FBI Insists It's Not Trying To Set A Precedent, But Law Enforcement Is Drooling Over Exactly That Possibility

from the going-to-court-to-force-you-to-hack-your-customers dept

In Jim Comey's defensive blog post over the weekend, he insisted that the FBI was absolutely not doing this to set a precedent or to do anything other than get into a single phone:
The San Bernardino litigation isn't about trying to set a precedent or send any kind of message....

The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land.
Yeah, except that's clearly bullshit. They absolutely want the precedent, and if the FBI's PR strategy is to now insist this precedent won't be useful beyond this case, perhaps it should have coordinated those talking points with others in law enforcement. Because if you talk to them, they're happy to tell everyone just how badly they want this precedent so they, too, can demand Apple build hacking tools into iPhones. Jenna McLaughlin at The Intercept has put together examples of law enforcement people practically drooling over the possibilities that will be opened up should the FBI win.

In Suffolk County, Massachusetts, district attorney’s office spokesperson Jake Wark said prosecutors “can’t rule out” bringing their own case of a locked cellphone before a judge, too. “It may be a question of finding the right case,” he told the Wall Street Journal.

“It’s going to have significant ramifications on us locally,” Matt Rokus, deputy chief of Wisconsin’s Eau Claire Police Department, told the city’s Leader-Telegram newspaper on Monday.

In South Dakota, Minnehaha County State’s Attorney Aaron McGowan told the Sioux Falls Argus Leader that “the court’s ruling could have a significant impact on conducting sensitive criminal investigations.”

And then of course, there's Cyrus Vance, the Manhattan DA who also has been quite vocal in asking for backdoors into encryption, who has admitted that he basically wants the same power the FBI is now trying to exert. And, meanwhile, Senator Richard Burr used the Apple case as a keying off point to try to push for legislation he's been working on for a while that would effectively mandate such backdoors.

So it's fairly difficult to believe the FBI and Director Comey when not only does everyone know he's lying, but his friends and colleagues in law enforcement can't even be bothered to play along with the script.

Update: Oh, and even the DOJ is off-script as well. It's now being reported that the DOJ is currently seeking similar orders on 12 more iPhones. So, yeah, Comey's flat out lying.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cyrus vance, doj, encryption, fbi, going dark, james comey, law enforcement, police, precedent
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 23 Feb 2016 @ 5:36am

    "Dangit you lot, you're supposed to wait before celebrating!"

    I imagine Comey is more than a little annoyed at all the law enforcement people talking about how eager they are to start using the 'totally not designed to set a precedent, honest' case for their own gains before it's actually run it's course.

    Just a little difficult to get people to buy the 'There's no point in focusing on what the precedent from the case might do, that's not important right now' argument after all when you've got people chomping at the bit to use that very precedent, making it very much an important consideration.

    link to this | view in thread ]

  2. icon
    TheResidentSkeptic (profile), 23 Feb 2016 @ 5:52am

    We're going to need a chart here...

    ... to track the # of phones requested to be cracked vs the drop in Apple stock price/market share. Hyperbolic curve downward, methinks.

    link to this | view in thread ]

  3. icon
    HeartMan (profile), 23 Feb 2016 @ 6:30am

    The Floodgates Open

    One of today's WSJ headlines says that the DoJ is preparing another 12 orders for iPhones in totally separate cases. That didn't take long.

    link to this | view in thread ]

  4. icon
    Ninja (profile), 23 Feb 2016 @ 6:41am

    Re: The Floodgates Open

    They are having real trouble pretending they care about citizens rights lately...

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 23 Feb 2016 @ 6:43am

    Re: Re: The Floodgates Open

    Since they don't call us citizens in internal documents anymore, that really isn't surprising.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 23 Feb 2016 @ 6:43am

    Re: Re: The Floodgates Open

    Since they don't call us citizens in internal documents anymore, that really isn't surprising.

    link to this | view in thread ]

  7. icon
    Berenerd (profile), 23 Feb 2016 @ 6:47am

    Lets forget a moment who the FBI is and give them the benefit of the doubt and pretend that they also lived in a cave and were born just 5 minutes ago.
    Weather they plan for it to be a precedent or not, it will become one as the iron has barely warmed up, we see they are already chomping at the bit to do it with more cases.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:05am

    No Suprise

    This is the defacto state of the US since 9/11... fear and propaganda to strip liberty at every possible opportunity.

    No matter how much people bitch about it they keep voting for it. If people actually gave a shit about liberty more candidate like Rand Paul would still be in the race.

    Either way, this nation is heading out the door, we are nothing like we once where. Things have been so damn peaceful and nice we are not even able to see what true evil is and plan to give every last part of this nation to that evil for political and social expedience.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:05am

    Not bothering to play along

    [I]t's fairly difficult to believe the FBI and Director Comey when not only does everyone know he's lying, but his friends and colleagues in law enforcement can't even be bothered to play along with the script.
    Unfortunately, if it is hard to believe the FBI, it is also hard to believe Apple. Rather, I think that there's a significant probability that the FBI is colluding with Apple to sell a lie to the American people.

    Law enforcement, lately, has become famous for “parallel reconstruction”. Apple, though, is noted for the famous Apple “reality distortion field”.

    Do we want real security — or do we want marketing hype? If the smartphone pin does not have enough entropy to prevent a brute force attack on data at rest, then there's a non-ignorable threat to the privacy of that data at rest. Are all these people really going to try to sell me on the idea that the NSA can't crack that phone without Apple's help? I'm not buying it.

    It seems fairly likely to me that the government already knows what's on that phone. Now Apple and the FBI are just trying to come up with a cover story for how the government already knows what's on the phone. Or a cover story for how the government denies it knows what's on the phone, and must have acquired the intelligence some other way. Either way, a cover story that'll help preserve Apple's market position. Either way, a cover story that'll have people buying into the lie that Apple phones protect their privacy.

    Insecurity from a pin without enough entropy meets “parallel reconstruction” and “reality distortion field”. Most people can't do the math.

    But why should people who can do the math bother to play along?

    link to this | view in thread ]

  10. identicon
    kallethen, 23 Feb 2016 @ 7:20am

    Re: Not bothering to play along

    You're right that a PIN doesn't provide much entropy. But it's on the user to choose to use a PIN or password (or an even weaker swipe pattern or nowadays there's fingerprints).

    Apple has helped to mitigate this entropy with other security features such as delays between attempts and "self-destructing" data after too many attempts. Those features reintroduce entropy into the mix by stretching out how long it takes to crack that PIN or by forcing them to give up as it becomes unrecoverable.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:21am

    Re: Re: Not bothering to play along

    reintroduce entropy into the mix
    Bullshit.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:27am

    Re: Re: Not bothering to play along

    You're right that a PIN doesn't provide much entropy.
    And I shouldn't need to mention, but will —for the benefit of all the CS undergrads who don't quite get it— the phone's hardware can be simulated.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:28am

    What a slimeball

    If apple gives in on this, there will never be another apple product in my home.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:28am

    Foot in the door and all that

    It is like everything else, once they get their foot in the door, you will never get it closed again. It will open up the floodgates from local law enforcement, to state and federal agencies.

    link to this | view in thread ]

  15. identicon
    kallethen, 23 Feb 2016 @ 7:28am

    Re: Re: Re: Not bothering to play along

    The standard of "bits of entropy" means it takes longer for the encryption to be cracked.

    Delays between attempts makes it longer for the encryption to be cracked.

    Data self-destruction makes it longer or impossible for the data to be recovered.

    At least that's been my understanding. Where am I wrong in that? (And I ask that not out of spite, if I'm wrong, I do want to know how.)

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:36am

    Re: Re: Re: Re: Not bothering to play along

    Where am I wrong in that?
    You're not thinking outside the box. (Or, in this case, the cellphone enclosure.)

    Look, there's the data to to be decrypted. That encrypted blob can be captured and preserved.

    There's the weak pin. That can be brute forced.

    There's the algorithm to derive the key from the pin and a hardware secret. That's known. Or at least sufficiently knowable.

    All that's left is the hardware secret. You're telling me that you can't obtain the hardware secret from the hardware? Bullshit. If worst comes to worst, you can pull out every functional block except for the key derivation, and probe against that, not worrying about destroying the data which you preserve elsewhere.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:43am

    Re: Re: Re: Re: Not bothering to play along

    "bits of entropy"
    Entropy is a measure of unpredictability in the pinspace. There's also entropy in the hardware-id-space.

    When we're dealing with actual values selected from the pinspace and hwidspace, we should talk about “surprisal”.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 23 Feb 2016 @ 8:37am

    Re: Re: Re: Re: Re: Not bothering to play along

    They should hire you to do the decryption. There are 12 other devices they will need after this.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 23 Feb 2016 @ 8:42am

    Re: Re: Re: Re: Re: Re: Not bothering to play along

    They should hire you to do the decryption.
    No.

    They have better people than me. I'm acquainted with a few of them.

    link to this | view in thread ]

  20. icon
    streetlight (profile), 23 Feb 2016 @ 8:49am

    Is it possible for Apple to perfectly secure their phones?

    It seems the conventional wisdom has been that no one, not even Apple, could break into one of their phone's encrypted data. I guess that's not the case. It may be Apple can't guarantee such a level of security and this knowledge will one of the most important results of this episode. Perhaps the best way to prevent anyone getting at your data is to physically destroy the phone with an industrial strength shredder and/or a high temperature blow torch focused on its parts.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 23 Feb 2016 @ 8:59am

    Re: Is it possible for Apple to perfectly secure their phones?

    It may be Apple can't guarantee such a level of security
    Apple cannot guarantee that you can memorize a secret that can't be guessed.

    Most people may not be willing to memorize something like:
    3Ieftfy:Ti5R_fr:mY95oIo
    (Just generated with 126 bit strength.)

    Even if people are willing to memorize a meazly 21 characters (modified base64), they may not be willing to type it in on a smartphone keypad.

    So where does that leave us? Apple could make it possible for you to carry around a secret like that on a second piece of hardware. Perhaps a micro-USB dongle. But if that hardware falls into the wrong hands, it's still game over.

    link to this | view in thread ]

  22. identicon
    Anonymous Anonymous Coward, 23 Feb 2016 @ 9:02am

    Not Destroyed, Data Recovered

    I was surprised to learn from an article yesterday on www.emptywheel.net which referenced another article on Slate also by Marcy Wheeler that the personal phones may not in fact have been destroyed and that statements by Comey suggest they have all the data from them.

    Since they apparently attempted to destroy those phones and not the one owned by SBC, THEY thought those had all the stuff they wanted to hide on them, and not this one. The logical conclusion from that information is that yes, Comey wants a precedent and does not actually expect to learn anything from breaking into this phone. Being allowed to get into this phone then allows them to get into, well, any phone with like issues.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 23 Feb 2016 @ 9:17am

    Re: Is it possible for Apple to perfectly secure their phones?

    Apple have this problem, if they cannot update firmware, they are risking a massive recall if they find a bug. Unless they write and install suitable firmware, which I believe they have not yet done, they cannot break into devices.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 23 Feb 2016 @ 9:25am

    Re: Re: Is it possible for Apple to perfectly secure their phones?

    Get it firmly into your mind that Apple's code signing key is not necessary for NSA to simulate the device on different hardware.

    Neither is Apple's code signing key necessary for China, or Russia. Probably not needed for the UK, Germany nor France, as well. And who knows who else? I don't discount Arab contributions to mathematics, although that was mainly in the midieval period, when Europe was stagnant. Oh, yeah, don't forget India. There have been some very good Indian mathematicians, and their engineering is good enough to get to Mars these days.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 23 Feb 2016 @ 9:48am

    Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    Apple have buried one part of the actual encryption key inside a special device, and that cannot be extracted from that device. The passcode is protected by a mechanism that prevents brute force attacks, limited tries with increasing delays between tries. Apple could write new code to remove that protection, but that just allows the FBI to try and brute force the passcode. If the owner of the phone is has used a long passcode, they could still be out of luck.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 23 Feb 2016 @ 9:54am

    Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    … and that cannot be extracted from that device.
    Absolute bullshit.

    link to this | view in thread ]

  27. This comment has been flagged by the community. Click here to show it
    icon
    Whatever (profile), 23 Feb 2016 @ 9:58am

    "drooling"

    I am trying to figure out a way you could lay it on any thicker, but I think you have gotten full and total bullshit coverage on this one.

    link to this | view in thread ]

  28. icon
    Bergman (profile), 23 Feb 2016 @ 10:25am

    Re: The Floodgates Open

    What I'm curious about -- suppose China, Russia, Pakistan, whichever, were to demand Apple provide them the same backdoor that the USA is demanding. And possibly not even Apple, just a hardware provider in general.

    Suppose that hardware provider is also a defense contractor. The foreign country then uses the backdoor they are given to break into secure US military or government systems.

    Who is guilty of espionage if that happens? Certainly the foreign government is, but is the hardware manufacturer also guilty?

    And how much harm could unfettered access to top secret databases cause before the backdoor could be pulled again? This isn't just the wet dream of law enforcement here, this has national security consequences as well.

    link to this | view in thread ]

  29. icon
    Ninja (profile), 23 Feb 2016 @ 10:26am

    Re:

    Mirrors. You sorely need them.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 23 Feb 2016 @ 11:05am

    "Comey's flat out lying."

    Yeah, just the kind of people we *don't* need to be giving back-doors to.

    link to this | view in thread ]

  31. icon
    Uriel-238 (profile), 23 Feb 2016 @ 11:22am

    "They don't call us citizens in internal documents anymore"

    Bugsplats?

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 23 Feb 2016 @ 11:40am

    Can you imagine what sort of rights citizens would have if there was no 2nd amendment.

    I look at how law enforcement treats the rights of it's citizens with open contempt. care almost nothing about the laws they enforce but constantly break themselves.

    That's third world country stuff right there. If there was no chance at all law abiding citizens could be armed I think things would be worse than soviet style russia for the average american.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 23 Feb 2016 @ 11:52am

    Re: No Suprise

    early 1930's Germany parallels.

    link to this | view in thread ]

  34. icon
    Wothe (profile), 23 Feb 2016 @ 12:34pm

    Moot Point

    I would think the FBI would select a better target device for this charade. The perps are dead. The perps took great pains to destroy their personal tech devices.

    We all know "metadata" is there for the FBI's taking -- they already know who they communicated with --even on the destroyed devices.

    What could possibly be in existence *only* on that employer-owned device that could be useful?

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 23 Feb 2016 @ 3:41pm

    Once we are all incarcerated they can all retire. Thankfully there are the Russians, Chinese, and whom ever the current boogie man is, to keep them in check. As long as we don't run out of sons and daughters to sacrifice that is.

    link to this | view in thread ]

  36. icon
    nasch (profile), 23 Feb 2016 @ 4:45pm

    Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    Get it firmly into your mind that Apple's code signing key is not necessary for NSA to simulate the device on different hardware.

    Neither is Apple's code signing key necessary for China, or Russia. Probably not needed for the UK, Germany nor France, as well.


    References for any of that?

    link to this | view in thread ]

  37. icon
    nasch (profile), 23 Feb 2016 @ 4:46pm

    Re: Moot Point

    I would think the FBI would select a better target device for this charade. The perps are dead.

    Which means the 4th amendment doesn't come into play. This could be their best chance.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 23 Feb 2016 @ 4:49pm

    Re:

    Paul Duffy called. He wants to let you know he's saving a warm seat for you where he is.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 23 Feb 2016 @ 7:55pm

    Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    References …?
    Do you have a technical degree, or equivalent experience and learning?

    Sorry, but I can't take you through a CS or EE education in a few comments. I'm not even going to try. It takes a few years of hard work to learn the basics.

    If you don't have the fundamental background, then you're just stuck with taking things on faith here. In which case, you might as well just believe the marketdroids. The vast majority of people will anyhow. And I guess there's safety in numbers for y'all.

    Otoh, if you're comfortable with emulation and simulation and so on, then here's a comment from someone over at Ars. I don't know that guy, and maybe he does what he says he does, and maybe he doesn't. But read the comment.

    link to this | view in thread ]

  40. icon
    Uriel-238 (profile), 23 Feb 2016 @ 8:07pm

    Re: Re: Is it possible for Apple to perfectly secure their phones?

    Apple could make it possible for you to carry around a secret like that on a second piece of hardware. Perhaps a micro-USB dongle. But if that hardware falls into the wrong hands, it's still game over.

    What the iPhone does instead, is make the user key in her password on phone startup and then she can log in via thumbprint.

    That's when the fridge-logic hit me: you never want your extremity (or an eye) to be worth more than you are.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 23 Feb 2016 @ 8:16pm

    Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    she can log in via thumbprint.
    Not the iPhone at issue in this case. It's an older one. See Trail of Bits Blog:
    The recovered iPhone is a model 5C. The iPhone 5C lacks TouchID and, therefore, lacks a Secure Enclave.
    Crosscheck with the various court documents to verify model 5C. Also crosscheck with Apple docs to verify that 5C lacks TouchID.

    link to this | view in thread ]

  42. icon
    Uriel-238 (profile), 23 Feb 2016 @ 8:17pm

    TPMs

    I'm now very curious about Trusted Platform Modules, one of which is the black box with the AES key to which the FBI can't get on its own.

    I figured that on start up it checks its own flashmem and if blank creates a pseudo-random UID, and the idea is that no-one ever gets to see the UID. You just enter the user's PIN and it creates an AES key if all other conditions are nominal.

    So (and this is just a guess from an old-timer) the matter is tricking the TPM to think conditions are nominal after you drop it in an emulator...or to trick it into thinking you're just doing some diagnostics.

    That's the thing. Computers can't tell if you're an Apple tech, and FBI tech or a black hat, which is why I expect any given TPM design will only be secure for a limited amount of time before someone hacks it.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 23 Feb 2016 @ 8:20pm

    Re: TPMs

    link to this | view in thread ]

  44. icon
    nasch (profile), 23 Feb 2016 @ 8:28pm

    Re: Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    Do you have a technical degree, or equivalent experience and learning?

    Yes.

    Otoh, if you're comfortable with emulation and simulation and so on, then here's a comment from someone over at Ars.

    I don't do hardware so I didn't totally follow everything, but interesting. And reading the article and some of the other comments gives a clearer picture of what's going on (for me at least).

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 23 Feb 2016 @ 8:32pm

    Re: Re: Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    I don't do hardware
    But you're comfortable with emulating a machine's instruction set on another machine? (which perhaps has a completely different instruction set)?

    Then too, you understand that a simulation of one machine is not necessarily an exact emulation of that machine? So that if one machine has a check for signed code, a simulation might leave that check out?

    link to this | view in thread ]

  46. icon
    Uriel-238 (profile), 24 Feb 2016 @ 12:18am

    Re: Re: TPMs

    Well, that didn't take long.

    Thanks for the link.

    link to this | view in thread ]

  47. icon
    nasch (profile), 24 Feb 2016 @ 6:02am

    Re: Re: Re: Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    But you're comfortable with emulating a machine's instruction set on another machine? (which perhaps has a completely different instruction set)?

    The difficulty in this case is not making or using an emulator, it's in getting the secret out of the target device.

    link to this | view in thread ]

  48. icon
    John Fenderson (profile), 24 Feb 2016 @ 6:34am

    Re: Re: Re: TPMs

    Considering that TPM hardware started being place in computers in 2006, that means it took four years. A bit longer than usual...

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 24 Feb 2016 @ 8:14am

    Re: Re: Re: Re: Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    The target in this case is an “Apple make: iPhone 5C, Model: A1532.“

    iPhone 5c Teardown, showing A6 processor.

    Apple A6 Teardown

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 24 Feb 2016 @ 8:38am

    Re: Re: Re: Re: Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    The target in this case is an “Apple make: iPhone 5C, Model: A1532, P/N: MGFG2LL/A”.

    iOS Security Guide, p.7
    The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor.
    The target device has an A6, and thus, no “Secure Enclave”.

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 24 Feb 2016 @ 8:44am

    Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    Probably not needed for the UK, Germany nor France, as well. … Oh, yeah, don't forget India.
    Oh, and how did I neglect to mention Japan and South Korea? Sorry about that.

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 24 Feb 2016 @ 9:54am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    The target device has an A6, and thus, no “Secure Enclave”.
    Sadly, the A7 teardown doesn't call out the new “secure enclave” in the Chipworks-provided floorplan.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 24 Feb 2016 @ 10:03am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Is it possible for Apple to perfectly secure their phones?

    Sadly, the A7 teardown doesn't call out the new “secure enclave” in the Chipworks-provided floorplan.
    Neither does this comparison between the A7 and the A8.

    link to this | view in thread ]

  54. icon
    Uriel-238 (profile), 24 Feb 2016 @ 11:24am

    TPMs

    Soo...doable but expensive.

    Which is usually considered an acceptable level of security.

    Though this guy was inventing the process as he went, so it raises the question of how slow it will be with a functional process.

    Still, it gives us hope that we can have difficult-to-unlock data storage where even the manufacturers can't bust in.

    But I think an actual going dark would be a benefit to society.

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 24 Feb 2016 @ 11:47am

    Re: TPMs

    … an acceptable level of security.
    An acceptable or unacceptable level of risk always depends on your threat model.

    link to this | view in thread ]

  56. icon
    Uriel-238 (profile), 24 Feb 2016 @ 12:14pm

    Re: Re: TPMs

    True. Generally, for us ordinary shlubs, we want it to be difficult enough for the police or the Chinese hacker army to get our data that they won't bother for a meager fishing exhibitions. Maybe we want it tough enough to stop the district attorney on a bender.

    If you're not an ordinary shlub, say a VIP or a terrorist, then your data is worth more, and agencies / hackers might be more inclined to go the extra mile.

    The problem is when robust security becomes easy to crack, due to an exploit or a new technique... which is exactly what Apple is trying to prevent by refusing to cooperate with the FBI.

    If we can't live in a society in which justice prevails, I think we at least want consistency.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 24 Feb 2016 @ 12:17pm

    Re: Re: Re: TPMs

    … waht Apple is trying to prevent by refusing to cooperate with the FBI.
    But Apple is cooperating with the FBI in trying to sell us a very clumsy “misstatement of the current state of the art.”

    GIGO.

    link to this | view in thread ]

  58. icon
    Uriel-238 (profile), 24 Feb 2016 @ 1:01pm

    Misstating the state of the art

    Maybe, but I was referring to their refusal to write signed code to bypass their security features.

    Apple can cooperate with the FBI in one way, and refuse to cooperate in another way without it being inconsistent.

    I may agree with Hitler that every family should be able to afford an automobile, yet disagree with him that some people are unworthy of living and should be massacred.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 24 Feb 2016 @ 1:24pm

    Re: Misstating the state of the art

    Apple can cooperate with the FBI in one way, and refuse to cooperate in another way without it being inconsistent.
    In general, sure. But, given the specific situation at hand, no.

    If Apple really doesn't want to write and sign code for the government's hack in this case, then it would further that interest to point out that the government doesn't require Apple's assistance to obtain the decrypt.

    link to this | view in thread ]

  60. icon
    Uriel-238 (profile), 24 Feb 2016 @ 1:40pm

    [Apple could] point out that the government doesn't require Apple's assistance to obtain the decrypt.

    Doing so would reveal that the agency is being pretty dense.

    I am not privy to all of Apple's motivations nor how conscious the company is being. I do know it has neither moral obligation nor community-related cause to give FBI any help.

    Rather, Apple has plenty of reasons to avoid helping the FBI in any way (or US law enforcement in general), except when it is forced by law and gunpoint to do so.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 24 Feb 2016 @ 2:09pm

    Re: [Apple could] point out that the government doesn't require Apple's assistance to obtain the decrypt.

    I do know it has neither moral obligation nor community-related cause to give FBI any help.
    That's an awfully broad statement: “any”.

    Let me narrow it: Apple has no moral obligation to tell the American people that if they choose a pin from a pinspace with insufficient entropy, that Apple has the power to protect their secret anyway. Apple, as a corporate citizen, has no moral obligation to lie about the state of the art in reverse engineering, nor to lie to people about mathematics.

    If the pin is too short, and the hardware falls into the hands of a major nation-state adversary, it's game over.

    link to this | view in thread ]

  62. icon
    Uriel-238 (profile), 24 Feb 2016 @ 4:08pm

    ...if they choose a pin with insufficient entropy...

    Ah, but Apple has motivation to stay in good standing with its customer base, not that this has slowed them down (or other companies, for that matter) when they can't help but choose a jackassier course.


    I'm not sure if password hygiene is common enough smartphone protocol that Apple should need to advise those who are likely targets.

    My experience since 2013 has been that few people really care that much about being surveilled by the NSA (or by the FBI for that matter) and don't care enough to concern themselves with encrypting their phones unless they have vested interests in their secrets (such as with a business phone, or paranoids like myself who think state-subversive thoughts).

    It took a while to get people aware that they had things to hide. It took them a while to realize that they can, even if not doing anything criminal, can still wind up victims of Law Enforcement.

    So the folks in Apple have to guess at what is publicly apt as well as what is good for them as a company.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.