Judge In Child Porn Case Says FBI Must Turn Over Details On Its Hacking Tool

Don't Believe The Hype: No, Apple HAS NOT Done What The FBI Now Wants '70 Times' Before

from the propaganda dept

Fri, Feb 19th 2016 9:32am — Mike Masnick

In the past couple of days, you may have heard various claims regarding the whole Apple encryption backdoor debate saying things like "but Apple has unlocked iPhones 70 times before." I've seen a bunch of people tweeting and linking to such claims, and it keeps coming up. And it's bullshit. The 70 times that Apple helped law enforcement before were totally different situations involving unencrypted information where Apple had the ability to extract from the phone because it wasn't encrypted. That's kind of the whole point here. Yes, of course, Apple can and does provide access to information that it can easily access. In fact, in this very case the FBI submitted a warrant and was able to get all of the information from the unencrypted aspect of Farook Syed's iCloud account:

That's very, very, very, very, very, very different from arguing that because the company was willing to hand over that unencrypted data that Apple had full access to, that it's the same kind of thing as building a hacking tool that undermines the foundations of encryption -- and would set a precedent basically allowing a judge to order any company to backdoor and destroy their encryption.

And yet, this message is gaining steam. It's a talking point that first was given life by the feds last October when they tossed out that "70 times in the past" number as part of the earlier All Writs Act case we'd been covering. But unfortunately it picked up steam yesterday with a Shane Harris piece at the Daily Beast yesterday, claiming misleadingly that "a 2015 court case shows that the tech giant has been willing to play ball with the government before -- and is only stopping now because it might 'tarnish the Apple brand.'" That's hellishly misleading, which is too bad because Harris is so often good on these issues.

Apple, and plenty of other companies have always been willing to "play ball" when there's a legitimate warrant along with actual information they can provide. That's because they have to. But this is different. This case involves information that Apple does not have and which the FBI asked for, and the judge has now granted -- an order for Apple to proactively figure out a way to hack around the security protections on the device, allowing the FBI to then look to brute force the (probably) weak passcode on the phone. In other words, the concept and the principle are very, very different than those "70 previous times." And it's not just about "tarnishing Apple's brand," though I'm sure that's at least a part of it. As Julian Sanchez rightly notes at Time, there's so much more at stake here, including opening up the possibility that judges can order any tech company to help the government hack into their systems.

Once again: handing over info you have full access to is not even remotely close to forcing a company to build hacking tools for the government to undermine their own security.

But, of course, that hasn't stopped many in the press from taking this "but Apple unlocked 70 iPhones in the past" talking point and running with it. It's all over the place, including many sources that should know better.

Don't let the propaganda fool you. This case is very, very different and there are much bigger issues at stake.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: all writs act, encryption, fbi, security, warrants
Companies: apple

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 19 Feb 2016 @ 9:47am

"building a hacking tool that undermines the foundations of encryption"

The foundations of encryption are that it cannot be undermined by simply building a hacking tool. If a hacking tool can undermine it then the encryption itself is bad.
[ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 9:48am
  
  Re:
  any encryption that can be undermined by simply building a hacking tool has no foundation.
  [ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 10:45am
  
  Re:
  Apple doesn't want to admit that its product is flawed, and that a low entropy passcode won't offer protection. This kind of thinking puts its users at risk.
  [ link to this | view in chronology ]
- jameshogg (profile), 19 Feb 2016 @ 10:52am
  
  Re:
  It's not an encryption issue, because the brute-forcing bit is easy. It's a hacking issue because the software/hardware is forbidding the speedy process of it. The FBI want Apple to tinker with their source code essentially.
  
  Though I keep stressing the warrant was granted here. It's not comparible to unwarranted, mass unconstitutional spying. If it were, by definition Apple would be asked to do it secretly anyway.
  
  Law enforcement asking for a key to a house does not mean we should all be afraid of our locks on the count of the possibility that law enforcement could be forcing all keymakers to keep copies of keys in secret, as a result of that one house "hacking".
  
  "The government can't be trusted" is an argument you could make against any security breach, even so much as walking through a criminal's front door rendering all doors untrustworthy.
  
  The logic is not working for me here.
  [ link to this | view in chronology ]
  - Mat (profile), 19 Feb 2016 @ 12:53pm
    
    Re: Re:
    This is closer to "Because a bad guy used a Master Lock, Master Lock Company needs to give us a master key for all Master Locks". Which leads to some really disturbing consequences when you stop to realize that other governments will then start making these same demands.
    [ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 9:48am

It's the dummies at the The Daily Beast that pushed this misleading message, and then I assume other even bigger dummies just replicated what they said.
[ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 9:50am

This one is actually starting to scare me. I'm not usually one for conspiracies, but this is really looking at being a coordinated attack on Apple and encryption as a whole. It's surreal hearing a local radio talkshow yesterday (I wish you would have called in Mike, the host was receptive at the very least) going on about this, cutting to a newsbreak and hearing the same repeated line about how Apple is "defying an FBI order to break then encryption on the San Bernardino terrorists' phone despite records showing they have been willing to do this as many as 70 times in the past". And that line was just getting repeated every ten minutes or so.

It's getting out of hand.
[ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 10:02am
  
  Re:
  no it has long since gotten out of hand... we are just so used to it that we no longer realize it for what it is.
  
  Grab a seat cause this ride is not even close to over.
  
  There is most definitely a coordinated assault on encryption just like the coordinated assault on the Constitution.
  [ link to this | view in chronology ]
  - Anonymous Coward, 19 Feb 2016 @ 10:10am
    
    Re: Re:
    any encryption that's protected by a five digit pin is not secure. Yes all the marketing hype from companies like Apple might tell you otherwise, that the pin gets hashed and rehashed and seeded and reseeded and seeded again by multiple different inputs but if you really expect a five digit pin to protect very sensitive data you are only fooling yourself.
    [ link to this | view in chronology ]
    - Anonymous Coward, 19 Feb 2016 @ 10:47am
      
      Re: Re: Re:
      With a Iphone, the password to get into the phone may be a 5 digit pin, or a long random string. The problem the FBI is facing is that the phone only allws 10 attempts on the password, with increasing delays after each wrong attempts, and it wipes the actual encryption key after 10 failed attempts at a login. What they are asking for is for Ale to turn off the attempt limit, and remove the increasing delay between attempts. After they they will attempt to brute force the password, and will be out of luck if a strong password is in use.
      [ link to this | view in chronology ]
    - JMT (profile), 19 Feb 2016 @ 1:07pm
      
      Re: Re: Re:
      "any encryption that's protected by a five digit pin is not secure."
      
      On it's own, you're correct, which is why Apple built in the very safeguards the court is now trying to force them to disable. It's almost like you haven't read any of the many articles explaining this...
      
      Of course it's also possible the dead user of this particular phone felt the same way you do, and didn't keep any sensitive data on the phone. That's what makes this such an over-reaching fishing expedition. The potential downsides are enormous, but it might well be for zero gain.
      [ link to this | view in chronology ]
  - TechDescartes (profile), 19 Feb 2016 @ 10:12am
    
    Re: Re: Where's the moral dilemma, anyway?
    The FBI is not contending that they need to break into these phones to stop a future attack from happening—the owners of the phones are dead. The government is not even contending that there is an established link between these "lone wolves" and known terrorists. For this issue to rise to this level of debate, you would expect there to be some sort of moral dilemma (e.g., decrypt this now or people will die). The fact that there is no such dilemma, and yet many are willing to fold nonetheless, is what is most disturbing to me.
    [ link to this | view in chronology ]
    - Anonymous Coward, 19 Feb 2016 @ 10:24am
      
      Re: Re: Re: Where's the moral dilemma, anyway?
      I agree, but since the fall the twin towers this country has been running in fear from the boogie men with turbans on their head.
      
      We are quickly protecting ourselves into Tyranny. The government NEVER protects, it reacts to shit by prosecuting and destroying.
      
      There is only 1 universal truth in world history... A nation that asks it citizens to disarm and expose self so that they may be protected is the REAL EVIL to be defeated. Germany serves as a damn good recent example of this that most people should easily understand.
      [ link to this | view in chronology ]
      - Anonymous Coward, 19 Feb 2016 @ 10:26am
        
        Re: Re: Re: Re: Where's the moral dilemma, anyway?
        It's just simpler than that. The road to hell is paved with good intentions. Whether this is malicious or just a "you *need* me on that wall* type of thing, the result is the same: Lost freedom with no real gain.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 19 Feb 2016 @ 10:35am
        
        Re: Re: Re: Re: Re: Where's the moral dilemma, anyway?
        Yep, there is no end to the multi-pronged assault on liberty. You do not have to be a willing participant to help destroy liberty, in some cases all you need to do is sit and do nothing to be a party to the problem.
        
        Eternal Vigilance is a fact of life as surely as putting more gas in your car. If you don't keep it up, you run out of fuel and you lose all momentum. Rest assured that private business interest, civilian politics, and government Authorities are all each doing their part to destroy liberty... which is why it will be destroyed, the only question is how soon?
        
        There currently stands no agency upon this planet that seeks to prop up liberty and justice. American used to be it but we have now become that which we fought so long ago.
        [ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 10:14am

Which begs to ask why the heck is the data stored in the cloud not encrypted? Many solutions like 'tarsnap' do this, then your data is protected from Apple, NSA, FBI, Hackers etc.
[ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 10:29am
  
  Re:
  Encryption technologies are "by default" created with master keys especially for the testing phase of the product to ensure functionality. And while this is usually necessary during the development of the product... most companies never remove this and pretend that it never happened in the first place.
  
  It would not surprise me in the least if Apple already has a master key capable of decrypting the device but will do anything to protect that information. If we see the news were Apply settles this with the FBI/Court quietly behind closed doors, then you can bet this is the most likely reason.
  [ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 10:35am

It's not that different
In both cases, Apple software is used by Apple employees to modify iOS without end user interaction.
[ link to this | view in chronology ]
- Mat (profile), 19 Feb 2016 @ 1:06pm
  
  Re: It's not that different
  iCloud backups are not on iOS, no modifying of iOS required. It's litterally, 'files that are on our hard drives'
  [ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 10:37am

Lying sacks of shit.
Komatireddy argued that Apple should help because it’s been doing that since 2008, and since then it “has never objected” and “has complied” with “at least” 70 similar requests.

So the DOJ is staffed by lying sacks of shit. So what else is new? Those are just exactly the kinds of people that should not be given back-doors.
[ link to this | view in chronology ]
observer, 19 Feb 2016 @ 10:39am

This seems likely to drive Apple to change the way future devices are built. An obvious solution to this exact case would be to make devices that can't receive OS and firmware updates. So in the name of greater user privacy Apple is forced to make a design decision that results in less usability. Whatever the outcome, the fact that government is pushing seems likely to force Apple into future design decisions it wouldn't have made otherwise.
[ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 10:42am

Apple can and should give FBI access to the raw file system. A software rate limiter is not encryption, nor is it good protection. It's up to the user to use a strong passphrase to counter brute force attacks. You can't expect a 4 digit pin to give you security, and Apple is misleading its customers when it claims or suggests this.
[ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 10:54am
  
  Re:
  You have overlooked the other part of the protection, 10 fails and the actual encryption key is erased. Limited attempts before the card was invalidated, three or four if I remember right, protected cashpoint cards for many years. with the crooks installing cameras in the machines, to capture the pin, along with a stripe reader to allow them to clone the card..
  [ link to this | view in chronology ]
DannyB (profile), 19 Feb 2016 @ 11:01am

A note about Backdoors
See this article entitled: How Google’s Web Crawler Bypasses Paywalls

http://elaineou.com/2016/02/19/how-to-use-chrome-extensions-to-bypass-paywalls/

The article itself is about how to quickly get your chrome browser to use the same trick that Google's Web Crawler uses to access paywalled sites. You too can read those paywalled sites by making the paywalled sites think that you are the Google Web Crawler.

See the last sentence of the article:
Remember: Any time you introduce an access point for a trusted third party, you inevitably end up allowing access to anybody.
Do you suppose that would also apply to encryption backdoors?
[ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 11:14am
  
  Re: A note about Backdoors
  But this isn't an encryption backdoor.
  [ link to this | view in chronology ]
  - Mat (profile), 19 Feb 2016 @ 12:57pm
    
    Re: Re: A note about Backdoors
    It's a security backdoor meant to defeat an encryption technique. The difference is pretty much moot.
    [ link to this | view in chronology ]
Uriel-238 (profile), 19 Feb 2016 @ 11:38am

"You've helped us before"
If providing help to a government agency is going to encourage them to pressure the company when they have future needs for help, that's a good incentive to not be helpful in the first place.
[ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 11:43am
  
  Re: "You've helped us before"
  The talking from both sides of the mouth is a bit much. "It's only this one time!" while also saying "You helped us in the past, just do it again!" is ridiculous.
  [ link to this | view in chronology ]
Skriptkid, 19 Feb 2016 @ 11:43am

The ignorance in this comment thread is as pervasive as the ignorance this story is addressing.
[ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 11:51am

What Apple Could Do
Apple could propose to attempt the EXACT same process used successfully 70 times in the past. Knowing full well the end result of failure.
[ link to this | view in chronology ]
Anonymous Coward, 19 Feb 2016 @ 12:03pm

There is something more going on here:

What could possibly be on the phone that is worth a major corporation compromising the security of all of it’s products? This is not proportional, the means do not justify the outcome. Therefore, this is a planned , orchestrated attack by the DOJ to push for a backdoor. A backdoor that they have been asking for since Apple started encrypting their devices by default. Not a coincidence.

The DOJ has people that can build the firmware that they want, that's a no brainer. What the DOJ does not have is Apple's digital key that is necessary to sign the modified firmware before the device will accept the firmware. Once Apple gives up this key, all of the devices that use this key are compromised.

This is a no-win situation for Apple. Congressman, senators and multiple media outlets are pushing public opinion against Apple. If Apple concedes to the court of public opinion, no one can trust the security of their Apple products and no one will buy Apple products. If Apple stands fast and refuses to comply, they will be labeled pro-terrorism and anti american. And no one will buy Apple products. Sell your Apple stock now, the fork has come out clean, they are done.

The DOJ scare tactic of ‘Going Dark’ doesn't stand up to scrutiny in the face of the facts.
Ever since the Snowden revelations, the DOJ has been pushing against the public protecting the privacy that is guaranteed by the United States Constitution. WHY? I know, I know, the rallying cry is “terrorism” and “Protect the children”. but this does not add up - the end does not justify the means. There is something deeper that the government fears or wants or…something.

Is it power? After all, they say information is power. Can they control you if they know all your secrets?

I tend to agree with the common phrase “follow the money” as this is the real source of power.
Is it possible that the government is collecting and analyzing mass amounts of data in order to control the world's financial markets? To what end? Possibly to destabilize the economies of other nation-states? To continue to widen the gap between the 1% and the 99% in order to squeeze out the middle class? To create a ruling class of the rich and elite?

Is this part of an evil plot for total world domination?

Is this really a battle over the contents of one person's phone? I think not.
[ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 12:23pm
  
  Re:
  Or you Occam's razor it and figure it's them trying to make their jobs easy, but it just so happens to run counter to that pesky constitution. Throw power and authority in with lazy and this is what you get.
  [ link to this | view in chronology ]
- Anonymous Coward, 19 Feb 2016 @ 12:31pm
  
  Re:
  Simple fact: Apple used to create and use extraction software to provide law enforcement with data, now they are unwilling to do so.
  
  If they want to allow their users to thwart legal processes, they need to put protections in math, not law.
  [ link to this | view in chronology ]
  - JMT (profile), 19 Feb 2016 @ 1:16pm
    
    Re: Re:
    "Apple used to create and use extraction software to provide law enforcement with data, now they are unwilling to do so. "
    
    You're exactly the kind of ignorant shmuck this article was written to educate.
    [ link to this | view in chronology ]
obvious, 19 Feb 2016 @ 12:33pm

The Lesson
If the government wants access to an iPhone, they should try not to kill the person who has the passcode. They should arrest them and have them unlock the phone instead.
[ link to this | view in chronology ]