Lawmakers Speak Out On Apple Being Forced To Create Backdoors; Some Wisely, Some Ignorantly

from the some-good,-some-bad dept

Everyone's talking about the big legal fight that magistrate judge Sheri Pym has kicked off by ordering Apple to build a backdoor into an iPhone to get around security tools that would block attempts to decrypt the contents of the phone. As some are noting, if the ruling is not overturned it could force Congress to change the law. Over the last year or so, it had become clear that Congress did not support laws that mandate backdoors. Yes, some in Congress -- including Senators Richard Burr, Dianne Feinstein and John McCain -- have been pushing for such legislation, but most have admitted that there aren't nearly enough votes in support of that, and there are many in Congress who recognize the ridiculousness of such a law. A year ago, a congressional hearing made it clear that there was a ton of skepticism in Congress about ordering backdoors.

And now we see Congress speaking out about the court order as well. Rep. Ted Lieu -- who, people always point out, has a computer science degree, and who a year ago noted that backoors were "technologically stupid" -- has told the DailyDot that this order creates a very dangerous slippery slope:
"Can courts compel Facebook to provide analytics of who might be a criminal?" Lieu said in an email to the Daily Dot. "Or Google to give a list of names of people who searched for the term ISIS? At what point does this stop?"
Rep. Zoe Lofgren put out a detailed statement saying that the order was "an astonishing overreach of authority by the Federal government," and warned that it appeared to go against the wishes of Congress and that even if the order is upheld, it will only result in stronger encryption that can't be backdoored:
Apple, as do other technology companies, complies with lawful orders and warrants. But they are unable to deliver to the government what they do not have – in this case, a key to break into their operating system in the manner the FBI desires. It is astonishing that a court would consider it lawful to order a private American company be commandeered for the creation of a new operating system in response.

The issue of mandating back doors in encryption has been a topic of vigorous discussion in the Congress. The emerging consensus has been that creating back doors for the use of law enforcement, important as law enforcement is, would endanger Americans by generally weakening security. These weaknesses will inevitably be exploited by criminal hackers or foreign opponents. That a single magistrate should substitute her judgment for that of the duly elected President and Congress – that was already thoroughly engaged in the subject – is wrong as a matter of policy and of law.

Finally, should this order not be overturned, technology companies will have no choice but to further deploy robust encryption that would prevent their engineers from creating any system that would effectively open up previously deployed security measures.

I urge the judicial branch to swiftly overturn this misguided ruling and further urge the Director of the FBI to refrain from seeking public policy decisions from the courts that are more properly decided by the Legislative branch of government.”
Senator Ron Wyden put out a statement as well, noting how this ruling will be interpreted around the globe:
I don't take a backseat to anyone when it comes to hunting down terrorists and protecting Americans from harm. However, this unprecedented reading of a nearly 230-year-old law would create a dangerous precedent that would put at risk the foundations of strong security for our people and privacy in the digital age. If upheld, this decision could force U.S. technology companies to actually build hacking tools for government against their will, while weakening cybersecurity for millions of Americans in the process.

Furthermore, this move by the FBI could snowball around the world. Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor? Companies should comply with warrants to the extent they are able to do so, but no company should be forced to deliberately weaken its products. In the long run, the real loses will be Americans' online safety and security.
Of course, not all our lawmakers are so enlightened. Senator Feinstein, despite technically representing Apple, has shown for a long time now that she has no interest at all in representing the true interests of anyone in California if it goes against the desire of the surveillance state. She basically told Apple to shut up and do what the court says. After pretending it's about protecting Californians (because San Bernardino is in California) she warns that if Apple doesn't obey it will force her and Senator Burr to push for the legislation they've already been pushing for:
I would hope that bill would not be necessary. I would hope Apple understand the seriousness of this request. I have no doubt that to deny the request would likely bring on law to change law, so that this can be done. We're in jeopardy if you cannot -- through proper evidence submitted by a probable cause warrant -- be able to open these systems.
The PBS interviewer who asked Feinstein about this also asked (twice!) about Apple's statement that creating backdoors will create opportunities for those with malicious intent to break into the phones as well, and Feinstein displays her technological ignorance by stating:
Oh I don't believe that's necessarily true.
She's wrong about that. She's literally advocating for everyone to be made less safe just so we can get a little more information on some people who we already know committed a crime. That's crazy.

And, of course, Senator Burr made a similar statement -- first by lying and pretending that the order is not about creating a backdoor:
There are no decryption demands in this case, and Apple is in no way required to provide a so-called backdoor. The FBI needs access to the phone so the agency can better piece together information about the terrorists and whom they contacted.
This is technologically ignorant as well. This is exactly what a backdoor is. Apple is being told to create a bit of software that disables security measures in order to decrypt encrypted material. That's the very definition of a backdoor. Burr goes on, pretending that weakening the safety and security of basically everyone is somehow making them more secure:
The iPhone precedent in San Bernardino is important for our courts and our ability to protect innocent Americans and enforce the rule of law. While the national security implications of this situation are significant, the outcome of this dispute will also have a drastic effect on criminal cases across the country. The newest Apple operating systems allow device access only to users — even Apple itself can’t get in. Murderers, pedophiles, drug dealers and the others are already using this technology to cover their tracks.
Yup, always bring up the holy trinity of "murderers, pedophiles and drug dealers." I'm amazed he didn't say terrorists as well. Of course, as people keep pointing out, there have always been ways for people with ill-intent to hide their communications. There's nothing in the law that says we have to be able to track every communication ever made by everyone. That's a dystopian vision -- but one that apparently Senator Burr likes.

Even worse, Burr insists that because the law "protects" Apple in other cases, it should roll over for this. And also, ridiculously, he argues that this is more about Apple's business model than protecting the safety of Americans.
Apple’s position in the San Bernardino case affirms that it has wrongly chosen to prioritize its business model above compliance with a lawfully issued court order. While the company may have routinely complied with such court orders in the past, it now claims that it cannot comply as a result of security features it has built into its newest products. Apple exists as a corporate entity with the protections provided by U.S. laws, but it cannot be allowed to pick and choose when to abide by those laws as it sees fit. We are a country of laws, and this charade has gone on long enough. Apple needs to comply with the court’s order.
Hilariously, this is the very same Senator Burr who, just months ago, was going on and on in Congress about the importance of cybersecurity, and fearmongering about "cyberattacks." What he doesn't seem to recognize is that the only real way to protect against those attacks is encryption. The very encryption he now seeks to undermine.

Others in the Senate are making similarly ignorant statements, including Senator Tom Cotton, whose statement is so over-the-top ridiculous and wrong as to almost not be worth mentioning:
"Apple chose to protect a dead ISIS terrorist's p‎rivacy over the security of the American people. The Executive and Legislative Branches have been working with the private sector with the hope of resolving the 'Going Dark' problem. Regrettably, the position Tim Cook and Apple have taken shows that they are unwilling to compromise and that legislation is likely the only way to resolve this issue. The problem of end-to-end encryption isn't just a terrorism issue. It is also a drug-trafficking, kidnapping, and child pornography issue that impacts every state of the Union. It's unfortunate that the great company Apple is becoming the company of choice for terrorists, drug dealers, and sexual predators of all sorts."
I mean, come on. Apple is not "protecting a dead ISIS terrorists' privacy," it's talking about the very real issue of whether or not courts have the power to order companies to hack their customers on behalf of the government. That's a big deal that you would think would matter to politicians.

These statements are not unsurprising, but they continue to show a level of profound ignorance about basic technology issues. The fact that Feinstein and Burr, at least, are working on legislation around an issue they so clearly have no clue about is downright scary. One hopes that the others who actually understand the technical and legal issues -- such as those at the top of this article -- will prevail in Congress.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: all writs act, dianne feinstein, encryption, going dark, precedent, richard burr, ron wyden, ted lieu, tom cotton, zoe lofgren
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Feb 2016 @ 2:39pm

    Facebook has scanned for pedophile activity for years, the horse left the barn in terms of debating the merits of running analytics on the profiles of billions of people.

    http://www.reuters.com/article/us-usa-internet-predators-idUSBRE86B05G20120712

    link to this | view in chronology ]

  • identicon
    John Thacker, 18 Feb 2016 @ 3:00pm

    Times like this I am glad that there is some conception of corporate personhood and corporate right to free speech (and code is speech) no matter what the crazy anti Citizens United people say. They think that Apple should have no legal ground to resist this order, since corporations should have no First Amendment nor other rights.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2016 @ 6:07pm

      Re:

      Corporations being people has nothing to do with corporations being served a court order. Courts could order corporations to produce data before they were people. Courts can order corporations to produce data after they are people. You seem to be tying them together for no apparent reason.

      Oh wait ... was your post sarcasm? Doesn't seem like it.

      All those who opposed the citizens united ruling are saying that Apple has no ground to resist the court order? Maybe you should qualify this statement, or provide evidence in support of same because it sounds like bullshit.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Feb 2016 @ 6:41pm

        Re: Re:

        The problem here is the court telling a business to do work without any realistic compensation.

        How would you like it if a court order told you to go and repaint your neighbors car on your OWN DIME?

        This order is trying to tell Apple to expend company resources to generate NEW code to service this fucked up courts desires.

        Everyone not understanding this should just fucking shut up and maybe consider stop fucking breathing for the rest of our sake.

        What is even more terrible, is that Apple is not saying that this should be impossible because they developed a solid encryption system. This is telling in two ways, apple and already created a back door of some kind and is just trying to keep it secret, or they knowingly released shitting encryption that they already have a good idea of how to defeat!

        But hey, when it comes to terrorist you should just fucking roll over and grease the fuck up right?

        This ONLY ENDS BADLY! There is not a single moment in history where sacrificed liberty was not abused on a massive scale by government! We should be more afraid of gov than a few measly fucking terrorists!

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Feb 2016 @ 5:28am

          Re: Re: Re:

          Wow, way to answer the question - not.

          You're sort of a nutjob huh?

          link to this | view in chronology ]

        • icon
          nasch (profile), 19 Feb 2016 @ 7:37am

          Re: Re: Re:

          The problem here is the court telling a business to do work without any realistic compensation.

          Apple can request compensation.

          link to this | view in chronology ]

        • identicon
          TinkerTenor, 19 Feb 2016 @ 12:28pm

          Re: Re: Re:

          What matters to me is that their CURRENT design (5s and above) is believed to be "unhackable" due to the use of the secure enclave. Is that true? Who knows. Based on the design it sure sounds solid. But I wouldn't wag your finger at Apple for the fact that they didn't develop that level of security until 2013.

          I think they were ahead of their time in that department. *As I understand the timeline* of the secure-enclave rollout, at the time Android encryption was all software-based, and would've been susceptible to brute-force attacks. The version of Android that included mandatory device encryption wasn't released until October 2015. This suggests that if the terrorist had been using a similarly-aged Android phone, the FBI probably wouldn't need anyone's help breaking in. Unless of course the now-deceased suspect had used some third-party encryption program on the phone, which is possible, but it still would have been only software-based.

          So this is not an Apple-vs-Android post. Let's not do that. My only point is that Apple's security was pretty robust for the time. I wouldn't exactly call their security on the 5c "shitty," considering that the FBI has now been reduced to begging for their help to break through it. It's just a shame the phone couldn't be a 5s because then there would be nothing Apple could do.

          No. The scary part of this story to me is not how willfully negligent Apple has been in knowingly releasing bad security, because frankly they haven't done that. The scary part is how willing the various shady arms of our untrustworthy government has shown themselves to be to use their might and power to force unlawful breaches of privacy and *favors from private corporations like Apple* when and if doing so serves their goals. And then expect anyone to trust them with that allowance. Ridiculous.

          link to this | view in chronology ]

  • identicon
    Chris Brand, 18 Feb 2016 @ 3:01pm

    It's easily solved

    Just compel Apple to say that they're ok with it. After all, you're already compelling them to write software, which has been ruled to be speech...

    link to this | view in chronology ]

  • icon
    Oblate (profile), 18 Feb 2016 @ 3:08pm

    Ways to end an interview...

    Senator Tom Cotton: "Apple is becoming the company of choice for terrorists, drug dealers, and sexual predators of all sorts."


    If I were the interviewer, at that point I would have had to ask him if he had an iPhone.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2016 @ 3:43pm

    Compelled to perform actions...

    I find it interesting that everyone believes it is Apple's DUTY to update this particular phone so that the government can mess with it. How is it that a company is beholden to the government in situations like this where it wasn't technically involved in any wrongdoing other than providing a tool that was used by someone who committed a crime?

    At what point can a government or law enforcement agency basically demand that any private sector company does whatever it requests of them in order to make their jobs easier?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2016 @ 6:11pm

      Re: Compelled to perform actions...

      " everyone believes it is Apple's DUTY to update this particular phone "


      Who is this nebulous "everyone" to which you refer?
      Am I included? Because you didn't ask me, not sure how you know wth I am thinking. Looks like you simply blanket accuse everyone because ... umm yer lazy?

      link to this | view in chronology ]

  • icon
    Jeremy2020 (profile), 18 Feb 2016 @ 3:43pm

    These senators are scary. They're going to push the surveillance state down our throats until the only choice is violent revolution.

    link to this | view in chronology ]

  • icon
    NeghVar (profile), 18 Feb 2016 @ 3:48pm

    open source

    Depending on the outcome, I can see this leading to a mass migration to open-source encryption such as Veracrypt and CipherShed. Each is an improved spin-off from truecrypt.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2016 @ 4:03pm

    more then one way

    They're not asking apple to skin the cat..
    They're asking them to build a cat skinning device.

    Meanwhile both apple and the gov are doing a great job convincing everyone the (apparently- drug dealing, terrorist, paedophile) cat's still in the bag.

    It's like everyone suddenly forgot about snowden/greenwald, hacking team, or even how to do a simple search for "iphone forensics"...

    link to this | view in chronology ]

  • identicon
    JBDragon, 18 Feb 2016 @ 5:04pm

    I can only HOPE that Feinstein and Burr Smartphones get hacked because of weak security. Then they can blame everyone but themselves!!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2016 @ 5:32pm

    But they are unable to deliver to the government what they do not have – in this case, a key to break into their operating system in the manner the FBI desires.

    I actually think this is the salient point here. The basis of just about all government law enforcement activity is that they can serve a warrant (or subpoena, pen order, etc.) and demand something that a company (or individual) possesses.

    Apple has, in essence, been ordered by the judicial branch to design and build a new product and give it to the court free of charge.

    And why stop there? Terrorists probably use airplanes for transportation. Why not get a court order that Boeing provide free military planes? After all, how else are we to shoot down terrorist planes. Terrorists use food as well, we should order Tyson to include terrorist killers that will identify and kill terrorists who eat food. The situations are "exactly" the same. Terrorists use a tool, the company that makes that tool is required to invent a new tool to counter it, and freely give that tool to the government.

    link to this | view in chronology ]

    • icon
      MarcAnthony (profile), 18 Feb 2016 @ 8:09pm

      Re:

      Apple is not an arm of law enforcement, and the idea that they are obliged to create a new system of forensic analysis for one phone is ridiculous, and is such regardless of whether or not they are being compensated. Every moment they have to spend on that is a moment taking them away from making or improving their own products—the reason they’re in business. The propagandists can try to make this about Apple protecting terrorists, pedophiles, et al., but the real issue is one of basic freedom. It’s too neutral to say they are being “compelled” to comply in this situation; due to an act in which they played no part, they are being enslaved in the service of the state.

      If they create a workaround that compromises the security of their product, Apple will lose everyone’s trust, and they will suffer epic financial losses that will rip through the economy. All of this will happen for a device that likely has little to no intelligence value. If the government’s intent is to destroy their business anyway, then they should just close up shop in protest, like Lavabit.

      link to this | view in chronology ]

      • identicon
        Rekrul, 18 Feb 2016 @ 11:46pm

        Re: Re:

        If they create a workaround that compromises the security of their product, Apple will lose everyone’s trust, and they will suffer epic financial losses that will rip through the economy.

        Apple could create a new iPhone and state right in the description that all your voice calls and data are sent right to the FBI/NSA in real time and it wouldn't be enough to deter the Apple fans from buying it.

        link to this | view in chronology ]

    • icon
      nasch (profile), 19 Feb 2016 @ 7:40am

      Re:

      You're focusing on the wrong issue. The problem is Apple being forced to create software that compromises their product's security, regardless of whether they're going to be paid for it.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Feb 2016 @ 9:58am

        Re: Re:

        But Apple routinely makes software that compromises the security of their products. That's what iCloud is, by definition. Storing a file on a cloud service is less secure than storing it on a network drive, which is less secure than storing it on a hard drive, is less secure than storing it on a USB (or some other drive not connected to an OS).

        The next question is that of the government compelling Apple to compromise their security by court order. But then, that's what warrants are. When you are served a search warrant for your house, you must compromise the security of your house. When a wiretapping warrant is issued to a phone carrier, they must sacrifice the security of their service. A warrant is "literally" the process by which the government compels someone to compromise security. So courts are perfectly capable (legally) of ordering security to be compromised

        And so the question really is the use of court order to compel a company to create a product for free.

        link to this | view in chronology ]

        • icon
          nasch (profile), 19 Feb 2016 @ 10:43am

          Re: Re: Re:

          And so the question really is the use of court order to compel a company to create a product for free.

          No, it isn't, because the order specifically says Apple can advise the government of its costs. Unless you think that's just for curiosity and not so that Apple can be reimbursed. If you think that's the only issue, then you should really believe there is no issue at all with this warrant.

          Point 5: https://www.documentcloud.org/documents/2714001-SB-Shooter-Order-Compelling-Apple-Asst-iPhone.html

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Feb 2016 @ 6:03pm

            Re: Re: Re: Re:

            huh...

            In that case, legally speaking there's not much of an issue here. There may be some semantics involved of a court ordering a company to invent something, but the reality is that since Apple licenses it's software it still technically has enough ownership rights to consider this ordering Apple to unlock it's own system. And courts have had that authority for centuries.

            link to this | view in chronology ]

  • identicon
    Adam, 18 Feb 2016 @ 5:39pm

    Everyone is assuming that the FBI cannot already break into that phone. If they can, they clearly don't want it known. By attempting to force Apple to do the deed they set the precedent they need to force every phone company to comply. Separate events, really.

    link to this | view in chronology ]

  • identicon
    Digitari, 18 Feb 2016 @ 5:42pm

    this whole thing....

    is a setup to get a new law on the books.................

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2016 @ 6:26pm

    http://foxtrotalpha.jalopnik.com/the-f-117-stealth-fighter-program-actually-had-a-klingo-1759842067

    I hope you take the time to seriously consider why I might consider this link very relevant to the topic...

    link to this | view in chronology ]

    • icon
      nasch (profile), 19 Feb 2016 @ 7:44am

      Re:

      I hope you take the time to seriously consider why I might consider this link very relevant to the topic...

      Great story, but no, I'm not seeing the relevance.

      link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 18 Feb 2016 @ 7:13pm

    What happens if Apple's "fix" bricks the phone?

    I'm curious to see what would happen if Apple's good faith attempt to comply backfires. If I were an Apple engineer with a gun to my head, I might be so distracted by the sheer pressure of the situation as to invert a logical statement.

    "Sorry, you cannot see the source code. We securely erased it the instant after we complied it to prevent it from getting out into the wild."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2016 @ 7:18pm

    I get several things from this and none of them good. So Apple is responsible for the end uses of it's products? Why are we not seeing auto makers and weapons makers being held to the same standard then?

    Had I bought an Apple phone with the idea I could and intended to use encryption, exactly how long after Apple complies do you think I would continue to buy or continue to use their product?

    It's beginning to look to me like the Land of the Free immigrated somewhere else when I wasn't looking. How many more senseless types of laws is it going to take before companies are moving wholesale out of this country?

    What in the world happened to the US living up to it's proclaimed high ideas of human rights? Do we even have to talk about the right to be security in our papers and in our homes as well as our property? It appears it is so important to the FBI they are willing to provide a blow by blow on how to invade privacy that other countries far less known for freedom of rights to follow.

    What the hell happened to this country? No friggin' wonder people have such distrust and such a low opinion of the US government today, globally as well as domestically.

    link to this | view in chronology ]

    • icon
      Whatever (profile), 18 Feb 2016 @ 9:50pm

      Re:

      "I get several things from this and none of them good. So Apple is responsible for the end uses of it's products? Why are we not seeing auto makers and weapons makers being held to the same standard then? "

      I don't think this is the point at all. Apple is not responsible in any manner for what the end user has done. However, the court can see (it's pretty clear) that Apple's encryption technology may be holding back a police investigation. That investigation may, among other things, help us learn more about these terrible attacks, and perhaps to prevent others by giving law enforcement contacts and people of interest. The greater good is served with this knowledge.

      I know it's frustrating, because it hits at the heart of the question of privacy and security. This is literally the intersection of these two wants and needs. The court has (wisely in my opinion) search for a solution that (a) doesn't require Apple to modify all phones, (b) requires a patch be applied specifically by Apple, and (c) that the phone must be in physical possession for any of this to happen. Even after it all, the phone is still not compromised or hacked, only the artificial restrictions created by Apple to block certain types of brute force attempts would be disabled.

      I still feel that Apple's biggest worry here is their own credibility, not your privacy. What the court has ordered them to do pretty much requires them to admit that all of the hoopla about the UID and the security chip thing is all but meaningless, and that the security once again comes down to your pincode or password. It means that Apple's security boils down to artificial limits on brute force and a "slow down" routine, and not much more. That isn't the story Apple has been running with for nearly 10 years now.

      Put in context, Apple has a lot to lose here because they could get very much exposed. The credibility of their products as "unhackable" may be laid waste by all of this, something they may never properly recover. I think that is what pains them way more than any of your personal data.

      link to this | view in chronology ]

      • identicon
        AJ, 19 Feb 2016 @ 4:24am

        Re: Re:

        "Put in context, Apple has a lot to lose here because they could get very much exposed. The credibility of their products as "unhackable" may be laid waste by all of this, something they may never properly recover. I think that is what pains them way more than any of your personal data."

        So the possibility that a phone has info on it pertaining to a terrorist attack that's already happened, is worth billions of dollars and thousands of jobs? Not to mention that once Apple does that, they will have to do the same for China, Russia, whoever... what happens when Apple gives this back door technology to China and China uses it to hack our politicians phones?

        I don't think we need to know whats on that phone that bad.

        link to this | view in chronology ]

        • icon
          Whatever (profile), 19 Feb 2016 @ 5:34am

          Re: Re: Re:

          "So the possibility that a phone has info on it pertaining to a terrorist attack that's already happened, is worth billions of dollars and thousands of jobs? "

          So the law should just give up (and possibly let others die) because a corporation needs to make a profit?

          "what happens when Apple gives this back door technology to China and China uses it to hack our politicians phones"

          I don't think of it as an issue. My guess is that the next IOS update will make this less of an issue (perhaps requiring a much longer pincode for protection). Apple tried to make it easy for the public to have a short pin code by limiting the number of attempts. That will likely be fixed in the future. Forcing say 10 digits (like a US phone number) would make physical brute force useless. At 1 code a second, the current 6 digits is about half a month - and the minimum 4 digits is less than a day. Adding 1 more digit would move that to half a year, and adding 2 more digits would move it to more than 2 years. Bring it to 10 digits would make brute force all but meaningless. The FBI wouldn't be asking, because even they could do the math.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Feb 2016 @ 6:17am

            Re: Re: Re: Re:

            I don't think of it as an issue.

            The issue with this is that it could set the precedent that a company must provide and install a tailored operating system on an identified device, when a government comes calling with a warrant. As such could be done via the normal update process for all proprietary operating systems. It would force companies to become allies of the spy agencies as well as law enforcement in any country where they have an office.
            Note this bypasses all protection offered by code signing when it comes to government desires to spy on people, at least as far as proprietary systems are concerned. Interestingly it becomes much more difficult to do with open source operating systems, because they repositories have an open to view file system, and are commonly mirrored to servers in different countries. Trying to get general backdoor into open source software also has a high risk of exposure because the code is open for inspection.

            link to this | view in chronology ]

            • icon
              Whatever (profile), 19 Feb 2016 @ 7:12am

              Re: Re: Re: Re: Re:

              "The issue with this is that it could set the precedent that a company must provide and install a tailored operating system on an identified device, when a government comes calling with a warrant."

              No, it only says "if you are going to make it possible, a court will likely order you to do it". Apple could have very easily avoided the situation, but they did not. All of the talk about the secure chip thingie adds up to not much if it's all about the user's 4 or 6 digit pincode to lock the device. That's the real issue.

              link to this | view in chronology ]

              • identicon
                AJ, 19 Feb 2016 @ 7:31am

                Re: Re: Re: Re: Re: Re:

                "No, it only says "if you are going to make it possible, a court will likely order you to do it".

                It's NOT possible right now. Apple will have to CREATE software to do what they want done. So what's to keep the Gov from coming back later and stating that if it's not possible on the new phones, they need to MAKE it possible like they did the last time?

                link to this | view in chronology ]

                • icon
                  Whatever (profile), 20 Feb 2016 @ 4:23am

                  Re: Re: Re: Re: Re: Re: Re:

                  "It's NOT possible right now. "

                  The problem is that it is possible, they just don't have a specific version of the OS handy that will do it, and they don't have a secure chip firmware update that will disable the 5 second delay. Basically, all Apple has to do it disable the two artificial barriers they have created (max 10 tries, and 5 second delay) and pretty much that's it.

                  Technically, it's a dawdle.

                  Apple can do more to make brute force a non-issue, like requiring longer passcodes, two step passwords, or similar. They have not, so this is very possible and very straight forward (and even the guys who worked on the secure chip seem to think so).

                  link to this | view in chronology ]

                  • icon
                    nasch (profile), 20 Feb 2016 @ 7:17am

                    Re: Re: Re: Re: Re: Re: Re: Re:

                    The problem is that it is possible, they just don't have a specific version of the OS handy that will do it

                    So right now it's not possible.

                    link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Feb 2016 @ 6:36am

            Re: Re: Re: Re:

            "So the law should just give up (and possibly let others die) because a corporation needs to make a profit?"

            The RIAA frequently demands this and you've never complained.

            link to this | view in chronology ]

            • icon
              Whatever (profile), 19 Feb 2016 @ 7:13am

              Re: Re: Re: Re: Re:

              I never claim a corporation needs to make a profit so the law should go away... sorry, that's BULLSHIT (and I use capitals). Bad troll.

              link to this | view in chronology ]

          • identicon
            AJ, 19 Feb 2016 @ 7:27am

            Re: Re: Re: Re:

            "So the law should just give up (and possibly let others die) because a corporation needs to make a profit?"

            Not because a corporation needs to make a profit. What they are trying to force Apple to do, endangers us all, and does so regardless of the impact on Apple's bottom line.

            The second part of your comment is just opinions. You don't know any more than the rest of us what setting a precedent like this will do. If the government could force Apple to make a back door, then why couldn't they force them to keep the pin at 4 numbers?

            link to this | view in chronology ]

            • icon
              Whatever (profile), 20 Feb 2016 @ 4:26am

              Re: Re: Re: Re: Re:

              " If the government could force Apple to make a back door, then why couldn't they force them to keep the pin at 4 numbers?"

              If they said "pin must be 4 digits" then Apple would just move to some other system for encoding. It would also just encourage people to use non-Apple software for encryption.

              There really isn't much in it. Oh, and the government is unlikely to mandate the length of a pin code to be so short, the public would kick back at it - in the same manner that they are starting to get upset at Apple about it.

              link to this | view in chronology ]

          • icon
            nasch (profile), 19 Feb 2016 @ 7:46am

            Re: Re: Re: Re:

            So the law should just give up (and possibly let others die) because a corporation needs to make a profit?

            Who might die if the FBI doesn't get access to this phone?

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 19 Feb 2016 @ 9:27am

              Re: Re: Re: Re: Re:

              Perhaps Whatever has lifesaving information on his/her/other phone. The SWATT team should bust down the door to check.

              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2016 @ 7:29pm

    there have always been ways for people with ill-intent to hide their communications.


    ... for instance, by not putting them on their phones.

    The FBI will find - or invent, with no way for us to disprove - "significant evidence" on the phone, if they get it unlocked. Think of the stink if they didn't.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2016 @ 8:20pm

    So, I use encryption all the time (I am a terrorist), but I do no have an iPhone (I am not a terrorist).

    link to this | view in chronology ]

  • icon
    techflaws (profile), 18 Feb 2016 @ 10:01pm

    link to this | view in chronology ]

    • icon
      Whatever (profile), 18 Feb 2016 @ 11:34pm

      Re:

      I love this quote:

      "In other words, Apple’s stance in the San Bernardino case may not be quite the principled defense that Cook claims it is. In fact, it may have as much to do with public relations as it does with warding off what Cook called “an unprecedented step which threatens the security of our customers.”"

      I sniffed that out from day 1. Perhaps it's time for Techdirt to reconsider what all Apple is complaining about.

      link to this | view in chronology ]

      • identicon
        DigDug, 18 Feb 2016 @ 11:43pm

        Re: Re:

        Perhaps you should have your brain flushed by way of enema.

        Apple is protecting the Constitution by refusing the illegal order by the Court at the behest of the Terrorist group also known as the FBI.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Feb 2016 @ 7:04am

        Re: Re:

        "I sniffed that out from day 1"

        What a hipster.

        link to this | view in chronology ]

    • identicon
      DigDug, 18 Feb 2016 @ 11:44pm

      Re:

      There's a difference between unlocking an unencrypted phone vs unlocking an encrypted phone.

      Pull your head from your ass.

      link to this | view in chronology ]

    • icon
      beltorak (profile), 19 Feb 2016 @ 8:57am

      Re:

      link to this | view in chronology ]

  • identicon
    DigDug, 18 Feb 2016 @ 11:42pm

    LMFTFY Mr. Cotton

    "Apple chose to protect a dead ISIS terrorist's p‎rivacy over the security of the American people."

    no no no...

    "Apple chose to protect the Constitution over the crying and gnashing of teeth by the FBI."

    link to this | view in chronology ]

  • identicon
    DigDug, 18 Feb 2016 @ 11:48pm

    In other news...

    With all the traction that the courts received ordering Apple to do the impossible, another simpleton in another court today ordered that medical examiners bring dead bodies back to life so that they can question them as to who killed them.

    So far, the medical examiners are refusing the order saying that God and only God can raise the dead. The FBI in an overreaching and comical action have decided they would arrest the examiners if the court order wasn't followed by the end of the week.

    link to this | view in chronology ]

  • identicon
    Rekrul, 18 Feb 2016 @ 11:56pm

    I was out with my friend today when this issue came on the radio with some guy (I didn't catch who, my friend talks a lot!) saying that Apple and Google are acting like teenagers who think they can do whatever they want. My friend said that Apple should just decrypt the phone for the FBI. I tried to explain the issues to him, but his argument boiled down to "The shooter did bad things, so Apple should help the FBI." When I tried to compare it to the FBI requiring all door locks to have a master key, he said that was stupid because they would never get away with that.

    Unfortunately, I think his attitude and understanding of the case is about average among most people today. It's "computer stuff", so you can't compare it to anything in the real world that they understand because in their mind, it's in a magical class all by itself.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 19 Feb 2016 @ 2:26am

      Re:

      When I tried to compare it to the FBI requiring all door locks to have a master key, he said that was stupid because they would never get away with that.

      Besides being blindingly naive, your friend also seems to have missed out large portions of the encryption 'debate', because that's pretty much exactly what various government, police and political officials have been 'asking' for in the form of a 'golden key'.

      link to this | view in chronology ]

      • icon
        Wyrm (profile), 19 Feb 2016 @ 1:14pm

        Re: Re:

        You can also point out that the TSA has a literal master key fit luggage... and you can underline how helpful that has been.

        link to this | view in chronology ]

      • identicon
        Rekrul, 19 Feb 2016 @ 6:17pm

        Re: Re:

        Besides being blindingly naive, your friend also seems to have missed out large portions of the encryption 'debate', because that's pretty much exactly what various government, police and political officials have been 'asking' for in the form of a 'golden key'.

        He doesn't understand it at all because he doesn't use computers (at all) and doesn't understand anything about them. Also he has this overwhelming belief that abuse and overreach by the government will be stopped by the people, despite this being proven wrong time after time.

        He thinks that the U.S. can't be forced to change any laws via ISDS because the people won't stand for it. He thinks that truly abusive cops (most of what people think is abuse, he thinks is fully justified because the victims committed the unforgivable crime of not doing what they were told) will be quickly put in their place by the courts and juries. And he thinks that pretty much anything is justified in the name of supposedly making us "safer".

        He also believes 99% of what he hears on the radio or sees on TV, while disbelieving anything I tell him that he doesn't agree with. I tell him about a dozen articles detailing how Walmart is one of the worst companies to work for and he doesn't believe it and tells me about how the workers there get automatic raises, everyone loves it, etc. Yet, if Dr. Oz told him that putting lemon sherbert in his underwear would cure heart problems, he'd be buying it by the gallon.

        link to this | view in chronology ]

        • icon
          nasch (profile), 19 Feb 2016 @ 6:41pm

          Re: Re: Re:

          It's distressing to think that this guy is probably representative of a pretty big chunk of the US population, if not the majority.

          link to this | view in chronology ]

    • icon
      beltorak (profile), 19 Feb 2016 @ 9:00am

      Re:

      > "The shooter did bad things, so Apple should help the FBI."

      in other words, "the ends justify the means".

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 6:47am

    This isn't what the court order says

    I'm not suprised Mike didn't post the actual court order along with the article. It only says that Apple is to assist the FBI in obtaining the data from the phone. Apple can do this in any way they wish. It does not say open a backdoor, give the FBI code. It does suggest several ways the order can be carried out, but it also states those methods are not written in stone.

    This is essentially like the FBI asking a safe company to open a safe they manufactured. I see Apple hanging themselves by not taking charge and opening the phone. The FBI will have no other choice but to then get a third party to crack the phone and create a reusable tool. Remember, every new edition of IOS gets cracked. So what is the big deal except it pops Apple's imaginary security. Apple did hand over the icloud data without fanfare.

    The original order can be found here. https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2016 @ 7:07am

      Re: This isn't what the court order says

      "This is essentially like the FBI asking a safe company to open a safe they manufactured."


      Ummmmm - no it's not.
      It's not anything like that at all.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2016 @ 9:02am

      Re: This isn't what the court order says

      "The FBI will have no other choice but to then get a third party to crack the phone and create a reusable tool."

      Yes, the FBI should do that or do it themselves. (The proper more legal way.)

      link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 19 Feb 2016 @ 7:21am

    What he doesn't seem to recognize is that the only real way to protect against [cyberattacks] is encryption.

    Not really. Encryption does very little to protect against cyberattacks; fixing the security holes in your code protects against cyberattacks. What encryption does is helps minimize the damage when you screwed up on your code and someone attacked and got through and copied all your data.

    link to this | view in chronology ]

    • icon
      nasch (profile), 19 Feb 2016 @ 7:50am

      Re:

      Encryption does very little to protect against cyberattacks

      In-transit encryption can do a lot to protect against attacks.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 8:55am

    What About Congress,

    Do any of the members of Congress use iPhones?

    I seem to remember Dianne Feinstein just loves it when government agencies snoop directly on her. Oh, wait thats right she believes in a different set of rules for her and her Constituants.

    If Apple complies, the custom version of iOS will be out on the scary "Dark Web" within a week. But hey no hackers would ever think to try a (magic?) "Golden Key" hanging from the door knob of the "Front Door" on every device right. Since the keys are magic they wonk work for "Bad Guys" anyway, because it is totally possible to write a program that scans a users intentions.

    link to this | view in chronology ]

  • identicon
    Stosh, 19 Feb 2016 @ 10:35am

    Give hackers another backdoor...end encryption now!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 11:46am

    Hasn't Sen. Burr read the constitution about ex post facto laws?

    Seriously we need more mathematicians, engineers and scientists as our representatives. How to convince the non-educated to vote the old majority out at least at a 50% majority all at once is the real problem.

    link to this | view in chronology ]

    • icon
      morganwick (profile), 20 Feb 2016 @ 12:05am

      Re:

      The real problem is that the uneducated actively distrusts the educated and explicitly prefers to vote for someone "just like me" no matter how unqualified.

      link to this | view in chronology ]

  • identicon
    tracyanne, 19 Feb 2016 @ 12:44pm

    Perhaps

    Apple should sue the US Government, for projected loss of income, under ISDS rules

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2016 @ 12:45pm

    Re: jalopnik story.

    http://foxtrotalpha.jalopnik.com/the-f-117-stealth-fighter-program-actually-had-a-klingo-1759842067

    n asch: "Great story, but no, I'm not seeing the relevance."


    This sort of subversion has evolved significantly, and the nature and lack of knowledge regarding technology- (specifically, low level hardware, and protected closed source firmware) means that it's easier then ever to shift focus away from the true nature of the subject matter.

    Metaphorically- This whole news cycle, and "debate", is talking about and arguing over the fake bombs those not so special planes carried. It serves to strengthen the narrative, improve effectiveness of the real program, and may or may not result in new capabilities for the real "average plane" pilots out there.

    If you want the truth, you have to dig.

    Start with two facts:
    1. Only a small handful of companies make the low level hardware on all modern devices which controls authentication and device function.
    2. Only a small group of people have ever seen/wrote the strongly protected code that controls those devices.

    The "war" over back doors is not and never was apple vs. gov... it was black gov verses a few chip companies and a couple dozen coders. That war was settled a long time ago- now all we get is finely tailored false narratives. PR, and Propaganda- the posturing of titans.

    link to this | view in chronology ]

  • identicon
    qwert, 22 Feb 2016 @ 5:16pm

    Apple has the responsibility to protect the people that have made them rich and successful. If you have a product that allows communication and plans terrorism, peadophiles expolation of innocent children or drug deals every human alive has the responsibility to help these victim. They are just a disgusting to me as the catholic church who have access to knowledge of known paedophiles, but stood back quietly to protect their brand. Gotta love apple, lets protect the privacy of terrorist, so everyone eles can enjoy the privacy that the government wont know what i ate for lunch today.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.