White House Is Either Lying About Apple Order Or Doesn't Understand What A Backdoor Is
from the semantic-bullshit dept
During a White House press briefing on Wednesday, Press Secretary Josh Earnest apparently kept brushing aside questions about the order to Apple to remove certain security features that would enable the FBI to brute force the passcode and decrypt the contents of Syed Farook's iPhone. However, eventually he insisted that the DOJ is not asking for a backdoor:In a briefing with reporters, White House spokesman Josh Earnest deferred to the Justice Department but said it's important to recognize that the government is not asking Apple to redesign its product or "create a new backdoor to its products."But that's bullshit -- and thankfully, at least some in the media are pointing this out.
Earnest said the case was instead about federal investigators learning "as much as they can about this one case."
As FBI Director James Comey has done saying he wants "front doors" rather than "back doors," the White House is playing word games that suggest they're either being deliberately misleading or they don't understand the basics of what's happening. Neither scenario makes the White House look very good.
The application and the order absolutely are about forcing Apple to create a backdoor. It is a specific backdoor, but the whole point is to undermine key security features that protect the users of the devices. The fact that it would just be targeted towards this one phone is basically meaningless in this context. The issue is that a court can order a tech company to deliberately undermine its own security and expose content on a device. That's a backdoor.
And, importantly, it's a backdoor that other countries will demand as well. China has already been using the US "debate" over backdooring encryption to support its own demands for backdoored encryption, and the results of this legal fight will absolutely be used by plenty of authoritarian countries to argue that they, too, can demand such backdoors.
As the NY Times notes, China is quite interested in this particular fight:
China is watching the dispute closely. Analysts say that the Chinese government does take cues from the United States when it comes to encryption regulations, and that it would most likely demand that multinational companies provide accommodations similar to those in the United States.Any move towards deliberately forcing tech companies to undermine security and privacy protections for users absolutely is a backdoor and will be used by countries with much less regard for the privacy of its citizenry.
Last year, Beijing backed off several proposals that would have mandated that foreign firms provide encryption keys for devices sold in China after heavy pressure from foreign trade groups. Nonetheless, a Chinese antiterrorism law passed in December required foreign firms to hand over technical information and to aid with decryption when the police demand it in terrorism-related cases.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoor, doj, encryption, fbi, going dark, iphone, josh earnets, white house
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Given the USG has absolutely no 'regard for the privacy of it's citizenry', I'm not sure if this is possible actually.
[ link to this | view in chronology ]
Re:
All that is left is for the people, erm... I mean cowards to do something to stop it.
[ link to this | view in chronology ]
Re:
That massive invasion of privacy, media-control and torture are the main courses for dictators to keep their population from insurrection, is not a coincidense: If you distrust your population invasion of privacy is what is needed to protect the authorities from the people.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Easy enough choice for me
Android may or may not be better, but it will be much easier to find software that will help to defeat the govs intrusion than it would be on the Apple app store.
[ link to this | view in chronology ]
Re: Easy enough choice for me
Win, win!
[ link to this | view in chronology ]
Re: Re: Easy enough choice for me
We lose, lose!
[ link to this | view in chronology ]
Re: Easy enough choice for me
You might want to re-think this.
Apple is a big company, with a suite of lawyers, defending its code.
The developer of your encryption application is almost certain to be smaller, less well funded, fewer lawyers, and MUCH less "government-resistant".
And mind... the FBI is currently outside the phone looking in, and asking Apple to help them get in. Any application-level solution only applies once they have access to the phone's contents. They've already got all the metadata from the phone, as well as anything not specifically locked down.
All this notwithstanding, encrypting your data separately, even with whole disk/device encryption, is still a good idea. One more hurdle to overcome. But it may be too little, too late.
[ link to this | view in chronology ]
Re: Re: Easy enough choice for me
[ link to this | view in chronology ]
Re: Re: Re: Easy enough choice for me
And, of course, dependent upon the code installed on the device being the same as that whose source is being examined. And the only surety of that is to do it yourself: build, install, with your own tools.
For the truly - and sometimes justly - paranoid, Reflections on Trusting Trust is relevant. IE, what guarantee do you have that the application you "installed" on the device did not get adulterated by something else currently on the device?
[ link to this | view in chronology ]
Re: Easy enough choice for me
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I agree. But headlines are more important apparently.
Again, this is not to say that there isn't a question of to what extent can the government compel a private party to do something they don't wish to do.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I propose option c
[ link to this | view in chronology ]
Re: I propose option c
[ link to this | view in chronology ]
Apple's backdoor
[ link to this | view in chronology ]
These aren't...
... the Clinton years, anymore (or yet).
[ link to this | view in chronology ]
https://www.youtube.com/watch?v=pj4PwyfDNuI
[ link to this | view in chronology ]
The White House is lying about Apple order AND doesn't know what a back door is.
[ link to this | view in chronology ]
It also proves that it can be done - so how long before some ingenious hacker figures out how to do it in the wild?
[ link to this | view in chronology ]
It's all about precedent
We can be nearly certain there is likely very little of value for catching terrorists on this phone, because we know that the DOJ has all the metadata for every contact in and out of it. The metadata tells them more than the data. If they had any evidence of further terrorist "connections" with this phone, they would have presented it to bolster their case here. There's nearly no reason to keep such information secret. Therefore, they have nothing.
This is nothing more than a cynical attempt to use the acts of a mentally imbalanced person, and the deaths of 14 others, for the DOJ to get its foot in the door. And they're doing a great job of hyping it in the press.
[ link to this | view in chronology ]
Re: It's all about precedent
[ link to this | view in chronology ]
Re: It's all about precedent
"If you have nothing to hide" be damned. It doesn't help that lazy and inept blowhards in the press are compliant with this travesty.
[ link to this | view in chronology ]
Contradictory Question
I do not know the answer to that question. Here is some background discussion.
One part of me says why not. Encryption is good and not everything should be available to the government. That will just lead to the whole thought crime debacle.
Then my imagination starts to conjure up scenarios where access to some encrypted info might be critical to actually saving, maybe millions, of lives. I am moving beyond where the behavior of the US government, or governments in general, or mankind’s inhumanity in general is right or wrong and just thinking in terms of short term 'let's prevent NY or LA or some other major city(s) from becoming a...well let's call it a nuclear or biological wasteland. It might be preventable if only...and not in the way the haystack encumbered agencies mean it, but actually preventable.
The need is time sensitive, it is needed now. Time for debate is over. Should there be a way, or is privacy, or the need for privacy so strong that it should thwart even the most rational legitimate need of some government?
[ link to this | view in chronology ]
Re: Contradictory Question
Even if we hand over everything the government asks for, there's no way they can prevent every single possible attack. Sooner or later something will get through. So, what was the point, then? Even if I thought that living in a totalitarian, 1984-esque state was a fair trade for being safe, I'm still not safe and I've given all of that up for nothing.
And then there's the added wrinkle of abuse... even if I think that yes, there are some situations where the government should be able to access what they want when they want it, the potential for abuse is massive. They want to see inside this one phone today, but what about tomorrow? What about the next time something happens, or there's a guy taking shots on the freeway, or someone goes missing? We can pretty much guarantee from history that this kind of power will be abused. Maybe not overtly, at first... but surely the person being stalked by their NSA-employed ex is just as much victim of an abuse of power as a wrongful arrest based on shoddy search results.
Everyone has to make up their own mind, of course; that's what freedom is all about too. But for me, I would choose genuine freedom over illusory safety. If that means there are some things the government just can't do---even, in the worst possible case, protecting me---then I guess that's the way it is, and I'm okay with that.
[ link to this | view in chronology ]
Re: Contradictory Question
Why not just get a warrant to force Syed to give up his password? Oh, you mean it's not possible to compel speech with a warrant? I think you have your example of information that can not be compelled by a warrant (at least at this time).
Until the government is able to read our thoughts and minds, there exists information that can not be compelled by a warrant. Now if I chose to store some of my critical knowledge in a secure environment, does that mean the government should be allowed to get a warrant to retrieve it? Does the storage medium matter? What if it's my 6 year old son and I pass on my secrets to him, should the government be able to "brute force" the information out of him? What if it's written down in a code that only I know how to read, should they be able to 'brute force' me into providing the key?
When did 'brute force' become the rule of law?
[ link to this | view in chronology ]
Re: Contradictory Question
[ link to this | view in chronology ]
Re: Contradictory Question
This question is equally asking "should there be thoughts that are illegal to think?" and "should there be math that is illegal to perform?" and a myriad of other things.
My answer is yes, there should, for the simple reason that to say there shouldn't is to inescapably say that there are a whole host of legitimate, ethical, moral things that you are forbidden from doing.
It is true that the existence of privacy means that terrible things can hide as well. But terrible things always find a way to hide, and we should not be so quick to jettison fundamental liberty in a rush to attain something that cannot be attained.
[ link to this | view in chronology ]
Re: Re: Contradictory Question
[ link to this | view in chronology ]
Re: Re: Re: Contradictory Question
[ link to this | view in chronology ]
Re: Contradictory Question
That is exactly the wrong question to be asking. I'm pretty sure everyone having a rational discussion about this would tend to agree that a backdoor to any electronic device that could only be accessed with a proper warrant and did not otherwise compromise the security of the device would be a good thing for law enforcement.
However, this unicorn doesn't exist. Every reputable security and encryption expert that I have heard from on the subject (and I read a lot) has said that anything done will compromise the security of the devices in ways that can be exploited and abused by the government as well as by criminal and terrorist organizations.
The question is: Are the speculative positives for such a security compromise a large enough benefit for the risks involved? Traditionally, we have had limits (a camera in every bedroom would pick up some criminal activity).
[ link to this | view in chronology ]
Re: Contradictory Question
If we're going to spin 'what if?' scenarios, then the other side has significantly more weight too it. Much, much more likely than the 'what if...' scenario you depict where encryption stops the government/police from preventing some disaster is what will happen if encryption is weakened such that there's a 'good guys only' backdoor installed in otherwise secure systems.
With such a glaring weakness it's not a matter of 'if' but 'when' it's found and exploited by those with nefarious intent, and the damage that would cause would be huge. Bank account, email(and by extension everything connected to it), sensitive personal data... weakening encryption makes all of that vulnerable, and the potential harm from doing so is both larger, and more likely to occur, than some hypothetical disaster or attack.
The government and police are welcome to employ reasonable methods to prevent and solve crime, but they are very much not welcome to do so using methods that make everyone less safe in the process.
[ link to this | view in chronology ]
Re: Contradictory Question
It's not a matter of should there be, because there are such things. Things laws can't change, and you can't pretend the don't exist by passing such laws.
"The need is time sensitive, it is needed now."
Oooh, scary words! Citation needed. Nothing about this case is either of those things. Your argument is by your own admission based on your imagination. I think the idea that anything needs to change, let alone encroach on our liberty and privacy, based on what you conjure in your imagination is patently absurd. You're going to have to do far better.
[ link to this | view in chronology ]
Re: Contradictory Question
I had a feeling this is the kind of response I would get, and you affirm my basic position. The Founders only had physical locks and safes to contend with and may or may not have considered the various methodologies for attaining what is within a human mind.
I agree, what is in my head only gets out if I want it to get out. It is also my choice to decide to store some of that on my encrypted device and not turn it over to some government. Too bad privacy isn't codified in the constitution, and even if it was, would any of the three branches give a damn?
Torture might get it out of me (no one can resist forever), but only if they know the right questions to ask. If what is in my head or on my device is something I made up, then the likelihood of them knowing the right questions to ask is pretty damn low. If it isn't something I made up, then those questions they ask will lead me to answers that are more than likely NOT true, but placating in nature just to stop the abuse. So they don't win, either way.
That background discussion over at Simple Justice brought the question to my mind as to whether or not there could be a legitimate government interest in everything. In the instant case I cannot see where there is any interest at all, other than forcing the backdoor open as Hans points out.
[ link to this | view in chronology ]
Re: Contradictory Question
That's a good question, how about we ask a student in Tiananmen Square, a Jew in WWII era Germany or nearly any North Korean citizen?
The point is the more trust that gets placed in an authoritarian the more authoritarian it becomes. The US government it swallowing up all the freedoms that once made America great. If you don't live in the US don't worry about being left out, if the US government ever obtains totalitarian control it will come for you too.
[ link to this | view in chronology ]
A different perspective
http://blog.simplejustice.us/2016/02/18/the-last-bite-of-apples-iphone/
[ link to this | view in chronology ]
Re: A different perspective
And that is a true dichotomy. Either the individual has complete control, or they don't. They can, individually, choose to cede control, but it should still be their control to cede.
And if I understand correctly, there are still things that the US government cannot just 'writ' to obtain. If a person is ordered to divulge information by the judge, and the person refuses, the judge may hold the individual in contempt and impose a sentence for the purpose of coercion. But no amount of legal coercion can *force* a person to divulge the information. That information is out of the judge's hands for so long as the contemnor resists the coercion. To say that nothing should be out of reach of the judge is to allow the suspending the rights of the individual and applying greater coercion than our current legal system affords.
[ link to this | view in chronology ]
Re: Re: A different perspective
Would that be the same Apple that exercises a prudish control over the contents of app that can be loaded onto IOS devices? Colour me cynical, but Apple wants to control what users can do, its just that allowing a government to undermine their security would hurt their business model.
[ link to this | view in chronology ]
Re: Re: Re: A different perspective
It would have been interesting to know what Jobs would have done about a great many things starting with the Snowden revelations.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Can the engineers refuse?
[ link to this | view in chronology ]
Re: Can the engineers refuse?
Anyone can refuse to obey a court order but there may be penalties for doing so, including jail time until the order is obeyed.
[ link to this | view in chronology ]
Re: Re: Can the engineers refuse?
[ link to this | view in chronology ]
Re: Re: Can the engineers refuse?
[ link to this | view in chronology ]
It still looks like the phone is already backdoored.
This should be a moot point in court. Apple shouldn't be defending saying it won't help the FBI, but rather saying that it all of Apple's help to the FBI is moot since the all the cracking efforts would be in vein due to robust encryption. That there is debate about this means there's already unicorn pixies about, that the encryption on the iPhone is not secure enough.
Precedents on golden keys and their relationships to warrants and court orders are well and good, but that doesn't stop China or identity thieves from cracking your phone's unicorn-dusted encryption, and I'd rather we got used to the idea that unicorn keys were unsafe, even if the FBI promised not to use the pixie gold except when in the most dire of circumstances.
[ link to this | view in chronology ]
Rating of Country's Abuse of its Citizen's Privacy
Compared to other countries on Earth how far does the U.S. have to go down the list before they can find countries abusing privacy worse than the U.S. government?
Well if you find any now, just give it time, because they are racing as fast as they can to the bottom of that list.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This the wrong debate
In theory:
If they want to search you house they convince a jugde that writes a warrant naming where and what they are allowed to search.
The serve you the warrant and after reading it and maybe contacting you lawyer, you let them in you or you lawyer supervise to make sure they only search where and what the warrant allows.
Instead they want to serve a warrant to the lock manufacturer to get the key to you house and then go in without telling you.
Now the protection off your rights,(fighting unreasonable or over broad warrants i.E.) is up to a company that as has never heard of you and has no obligation or incentive to spend money and time to protect you.
You just come home and your house ist yellowtaped or turned inside out. Or you are arrested because they claim the found something, even so they had now business locking for it in the fist place.
Why is anybody taking like that normal when it commes to computers and information?
p.s.
leaving a side the actual practice of police searches and what it really take to get a warrent.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Really?
[ link to this | view in chronology ]