We Read Apple's 65 Page Filing Calling Bullshit On The Justice Department, So You Don't Have To
from the and-off-we-go dept
Apple didn't need to reply until tomorrow, but has now released its Motion to Vacate the magistrate judge's order from last week, compelling Apple to create a new operating system that undermines a couple of key security features, so that the FBI could then brute force the passcode on Syed Farook's work iPhone. It's clearly a bit of a rush job as there are a few typos (and things like incorrect page numbers in the table of contents). However, it's not too surprising to see the crux of Apple's argument. In summary it's:- The 1789 All Writs Act doesn't apply at all to this situation for a whole long list of reasons that most of this filing will explain.
- Even if it does, the order is an unconstitutional violation of the First Amendment (freedom of expression) and the Fifth Amendment (due process).
This is not a case about one isolated iPhone. Rather, this case is about the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe. The government demands that Apple create a back door to defeat the encryption on the iPhone, making its users’ most confidential and personal information vulnerable to hackers, identity thieves, hostile foreign agents, and unwarranted government surveillance. The All Writs Act, first enacted in 1789 and on which the government bases its entire case, “does not give the district court a roving commission” to conscript and commandeer Apple in this manner. Plum Creek Lumber Co. v. Hutton, 608 F.2d 1283, 1289 (9th Cir. 1979). In fact, no court has ever authorized what the government now seeks, no law supports such unlimited and sweeping use of the judicial process, and the Constitution forbids it.The motion also notes the importance of strong encryption in keeping people safe and secure:
Since the dawn of the computer age, there have been malicious people dedicated to breaching security and stealing stored personal information. Indeed, the government itself falls victim to hackers, cyber-criminals, and foreign agents on a regular basis, most famously when foreign hackers breached Office of Personnel Management databases and gained access to personnel records, affecting over 22 million current and former federal workers and family members. In the face of this daily siege, Apple is dedicated to enhancing the security of its devices, so that when customers use an iPhone, they can feel confident that their most private personal information—financial records and credit card information, health information, location data, calendars, personal and political beliefs, family photographs, information about their children—will be safe and secure. To this end, Apple uses encryption to protect its customers from cyber-attack and works hard to improve security with every software release because the threats are becoming more frequent and sophisticated. Beginning with iOS 8, Apple added additional security features that incorporate the passcode into the encryption system. It is these protections that the government now seeks to roll back by judicial decree.And the filing makes it clear that the government is lying in claiming that this is all just about this phone:
The government says: “Just this once” and “Just this phone.” But the government knows those statements are not true; indeed the government has filed multiple other applications for similar orders, some of which are pending in other courts.2 And as news of this Court’s order broke last week, state and local officials publicly declared their intent to use the proposed operating system to open hundreds of other seized devices—in cases having nothing to do with terrorism. If this order is permitted to stand, it will only be a matter of days before some other prosecutor, in some other important case, before some other judge, seeks a similar order using this case as precedent. Once the floodgates open, they cannot be closed, and the device security that Apple has worked so tirelessly to achieve will be unwound without so much as a congressional vote. As Tim Cook, Apple’s CEO, recently noted: “Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks—from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”There's a footnote in the middle of that which points to Manhattan DA Cyrus Vance already talking about why he supports the FBI, and how he has 155 to 160 phones that he wants to force Apple to help unlock.
Apple also details how accepting the government's interpretation of the All Writs Act here could easily extend in absolutely crazy ways:
Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future. For example, if Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing.Apple also doesn't pull any punches on how the FBI itself messed things up:
Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network... which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.21 Had the FBI consulted Apple first, this litigation may not have been necessary.Apple's filing also does a good job debunking the DOJ's ridiculous "this is no burden, because it's just software and Apple writes software" argument:
The compromised operating system that the government demands would require significant resources and effort to develop. Although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time for a minimum of two weeks, and likely as many as four weeks.... Members of the team would include engineers from Apple’s core operating system group, a quality assurance engineer, a project manager, and either a document writer or a tool writer.... No operating system currently exists that can accomplish what the government wants, and any effort to create one will require that Apple write new code, not just disable existing code functionality.... Rather, Apple will need to design and implement untested functionality in order to allow the capability to enter passcodes into the device electronically in the manner that the government describes.... In addition, Apple would need to either develop and prepare detailed documentation for the above protocol to enable the FBI to build a brute-force tool that is able to interface with the device to input passcode attempts, or design, develop and prepare documentation for such a tool itself.... Further, if the tool is utilized remotely (rather than at a secure Apple facility), Apple will also have to develop procedures to encrypt, validate, and input into the device communications from the FBI.... This entire development process would need to be logged and recorded in case Apple’s methodology is ever questioned, for example in court by a defense lawyer for anyone charged in relation to the crime....From there we dig into the meat of the filing: that the All Writs Act doesn't apply.
Once created, the operating system would need to go through Apple’s quality assurance and security testing process.... Apple’s software ecosystem is incredibly complicated, and changing one feature of an operating system often has ancillary or unanticipated consequences.... Thus, quality assurance and security testing would require that the new operating system be tested on multiple devices and validated before being deployed.... Apple would have to undertake additional testing efforts to confirm and validate that running this newly developed operating system to bypass the device’s security features will not inadvertently destroy or alter any user data.... To the extent problems are identified (which is almost always the case), solutions would need to be developed and re-coded, and testing would begin anew.... As with the development process, the entire quality assurance and security testing process would need to be logged, recorded, and preserved.... Once the new custom operating system is created and validated, it would need to be deployed on to the subject device, which would need to be done at an Apple facility.... And if the new operating system has to be destroyed and recreated each time a new order is issued, the burden will multiply.
The All Writs Act (or the “Act”) does not provide the judiciary with the boundless and unbridled power the government asks this Court to exercise. The Act is intended to enable the federal courts to fill in gaps in the law so they can exercise the authority they already possess by virtue of the express powers granted to them by the Constitution and Congress; it does not grant the courts free-wheeling authority to change the substantive law, resolve policy disputes, or exercise new powers that Congress has not afforded them. Accordingly, the Ninth Circuit has squarely rejected the notion that “the district court has such wide-ranging inherent powers that it can impose a duty on a private party when Congress has failed to impose one. To so rule would be to usurp the legislative function and to improperly extend the limited federal court jurisdiction.”In short, Apple is leaning heavily on the idea that CALEA pre-empts the All Writs Act here, and that CALEA explicitly says that companies can't be forced into helping to decrypt encrypted content. Beyond that, Apple is claiming that it's "too far removed" from the case for the All Writs Act to apply and mocks the idea (put forth by the DOJ) that because Apple licenses its software instead of selling it, that makes it okay:
Congress has never authorized judges to compel innocent third parties to provide decryption services to the FBI. Indeed, Congress has expressly withheld that authority in other contexts, and this issue is currently the subject of a raging national policy debate among members of Congress, the President, the FBI Director, and state and local prosecutors. Moreover, federal courts themselves have never recognized an inherent authority to order non-parties to become de facto government agents in ongoing criminal investigations. Because the Order is not grounded in any duly enacted rule or statute, and goes well beyond the very limited powers afforded by Article III of the Constitution and the All Writs Act, it must be vacated.
Apple is no more connected to this phone than General Motors is to a company car used by a fraudster on his daily commute. Moreover, that Apple’s software is “licensed, not sold,”..., is “a total red herring,” as Judge Orenstein already concluded.... A licensing agreement no more connects Apple to the underlying events than a sale. The license does not permit Apple to invade or control the private data of its customers. It merely limits customers’ use and redistribution of Apple’s software. Indeed, the government’s position has no limits and, if accepted, would eviscerate the “remoteness” factor entirely, as any company that offers products or services to consumers could be conscripted to assist with an investigation, no matter how attenuated their connection to the criminal activity. This is not, and never has been, the law.From there, Apple attacks the argument that there is no undue burden on Apple if it's forced to build this system, which Apple calls GovtOS. It starts out by noting that the idea that Apple can just create the software for this one phone and delete it appears nonsensical when put in context:
Moreover, the government’s flawed suggestion to delete the program and erase every trace of the activity would not lessen the burden, it would actually increase it since there are hundreds of demands to create and utilize the software waiting in the wings..... If Apple creates new software to open a back door, other federal and state prosecutors—and other governments and agencies—will repeatedly seek orders compelling Apple to use the software to open the back door for tens of thousands of iPhones. Indeed, Manhattan District Attorney Cyrus Vance, Jr., has made clear that the federal and state governments want access to every phone in a criminal investigation.... [Charlie Rose, Television Interview of Cyrus Vance (Feb. 18, 2016)] (Vance stating “absolutely” that he “want[s] access to all those phones that [he thinks] are crucial in a criminal proceeding”). This enormously intrusive burden—building everything up and tearing it down for each demand by law enforcement—lacks any support in the cases relied on by the government, nor do such cases exist.That last point is key. Criminals will still use other forms of encryption, while forcing Apple to do this harms everyone else by putting them more at risk.
The alternative—keeping and maintaining the compromised operating system and everything related to it—imposes a different but no less significant burden, i.e., forcing Apple to take on the task of unfailingly securing against disclosure or misappropriation the development and testing environments, equipment, codebase, documentation, and any other materials relating to the compromised operating system.... Given the millions of iPhones in use and the value of the data on them, criminals, terrorists, and hackers will no doubt view the code as a major prize and can be expected to go to considerable lengths to steal it, risking the security, safety, and privacy of customers whose lives are chronicled on their phones. Indeed, as the Supreme Court has recognized, “[t]he term ‘cell phone’ is itself misleading shorthand; . . . these devices are in fact minicomputers” that “could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers.”...By forcing Apple to write code to compromise its encryption defenses, the Order would impose substantial burdens not just on Apple, but on the public at large. And in the meantime, nimble and technologically savvy criminals will continue to use other encryption technologies, while the law-abiding public endures these threats to their security and personal liberties—an especially perverse form of unilateral disarmament in the war on terror and crime.
Here Apple goes even deeper in questioning what are the limits to the All Writs Act:
For example, under the same legal theories advocated by the government here, the government could argue that it should be permitted to force citizens to do all manner of things “necessary” to assist it in enforcing the laws, like compelling a pharmaceutical company against its will to produce drugs needed to carry out a lethal injection in furtherance of a lawfully issued death warrant, or requiring a journalist to plant a false story in order to help lure out a fugitive, or forcing a software company to insert malicious code in its autoupdate process that makes it easier for the government to conduct court-ordered surveillance.Next, Apple calls bullshit on the DOJ's claim that it absolutely needs Apple's help here. First, the FBI messed things up with the whole resetting iCloud password thing, and then what about the NSA? Why can't the NSA just hack in? That's what the following is saying in a more legalistic way:
... the government has failed to demonstrate that the requested order was absolutely necessary to effectuate the search warrant, including that it exhausted all other avenues for recovering information. Indeed, the FBI foreclosed one such avenue when, without consulting Apple or reviewing its public guidance regarding iOS, the government changed the iCloud password associated with an attacker’s account, thereby preventing the phone from initiating an automatic iCloud back-up.... Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks. See... (Judge Orenstein asking the government “to make a representation for purposes of the All Writs Act” as to whether the “entire Government,” including the “intelligence community,” did or did not have the capability to decrypt an iPhone, and the government responding that “federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime”).From there, we move onto the Constitutional arguments, which the court might not even address if it decides the All Writs Act doesn't apply. But, here, Apple starts with the First Amendment concerns of "compelled" speech.
Under well-settled law, computer code is treated as speech within the meaning of the First Amendment.... The Supreme Court has made clear that where, as here, the government seeks to compel speech, such action triggers First Amendment protections..... Compelled speech is a content-based restriction subject to exacting scrutiny... and so may only be upheld if it is narrowly tailored to obtain a compelling state interest....This argument feels a bit weakly supported. Then there's the Fifth Amendment argument, concerning due process:
The government cannot meet this standard here. Apple does not question the government’s legitimate and worthy interest in investigating and prosecuting terrorists, but here the government has produced nothing more than speculation that this iPhone might contain potentially relevant information... It is well known that terrorists and other criminals use highly sophisticated encryption techniques and readily available software applications, making it likely that any information on the phone lies behind several other layers of non-Apple encryption....
In addition to violating the First Amendment, the government’s requested order, by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government’s bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party’s core principles, violates Apple’s substantive due process right to be free from “‘arbitrary deprivation of [its] liberty by government.’”Again, this feels a bit weakly developed, but not surprisingly so. Apple is betting heavily that its main argument, concerning the All Writs Act not applying, will win the day (which seems to have a strong likelihood of being true). The Constitutional arguments are just being thrown in there so that they're in the case at this stage, and can then be raised on appeal, should it get to that level.
I imagine the DOJ will respond to this before long as well, so stay tuned (we certainly will).
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: all writs act, backdoors, compelled speech, doj, due process, encryption, fbi, fifth amendment, first amendment, iphone, san bernardino, syed farook
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
...also IOS running entirely in RAM
The government has also asked that "GovtOS" run entirel in RAM, something that IOS doesn't currently do, and is too big to do.
While that's not detailed in the filing, it's covered in the Neuenschwander Declaration, page 52, item 19, lines 12-15.
That makes this whole thing an order of magnitude more complex from the "just go write software" perspective. It may not even be possible that an IOS so small could do what the government would want it to do afterward -- access the filesystem and export its contents.
E
[ link to this | view in thread ]
[ link to this | view in thread ]
This whole FBI-Apple issue leaves me confused as to what I'm supposed to be scared of.
[ link to this | view in thread ]
Re: ...also IOS running entirely in RAM
[ link to this | view in thread ]
[ link to this | view in thread ]
the CALEA arguments may not work, as Apple won't be decrypting anything. In fact, the court's order is very narrow in scope and the decryption would be done by the government. If that is their strongest point, then Apple may find themselves failing.
Arguments about the All Writs Act may also fall short, if only because it's a very old law that has faced many challenges over it's more than 200 years on the books. Apple's argument seems to be "but not in the digital domain", which may not be compelling enough for the courts.
Also, Aople's own claims that this would make millions of phones insecure are rather overblown. As Apple themselves control the update process, the only way this code gets on a phone is if Apple specifically applies it. Any other attempts to update a phone would lead to a brick (just ask any number of hackers out there about it). The only way this ends up on millions of phones is if Apple chooses to do so.
That said, it should be pointed out that getting Apple to do the work rather than hiring outside hackers to completely root Apple's OS and firmware seems prudent. It's way more likely that a general purpose can opener approach to the IPhone would lead to code in the wild that would harm millions (third party hackers, plus government workers means someone will let it loose). Apple has a chance here to both control the application and work on a longer term solution that eliminates the security hole (and that is exactly what it is) without having to worry about others creating malicious code and distributing it.
I agree with you that their first and fifth amendment arguments are weak, but they are there mostly to include for future appeals if need be. I think Apple knows they are going to lose a few times along the way until this one lands in the surpreme court, and are just trying to set up as many blinds to fight from. It's a very good idea, because their primary arguments while long on words seem to be light on specific harm and long on arm waving generalizations.
[ link to this | view in thread ]
We Don't Have A Law Degree And Have Never Studied These Things, But We Repeat Them As If They're Unquestionably True Because We're Techdirt And That's How We Roll
FTFY, Mike.
Can't wait to see your economic analysis of how taking Apple's side here is net beneficial for society. Oh wait, when it comes to privacy, you don't care about economics. I almost forgot. Proof is irrelevant when it's privacy, right? That only matters when it's IP. Then you're super-inquisitive and demand economic analysis that sounds good. It doesn't have to actually be good, of course, since you're not an econometrician and wouldn't know the difference. But it's gotta sound good, 'cause that's what really matters. Unless it's privacy, naturally, since that's sacred.
[ link to this | view in thread ]
Re:
Yup. Said that in the post, but yes, we agree.
[ link to this | view in thread ]
Re:
Is there anyone in government who speaks the truth. Maybe, but they are really hard to find.
[ link to this | view in thread ]
Re:
The government will pay them for their efforts in doing this work. Standard procedure. But that's reasonable, and Mike doesn't report reasonable. You have to read other sources if you want the full truth. You will NEVER find that here.
[ link to this | view in thread ]
Re:
Economics, an analysis of systems of production and the various efficiencies achieved by different systems. Nothing to do with privacy, unless you want to highlight the weaknesses in certain systems where privacy was trampled.
[ link to this | view in thread ]
Code Is Speech
[ link to this | view in thread ]
It occurs to me...
I'm assuming that Apple can't just extract the password from from ROM.
[ link to this | view in thread ]
Re:
The order does require reasonable compensation for the work. Doing it for free would clearly be deemed an unreasonable burden.
[ link to this | view in thread ]
Re: Code Is Speech
I would love to hear their fair use arguments.
[ link to this | view in thread ]
Re:
However, the source code to GovOS will leak. And that changes the ballgame quite a bit here.
The reason why it will leak is simple: too many people with too much interest in leaking it will get their hands on it. The source code to GovOS will need to be available to prosecutors, defense counsel, and other people, as outlined in Jonathan Zdziarski's blog post. That's not counting the FBI itself, who cannot defend themselves against 16-year-old British hackers. If I were an organized crime boss, and GovOS becomes a reality, I'm intentionally engineering a crime where GovOS would become relevant, just so my attorneys can get their hands on GovOS (for review purposes) and can spirit away a copy. Or, I'd just put the word out about the serious sum of money that'll be available to somebody who supplies the GovOS source code.
Now, having GovOS does not provide direct benefit. As you note, it will not be signed with Apple's signing key. However, source code to a valid iOS boot process is huge as a source of intel for those looking to bypass iOS protections in other ways.
There is also the distinct possibility that GovOS winds up being more general-purpose. The FBI argument that it only needs to work on this one device doesn't hold a lot of water, as then it will be useless as a forensic tool (as noted by Apple in their response). Forensic tools need to be tested and vetted, and that testing and vetting can't be done on the iPhone in question (see Z's post), just as a breathalyzer can't be tested and vetted using just that one drunk guy in the corner. And if you change GovOS from what was tested and vetted (e.g., to lock it down to this one device), that might invalidate the testing and vetting. If GovOS, to qualify as a forensic tool, has to be able to be applied to a wider range of devices (say, any iPhone 5C), now it has intrinsic value in binary form to miscreants, let alone the value in the source code.
[ link to this | view in thread ]
Re: It occurs to me...
The uid and gid are not the whole story, though. For more, see A (not so) quick primer on iOS encryption, Oct 2014. “key0x89b” is derived from the passcode entangled with the device uid.
[ link to this | view in thread ]
Which seems like a lot more than Whatever ever seems to do since he hardly ever seems to even read the article.
[ link to this | view in thread ]
Re: [troll]
That's what you say but you never point out where.
> the CALEA arguments may not work,
That's what you say, but you only say:
> as Apple won't be decrypting anything.
CALEA has a lot more than decryption in it, LOL.
> In fact, the court's order is very narrow in scope
That's what you say, but in fact the court is requiring Apple to write a minimalist RAM-only IOS that has restrictions against Apple's will. If you weren't a troll I'd say you missed that point, but it's obvious you never wanted to see it.
>Arguments about the All Writs Act may also fall short, i
Again you make something up that says "may... fall short" but offer nothing substantive.
For a troll you're a really awful one. I think you should go back to whomever paid you and tell them to send someone who can add source citations, and properly use English grammar.
E
[ link to this | view in thread ]
Whatever - the troll
The Government's request is outside the boundaries of lawful and it will not stand. The reasons have been discussed. Any attempt to shift this to "it's easy for them to decrypt" and "nothing will fall into the wrong hands" is a strawman argument.
E
[ link to this | view in thread ]
Re: Re:
This is a little tricky because it is Apple that provided the encryption tool here. If the government were asking Fedex or UPS for assistance in tracking a potentially dangerous or illegal package to what extent do they have to comply with the request and provide assistance? To what extent is this analogous?
[ link to this | view in thread ]
Re:
and who are you? Oh, that's right, just a random anonymous commentator.
[ link to this | view in thread ]
Re: Re: ...also IOS running entirely in RAM
An OS is written in to ROM. This is not really a problem to overwrite, but for evidence needs to be preserved as well.
The OS is loaded from ROM into RAM. Not entirely as some things are accessed only when needed, but the basics of the OS are already running in RAM.
What they want is use something other than ROM to load into RAM and boot the device and run it. In the context of a home computer, its like loading off a USB drive instead of your normal boot drive. In this case though, that ability does not exist on iOS devices. My cheapy Android tablet can boot from ROM or from an SD card (i love that so much) but most can't as far as I know, and no iOS device has that capability (cause they don't have SD cards).
[ link to this | view in thread ]
Re: Re: Re:
It's almost like asking a newspaper to publish an op-ed the whole world knows they're in disagreement with.
[ link to this | view in thread ]
Microsoft, Facebook, Google, Twitter to file as amicus curiae
http://recode.net/2016/02/25/google-will-join-microsoft-in-backing-apple-with-a-legal-filing -in-fbi-case/
Trolls are like those cantankerous people and their TV show heroes... never pay attention to what anyone else says but just repeat the message they want to say.
E
[ link to this | view in thread ]
if you're not outraged, you are not paying attention..
you amerikans are hilarious, deceived and duplicitous in your own demise.
does anyone REALLY think this is about 'following every lead'?, if the FBI is so intent in following every lead, why not dig deeper into Hillary Clintons email fiasco? hmm?
this is nothing short of your gov fscking you even deeper, longer and with no reach around, or lubricant. This is nothing short of getting their precedent using third party doctrine and the all writs act to circumvent congress, due process and your 'inalienable' rights, face it, you have no rights anymore, sitting on your couch watching football and drinking pisswater beer. you actually deserve this victimization.
never has a terrorist toxified over 300,000 citizens drinking water for a payout, see Flint, MI, or daily murder 100s in remote drone attacks in countries you dont even have international relations with. I am absolutely amazed at the utter stupidity being dealt to the obese sheeple in the states of amerika. just w0w.
if you cannot see that this is nothing more than another chip off you're privacy rights in a country completely benign of privacy rights anymore you should be ashamed, and re-read the subject line of this post.
so much for 'going quietly into the night', change the channel, find some football, eat some more pringles and drink more beer, never in my life have I seen a more pitiful wretchedness of incontrovertible stupidity in my existence.
land of the free eh? keep believing in that 'amerikan dream'
[ link to this | view in thread ]
Re: Re: Re: ...also IOS running entirely in RAM
An OS normally has a filesystem driver. But why do you need a filesystem driver for this application? For forensics, what you want is an image, plus the necessary keys to interpret the image as a filesystem.
So, what prevents exporting an unlocked ”system keybag”?
[ link to this | view in thread ]
THE PHONE DOESN'T BELONG TO THE SHOOTER!
It was bought by the County Agency that employed him, and was ISSUED to him!
Isn't this a matter of a property owner seeking help from a product's manufacturer?
It's fundamentally the same as asking Masterlock to help you get into your locker if you forget the combination or lose the key.
[ link to this | view in thread ]
Re: Re:
I give you world history and the 2 party system of America as proof. Each party disparages the other and disrespect each other extensively.
[ link to this | view in thread ]
Re: Re: Re: ...also IOS running entirely in RAM
From A (not so) quick primer on iOS encryption
You're saying that this method is not available on the 5c?
[ link to this | view in thread ]
Wrong, this has been publicized
If this hadn't been given "ANY" press then you wouldn't know about it.
Nobody disagrees with the FBI's right to search the government-owned iPhone. That isn't the issue. The issue is the order for Apple to make backdoor software that Apple doesn't want to make. "Property owners" don't have a right to force the maker of a product to create special tools for them, especially not property owners who failed to use the enterprise management solutions Apple has for corporate owned iPhones.
[ link to this | view in thread ]
Bad govt
Using the terrorist in this way can backfire. What happens if they dont find anything? Then what? We gave our freedom away for no reason other than give the control freaks what they want.i am afraid of what will happen in the future. Didn't anyone but me see that that "new world order" shit that Bush was pushing. Hope you like Nazi America, you voted for it. Like Flint,Mi. Which is worse than a what a terrorist would do. Why cant we bug the governor of Michigan for evidence of criminal activity.
[ link to this | view in thread ]
Re: Re: Re:
When heartfelt honesty conflicts with agendas inculcated by parties, or thirst for power, the strength of the indoctrination or weakness of spirit become the deciding factors. The actuality of honesty assessment is in the mind of the observer, who has to take into consideration factors impacting their own judgment at any given time. Not always an easy thing to do.
If you follow any of my posts you will understand that I am no fan of the two party system.
[ link to this | view in thread ]
Re: Re: Re: Re: ...also IOS running entirely in RAM
>
>From A (not so) quick primer on iOS encryption
That also modifies the filesystem on the device. What the FBI has requested is -zero- modifications to the device. That is not (according to the declaration under oath) possible.
This is not unreasonable. For example (this is an example so as you know some parts apply and some parts don't)... you can boot Ubuntu-Live without ever touching the local drives. However, that requires more than the 1GB of RAM you'll find in the iPhone 5c.
There are other considerations that their "Secure Enclave" does that renders this difficult to accomplish. They're not saying impossible... I believe 6 coders, 2 support people, 1 doc person, 3 from legal... all for 4 weeks although that time might double.
That seems to be an unreasonable burden -- not because the government wouldn't pay _something_ for it, but because it's not Apple's desire[5th am] to write this code [1st am], sign this code[1st am], or in any way be a part of the process[AWA].
To the person who said: But it belongs to its owner and they're just asking for help getting into it: They can get into it. That's not what they want. I'll spell it out:
Owner: I want to get into that phone. break into it for me.
Apple: You can get into it any time. Enter the wrong PIN ten times and your brand-new used iPhone 5c will be ready for you to setup.
Owner: But I want my employee's data!
Apple: Well 1)You could have setup MDM. You didn't? 2)You could have plugged it in at the office and let iCloud do the backup. You changed the password? Well you screwed up the data and your employee's dead. Go look in the mirror; point at yourself a few times; we're not the problem.
If you don't follow best practices, it doesn't make it Apple's problem, and that is the truth the FBI doesn't want to discuss.
[ link to this | view in thread ]
Re: Re: Re:
It is compelling a company to do something that it does not want to that serves a manufactured purpose.
If just compensation is the only factor here, how about we just go ahead and bring back slavery and call 3 meals a day just compensation.
Apple did not break the law, they are just the makers of a device used by someone that committed a crime.
If this passes why not now require gun manufacturers to install an electronic GPS & authentication device to prevent anyone but the owner from pulling its trigger and so that that we can know their location the moment the trigger was pulled. After all as long as well compensate them...
Well lets just say, it is damn evil to make the tax payers pay to compensate a company by forcing it to steal their privacy!
[ link to this | view in thread ]
Re:
... by disassembling your lock and reassembling in its place a completely different and newly invented/engineered thing that ... doesn't actually, like, keep anyone from opening the locker?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
A6 processor. It does NOT have a “secure enclave”. See IOS 9 Security Guide p.7.
[ link to this | view in thread ]
Re: Re:
It doesn't matter if people cannot update the phone themselves. Changing the OS bricks the phone, end of discussion. Apple could reveal all the code and still nobody can update the phones.
" That's not counting the FBI itself, who cannot defend themselves against 16-year-old British hackers."
Standard horse crap. Social hacking and spear phishing is unavoidable, most end users are not techie enough not to realize they are being targeted.
"There is also the distinct possibility that GovOS winds up being more general-purpose. "
Doesn't matter. Without a method to apply it to the phone (the one Apple must do in each case), having in the wild or posted on every street corner won't change a thing. Apple is trying to scare you, and apparently it's working.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
(I'm not necessarily totally disinclined to believe your assertion, but reference to your source would be nice.)
[ link to this | view in thread ]
Re: Whatever - the troll
Simply minded concept.
[ link to this | view in thread ]
Re: Re: It occurs to me...
[ link to this | view in thread ]
don't forget the 4th
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the persons or things to be seized.".
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
don't forget the 13th
Passed by Congress January 31, 1865. Ratifi ed December 6,
1865.
(Note: A portion of Article IV, Section 2 of the Constitution
was changed by the 13th Amendment.)
SECTION 1.
Neither slavery nor involuntary servitude, except as a
punishment for crime whereof the party shall have been
duly convicted, shall exist within the United States, or any
place subject to their jurisdiction."
** Requiring Apple to use its resources to create an unsecured O/S that currently does not exist against its will (and better interests) and without remuneration could be construed as "involuntary servitude" and is therefore illegal according to the 13th Amendment to the US Constitution. **
[ link to this | view in thread ]
it's not imporatant that they ARE secure- just that they FEEL secure... If apple wanted their customers to actually BE secure, they'd open source, and segregate their baseband processors.
"government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user?"
Previous leaks has show every single thing mentioned above can be done to ANY phone through standard baseband functions.
“federal prosecutors don’t have an obligation to consult the intelligence community in order to investigate crime”
fed prosecutors know damn well the intel community can do it, they're probably sick of the under the table consults, and having to parallel construct evidence and flat out fraudulently make cases.
[ link to this | view in thread ]
Re: Re: Re: Re:
Many individuals may indeed be honest, but they are often crowded out by the lies, and an honest person is loathed to join the ranks of the dishonest... because any that know truth, know that it is hated for the sake of political & social expediency.
As far as your other posts, I don't think we disagree much on the fundamentals, but it might be said you have more faith in humanity than I, and it is likely we both disagree on how to clean up corruption, despite us both wanting to be rid of it.
[ link to this | view in thread ]
Maybe
[ link to this | view in thread ]
Re: Re: Re:
Phishing, Social Hacking, and OS updates have NOTHING do with with any of this. We are talking about a Company being forced to knowingly compromise their own products to prop up a tyrannical Agency and its whims.
You are grossly ignorant of technology. You may not have been watching much of recent history but there are quite a number of ways to get malicious code onto devices even while those very systems have been designed to prevent just that from occurring.
[ link to this | view in thread ]
Re: Re: Re: Re:
Read the comments before mine, I was only addressing them. If you don't care to read, well, too bad for you. troll on!
[ link to this | view in thread ]
But it was my RICE KRISPIES that did the talking!
[ link to this | view in thread ]
Re: Maybe
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
> a glass of water must remain pure for it to be safe to drink
Pure is a relative thing, when it comes to drinking water. Certainly, one can foul it to a point where it is unsafe to drink. No argument there.
But while you CAN drink highly distilled / purified water, it is by no means the "best" water. In fact, drinking JUST distilled water can be highly dangerous to your health. I'll leave the ancillary reading to you.
Put in a tasty array of dissolved minerals (or other substances) and water becomes much better for you. ... even without caffeine, sugar, or flavorings.
Moderation in all things, friend.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Code Is Speech
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Whatever - the troll
[ link to this | view in thread ]
Re:
You're not supposed to be scared OF anything, on the off-chance that thing goes away.
You're just supposed to be scared.
[ link to this | view in thread ]
Re: Re: Whatever - the troll
[ link to this | view in thread ]
Re:
Also, Aople's own claims that this would make millions of phones insecure are rather overblown. As Apple themselves control the update process, the only way this code gets on a phone is if Apple specifically applies it. Any other attempts to update a phone would lead to a brick (just ask any number of hackers out there about it). The only way this ends up on millions of phones is if Apple chooses to do so.
Guess you never heard of jailbreak. I won't even develop this argument, it's pretty clear that you are full of bullshit. The rest of what you said isn't worth discussing.
[ link to this | view in thread ]
Re: Re: Whatever - the troll
[ link to this | view in thread ]
Re: Microsoft, Facebook, Google, Twitter to file as amicus curiae
[ link to this | view in thread ]
what?
I still believe apple was pricing themselfs out of business. Asking for too much with each opening, looking for what the market will bear. FBI wants their tool. Just like they gave the chineese back in November.
Google and MS already acknowledge that long ago they had chineese versions, and let them have sourcecodes. Apple just acknowledged it.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
Like when I said it was part of the declaration attached to the motion?
E
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Yes moderation in all things when talking about food and physical activity, but that saying was never meant to be implied with honesty, context is indeed king.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
As opposed to your disinformation that you keep parroting like an idiot clearly out of his league.
Stick to copyright issues because you don't know jack shit about security.
Nothing.
[ link to this | view in thread ]
Re:
Apply currently rolls over like a bitch for fucking China from the looks of things. But you see in china the Emperor wears a different set of cloths and the serfs there do not have the same freedoms as Americans, sure the 2 parties want to get us there, but we are not there yet.
[ link to this | view in thread ]
GovtOS? How did they miss FBIOS?
[ link to this | view in thread ]
Re: GovtOS? How did they miss FBIOS?
[ link to this | view in thread ]
Re: Re:
I agree and would add if Apple is forced to comply with this order and even if they are paid, Apple will still feel an unreasonable burden because now people will no longer trust their phones are security which could lead to less sales which would lead to lower stock prices and Apple losing more money than they make by creating this new version.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Microsoft, Facebook, Google, Twitter to file as amicus curiae
[ link to this | view in thread ]
Re: Re: Microsoft, Facebook, Google, Twitter to file as amicus curiae
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Probably because Whatever has earned whatever you call the opposite of the benefit of the doubt.
[ link to this | view in thread ]
Re: Re: Whatever - the troll
[ link to this | view in thread ]
Re:
No, that would be if the county (the owner of the phone) called Apple up and asked for help. Then Apple would say no and the story would be over. What actually happened is the FBI went to a court and had them order Apple to help.
You did read the story, right?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: don't forget the 4th
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: don't forget the 4th
I don't believe the order requires either of those things.
[ link to this | view in thread ]
Re: don't forget the 13th
[ link to this | view in thread ]
Re: don't forget the 13th
Has the 13th ever been found to apply to corporations?
[ link to this | view in thread ]
Re:
Sometimes that involves breaking the lock. In terms of your analogy, they CAN get into the phone. It might be wiped, but that certainly isn't Apple's fault.
Back to your analogy: masterlock isn't guaranteeing a pickable lock. Who'd buy such a worthless piece of shit?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
(Unless you're referring to Neneunshwander para 19. In which case, then I believe you're simply not reading carefully enough. That statement does not support your assertion.)
[ link to this | view in thread ]
Re: Re: don't forget the 4th
[ link to this | view in thread ]
Re: Re: Re: don't forget the 4th
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
If a lock is not guaranteed to be unpickable, then that's effectively the same as guaranteed to be pickable because no lock maker is going to advertise that their lock can be picked. So pretty much everyone is willing to buy pickable locks. The locks on your house, if they're standard door locks, are pretty easily pickable by someone with the right tools and expertise. They may even be pickable almost immediately by someone with the right tool and little to no expertise.
https://www.youtube.com/watch?v=131j0htYIoU
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Don't you mean "Purity is a relative thing..."?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
Anyhow, my experience with ramdisks came later. Quite a bit later, in fact.
(*) I never personally owned an IBM 360, and my mainframe experience remains extremely limited to this day.
[ link to this | view in thread ]
Re: Re: Whatever - the troll
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
Unless it would boot and run a recent version of Ubuntu that way, I'm not sure how that's relevant. Or was this just intended as an aside?
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
(In the case at hand, the FBI made some technical suggestions to achieve an objective. But the order did not absolutely require the specific methods that the government requested.)
[ link to this | view in thread ]
Re: Re: don't forget the 13th
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
Google wants the governments of the world to butt out of their data collection business. Facebook wants the government to stay out of their data collection business. They generally don't want the government to stand up for people's rights unless it impinges on their business models predicated on knowing everything about their clients.
So I am not surprised to see bird of a feather...
[ link to this | view in thread ]
Re: Re: Code Is Speech
It's almost like a court forcing an artist to paint a certain subject. Or compelling Mike Masnick to write about how the world need an eternal copyright. It starts to look a whole lot more tyrannical in that light.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
[ link to this | view in thread ]
Re: ...also IOS running entirely in RAM
This has already been done in the past by people who have jailbroken their personal devices.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
If you support more security for the people running things, then that's good. If you support laws and security that protect everyone equally then you are supporting terrorism.
[ link to this | view in thread ]
Re: Re: ...also IOS running entirely in RAM
But has anyone ever separated the “Elpida B8164B3PM-1D-F 8 Gb (1 GB) DDR2 RAM”, which is stacked under the A6 in a Package-on-Package configuration? It occurs to me that with, say dual-port ram, one could modify a process' instructions after an executable's signature has been validated.
[ link to this | view in thread ]
Re: Re: Re:
Apple should tell 'em to piss off on principle. What happens if Apple tries it, it fails and corrupts the data? What's to stop this psycho prosecutor from going after Apple for tampering with evidence/aiding and abetting ISIS?
[ link to this | view in thread ]
Re: Re:
Yeah, poor buggers don't have their own DHS, CIA, NSA, FBI, ...
[ link to this | view in thread ]
Re: Re: don't forget the 13th
[ link to this | view in thread ]
Re: what?
They got stupid and trusted it to be stored in "the cloud." They no longer have any say as to how much PII it stores or sells to trusted partners.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: don't forget the 13th
It's getting awfully dark outside to be talking to lawyers.
If unions are too blue-collar, too “socialist” —coders are not longshoremen— then how about a nice professional society?
[ link to this | view in thread ]
Re: Re: Re: It occurs to me...
Tl;Dr Notes on iOS 8 PIN / File System Crypto.
This aids in understanding p.11ff. of IOS 9 Security Guide.
[ link to this | view in thread ]
Re: Re: Re: ...also IOS running entirely in RAM
During system initialization, the bootrom is mapped into address space. As I read this, it indicates to me that the bootrom is not merely mapped into the address space, but shadowed into ram.
If the bootrom is indeed shadowed, then an attacker with full control over the ram (via hardware) nows owns the machine.
If the bootrom is not shadowed, then an authentic low-level bootloader would need to be loaded (nominally from flash), decrypted and verified, before an attacker with full control over the ram (via hardware) would then own the machine.
[ link to this | view in thread ]
Re: Re: Re: Re: ...also IOS running entirely in RAM
[ link to this | view in thread ]
Re: Re: Re: Re:
That would be one helluva capability, wouldn't it? To be able to create a clone so perfect that the manufacturer doesn't spot it. If I was NSA, I would be absolutely drooling over that capability. Absolutely drooling.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
The Government's Ex Parte Application, however was not filed until February 16, 2016.
Seventy-five days.
About seventy-five days after the phone was seized in a high-priority, high-profile case—a national security investigation of a domestic terrorism incident—the government makes its ex parte application to compel Apple's assistance under the All Writs Act.
What was the government doing with the phone during those seventy-five days?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
But with sufficient practice, it seems likely that the NSA could develop procedures to the point where someone could be held up by customs and separated from their phone for a shorter period. A few hours, or a few days, in lockup, and then apparently released—with a clone of the phone so perfect that the manufacturer wouldn't spot it during a forensic examination.
And, naturally, it wouldn't have to be customs. Any time any of the authorities could play catch and release with a target of sufficient value.
More daringly, any time CIA could carry out an evil maid attack.
The adversary is a major nation-state. The adversary just needs a believable cover story about the ‘unhackable’ iPhone. The adversary just needs people to put their faith in a pin selected from a pinspace with insufficient entropy.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
No, but it -does- require you either can A: Shove everything into ram to run the system (Command.com runs from RAM until you run something else.) or B: Have external media access to load things up from instead of onboard. And B is precluded because that'd require changing data on the phone, which -was- on the list of things they said had to be left alone.) Which makes this ... much more challening.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: ...also IOS running entirely in RAM
I haven't seen a block diagram of this device's architecture. Are you telling me that there's an i/o channel controller and dedicated ram sitting on a bus on the far side of the flash memory? That the application processor and i/o channel controller are mediated only via the flash memory? That would be weird. Very weird. Extremely weird.
So, again, why would external media access require changing the data stored in flash?
[ link to this | view in thread ]