FBI Director: We're Only Forcing Apple To Undermine Security Because We Chase Down Every Lead
from the bull-and-shit dept
Over the weekend the narrative the FBI has been trying to spread around the legal effort to get Apple to build a system that lets the FBI hack Apple customers began to crumble, as it was revealed that the FBI's own actions were largely responsible for the fact that the information on Syed Farook's phone was no longer accessible. That gave more and more weight to the argument that the whole reason that the FBI did this was to set a precedent that judges can force companies to hack their own customers, should the FBI want them to do so. Again, it seems fairly obvious that the FBI chose this case in particular, because basically everyone agrees that Farook and his wife were bad people who murdered a bunch of Farook's co-workers. That obviously makes the FBI's case more sympathetic for setting a precedent. But with the shady actions that resulted in the data being locked up, that nice story was starting to slip away.Apparently the FBI decided to send in the big guns to try to rescue the narrative. FBI Director Jim Comey -- the guy who's been fear mongering the longest about strong encryption -- put up a blog post on the surveillance apologist blog Lawfare -- in which he insists that this case isn't about all the things it's really about:
The San Bernardino litigation isn't about trying to set a precedent or send any kind of message.No, he claims, it's really because the FBI wants to "look the survivors in the eye" and say they followed every lead:
It is about the victims and justice. Fourteen people were slaughtered and many more had their lives and bodies ruined. We owe them a thorough and professional investigation under law. That's what this is. The American people should expect nothing less from the FBI.Of course, if you know anything about the FBI and how it operates, this is guffaw inducing. There are tons of cases where the FBI doesn't follow every lead possible. In fact, it has a pretty long history of ignoring important leads. And, lately, the FBI's main focus seems to be on creating its own terrorist plots so it can have its agents play dress up and pretend they took down a terrorist ring. In many of those cases, the FBI failed to chase down tons of leads, and instead entrapped or framed otherwise innocent people. The idea that it suddenly is concerned with chasing down every lead is ludicrous.
The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can't look the survivors in the eye, or ourselves in the mirror, if we don't follow this lead.
Comey is playing politics here, not giving a legitimate reason. And, yes, while some of the families of victims in San Bernardino are supporting the FBI, some of them think the FBI is going too far.
The ex-wife of another deceased victim, meanwhile, said she is concerned that the court might be jeopardizing iPhone users’ privacy rights.How will Comey look Karen Fagan in the eye and tell her he jeopardized the privacy and safety of millions of Americans just to find out that there's nothing useful on the guy everyone already knows murdered her husband?
Karen Fagan, of Upland, is the ex-wife of Harry “Hal” Bowman and mother of their two daughters.
“This is a very different thing than asking for data that is Apple’s possession,” Fagan wrote in an email. “They have complied with all of those requests. This is asking them to build a new piece of technology that could be used to invade the privacy of any iPhone. Furthermore, the FBI is citing an act written in 1789 (instead of new legislative action) to justify their request.
“I know that it is a tempting argument to say that we should allow government access to private information in order to make people feel safe. After all, the argument goes, people who aren’t breaking the law have nothing to hide. While that may be true, American citizens have been granted privacy rights, and this request breaches those rights,” Fagan wrote.
Comey, meanwhile, reverts back to the same talking point he's been making for months, that he just wants a "public debate" on this:
Reflecting the context of this heart-breaking case, I hope folks will take a deep breath and stop saying the world is ending, but instead use that breath to talk to each other. Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety. That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living. It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before. We shouldn't drift to a place—or be pushed to a place by the loudest voices—because finding the right place, the right balance, will matter to every American for a very long time.And yet, we've had that discussion and the public spoke out by buying and using tools with strong encryption -- and by telling Congress they didn't want a law outlawing strong encryption. So, contrary to Comey's claims, it is the FBI that's trying to force the issue by going to court over this particular search warrant.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoor, encryption, fbi, going dark, hacking, james comey, precedent, san bernardino, syed farook
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
'Shame', clearly not in the FBI dictionary
The FBI doesn't give a damn about those that died, all they care about is using the emotional impact from that for their own ends, and that, not 'not following every lead' is what should be keeping them from meeting their own eyes in the mirror, though that would require them to be able to experience shame over their actions, which is clearly not the case for at least one member of the FBI.
Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety
Well, not all of us clearly, as the FBI's actions in attempting to cripple encryption are showing respect for neither privacy or safety. Someone, whether individual or group, who valued privacy and safety would not be doing everything in their power to undermine something that protects both simply to make their job easier.
[ link to this | view in chronology ]
Re: 'Shame', clearly not in the FBI dictionary
What is the point?
We know who committed the murders - and they are both dead.
That should be enough.
If you seriously want to go beyond that point then an honest appraisal of their motivations might be in order - but breaking everyone else's privacy in order to trace small-time associates seems irrelevant - unless part of your motivation is actually to suppress debate about the real cause.
[ link to this | view in chronology ]
Can I get another piece of paper?
1789, that is.
[ link to this | view in chronology ]
Re: Can I get another piece of paper?
[ link to this | view in chronology ]
Re: Re: Can I get another piece of paper?
I believe that there's a number of ex-OPM employees available for hire...
[ link to this | view in chronology ]
Re: Can I get another piece of paper?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Sophistry. What you want is to set the precedent that you can use a warrant to order a software company to remove protections against repeated tries to login to a system, and have them install it on targeted machines via a software update, and that leads to using a warrant to have it installed on machines being used by people you suspect of criminal activity. Next you will want to use a warrant to force software companies to make other changes to their operating systems for national security purposes, and you have available a secret court to do that for you, along with gaga orders to hide what you are doing.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
What about 9/11?
Oh right.
*drops mic*
[ link to this | view in chronology ]
Re: What about 9/11?
aka locking every stable door.
[ link to this | view in chronology ]
Re: Re: What about 9/11?
Opening every door in the world.
[ link to this | view in chronology ]
What about the elephant?
[ link to this | view in chronology ]
Re: What about the elephant?
And yes we have been for years sliding down 'slippery slopes' because preventing these atrocities requires spying on US citizens on US soil.
[ link to this | view in chronology ]
Re: Re: What about the elephant?
In this case, we see that these TLA's are still siloing themselves and incapable or working together.
[ link to this | view in chronology ]
Re: Re: What about the elephant?
[ link to this | view in chronology ]
Re: Re: What about the elephant?
That's not really true. The FBI has operated as a domestic intelligence service from day 1. It's part of their mandate. The NSA and CIA are not legally allowed to operate domestically -- that's the FBI's jurisdiction.
[ link to this | view in chronology ]
If hopes and feels were fish and eels, the ocean would have no room for water
Fixed that for Comey.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
It bears repeating
Worse yet, even if Apple isn't forced to install backdoors, who will really trust the situation anyway?
[ link to this | view in chronology ]
The irony is so thick you could use it to build pyramids in Egypt or a wall in China that would NEVER crumble!
[ link to this | view in chronology ]
That being said, terrifies me that Apple can do this at all. Note that I didn't say they were willing to do this, only that they can. This means that Apple isn't building a backdoor, so much as they already have one that they will use to accomplish this. If you can perform firmware/OS updates that remove security features with the device supposedly unlockable/uncrackable, that's a backdoor. It already exists and Apple just tipped their hand.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Strongest link is encryption
*Anything* else is a weaker link in the chain of security. So relying on features in an OS to protect you is weaker. Unless you and you alone have the key, you can't assume it is secure.
For Apple to be able to remotely install and update the OS means that any security features they implement can be circumvented, unless you can prevent that process using some form of encryption with your own key. Any other form of security will be weaker.
So, the strength of your Apply security is directly tied to the strength of Apple's backbone and the laws they/we confront.
[ link to this | view in chronology ]
Re: Strongest link is encryption
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
The mistake is thinking that this is about the phone, that they're doing all of this for a device that's likely to have nothing useful on it(those responsible for the murders destroyed one set of phones, if these ones had anything incriminating they would have been destroyed as well) just so they can be 'thorough'.
It's not.
This is all about the precedent, using the most sympathetic case they can find to set the precedent that companies can be forced to decrypt devices and data. They've been 'asking' for requiring companies to cripple encryption so that they can take a peek whenever they feel the desire to, and that got shot down. This is simply another try at the very same thing, except this time they're trying it via the courts, rather than the politicians.
So no, there's nothing 'admirable' with their request here, it's the same thing they've been trying to get, wrapped up and presented slightly differently.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Yes and no. The ability to remove the features is there for older versions of the OS assuming someone has the resources to exploit it, and that is a problem to be sure, but that doesn't change the fact that Apple is being 'asked' to remove the security features that they put in place so that the FBI will be able to brute-force the device.
Back-dooring a service/product doesn't necessarily require one to remove the security protecting it, it just requires one to introduce a feature allowing you to get around the security, and that is very much what is being demanded of Apple here.
And now that we know about this ability, you can bet the legality is just an afterthought.
Not to the FBI/DOJ, the 'legality' is the entire point of their actions. There's a significant difference between finding flaws and weaknesses in encryption and getting in that way versus being able to order a company to break the encryption themselves and allow access that way, and the FBI is pushing for the second here.
[ link to this | view in chronology ]
Re: Re: Re:
If Apple is forced to create this new security crippled firmware version that makes it way easier for the FBI to brute-force the phone (like in hours instead of years), then that is a backdoor in that version of the firmward at that point.
One of the realizations that I came to this week is the FBI doesn't want Apple to get the content for them, they want them to change the firmware and then hand over the phone. At that point, the FBI has control of a copy of the firmware that they figure they can probably just copy off the changes and then figure out a new vector to place it on any other phone they want to do this to. That part kinda scares me.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
4 character pin will be cracked in minutes.
6 character pin takes less than a day.
It's unlikely he had more than that.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
If they can wire it up and shoot codes at it a lot quicker, then yes, it's a short thing to do. A fatal flaw that Apple allows for such short pincodes.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
Limited tries, with increasing delays between tries is a reasonable locking mechanism, and which allows people to use a passcode that they can remember, and what the FBI wants is apple to install a weaker locking mechanism. It like telling a locksmith that he must replace the unpickable lock on a door with a pickable lock, so that the FBI can then open the door.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
The last iPad 2 I had and was hired to break into with iOS7 took a day to set up to be able to enter the passcode.
With manual tools and an open source toolchain.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
It leaves the door firmly shut, by allowing the government to try every possible combination, until the door opens.
The phone would still have to be brute forced, and it will still take weeks or even months to do it.
And if by "brute force" you mean "trying every combination from 0000-9999," I'd argue that isn't brute force - that's counting.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
That is part of the problem.
it's a backdoor, because it still leaves the door firmly shut.
And every door is shut until it becomes open. Once open, you now have a hole in your wall. And, if the door is able to be closed and re-locked its like magic - the wall of the home becomes secure once more.
But hey, who needs a door if you are willing to put a hole in a wall and not care about if anyone notices or cares about the entry.
A backdoor would just open it all up
Really? Is that how a home works?
[ link to this | view in chronology ]
Re: Re: Re:
It's a great way to get people to accept a tiny change in what we accept as reality. It's not breaking the encryption, it's not directly affecting your phone, so it shouldn't be a problem.
But what about the next phone? This security flaw might be fixed, but that's not going to stop the court from ordering Apple to find another security flaw, and another, and another. Each one pushing just a little harder, stretching what we'll accept just a little more until there are no more security flaws.
When that happens it's not a large step at all to order Apple to start including these flaws. It's still not breaking encryption, still not directly affecting your phone. The software must be signed using Apple's secure key, so your phone's still safe.
And thus what we're willing to accept is stretched even further.
What about the next step after that. All these security flaws still don't address the primary issue, the encryption. Keep a good password on your encryption and you won't ever have a problem with these minor changes. So how long until the FBI or whomever come across a phone that is properly encrypted but could have been used to prevent another 9/11?
Our acceptance has already been stretched to accept security flaws in our phones, why not weaken encryption so the government can brute force the phone in a few days instead of centuries? Still not directly affecting your phone. Any normal person won't have access to the information required to use the weakness. Even if they did, they don't have access to the hardware the government has and wouldn't be able to crack the encryption in any reasonable amount of time.
But days delay can kill.
I could keep hammering this home, but to make a long story short: while the boiling frog story might be inaccurate, the meaning behind it is vary real.
And it doesn't take an intentional plan to kill of privacy. If what we're willing to accept can change, so can what the government is willing to accept.
[ link to this | view in chronology ]
Re:
FBI is working within the law. If you object, object to the structures that authorized them to have this power.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
That may be the case, but it's ultimately the judges decision not the FBI.
[ link to this | view in chronology ]
Conversation
But it's a trap for the other side. As soon as they say anything that doesn't have the same facade of conciliation, then you can criticize them for being "extreme".
Further, you can always rehash old ground or backtrack in your argument by saying you just want to "continue" the "conversation".
All it really is, is a stalling and deflection tactic, allowing you to wait for another chance. When you hear someone use it, there's something slimy going on.
[ link to this | view in chronology ]
Re: Conversation
[ link to this | view in chronology ]
Re: Re: Conversation
Too bad the Sheep doesn't speak Wolf so the sheep could equally participate.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Control and convenience
It is convenient for Apple/Microsoft/Android-device-makers to be able to automatically update software remotely, but the price is that those companies get to their fingers on your device at any/all times.
If you want security independent of some company like these, the ecosystem must be restructured. It's not a matter of Apple (or whoever) giving you better security; it's a matter of taking security out of Apple's hands.
[ link to this | view in chronology ]
Would Comey be willing to say that to Congress under oath? Probably, Clapper didn't get arrested.
[ link to this | view in chronology ]
The FBI isn't forcing anyone, it's the court.
[ link to this | view in chronology ]
Re: The FBI isn't forcing anyone, it's the court.
[ link to this | view in chronology ]
Re: The FBI isn't forcing anyone, it's the court.
You may think that is just dandy, but I see these behaviors as worse than merely criminal. They are destructive of the nation as a whole.
[ link to this | view in chronology ]
They will only ask once
Then they will be the shining example of restraint and we will never see another request, that's what National Security Letters are for.....
[ link to this | view in chronology ]
Loudest voices
I assume the judge was asked to speak quietly when compelling Apple to do this...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Another question, will it continue to work if it cannot phone home?
[ link to this | view in chronology ]
1 - Apple has pretty much admitted that there is no back door, but that a failure in the way they made the phones means THEY can update the phone with new firmware that would disable a limited number of security features, making brute force attempts easier
2 - Apple and Apple alone are the only ones who can update firmware.
3 - No back door would be created. At the most, it would expose their weak pincode / passcode requirements that make a brute force easily to do.
I think that the FBI here is being very careful and very restrained and is asking for pretty much as little as possible to help their investigation. They aren't asking for a back door, they will still have to hack the phone to get in. They are asking for arbitrary limits on speed and number of attempts to be disabled. Only Apple can do that, nobody else can - and even if Apple gave other people the code, they wouldn't be able to do anything with it unless they also hacked the Apple updating system.
Oh, and 4 - apparently putting your data on ICloud makes it much easier for Apple to give to authorities.
There is a lot of talking on both sides... why not a cynical and slightly angry review of Apple's double speak and careful attempt to spin this into some major back door that will instantly jack open every iphone on the planet?
[ link to this | view in chronology ]
Re:
At the most, it would expose their weak pincode / passcode requirements that make a brute force easily to do.
The definition of a backdoor, per Wikipedia is:
A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc.
It certainly SEEMS to fit the definition of a backdoor, no?
Perhaps in all your analysis, you can reconcile for us the difference between what your saying is NOT a backdoor and the definition of a backdoor.
[ link to this | view in chronology ]
Re: Re:
Nope. The blockages are obstructions to getting to the locked door, not the door itself. A backdoor would be "push here, and poof, the phone is unlocked". After everything they are asking Apple to do, the phone will still be locked.
[ link to this | view in chronology ]
Re: Re: Re:
I see.
So the locked door is on the phone.
And you're arguing that they don't have access to the locked door.
But they have the phone.
The whole phone.
Door and all.
Actually, I don't see.
Not at all.
Because frankly, that argument is pathetic.
Just. Plain. Shit.
[ link to this | view in chronology ]
Re: Re: Re:
Objection. Lack of foundation - Whatever is not a credible source.
Objection. Assumes facts not in evidence.
Objection. Using definition of terms not agreed to.
Come on back when you can cite what dictionary you are using to come up with your "colourful" position.
[ link to this | view in chronology ]
Re:
And by "hack" you mean inputting 0000-9999?
Yeah, that's not really hacking.
Personally, I call it "counting."
[ link to this | view in chronology ]
Re:
The words of the FBI's request sound like they are limited: "We don't want you to crack the encryption, just grease the wheels a bit on helping us guess the password on just this one phone." The problem is that the process of granting this request simply can't be limited to a single device. If they can do it to one phone, they can do it to many millions of phones.
If they give in then there's absolutely nothing to prevent any magistrate in any jurisdiction (and in any country where Apple does business) from making this same request. It's not hard to imagine Apple being inundated with requests to help get into "just this one phone." Do you honestly feel comfortable with this scenario?
[ link to this | view in chronology ]
Re:
Based on what facts?
[ link to this | view in chronology ]
Urging the public to recall the "innocent Americans" who were victimized, he said it was not up to corporations, nor the FBI, to reconcile those two priorities. “It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before,” Comey said.
To complete his thought, it's time that we amend the First Amendment to give the Federal Government the power to compel speech. Not in the sense that a witness has to recount what he or she has seen in a court of law. They need to be able to force citizens to say the right thing--what the Federal agents know needs to be said for the good of the country and to fight terrorism. There will need to be oversight on the precise script that the citizen must read from. Supervising agent of an FBI field office should be sufficient.
Separation of powers is also important. We will also need to make sure that the Judiciary also approves what punishments are appropriate to execute on failure to comply. Speech is more often than not time-sensitive, and justice delayed is justice denied. We must think of the victims, and their need for closure.
Still, though, it's nice to see that Comey recognizes that we need new law to address this situation.
[ link to this | view in chronology ]
Re:
The DOJ already compels the speech of real people, by piling on charges until someone accepts a plea bargain. They are now trying to use public opinion to force a companies speech.
[ link to this | view in chronology ]
Comey agrees that the court order is unlawful, and that Congress needs to act.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
HLMFTFY
"FBI Director: We're Only Forcing Apple To Undermine Security Because We're Too Stupid To Chase Down Any Leads Except For Those We Create Ourselves. Of the leads we ourselves created in our criminal conspiracies where we trick individuals into following our evil schemes and then pounce on them as if they were the masterminds, we've attained a high 30% chase down rating."
[ link to this | view in chronology ]
FBI Director J. Edgar Comey is a Pliably Supine Lickspittle of the National Security State
Dear FBI Director J. Edgar Comey what happened to chasing down every lead in regard to the US governments involvement in kidnapping, torture and indefinite detention without charge?
Dear FBI Director J. Edgar Comey what happened to chasing down every lead in regard to the trillions of US dollars stolen in a control fraud scheme perpetrated by US financial institutions that was aided and abetted by US government sponsored entities such as the Federal Home Loan Mortgage Corporation and the Federal National Mortgage Association?
Dear FBI Director J. Edgar Comey what about chasing every lead down in regard to the US governments blatant lies that led to the wholly elective non-declared war against Iraq?
Dear FBI Director J. Edgar Comey there is ample evidence available in the public domain to bring charges in seeking accountability the only thing lacking is the will on part of US law enforcement "officials".
For turning an institutional blind eye to the crimes listed above FBI Director J. Edgar Comey has exposed himself as another in a long line of political appointees who have completely forsworn their oaths of office in order to increase the power of their bureaucracy at the expense of the US Constitution.
When the national security state says jump FBI Director J. Edgar Comey unquestioningly responds, "how high"?
[ link to this | view in chronology ]
[ link to this | view in chronology ]