrassingly wrong in its idiotic argument that the order jeopardizes Apple customers' privacy.
Apple's argument against the court order assumes that allowing law enforcement access to the San Bernardino Defendant's Apple 'phone will allow computer hackers worldwide access to all other Apple 'phones.
That conclusion is based upon another assumption: that American state and federal law enforcement personnel cannot be trusted to maintain Apple's security outside the specific criminal investigation at hand.
Or, another assumption: that the Apple personnel involved in opening the Apple 'phone cannot be trusted to maintain Apple's security outside the specific task of cooperating with the government on this single case.
If Apple cannot trust its own employees, that is Apple's dilemma: not the American state or federal governments'. If Apple employees are not reliable, trustworthy and ethical, then Apple needs new employees.
If Apple does not trust California state law enforcement personnel in San Bernardino County or within the United States Government, then Apple needs to change its mind.
This entire debate is childish and silly. Apple must obey the court order. Surely Apple has the wherewithal to absolutely guarantee the integrity of the process of opening one telephone to comply with one subpoena.
It is idiotic to conclude that every Apple employee involved in opening this single 'phone is a thief and a pirate who would leak the password to the world and destroy Apple customers' privacy worldwide.
If that were true, then Apple's worldwide security is already in shambles and all customers' data are already exposed.
It is embarrassing to observe that everyone with an iPad or a Notebook, who can type, now proclaims himself an expert in law, mathematics, engineering, politics, worldwide business and government.
I have watched Tim Cook talk. Bless his heart. He has absolutely no knowledge of anything.
I have no doubt that Apple will be required to open the 'phone and any other device necessary to this law enforcement investigation.
But not until after every Silicon Valley Hippy has had the opportunity to give a Ted Talk on American Corporate Capitalism and President Dwight David Eisenhower's Military Industrial Complex.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
"That conclusion is based upon another assumption: that American state and federal law enforcement personnel cannot be trusted"
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
Please see the 5:15 a.m. CT (US) reply which I typed this morning for Nasch below.
I disagree with you.
I admit that I have not read all the Orders issued in this case, but I don't need to. I don't need to know the precise procedural path which this case has taken.
All I need to know is the Constitution.
The United States Constitution, Fourth Amendment, and the hundreds of thousands of cases construing it, supports the Order to Apple to disclose or provide the information necessary to open the IPhone, just as if it were a metal key to a door to the Defendant's apartment and the murder weapon were inside the apartment.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I have re-read your comment.
I note that you did not state disagreement with me, as such.
Therefore, I retract the sentence which I typed: "I disagree with you."
I don't disagree with you.
Instead, I offer the comment which I typed a few moments ago to further articulate what I typed yesterday.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
But, speaking strictly about this being a case of "one iPhone "-- pretty damn lame , when you stop and THINK about it not being the personal/private phone of the dead terrorist.
I sense that Apple will be garnering stronger support from those who understand both the nature of the demand and the inherent risks of complying.
Speaking for myself only-- I appreciate hearing from people who address the core issues with emphasis on technical knowledge with consideration for *unintended consequences* --
What does it mean to have the *wherewithal* to guarantee the integrity of a process? As you claim surely, Apple must have-- ? I think Apple customers would hope to see integrity expressed with regard to Apple's promise to its customers.
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I disagree.
The legal issue is very simple.
The courts have ordered Apple to open one 'phone.
The issue is whether Apple is legally justified in its refusal.
There is no legal or scientific justification for Apple's refusal.
Apple's IPhone contains evidence of multiple murders committed by a terrorist.
Apple must open the 'phone and disgorge the evidence.
There is nothing technologically esoteric about this at all.
It is no different from opening a milk can to find a pistol a murderer hid inside the milk can.
So put away your slide rule and your copy of Herrman Hesse's "Siddhartha."
They cannot help you now.
Have a Dovely.
Sincerely yours,
Caleb.
[ link to this | view in chronology ]
Re: Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
Firstly, it is the county's iPhone. I don't know if you meant to indicate Apple's ownership or just the origin of the phone. Secondly, how do you know what's on the phone?
It is no different from opening a milk can to find a pistol a murderer hid inside the milk can.
If that is true, why do they need Apple's help? Can't the FBI open a milk can?
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
But there is a legal process that will address what I can safely bet you will not be asked to decide.
"There is nothing technologically esoteric about this at all."
Oh, but there is-- to a breathtaking degree--.And, there is something very esoteric about your claiming to know what type of evidence is on this iPhone.
"It is no different from opening a milk can to find a pistol a murderer hid inside the milk can."
Really? --- you buy your milk in a can? Big enough to conceal a pistol?
Expect a knock on your door ;-)
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
KH> Oh, but there is-- to a breathtaking degree.
Could you please explain for us- in pure technology terms, not in terms of presumed social, legal our business consequences- what makes this technologically esoteric at all, let alone to a degree that should take ones breath away.
I have asked what there would be in the technical dimensions of performing the order that would contradict the assertion that this is a low-complexity/high-criticality code deliverable.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
Your assertion contradicts the dimensions of Apple's claims regarding the security features specific to their iPhones. Actually, your assertion begs the question:"Why order Apple to perform a "low-complexity/high-criticality code"?
IF Apple disclosed every detail of the *security* features they designed, I think it is reasonable to assume that they weren't serious about security-- and their assistance would not be crucial.
So-- imo this is a stunning example of esoteric -laced technology-- simply because the technical terms for an Apple exclusive design feature are alluded to-- imagined, in the context of *impossible to breach*-- by brilliant *nerds*, whose musings are captivating--.
No one here accepts that it is possible to design an impenetrable security system-- or that the design engineer would not be able to reverse or unlock a system he/she designed.
Steve Jobs did not take his genius with him, he built a company that expanded on his very unique perspective on the relationships we develop with our cell phones. There isn't a technical term to describe the desire for privacy and primacy over what defines us. It is an esoteric concept, and a treasure. The Apple imitators employ technological expertise to capture a market-- but the connection Apple has forged with shared core values is not replicable.
I appreciate that esoteric and technical are contradictory terms-- but in the combination I have attempted to describe, they hold the key to protecting our most fundamentally human right to privacy.
Remember what happened when Eve took a bite of the apple from the Tree of Knowledge? Metaphorically speaking, in a nearly universally known symbolic context, she attained knowledge of good and evil. This is pure metaphor, symbolic of the realization that our advancing technological capabilities were greatly exceeding our capacity to foresee unintended consequences. Apple's *Brand* is a promise that it's products were not designed by fools.
In all likelihood-- any attempt to override or unlock this iPhone will enable the data erasure function. Why? Because that would be the only technological design feature that requires the person who set the security function -- to unlock it.
My opinions are both personal and influenced by association with Apple.
Not pushing a case or an argument here-- just answering your question.
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
Your reply doesn't speak in any real technical terms, not even simple ones. I'm guessing you are not a developer.
I'm sorry to be blunt, but I think you find this technology breathtakingly esoteric because you have no actual understanding of it.
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
Your reply doesn't speak in any real technical terms, not even simple ones. I'm guessing you are not a developer.
I'm sorry to be blunt, but I think you find this technology breathtakingly esoteric because you have no actual understanding of it.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
But, though this may appear to more a product of legal reasoning-- or rather, case supporting strategy, the fact remains that despite the impressive number of top notch hackers who have either volunteered for this job, or reported the ease with which the *task* of retrieving the data from this iPhone could be performed, the FBI sought the strongest method available to them to coerce Apple to do their bidding.
You think the FBI wants to cripple Apple's credibility-- slash their global market to shreds? Or, maybe the FBI wants to broadcast their frustration over NOT having a master key for yet another lock that secures so much more than they have any right to know.
Do you believe Apple was selected due to their having ostensible means to wage a legal battle? Just the sort of opponent the government would hope to intimidate? I don't think so.
The premise; that this iPhone is encrypted with crucial *life saving* information about the global threat of terrorism is a long shot-- . However this iPhone is loaded with all of the buzz words to force an unprecedented overreach of the government into private industry.
During WW2 there were exceptions upheld by the Supreme court, re:first amendment rights-- . Any statements that undermined the war effort were seen as potentially life threatening on a national level-- encouraging someone to boycott government sanctioned work that supported the military, for example was * a crime*. These lose interpretations were employed because we were at war-- and the magnitude of the threat of that war was very strongly engrained via many unprecedented violations of civil rights for Americans. Obviously this was a temporary war time over reach by the government-- but it has found new expression in our Patriot Act, direct violations of our constitutional rights -- enacted under the same mindset that prevailed during WW2.
There is something inherently misguided about the definition of this iPhone, as crucial evidence pertaining to a horrific attack on innocent people, as well as a few bells and whistles sounding in concert with targeting Apple for this *low-complexity* task--
BTW I simply don;t have access to the technical language that captures Apple's *brand* design of the security systems in their iPhones-- Your inferring I am simply lacking understanding is amusing--. The technical details have yet to be disclosed. Don't hold your breath. :-)
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
This statement is jibberish. Miss South Carolina-level jibberish. I didn't ask about your credentials, I asked whether you could answer a question. You can't.
"....Your inferring I am simply lacking understanding is amusing"
The preceding jibberish alone suffices to support my inference.
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I mean, that's the idea. And if a design engineer was able to unlock a system he/she designed, that would be a TERRIBLE system that was not safe. Also, if Apple DIDN'T disclose the details of their security protocols that would also be a very bad thing.
Security that is done secretly is bad security because once someone figures out the flaw they can exploit it. Much better is to (as is actually done) publish all the protocols and let everyone figure out the flaws and fix the flaws.
Why should an engineer have access to encrypted data? That makes no sense. Do people believe that when Apple says they can't access the data, that they are lying and can actually access the data?
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I have heard that all attempts to retrieve encrypted data from locked/secure iPhones have resulted in loss of data-- AND, that government *nerds* believe Apple has sign keys that function like clones to whatever pass code has been used-- and would be *master keys*--
Essentially the one means- that has been attributed to Apple- (sign keys that clone pass codes) for unlocking a secured iPhone -- fits all--.
There is no reason to believe that Apple can create a single phone, one tome only, backdoor-- or that they would really be fool enough to give the *master key* to any third party.
Is this the swim suit competition? I am having wardrobe issues.
Yours truly :-),
Miss South Carolina
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I'm pretty sure the phone's data can be retrieved (albeit salted thoroughly with AES) by dismantling the phone and pulling it directly from the flash memory.
The problem is if the relevant key data from the Trusted Platform Module can be extracted without triggering its tamper-protections.
I do suspect a few tiger teams of engineers are working on how to do a memory pull of that very component.
It, for all its strengths and vulnerabilities, are what is slowing the FBI from doing the hack themselves. And when someone succeeds they won't need Apple to break their own security protocols.
[ link to this | view in chronology ]
Re: Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
You state, "The legal issue is very simple. The courts have ordered Apple to open one 'phone. The issue is whether Apple is legally justified in its refusal."
Incorrect. The court has not ordered Apple to to "open one phone." Read the Order! It requires Apple to invent a new operating system that would provide a backdoor to encryption and make it possible for the FBI to "brute force" its way into the phone at issue.
You further state, "The issue is whether Apple is legally justified in its refusal. There is no legal or scientific justification for Apple's refusal. Apple's IPhone contains evidence of multiple murders committed by a terrorist." All these statements that you present as factual are incorrect! The issue is whether the federal government can compel Apple to create and implement the operating system described above which would provide backdoor access to Apple's encryption. There are a host of Constitutional arguments that support the notion that the federal government does not possess the power to compel Apple to create the operating system it desires. Among those are 1st Amendment issues regarding compelled speech, 4th Amendment concerns regarding unreasonable search and seizure of Apple intellectual property, public taking of Apple property without just compensation, due process of law concerns etc... The list goes on.
You next state: "Apple's IPhone contains evidence of multiple murders committed by a terrorist." That is pure speculation. You have no idea what is contained on the phone. Nonetheless, whether or not it contains evidence of multiple murders committed by terrorists does not change the legal issues discussed above.
"Apple must open the 'phone and disgorge the evidence." Incorrect. See legal issues addressed above.
"There is nothing technologically esoteric about this at all." No, there are pressing legal/constitutional concerns at play that override any "esoteric concerns."
Finally, you state, "It is no different from opening a milk can to find a pistol a murderer hid inside the milk can." I have no idea what you are attempting to say here. I assume you mean that opening the phone is like opening a container that contains a murder weapon. For all the reasons cited above, your analysis is very flawed and incorrect.
So put away your slide rule and your copy of Herrman Hesse's "Siddhartha." They cannot help you now. Have a Dovely." Instead, I would suggest that you either refrain from asserting your legal theories without significantly more education and/or research and that you remember to include yourself when you caution that people who have a notebook have become experts in law etc... Your posts demonstrate that, at least when it comes to the law, you have no idea what you are talking about. Let the big boys who have gone to law school handle these tricky issues for you. Rest your weary head confident in the knowledge that you might be the smartest guy currently in your house.
[ link to this | view in chronology ]
Re: Re: Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I typed my reply to you below, before reading this.
First, I view the order as requiring Apple to do whatever is necessary to open the phone.
If opening a home's front door at the command of a law enforcement officer holding a court-issued search warrant standing outside the door requires someone sitting down inside the house to stand up and walk to the door and open it with his hand, then the command of that law enforcement officer to open the door implies a command that someone create, assemble and contrive the function of the whole complex array of nerves, blood vessels, bones, sinews, muscles, tendons, skin, etc., which comprise the human body to exist, function, operate and act to open the door.
If there were no other way of opening the door than by the act of a living person inside the house, then that law enforcement officer's simple spoken command does require all those things, and, implicates the act of Creation, if you will. Surely that is the height of unfathomable scientific complexity.
If that were true, every simple knock-and-announce case would fail because it would require God to create a person.
The novelty and intricacy of computers invites us to explore the complexity of the ordered act of opening an IPhone. However, the intellectual attractiveness of that factual aspect of this legal issue should not cloud our judgment or distract us from the simplicity of the act which has been ordered by the court.
This reminds me of a portion of a children's song written as a medley from Walt Disney's "Snow White:"
"Open the door, open the door, cried seven little men;
One at a time they knocked on the door: [knock-knock-knock-knock-knock-knock-knock!]
Open the door, open the door! [etc.]"
All we want the Apple Corporation to do is open the door.
Whatever it takes to open the door can be properly ordered by the court.
The fact that it is a very complicated, computer door, is of no consequence.
It is still a door which must be opened.
If it has to be opened by a copyrighted, trademarked key, invented for the occasion by Alexander Graham Bell, then so be it.
It is still a simple key which is the only device which can actually open the door.
Whenever, however, whoever, whatever must occur to make the key, the court absolutely has the power to command, to accomplish the legitimate ends of federal or state law enforcement.
Now, we may not agree.
You may have a contrary opinion.
If so, I understand that.
And, I consider that our exchange has been a gentlemanly good-natured debate.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I have read your reply of 4:55 a.m. today.
I am an actively practicing trial lawyer in state and federal courts. I have practiced since 1982. My practice is general, but my cases are concentrated in representation of plaintiffs arising out of torts of negligence causing personal injury and property damage and criminal defense.
In my opinion, Apple should obey a court order to open the IPhone owned by one of the recent San Bernardino terrorists or murderers, who is now deceased.
The issue has prompted many articles which essentially glorify Apple Chariman Tim Cook as a guardian of the Constitution, or a champion of the privacy rights of people worldwide.
I disagree with the thesis of all those articles.
A good example of such articles is one by Steve Petrow, for USA Today. Mr. Petrow wrote the article below on Thursday, February 24, 2016:
http://www.usatoday.com/…/got-hacked-my-mac-while…/80844720/
The article is about Mr. Petrow's experience of writing and sending anti-government, pro-privacy comments or messages/draft articles on this issue, using a computer during a 'plane flight. Mr. Petrow used the airline's on-board or in-flight wireless internet service to send his anti-government, pro-Apple-privacy messages during the flight. At the end of the flight, another passenger on the flight, a stranger, stopped Mr. Petrow and introduced himself. This anonymous passenger told Mr. Petrow he had hacked into all of Mr. Petrow's in-flight wireless communications and those of other passengers. The hacker discussed his support for Apple's privacy arguments with Mr. Petrow. That is, the hacker stated he agreed with Apple's assertion that disclosing its passwords to the government for the San Bernardino investigation would easily allow worldwide hacking into Apple's customers' private accounts on an indiscriminate basis by anyone. Afterward, Mr. Petrow reflected upon the poignancy of the hacker's comments, approving them, and noting how they were vividly illustrated by the hacker's own act of in-flight hacking of his personal communications.
Mr. Petrow's article is interesting not for its insight but for its stunning irony and Mr. Petrow's naiveté.
The hacker, who spoke to Mr. Petrow after the flight, violated the law by obtaining unauthorized access to Mr. Petrow's communications, whether they were being transmitted or were in electronic storage, or in a stored state.
He admitted he hacked into Mr. Petrow's communications or hacked into Mr. Petrow's stored information because he said so, to Mr. Petrow: "I hacked."
Hacking is getting into something you are not supposed to get into. It is a slang word for electronic pilfering or electronic stealing.
Hacking is electronic pick-pocketing.
Intercepting electronic transmissions is a federal crime under 18 U.S.C. 2511.
Obtaining access to stored electronic information is also a federal crime under 18 U.S.C. 2701.
Please see:
U.S. v. Szymuszkiewicz, 622 F.3d 701 (7th Cir. Wisconsin 2010)
and
Shefts v. Petrakis, 2012 WL 4049484 (D.C., C.D., Ill. 2012)
The irony in Mr. Petrow's failure to understand that he was the victim of a crime emphasizes the fallacy of his argument.
He portrays the anonymous airline-passenger-hacker as an angel in disguise.
He ignorantly overlooks the hacker's corrupt, evil nature and misinterprets it as virtue.
He receives the hacker's words as wisdom when in fact they are mendacious.
The hacker's message, and that of Mr. Petrow's article, is that we must resist any and all government access to private information even if it would save our lives.
That is, we should be willing to die at the hands of a terrorist to protect that terrorist's right to privacy in his personal IPhone messages.
The hacker has failed to recognize the horrible evil inconsistency in his position. Mr. Petrow has also failed to perceive that same self-evident inconsistency in his position, which is the same as the hacker's.
Terrorism or multiple murder is wrong. It is a horrible crime. The government must be able to conduct the proper investigations necessary to detect it, prosecute it, punish it and prevent it. Such investigations further a basic function of government: enforcement of law for the physical protection of the lives of citizens in our representative republic.
We are citizens of that republic. We rely every day on the integrity of our elected officials and civil servants such as policemen, sheriff's officers, detectives, United States Marshals, F.B.I. Agents, C.I.A. Agents, N.S.A. Agents, Homeland Security Agents, Treasury Agents and a host of countless other state, federal and local law enforcement agents and officers for our protection.
We repose trust in those persons.
We expect them to perform their tasks with honesty and integrity.
We conduct our daily lives based upon the assumption that they will maintain proper security, secrecy and privacy of the extremely sensitive information which they constantly obtain, utilize, review and read.
The premise of Mr. Petrow's article is that everyone in the categories I have mentioned above is dishonest, opportunistic, evil and untrustworthy.
He implies, in his article, that each and every one of those persons will use every bit of law enforcement investigative information obtained for improper purposes and will disclose it, disseminate it and spread it abroad.
If we believe Mr. Petrow is right, then there is no safety, no protection, no privacy, no security and no integrity in anything and anarchy reigns at every level of local, state and federal government throughout the United States.
I must state that Mr. Petrow is wrong. The anonymous hacker is wrong.
KidOmaha, I believe your conclusion is the same. That is, I believe that you assume that, if allowed by the courts, the activities of law enforcement in retrieving this information from the Apple Phone will be stupid, bungling, insecure, open to hacking from outside, and completely vulnerable to copying and theft by hackers intruding into the law enforcement computers used to perform the IPhone data extraction.
I believe law enforcement is better than that.
I believe that Apple personnel, cooperating wholeheartedly and expertly with law enforcement personnel, will be able to extract the data and no hackers will be able to avail themselves of the programs or passwords which Apple may have to create or assign to facilitate the law enforcement investigation.
They may have to do it inside a fully self-contained vault buried two miles underneath the ground, lined with sixty feet of solid lead on all six sides with solid lead radiating outward sixty feet from all eight corners, but it can be done.
I must clearly state the law in this area. I believe you will agree with me.
A criminal investigation is the investigation of illegal activity by one or more suspected criminals. If probable cause exists, a law enforcement officer may apply to a judge for the issuance of a search warrant to obtain otherwise private, secret information in the possession of one or more suspected criminals.
A search warrant is a detailed written order signed by a judge. It is based upon detailed written or spoken statements, under oath, provided by law enforcement personnel or private citizens, to the judge. The judge hears or reads and analyzes that sworn testimony or written statements before issuing the warrant.
The judge may either issue a warrant or refuse to do so if he believes the information does not establish probable cause.
Probable cause is a clear, articulable suspicion of criminal activity.
If probable cause does not exist, a warrant will not issue, or, evidence obtained without probable cause can be suppressed by a judge after it is obtained. If all evidence obtained against a criminal defendant was obtained in searches conducted without probable cause, or was the "fruit of the poisonous tree" because it was evidence which was obtained as a result of other unlawfully obtained evidence, then a criminal's conviction will be overturned or nullified and the convicted criminal will be exonerated and he will go free.
A criminal investigation is limited to the case within which it is conducted.
Computer passwords which are obtained and used in that criminal investigation are limited in use to that criminal investigation.
A search warrant issued in one case cannot be used to conduct a search in another case, with the exception that inadvertently discovered evidence of an unrelated crime (crime B) found during the execution of a search warrant issued for suspected crime A may become the premise of a new probable cause affidavit in support of a new search warrant to investigate suspected crime B.
Each time a new warrant is requested, a judge must make a new determination of probable cause, and a new warrant must be issued based upon new facts and new circumstances relevant to that new case.
We all trust law enforcement officers and judges to follow the law and the procedure I have described generally above.
I am not willing to die to further the aims of terrorists and murderers.
The illogic of Mr. Petrow's thesis is similar to the illogic of the following argument I have read, made recently in many articles by Christian authors against other Christians.
The argument is as follows.
If an armed mass-murderer who is not Christian, holding a room full of hostages in a high school, says to the hostages, "Stand up if you are a Christian and are a follower of Jesus," and several of those students being held hostage hide and do not stand up, then Christian authors have written that those hostages who do not stand up are, truly, not Christian.
Of course, any high school student who would stand up in such a situation would surely be shot by the armed hostage-taker and killed.
The fallacy in the argument that the reluctant hostages are not true Christians, is obvious. The argument assumes that the motives of the gunman are pure and holy. Of course his motives are evil. Standing up will do only one thing: further his evil motive to commit a murder. Standing up will bring no glory to God or Jesus. Standing up will not spread the Gospel of Jesus. Standing up will only cause senseless loss of life.
Standing up in that scenario would be exactly like Jesus acceding to Satan's challenge to Jesus that He cast Himself down from a high point, or pinnacle of the temple:
"And he brought him to Jerusalem, and set him on a pinnacle of the temple, and said unto him, If thou be the Son of God, cast thyself down from hence: for it is written, He shall give his angels charge over thee, to keep thee: and in their hands they shall bear thee up, lest at any time thou dash thy foot against a stone. And Jesus answering said unto him, It is said, Thou shalt not tempt the Lord thy God. And when the devil had ended all the temptation, he departed from him for a season." Luke
4:9-13.
It is just as illogical to accuse the sensible high-schoolers who did not stand up of impiety as it is to accuse sensible citizens who cooperate with legitimate law enforcement investigations of being unpatriotic.
We must not allow the novelty and intricacy of computers or the cachet of Steve Jobs and Tim Cook to cloud our understanding of the basic principles of good law enforcement essential to wholesome peace and safety.
KidOmaha, thank you for reading my response. I realize you may not agree with everything I have typed. Whether you agree or not, I offer my statements in a spirit of good-natured, gentlemanly debate.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
We repose trust in those persons.
We expect them to perform their tasks with honesty and integrity.
We conduct our daily lives based upon the assumption that they will maintain proper security, secrecy and privacy of the extremely sensitive information which they constantly obtain, utilize, review and read.
Have you been following current events... at all? How can you still believe all those people conduct their jobs with honesty, integrity, and proper attention and competence in security?
I believe law enforcement is better than that.
Based on what??
[ link to this | view in chronology ]
Re: Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I realize my last letter did not contain an analysis of your argument that Apple should not be required to create or devise anything new, such as a new computer program, for the government's benefit.
I believe your argument is incorrect in this case.
If the thing which is new is, practically-speaking, nothing more than a key to open a door which cannot be opened any other way, then Apple must be compelled to create that key.
This is no different than requiring Google to open email accounts:
Please see: In Re Search of Google Email Accounts, 99 F.Supp.3d 992 (D. Alaska, 2015).
I understand that in the above case, Google was not required to create a list of messages for the government.
However, Google was required to unlock the door to provide the messages to the government.
In the San Bernardino case, the government cannot open the IPhone without destroying the data on the IPhone, because the government does not know how to do that. The government does not have the right non-destructive programs or passwords.
Those programs, sophisticated though they may be, are, therefore, in this case, functionally, nothing more than simple metal keys to open a standard metal deadbolt lock in a standard wooden door.
Law enforcement can use them and protect them and Apple will not be harmed.
Have a Dovely.
Sincerely yours,
Caleb Boone.
Apple must provide them.
[ link to this | view in chronology ]
nsa cracked iphone a years ago.
This was reported in 2013, not 1013.
no one seems to remember this stuff.
http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-black berry-a-921161.html
http://www.nydailynews.com/news/world/nsa-hack-smartphones-report-article-1.14492 03
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
So-- Who needs Apple??
These stories look like propaganda-- They are loaded with *personal* testimony and a clear message meant for a target audience --
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
In this case a search warrant has been issued, after a proper application. That application was made by a law enforcement officer under oath in writing, in the form of an affidavit. The affidavit was detailed and provided to the judge a comprehensive recitation of facts. Those facts established a reasonably articulable suspicion of criminal activity. Further, they established that a third party, Apple, had possession of information necessary to obtain access to the desired evidence, which is reasonably believed to exist inside the Defendant's IPhone or electronic device.
Even if Apple and the deceased murderer or deceased terrorist had a reasonable expectation of privacy in the evidence which is sought, the search warrant procedure, conducted by a neutral judge or magistrate, sufficiently protects that expectation of privacy. It is legal to pierce the expectation of privacy so long as the search warrant procedure is followed via application by sworn affidavit and independent judicial consideration of the affidavit by a neutral magistrate. That procedure is constitutionally sufficient and complies with the Fourth Amendment requirement that no warrant shall issue except upon probable cause.
Probable cause has been established and the Fourth Amendment has been satisfied. There is probable cause to believe that there is evidence of murders within the dead terrorist's IPhone. The Judiciary has been fully involved in the issuance of the warrant against the IPhone and other associated orders to obtain the proper passwords or access keys from Apple, which is the manufacturer of the IPhone and the software which is part of the IPhone. There is nothing more to do.
This is similar to countless cases which have involved search warrants or criminal court orders against a landlord to provide a key to a barn occupied by the Defendant, or a key to a Defendant's apartment, or physical access to a treehouse used by a Defendant. The landlords or owners of barns or yards may not be guilty of crimes, but they have access to the places where evidence of crimes generated by Defendants may be found because it has been left there by criminal suspects or criminal Defendants.
In this case the evidence is electronic and the access keys have fancy electronic names. In this case there are hundreds of millions or billions of people worldwide who have similar devices. Further, the news story about this case has been broadcast in excruciating detail on the internet. There is a tremendous financial incentive for Apple executives to make public pronouncements via the internet to make it appear they are zealous to protect the widely-perceived privacy rights of their customers. Therefore, those millions or billions of people who are Apple customers worldwide have the luxury of complete immediate electronic access to each and every detail of this case. They can read about this existing legal dispute and they can know that the accused, dead, San Bernardino terrorists or murderer's IPhone is about to be opened pursuant to a court order, in each minute detail, moment-by-moment.
However, the widely-perceived privacy rights of Apple and its customers do not exist here. This particular legal scenario involves evidence of multiple, gruesome, highly-public murders which are quite reasonably suspected as having been committed by publicly-known and observed terrorists or murderers. Those terrorists or murderers possessed IPhones and at least one of them still exists and probably contains invaluable information about the murders which they committed.
The dead murderers may have some type of former expectation of privacy in the information at issue, but the government has an overriding interest in its disclosure. Apple may have a business expectation of privacy and secrecy in its passwords, software and computers or computer-like devices, but the government has an overriding interest in its disclosure for the limited purposes of this case to prosecute these known terrorists or known murderers. Those interests are legitimate. The privacy of the murderers and Apple has been properly protected and respected in this excruciatingly-drawn-out and painstakingly-antiseptic legal process. Surely the court has ordered that everything which must be strictly safeguarded and protected, will be very carefully protected, by the conduct of the process of opening the IPhone and other associated devices in total secrecy and security under the watchful eyes of the appropriate Apple personnel and law enforcement officers or agents.
That is good enough. Good heavens.
Now, below, I will provide for you an excerpt from a Tenth Circuit Court of Appeals opinion on this point. It contains statements which recognize both sides of this issue, but the decision in the case quoted was in favor of disclosure.
No two cases are exactly alike, but there is overwhelming logic and legal support for the disclosure of all the information which is sought in this case, using the proper security procedures to protect Apple's business interests in the copyrights and intellectual property (computer programs, passwords, etc.) it owns.
The case I have chosen is: United States v. Perrine, 518 F.3d 1196, 1204-1205 (10th Cir. Kan. 2008). The Kansas Federal District Court opinion by Senior District Judge Monti Belot which was affirmed, can be found on Westlaw at: 2006 WL 1232852
The District Court opinion was not published in the Federal Supplement but of course is readily available on Westlaw.
Following is the excerpt I have chosen from pages 1204 and 1205 of the published Tenth Circuit Opinion. I have not enclosed it in quotation marks:
Every federal court to address this issue has held that subscriber information provided to an internet provider is not protected by the Fourth Amendment's privacy expectation. See, e.g., Guest v. Leis, 255 F.3d 325, 336 (6th Cir.2001) (holding, in a non-criminal context, that “computer users do not have a legitimate expectation of privacy in their subscriber information because they have conveyed it to another person-the system operator”); United States v. Hambrick, 225 F.3d 656 (4th Cir.2000) (unpublished), affirming United States v. Hambrick, 55 F.Supp.2d 504, 508–09 (W.D.Va.1999) (holding that there was no legitimate expectation of privacy in noncontent customer information provided to an internet service provider by one of its customers); United States v. D'Andrea, 497 F.Supp.2d 117, 120 (D.Mass.2007) (“The Smith line of cases has led federal courts to uniformly conclude that internet users have no reasonable expectation of privacy in their subscriber information, the length of their stored files, and other noncontent data to which service providers must have access.”); Freedman v. America Online, Inc., 412 F.Supp.2d 174, 181 (D.Conn.2005) (“In the cases in which the issue has been considered, courts have universally found that, for purposes of the Fourth Amendment, a subscriber does not maintain a reasonable expectation of privacy with respect to his subscriber information.”); United States v. Sherr, 400 F.Supp.2d 843, 848 (D.Md.2005) (“The courts that have already addressed this issue ... uniformly have found that individuals have no Fourth Amendment privacy interest in subscriber information given to an ISP.”); United States v. Cox, 190 F.Supp.2d 330, 332 (N.D.N.Y.2002) (same); United States v. Kennedy, 81 F.Supp.2d 1103, 1110 (D.Kan.2000) (“Defendant's constitutional rights were not violated when [internet provider] divulged his subscriber information to the government. Defendant has not demonstrated an objectively reasonable legitimate expectation of privacy in his subscriber information.”). Cf. United States v. Forrester, 512 F.3d 500, 510 (9th Cir.2008) (“e-mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the websites they visit because they should know that this information is provided to and used by Internet *1205 service providers for the specific purpose of directing the routing of information.”); United States v. Lifshitz, 369 F.3d 173, 190 (2d Cir.2004) (“Individuals generally possess a reasonable expectation of privacy in their home computers.... They may not, however, enjoy such an expectation of privacy in transmissions over the Internet or e-mail that have already arrived at the recipient.”).
Please do not misinterpret the "expectation of privacy" language above. That language is significant only if there has been no judicially-authorized search warrant. An expectation of privacy is adequately protected and can be pierced through, if the warrant procedure is followed and probable cause to issue the warrant exists, and a neutral judge issues the warrant. That surely has occurred here.
The only difference between this situation and countless others is that instead of a small kaffeeklatsch of five lawyers discussing this case at a restaurant near the courthouse, we have an international kaffeeklatsch of two billion Apple IPhone subscribers, all members of the new technology middle-class, who have attended high school or college, and all of whom fancy themselves graduates of Harvard Law School.
Magna Cum Laude.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
Also not the same is providing extant subscriber data. I don't see how that case has any relevance at all. Apple's own press release addressed the difference, let alone all the coverage of the issue.
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
I will read the articles and this discussion in full, if I have enough time after hours.
I will provide one short comment for the moment.
I understand that Apple objects in part because it believes that what the court order requires it to do is create, out of whole cloth, what it contends does not exist: a new program, password or unlocking device which does not exist.
Apple believes that, at most, it should not be required to do anything more than produce what already exists: not do the work of the court system for the courts, or do law enforcement's work for law enforcement.
(Again, I realize that Apple has many more reasons for its objections than this, but I am just concentrating on this one reason for the moment.)
I believe Apple is clearly wrong. Its objection ignores logic.
Apple created the IPhone. Only Apple can properly open an IPhone and only Apple can engineer a device which completely and perfectly will remove all the data from an IPhone, including all the little scraps, odds and ends, which blunt-force law enforcement techniques would either destroy, lose or never recognize.
Therefore, it is like providing the key to a barn.
The barn is locked and the officer wants to get inside the barn.
He needs a key to do that.
The farmer is the only one who has the key.
The farmer needs to give him the key.
If the farmer has lost the key, the farmer must provide entry to the barn by giving the officer another key, or pointing out a rope which will pull up a sliding wooden door which the officer did not notice, so the officer can go inside through the other, sliding door, without having to use a key (now lost) to the main door.
The farmer did not commit a crime but the farmer has evidence of the crime committed by his farmhand, inside the barn: a gun, or a knife.
The farmer is ordered by the court to open the barn for the officer by whatever means are available.
The farmer may not have to re-program the old wooden barn, but if it were a modern, year-3000 Star-Trek barn and could only be entered using an elaborate computer program, then the farmer would have to rewrite the program, or re-wire the barn, or re-configure a new password, or invent a device which would open the barn, manufacture the device, and give it to the officer, if necessary.
That is what it means to fully comply with a lawful court order.
The farmer built the barn, and the farmer hired the farmhand.
The farmer may have made an error in judgment in hiring the murderous farmhand.
But the farmer must abide the consequences of his poor judgment.
Apple may have exercised poor judgment in selling an IPhone to the terrorist couple.
Apple must now abide the consequences of its decision to sell that IPhone to that terrorist couple.
Of course, it is not a question of poor judgment, but, on the other hand, there is nothing illegal in Apple requiring a criminal, personal or other background check before a prospective customer can purchase an IPhone.
No one has the Constitutional right to buy an IPhone.
Many countries in which people can buy IPhones do not have a Constitution or Bill of Rights anyway.
But of course the Bill of Rights and the Constitution do not apply to this aspect (choice-of-customer) of this private commercial transaction if the restriction on purchasing is legitimate, logical and not otherwise a violation of American (or other countries') anti-discrimination laws, which it would not be.
An interesting thought.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
The farmer may not have to re-program the old wooden barn, but if it were a modern, year-3000 Star-Trek barn and could only be entered using an elaborate computer program, then the farmer would have to rewrite the program, or re-wire the barn, or re-configure a new password, or invent a device which would open the barn, manufacture the device, and give it to the officer, if necessary.
That is the controversy here. You've clearly made up your mind, but Apple is going to contest whether the government can make them do this, and we'll see where it goes.
No one has the Constitutional right to buy an IPhone.
You're looking at the question backwards. The states and the people reserve all rights not explicitly conferred on the federal government, and the people have the right to do anything not explicitly banned by law. So Apple has the right to sell iPhones and I have the right to buy one, because the government has no right to tell me I cannot.
And... that was a short comment? ;-)
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
"Apple must now abide the consequences of its decision to sell that IPhone to that terrorist couple."
Sorry? Not only have you gone way beyond conjecture to establish * as fact* that this particular iPhone contains evidence that will *save lives*--You, and most people hearing this fear- mongering -hook attached to a goal the FBI has nurtured for years, fail to employ common sense regarding WHAT A TERRORIST IS LIKELY TO STORE ON A DEVICE THAT HE/SHE CANNOT DISPOSE OF (like these two already did with the cell phones they had in their possession on the day of the attack)--
REALLY! Ultimately one must come to grips with the implications of the secrecy and subversive methods terrorists employ. A freaking idiot might encrypt every detail of a large scale terrorist network on a freaking iPhone-- which is why every terrorist likely does not have this information-- Or perhaps the FBI believes the *key* to cracking the global terrorist network is on one of their iPhones-- that they leave behind when they stage their attack?
OR perhaps the FBI hopes they can sell this story to obtain what they cannot create -- for purposes they are NOT *obligated* to disclose?
And just maybe, the FBI, CIA and NSA imagine they can only perform their duties IF No One has the ability to secure personal data?
Whatever merit you may find in these more realistic conjectures, Caleb, the fact remains that this case furthers an agenda that many of us have strong reasons to oppose.
BTW, Caleb, there is nothing inherently dangerous about an iPhone-- or any cell phone that has security features for the user. However, the vigilance needed to follow up on *tips* that certain individuals may pose a threat to our safety, and other means long available to these *national security* oriented organizations that somehow aren't being employed effectively - all of these matters conveniently fade into the background -- don't they? Maybe not a coincidence.
Criminal background checks required for purchase of an iPhone? You see that as the bottom of the slippery slope Apple is heading towards by refusing to yield to this outrageous court order? Your reasoning is far more frightening than the platform you created to support your argument.
[ link to this | view in chronology ]
Oh PUH-LEAZE
But nooooo Apple wants to be a dick. Ok then when the Federal Judge holds the CEO of Apple in contempt and fines apple 1 million dollars a day until they comply, then what are they going to do?
THEY were the ones demanding that the Feds get a court order to get this info, so they did. And now Apple is refusing to comply even WITH a valid court order.
Apple is going to learn March 22nd what the judge is going to decide and I can assure you that Apple is NOT going to like the end result.
[ link to this | view in chronology ]
Re: Oh PUH-LEAZE
They have to update their operating system in ways they never planned for, and make sure to do it in a way that bypasses security features not intended to be bypassed and that doesn't damage any data. Sounds like it could be tricky.
[ link to this | view in chronology ]
Re: Oh PUH-LEAZE
[ link to this | view in chronology ]
Re: Re: Oh PUH-LEAZE
Whether the phone is in possession of law enforcement, it cannot be made into a wiretap.
Could the Vendor be compelled to enable espionage against persons who don't enjoy the protection of U.S. privacy law? There is probably settled law to the contrary, but I really don't know.
Selling a phone in a foreign jurisdiction which would yield to a U.S. federal warrant may violate that jurisdiction's own privacy laws. I suspect there are settled principles in international law with respect to this, maybe embodied in treaties. Again, I don't know.
Apple could use the opportunity to narrow the precedent established by the order.
I know what questions to ask to test this off-the-cuff idea.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
You refer to a *potential ability*- one that neither Microsoft or Apple have indicated they have any desire to acquire-- Nor, would either relish the publicity that would surround this relationship with the government.
It is not secret that attempts to solicit this type of relationship have failed-- And it is fairly easy to assume that this *court order* is a convenient, fear mongering test case to force their compliance.
BUT-- can our government order private industry to *serve* whatever need it is able to sway the public into believing is vital for national security? This is definitely the case to test those waters. But it is also a case for probing other government agencies-- other than law enforcement, for comprehensive approaches to the threat of terrorism.
What other options are available to our government in terms of protecting us against the threat of homeland terrorist acts? Somehow the focus has become
*intelligence gathering* with increasing *violations of our Constitutional rights*--
[ link to this | view in chronology ]
Rember what Benjamin Franklin wrote
https://articles.azstec.com/encryption-backdoor-battle-government-sues-apple/
[ link to this | view in chronology ]
Hmmmmm
Apple should open this phone and any other similarly scummy murderers' phones as required. Murderers should have no secrets -- whether dead or alive. They should have no rights.
What's so hard to understand here?
[ link to this | view in chronology ]
Re: Hmmmmm
What's so hard to understand here?
The Constitution, apparently.
[ link to this | view in chronology ]
"He was scum."
Police detection dogs false positive more often than they find contraband. In Chicago some dogs false positive 97% of the time, and yet they're still grounds for probable cause.
If we can't trust them not to abuse detection dogs, how can we trust them not to use this?
We can't, ergo, the battle for your privacy is fought at this front.
[ link to this | view in chronology ]
Re: Hmmmmm
[ link to this | view in chronology ]
Re: Re: Hmmmmm
Who are you asking, and what is "it"?
[ link to this | view in chronology ]
Re: Hmmmmm
I hereby declare you a murderer. No, you do not get a trial, you have no rights. Please post your real name and address so that you may be dealt with. You have no right to secrecy.
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
I think this problem is very easily solved.
Open the telephone and allow law enforcement to have every single bit of data which is inside it.
Benjamin Franklin would have recommended the same.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
"I think this problem is very easily solved."
It's good to form opinions.
[ link to this | view in chronology ]
Problem solved!
"Hemostat"
"Forceps!! "
"There you go, boys, iPhone opened, data extracted !!!"
Now Caleb can get back on eBay and find that missing plate to complete his Star Trek dinner ware collection.
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
Thank you for your approval.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
"I'll sit on the warp engines and nurse 'em myself!"
Er, I mean, Scotty.
But yes, you're right.
"He will prick that annual blister: marriage to deceased wife's sister."
-- W. S. Gilbert, "Iolanthe."
I will prick this thrice-weekly blister: "Don't you dare touch my IPhone, Mister!"
I will yank out the full-breach baby with my bare hands, slathered in olive oil to make the delivery that much smoother!
Have a Dovely.
Sincerely Yours,
CALEB BOONE.
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
I have been following current events.
There are several dramatic specific news stories about horrible crimes in the United States, which have been widely discussed in the American media. Many people have expressed extremely negative opinions about the integrity of law enforcement personnel at all levels.
However, these are anecdotal. They are truly uncharacteristic of the proven, long-term, national trend demonstrated by nationwide statistics gathered during the last twenty-two years.
The FBI publishes national "Crime in the U. S." statistics in tabular form.
The following table presents the nationwide trend from 1994 to 2014:
https://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2014/crime-in-the-u.s.-2014/tables/table -1
The next table presents the FBI's nationwide "preliminary semiannual estimate" change for January to June, when comparing 2014 to 2015:
https://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2015/preliminary-semiannual-uniform-crim e-report-januaryjune-2015/tables/table-1
The first table demonstrates that crime in absolute numbers has dramatically decreased from 1994 to 2014 in all categories. In some categories it has decreased by about 50%. This is true despite an increase in population of about 23% from roughly 260 million to 320 million. In my opinion, that is stunning.
There was an overall increase of 1.7 percent from 2014 to 2015 when comparing the first six months of both years, and this is shown in the second table. However, this hardly diminishes the awe-inspiring dramatic decrease overall from 1994 to 2014, which is the overwhelming trend shown in the first table.
I could not find any FBI tables for the period from July, 2015 to the present.
These tables prove I am exactly right. Law enforcement has reduced crime dramatically during the last twenty-two years in the United States.
The European Institute for Crime Prevention and Control in Helsinki, Finland, published a study of crime worldwide in 2010, and it may be found at:
http://www.unodc.org/documents/data-and-analysis/Crime-statistics/International_Statistics_on_Cri me_and_Justice.pdf
I have not viewed the entire document, but I have scanned the first sixty or more pages. The United States is in the lower one-third on some tables such as one table for murder but the United States ranks in the highest quartile in crimes like assault, rape, theft and burglary.
I believe my statements about American law enforcement are right: our law enforcement agencies have made excellent progress in the last twenty-two years in cutting crime in the United States in half in many categories.
This proves my statement that law enforcement personnel in the United States are trustworthy, reliable, honest and ethical.
They can surely be trusted to preserve the secrecy, security and privacy of Apple's products, designs, programs, passwords and other trade secrets.
I understand that you may not agree with me.
I respect your right to your opinion, and I realize that it may be completely contrary to mine.
I consider that our exchange is conducted as gentlemen and in the spirit of good-natured debate.
Thank you for your reply.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
These tables prove I am exactly right. Law enforcement has reduced crime dramatically during the last twenty-two years in the United States.
You have proven nothing, other than crime has gone down. Those tables provide absolutely no evidence for why crime has gone down, and they certainly say nothing about the honesty, integrity, or competence of law enforcement.
I hope the arguments you make on behalf of your clients are better.
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
We must disagree.
I believe law enforcement officers are doing their job because I can drive to work and not be run over by a herd of buffalo.
I will take anything that I can get.
I would rather live in peace and safety and wear a double-knit plaid suit than live in terror and dress in haute couture.
I would rather make Apple write a Neiman-Marcus program and live in security than allow the San Bernardino terrorists to call Osama Bin Laden one more time.
Collect.
To buy a dozen cruise missiles.
Have a Dovely.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
I'm pretty sure the herds of buffalo would not manifest if we didn't have our law enforcement.
Were I to assume for the moment that you were being metaphoric, I think crime would sharply drop were law enforcement to disappear, given their asset forfeiture programs displace more money from innocent civilians than all the burglaries combined.
And the police do love their guns, and shooting people they don't like, and then not reporting it.
I think the peace and safety you think you live by is a false product, that the police has demonstrated that they are more interested attacking people on the presumption of guilt rather than seeing justice done. They are, now, part of the problem.
Perhaps you don't have the capacity to care beyond your own well being, about the rest of America's pluralist population. Or perhaps you're just ignorant.
[ link to this | view in chronology ]
Apple Must Open The San Bernardino Terrorist's IPhone.
I apologize for offending you.
Please forgive me.
I only meant to debate in polite good humor.
Sincerely yours,
Caleb Boone.
[ link to this | view in chronology ]
I cant believe they let you write.
The very thing that makes encryption functional, is that it cannot be broken without the key, and enabling a time limit free brute force renders it useless.
You seem to be aware of this, so one must assume that you are either too stupid to be considered an expert of any kind, or that you are a willing participant in what amounts to a flexing of government muscle.
[ link to this | view in chronology ]
Re: I cant believe they let you write.
Assuming you're replying to Whatever (I can't tell for sure because you didn't click "reply to this"), he is always willing to participate in that.
[ link to this | view in chronology ]
Can ANY modification be made to an iPhone without the passcode?
What is possible to be done to an iPhone by Apple or anyone that doesn't require the passcode? I'm thinking of the firmware Change.
[ link to this | view in chronology ]