The FBI Claims Failure To Guess Password Will Make Data 'Permanently Inaccessible,' Which Isn't True

from the all-in-service-of-future-writs-and-exploitations dept

The FBI's attempt to force Apple to help it break into an iPhone hasn't been going well. A lot of that has to do with the FBI itself, which hasn't exactly been honest in its portrayal of the case. It tried to fight off claims that it was trying to set precedent by claiming it was just about this one phone… which worked right up until it dropped details about twelve other phones it couldn't break into.

Comey's protestations of "no precedent" were further undermined by law enforcement groups filing briefs in support of the FBI that basically stated they, too, would like Apple to be forced to comply with orders like these. And then there was the whole thing about some "dormant cyber pathogen" that was basically laughed off the internet within hours of its appearance.

There were also claims that Apple has done this sort of thing 70 times in the past but was just being inexplicably obstinate this time for reasons the FBI could not comprehend. But that wasn't true either. Apple does provide law enforcement with access to data it can retrieve from its end -- which is nothing like writing software that would allow the FBI (and anyone else who gets their hands on it -- or who makes similar demands following an FBI win) to bypass the security features of its phones.

Dan Gillmor of the ACLU has taken another look at the FBI's motion to compel and found it has misrepresented how Apple's "auto-erase" (which occurs after a certain number of failed login attempts) actually works.

The FBI has been unable to make attempts to determine the passcode to access the SUBJECT DEVICE because Apple has written, or “coded,” its operating systems with a user-enabled “auto-erase function” that would, if enabled, result in the permanent destruction of the required encryption key material after 10 failed attempts at the [sic] entering the correct passcode (meaning that, after 10 failed attempts, the information on the device becomes permanently inaccessible)…
That's not what actually happens, Gillmor points out. All data is not erased once 10 failed attempts are recorded. An agency with as many technically-astute employees -- as well as access to a variety of data recovery and software forensic tools -- should know -- or likely does know -- that it doesn't work this way. The phone doesn't erase all of the data, nor does it make it "permanently inaccessible." Instead, it just destroys one of the keys to the data.
The key that is erased in this case is called the “file system key”—and (unlike the hardwired “UID” key that we discussed in our previous blog post) it is not burned into the phone’s processor, but instead merely stored in what Apple calls “Effaceable Storage,” which is just a term for part of the flash memory of the phone designed to be easily erasable.
The data is still intact. The front door isn't. But the FBI can work around this by preventing the key from being destroyed in the first place -- without Apple's help.
So the file system key (which the FBI claims it is scared will be destroyed by the phone’s auto-erase security protection) is stored in the Effaceable Storage on the iPhone in the “NAND” flash memory. All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.
Even if the FBI fails in its attempts to brute force the code, the data on the phone remains intact. By working with a copy of the flash memory, the FBI can restore the phone to its "10 guesses" state repeatedly until it finally guesses the code.
The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.
It's literally unbelievable that the FBI doesn't have access to the tools to perform this or the expertise to get it done. Which leads Gillmor back to the inescapable conclusion: this isn't about one iPhone or even twelve of them. This is about convincing a judge to read the All Writs Act the way the FBI would like it to be read -- a reading that would not only push the envelope for what it can demand from unrelated parties in the future, but that would also give it software to modify and exploit.

If it gets to that point, device users are going to have to start eyeing software/firmware updates very suspiciously.
The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices. If they win, future software updates will present users with a troubling dilemma. When we're asked to install a software update, we won’t know whether it was compelled by a government agency (foreign or domestic), or whether it truly represents the best engineering our chosen platform has to offer.
This is the end game for the FBI, even though it doesn't appear to realize the gravity of the situation. To it, Apple is the obstacle standing between it and the wealth of information it imagines might possibly be on that phone. Even is Apple is forced into compliance and the phone contains nothing of use, it will still have its precedent and its hacking tool and we'll be headed towards a world where patch notes contain warrant canaries.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: all writs act, burden, doj, fbi, hacking, iphones, passwords, security
Companies: aclu, apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Groaker (profile), 9 Mar 2016 @ 6:37am

    True or not

    It would be better if the FBI didn't have so much information. There have been any number of spies in the FBI that have fed data to "allies" and enemies alike. How many are operating there now?

    Hansen was an exemplar. He should have been caught dozens of times over, but was let go repeatedly.

    What has the FBI done for us lately? Capture our personal phone calls? Lie about what it is doing? Lie about the risks that we face? Hype fear? Entrap morons and imbeciles as terrorists, when they don't know what the word means? Fail to substitute a dummy explosive in the first WTC bombing when it knew what was happening, and had the opportunity? Invent laboratory tests that a 9th grader has the knowledge to shred as unworkable? And ever so much more.

    link to this | view in chronology ]

    • icon
      Peter (profile), 9 Mar 2016 @ 8:15am

      Not lately, but ...

      ... perhaps the words John Edgar Hoover ring a bell? Do we really want to bring those times back?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 7:10am

    Uh oh

    So which is it Comey? Is the FBI so incompetent that they didn't know they have the ability to do it themselves or did you know it and just hoped you could slide the precedent through without anyone noticing? Either way you are completely full of shit and unworthy of holding the position you currently do.

    Side note: Comey needs to be called back before Congress to answer this question.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 9 Mar 2016 @ 7:32am

      Re: Uh oh

      So he could give a 'least untruthful answer' to them again and dare them to call him out on it or do something about it?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 8:32am

        Re: Re: Uh oh

        My thoughts exactly.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 10:38am

        Re: Re: Uh oh

        Alternatively, they could fire Comey out of the cannon in the secret facility under the Pentagon to summon Cthulhu.

        Which would still be more honest.

        link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 9 Mar 2016 @ 7:15am

    This is what happens

    Ahh, so this its what SHTF looks like.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 7:21am

    Director Comey's answer

    IIRC, Rep. Darell Issa (Cal-49) asked Director Comey about this technique during the March 1st House Judiciary Committee hearing.

    I would have to re-watch the video to give Director Comey's precise answer. I don't want to mischaracterize Director Comey's testimony.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 7:35am

      Re: Director Comey's answer

      I would have to re-watch the video
      From the C-SPAN transcript of the March 1st House Judiciary Committe hearing:
      00:51:22 Darrell Issa: So that means that you can, in fact, remove from the phone all of its memory -- all of its non-volatile memory -- its disk drive, if you will -- and...

      00:51:36 Darrell Issa: Let's assume that you can make an infinite number of copies once you make one copy, right?

      00:51:42 James B. Comey Jr.: I have no idea.

       . . . .

      00:53:18 James B. Comey Jr.: Firstly, I'm the director of the FBI. If I could answer that question, there'd be something dysfunctional in my leadership.

       . . . .

      0:54:07 James B. Comey Jr.: I -- I did not ask the questions you're asking me here today, and I'm not sure I fully even understand the questions. I have reasonable confidence --...
      I guess I wouldn't actually have to re-watch the vido. Although that means I haven't verified the accuracy of the C-SPAN transcript.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 9:02am

        Re: Re: Director Comey's answer

        "Firstly, I'm the director of the FBI. If I could answer that question, there'd be something dysfunctional in my leadership."

        This is so astoundingly backwards it isn't even funny. What is dysfunctional is that the leadership of the FBI is claiming here that he has no clue about the capabilities of those under him within the agency.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Mar 2016 @ 10:16am

          Re: Re: Re: Director Comey's answer

          I think that he is subtly saying this: "I am no damn looser nerd! I didn't sit in my mommas basement until I was 30, I went on dates played football as the quarterback and shot guns."

          link to this | view in chronology ]

      • icon
        That One Guy (profile), 9 Mar 2016 @ 9:27am

        Re: Re: Director Comey's answer

        00:53:18 James B. Comey Jr.: Firstly, I'm the director of the FBI. If I could answer that question, there'd be something dysfunctional in my leadership.

        Uh, no actually, the fact that you can't shows dysfunctional leadership. If you don't personally know then it was your responsibility to ask one of your more knowledgeable employees and have then explain what was and was not possible.

        Willful ignorance is not a quality one wants to see displayed by anyone in a leadership position, and certainly not the leader of the gorram FBI.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Mar 2016 @ 10:24am

          Re: Re: Re: Director Comey's answer

          My thoughts exactly... again.

          link to this | view in chronology ]

        • icon
          nasch (profile), 10 Mar 2016 @ 10:20am

          Re: Re: Re: Director Comey's answer

          If you don't personally know then it was your responsibility to ask one of your more knowledgeable employees and have then explain what was and was not possible.

          Perhaps that happened, and he found himself incapable of understanding the explanation. Can't admit that to Congress though.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 10 Mar 2016 @ 10:57am

            Re: Re: Re: Re: Director Comey's answer

            Can't admit that to Congress though.
            Just started watching
            December 9, 2015

            Federal Bureau of Investigation Oversight Federal Bureau of Investigation (FBI) Director James Comey testified at a Senate Judiciary Committee oversight hearing on his agency’s operations. Mr. Comey discussed the shootings in San Bernardino, California. . . .
            Listening, really, as I'm multitasking. At least during the opening statements by Chairman Grassley and Ranking Member Leahy.

            After that video, I've got another House committee queued up. Ugggh.
            February 25, 2016

            FBI Fiscal Year 2017 Budget Request FBI Director James Comey testified at a hearing on his agency’s fiscal year 2017 budget request. Director Comey defended the high allocation of funds for a new headquarters, calling it necessary if the agency is to carry out its mission effectively. When asked about the bureau’s case against Apple over access to the iPhone used by one of the killers in the San Bernardino, California, mass shooting, he stressed that the request only affects this specific phone and no one else’s.
            Any others I should look at—or at least listen to?

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 10 Mar 2016 @ 2:26pm

              Re: Re: Re: Re: Re: Director Comey's answer

              December 9, 2015… … Director James Comey testified at a Senate Judiciary Committee oversight hearing…
              Incidentally, Techdirt had a Dec 9 story on this hearing.

              That Techdirt story didn't mention Sen. Feinstein's questions beginning about the 55:20 mark:
              Director Comey: . . . The way it works is we get a search warrant -- allows us to enter someone's residence. Our forensic experts and agents were in that residence for over 24 hours, and combed through it, and took everything that we could take under the search warrant, and that was appropriate to take, and recorded that which we needed to record. Once we've exhausted that examination, we board the place up and make it secure. We have to post under the law an inventory of what was taken. That's part of American law. And then leave the residence. That part makes good sense to me. The part I can't explain is why the landlord for the place allowed the boards to be pried off, and folks to go through.
              That line of questioning continues for a bit beyond what I've transcribed here, up until about the 58:35 mark.

              link to this | view in chronology ]

  • icon
    John85851 (profile), 9 Mar 2016 @ 7:22am

    Thanks for this

    Thanks for this article. I wish the other media would pick up on these points, especially how the FBI should have their own forensic tools and experts, rather than just saying Apple should give in because they've helped the FBI before. Then again, this would be the same media that doesn't make a difference between unlocking a phone (which Apple has done) and writing new software (which will set a dangerous precedent). But when the media has 5 seconds to grab a Facebook user's attention, a lot of these details don't seem important enough to write about.

    link to this | view in chronology ]

    • icon
      Groaker (profile), 9 Mar 2016 @ 8:20am

      Re: Thanks for this

      The FBI's forensic labs are so incompetent that nothing that comes out of them has any meaning. Their test results are often contradictory to known physical laws, and/or to the demonstrated evidence at hand.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 12:11pm

      Re: Thanks for this

      Solving the problem with their own labs does not give them the precedent to force software companies to do things to assist their enquiries. Things along the lines of getting a warrant to force a company to install a key-logger onto machines before they seize them. The increasing use of signed code means that they increasingly need to get their malware sighed so that it will install.

      link to this | view in chronology ]

  • icon
    John Fenderson (profile), 9 Mar 2016 @ 7:23am

    Here's how unbelievable it is

    It's literally unbelievable that the FBI doesn't have access to the tools to perform this or the expertise to get it done.


    Just to drive this point home, I'm sitting here right now looking at my small hobbyist electronic workbench and realizing that I have all of the tools and skills needed to so accomplish this right now.

    And I am not an EE, I'm a software guy who likes to solder things. I imagine that an actual expert would consider it child's play.

    link to this | view in chronology ]

    • identicon
      TripMN, 9 Mar 2016 @ 9:33am

      Re: Here's how unbelievable it is

      As a software engineer and hobbyist in electronics I too probably have everything except for maybe something to read/write the NAND, though there is a chance my RaspberryPi could fill that gap with ease.

      After all that Comey and the FBI has said and done in the last couple of years, I'm starting to think they should be defunded for sheer incompetence.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 9:41am

      Re: Here's how unbelievable it is

      … a software guy who likes to solder things.
      Surface-mount kinds of things?

      link to this | view in chronology ]

      • icon
        John Fenderson (profile), 9 Mar 2016 @ 9:42am

        Re: Re: Here's how unbelievable it is

        Yes.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Mar 2016 @ 9:47am

          Re: Re: Re: Here's how unbelievable it is

          Yes.
          Well, if it's possible to find some iPhone 5c's on eBay or somewhere, then I think we're making some testable assertions, aren't we?

          link to this | view in chronology ]

          • icon
            John Fenderson (profile), 9 Mar 2016 @ 9:59am

            Re: Re: Re: Re: Here's how unbelievable it is

            I'm not sure what your point is, as there's no need to have a specific iPhone to test my assertion. Here is what I assert: I, as an amateur, have the skills and capabilities needed to remove a surface mount flash memory chip from a circuit board, copy its contents, and replace it without damaging the device. I have done similar things many times. My assertion has already been tested.

            My inference is that since I am capable of it using equipment I have on hand right now, actual trained experts using a real lab should find this simple.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 9 Mar 2016 @ 10:05am

              Re: Re: Re: Re: Re: Here's how unbelievable it is

              My assertion has already been tested.
              OK. If you want to stop there, that's fine.

              I was referring to the larger assertion that effaceable storage is located in the NAND flash chip on the iPhone 5c, and to the assertion that physical removal and replacement of that storage device is a viable attack method on the pin.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 9 Mar 2016 @ 10:50am

                Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                Well, I'd certainly assume an organization with a budget as the FBI would be able to budget a iPhone 5c to test that assertion....

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 9 Mar 2016 @ 11:04am

                  Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                  FBI would be able to budget a iPhone 5c to test that assertion....
                  If FBI, perhaps at Quantico —or perhaps at the Orange County Regional Forensics Laboratory— did indeed test that attack method, then would Director Comey testify truthfully about FBI's lab work? In an open, webcast and telecast House Judiciary hearing?

                  link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 9 Mar 2016 @ 12:19pm

                  Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                  That assumption would be valid if the Director were aware of what that budget was and how it was being spent since he apparently doesn't even know what the capabilities of his own agency are and which perhaps is why the FBI spends most of it's time creating it's own terrorist plots to foil.

                  link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 9 Mar 2016 @ 1:06pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                    A "Director" not aware of what his budget is cannot be considered a director.

                    And seriously, we're talking what, a few hundred dollars? If they don't manufacture ONE plot, they'll have plenty of money left over for pizza & wings.

                    link to this | view in chronology ]

                    • identicon
                      Anonymous Coward, 9 Mar 2016 @ 1:21pm

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                      I have to assume that he doesn't know what his budget is or how it is being used since he clearly stated that he wasn't aware of what the capabilities of his agency are.

                      link to this | view in chronology ]

              • icon
                John Fenderson (profile), 9 Mar 2016 @ 3:23pm

                Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                "I was referring to the larger assertion "

                Sorry, I got confused. You were replying to my comment, so I thought you were talking about my assertion. Carry on.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 9 Mar 2016 @ 4:11pm

                  Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                  There are ways the FBI can crack the iPhone PIN without Apple doing it for them”, by Peter Bright, Ars Technica, Mar 9, 2016
                  This video from a Shenzhen market shows a similar process in action ( . . . ). Here, a 16GB iPhone has its flash chip desoldered and put into a flash reader. A full image of that flash is made, including the all-important effaceable area. In this case, the chip is then replaced with a 128GB chip, and the image restored, with all its encryption and data intact.
                  It's an interesting video. Worth watching.

                  link to this | view in chronology ]

                  • icon
                    John Fenderson (profile), 9 Mar 2016 @ 7:34pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                    Yes, this was my point exactly. Cloning flash chips is not a rarified skill. Anyone can do it with minimal tools.

                    About the people in that video -- I've been told that the techniques that are generally shared amongst the legit hobbyist community for working with this stuff were pioneered by street vendors just like those. It may be apocryphal, but it seems plausible.

                    link to this | view in chronology ]

            • identicon
              Rekrul, 9 Mar 2016 @ 4:48pm

              Re: Re: Re: Re: Re: Here's how unbelievable it is

              Here is what I assert: I, as an amateur, have the skills and capabilities needed to remove a surface mount flash memory chip from a circuit board, copy its contents, and replace it without damaging the device. I have done similar things many times. My assertion has already been tested.

              Do you need special tools for that? I've looked at surface mounted components and I can't imagine trying to solder/unsolder them "by hand". Even the smallest iron I've seen (admittedly I'm not an expert on soldering irons) would probably cover several of the contacts at once on a typical chip.

              link to this | view in chronology ]

              • icon
                John Fenderson (profile), 9 Mar 2016 @ 6:49pm

                Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                It depends. If the surface mount component is the ball array type, with contacts completely concealed under the chip, then you need to use a reflow oven. Mine is a modified toaster oven.

                Otherwise, if you have a fine soldering iron tip, steady hand, and patience, then you can just use a soldering iron. A fine tip iron is still large compared to the lead size, but it works. I can even hand-solder fine wire into those leads.

                Desoldering is much, much easier than soldering. I just use desoldering braid for that.

                link to this | view in chronology ]

                • icon
                  John Fenderson (profile), 9 Mar 2016 @ 6:53pm

                  Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                  I should mention that you do have to be more careful about heat than with larger components. I'm probably more paranoid about this than needed, but I've burnt components when first learning to do this. I use a hot iron and never apply it for more than a second at a time, letting the component cool before hitting it again.

                  link to this | view in chronology ]

                  • identicon
                    Rekrul, 10 Mar 2016 @ 1:46pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                    I don't have a lot of experience soldering/unsoldering components. In fact, most of my soldering has been of the attaching wires to plugs, or splicing wires variety.

                    Many years ago, I bought a cheap, pencil type iron because it claimed that the low heat and pointed tip were ideal for electronics work. Unfortunately, there's only one area of the tip that gets hot enough to actually melt solder (on the side, a millimeter back from the tip) and it doesn't even get hot enough to use desoldering braid. I've bought a couple new tips over the years, but they all behaved the same way.

                    When I splice electrical cords (like for example if I find a DVD player in the trash with the cord cut off), it takes forever to get the solder to flow around the wires. Half the time it just balls up on the tip of the iron rather than flowing onto the wires.

                    I know I should get something better, but every time I look into it, I end up convincing myself that I wouldn't use it enough to spend the money. I really know nothing about electronics and my projects involving simple wire soldering are few and far between.

                    link to this | view in chronology ]

                    • icon
                      John Fenderson (profile), 10 Mar 2016 @ 6:47pm

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                      Your pencil soldering iron is mostly worthless, I think. You can get a perfectly adequate iron for $30 or so these days, and even if you only solder occasionally, I think it's worth the investment.

                      A trick I learned that improved everything for me was to avoid low-temperature irons for electronics work. It's better to do the opposite: go high-temperature. I usually run mine around 340C these days. It's counterintuitive, but running at a low temperature increases the odds of heat damage because you have to hold the heat to the part longer. It's better to get in and out fast. Even at a high temp, you can get out fast enough that the heat can't propagate very far.

                      Also, soldering big, thick wires like speaker wires is a totally different thing than soldering electronic parts. That wire makes a terrific heat sick. You certainly want a hotter iron for that sort of work.

                      link to this | view in chronology ]

                      • icon
                        John Fenderson (profile), 10 Mar 2016 @ 6:51pm

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                        "That wire makes a terrific heat sick"

                        Sink, not sick. But somehow it works either way.

                        link to this | view in chronology ]

                      • icon
                        John Fenderson (profile), 10 Mar 2016 @ 6:52pm

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                        Oh, also, when I'm not working on surface-mount components, I don't use a pencil tip. I've found that a small spade tip is much easier to work with.

                        link to this | view in chronology ]

                    • icon
                      John Fenderson (profile), 10 Mar 2016 @ 7:01pm

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                      Sorry for the string of replies, but this is a topic I can't shut up about.

                      "Half the time it just balls up on the tip of the iron rather than flowing onto the wires."

                      This can happen regardless of what you're soldering, and it means one of two things (or both): either the metal you're soldering isn't clean (it's actually dirty or, more likely, it has a layer of oxidation) and/or you need to use more flux than is in the solder you're using (you are using rosin-core solder, right?).

                      Cleaning the wire ends, applying flux, and tinning them before soldering should eliminate that problem.

                      link to this | view in chronology ]

                      • identicon
                        Rekrul, 11 Mar 2016 @ 2:41pm

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                        Sorry for the string of replies, but this is a topic I can't shut up about.

                        I don't mind. :)

                        This can happen regardless of what you're soldering, and it means one of two things (or both): either the metal you're soldering isn't clean (it's actually dirty or, more likely, it has a layer of oxidation) and/or you need to use more flux than is in the solder you're using (you are using rosin-core solder, right?).

                        Yes, according to the label on the spool it's rosin-core.

                        Cleaning the wire ends, applying flux, and tinning them before soldering should eliminate that problem.

                        I always apply some flux to the wires. My grandfather used to always did that, so I've followed his example. I tin small wires if I'm attaching them to something like a toggle switch or DB9 connector, but with things like electrical cords, I usually don't. The reason for this is that my iron takes so long to get the solder flowing, I find it very awkward to hold two tinned wires together and hold the iron on them. It's easier to twist them together so that they stay on their own and then apply the solder. Of course then I have to try and squash the soldered wires down against the cord so that I can wrap tape around it and I end up with an unsightly bulge in the cord. I've also used heat-shrink tubing, but my iron takes forever to shrink it and then only the spot that I touch shrinks. I tried using a lighter, but ended up melting some of the normal insulation as well.

                        My grandfather used to have an old iron with a 1/4" wide tip that got quite hot. He never seemed to have any trouble soldering anything. Unfortunately it, along with most of the rest of his tools, disappeared after his death. My grandmother and mother either sold or gave most of his stuff away.

                        link to this | view in chronology ]

                        • identicon
                          Anonymous Coward, 11 Mar 2016 @ 2:54pm

                          Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Here's how unbelievable it is

                          I've also used heat-shrink tubing, but my iron takes forever to shrink it and then only the spot that I touch shrinks. I tried using a lighter, but ended up melting some of the normal insulation as well.
                          High-wattage hair dryer works well. Presuming you don't have a commercial- or industrial-style heat-gun handy.

                          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 8:34pm

      Re: Here's how unbelievable it is

      What specifically would you do?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Mar 2016 @ 4:43am

      Re: Here's how unbelievable it is

      And I am not an EE, I'm a software guy who likes to solder things. I imagine that an actual expert would consider it child's play.

      I am an EE, and I've both done chip design and worked with the FBI. In my experience, typical FBI agents are arrogant asses who think that they know just about everything about everything and view themselves as some kind of demigods. So if they can't do it themselves (and they probably can't), then they think it just can't be done.

      link to this | view in chronology ]

  • icon
    mdpopescu (profile), 9 Mar 2016 @ 7:30am

    McAfee

    So... you're saying that John McAfee was right when he said he knows people who could decrypt the phone in a few days?

    http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 9 Mar 2016 @ 7:51am

      Re: McAfee

      John McAfee is certainly flamboyant and arguably unstable (although he does intentionally play up "instability" as part of his public image, so who knows how much is an act), but when you look at his actual claims about tech in this area, he tends to be correct.

      "Just because I'm crazy doesn't mean I'm wrong."

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 8:44am

      Re: McAfee

      No McAfee was still an idiot that didn't know what he was talking about:

      http://arstechnica.com/security/2016/03/john-mcafee-better-prepare-to-eat-a-shoe-because-he-do esnt-know-how-iphones-work/

      What is described here is a completely different approach. McAfee was talking about trying to recover the password. The password isn't stored anywhere on the device. This approach is about restoring the key from a backup after it gets erased due to the auto-erase feature.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 7:32am

    Of course the fbi has tools they could use. No guarantee of success but then, neither does the approach they are currently on.

    Aside from setting precedent, the other issue is if the FBI had to make a lot of effort that would just get them into this one phone, they have to come to terms with the fact that there likely isnt anything useful on it.

    The only real value in this one phone is the possibility it opens the door to getting into itger phones

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 7:52am

    Legal question here

    ...The FBI can simply remove this chip from the circuit board (“desolder” it)...

    Will that pass 'chain of evidence' challenges?

    It's one thing to copy files from one device to another. AFAIK if a copy is made to a non-erasable media it's accepted in court, but a copy made to an erasable media has problems. But removing the original storage media, especially if it wasn't intended to be removed, might present issues for chain of evidence.

    link to this | view in chronology ]

    • identicon
      kallethen, 9 Mar 2016 @ 8:05am

      Re: Legal question here

      But they are talking about the chip with the encryption key, not the storage drive with the data. It's the data that'd be evidence, or am I wrong in that understanding?

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 8:13am

        Re: Re: Legal question here

        am I wrong in that understanding?
        Your question isn't specific enough for me to tell. Please restate your understanding as to what “they[who?] are talking about”.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 8:22am

        Re: Re: Legal question here

        It's the data that'd be evidence, or am I wrong in that understanding?
        Let me clarify something, since you haven't responded yet to my immediate followup—

        Testimony from forensic technicians is also evidence. In these circumstances, they'd probably mark or initial the original flash chip, after removing it and making copies. So the tech could then, in court, point to a physical item, and swear, “Yeah, that's the chip I removed from the iPhone.”.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 8:08am

      Re: Legal question here

      How to Destroy Pandora's iPhone”, by Nicholas Weaver, Lawfare, Feb 26, 2016:
      [T]hese services are also forensically sound. Because the first step of the process is to create a copy of the encrypted storage, and that encrypted storage is not destroyed by the forensic process, the remaining steps of analysis can be verified by a defense expert who is provided the hardware key.
      (Emphasis added.)

      The Toshiba THGBX2G7B2JLA01 128 Gb (16 GB) NAND flash is not destroyed by any of the several methods proposed so far.

      Testimony from the techs who performed the procedure would, of course, be required to authenticate the flash chip.

      link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 9 Mar 2016 @ 8:27am

      Re: Legal question here

      Chain of evidence is all about trusting them to not lie and manipulate or manufacture in the first place. It doesn't matter what method they use, any can be suspect. There are definitely best prcitces and such which are better at preserving the integrity of evidence, but mostly that is a benefit to the investigation. (You know, like not changing the damn password like they did, killing the cloud storage.) Sure, some things are more likely to be seen as a clever defense challenge in court, but most are meaningless in terms of fact and more an emotional play. And there is little case here involved. They are looking for intelligence, not a way to convict dead people.

      link to this | view in chronology ]

    • identicon
      Anonymous Anonymous Coward, 9 Mar 2016 @ 8:51am

      Re: Legal question here

      I think there is an issue with the actual need for a chain of evidence. In the San Bernardino case, the perpetrators are dead and anything that would lead them to additional accomplices is available from other sources. Then of course there are the actions purposefully taken by the FBI that prohibited them from accessing the data on the phone in a method that would not require any of the current, precedent chasing shenanigans.

      In the NY case, the perpetrator plead guilty and the authorities claim they are looking for other co-conspirators or something. Again, I think that information would be available from service providers and there is no real need to get into the phone, save a me too precedent chasing manipulation.

      BTW, IANAL, nor do I play one on TV.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 9:22am

        Re: Re: Legal question here

        I think there is an issue with the actual need for a chain of evidence. In the San Bernardino case, the perpetrators are dead…
        By 2:27am on Dec 3, 2015 two persons were dead, and the federal response had begun.

        At that point, federal agents may have had similar beliefs about “the actual need for a chain of evidence.” That might have led them to discount the possibility that methods or capabilities might be disclosed in a future court case. There would still be opsec issues, as it's rather likely that not all members of the joint federal-state-local task force investigating the incident would be cleared to know all secrets.

        link to this | view in chronology ]

        • identicon
          Anonymous Anonymous Coward, 9 Mar 2016 @ 2:23pm

          Re: Re: Re: Legal question here

          But we are not talking about then, we are talking about now. There is no case. The perpetrators are dead. Anything they need to know can be found via service providers. They only want to set precedent to force manufacturers to bend to their will, at their will.

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 9:27am

        Re: Re: Legal question here

        Then of course there are the actions purposefully taken by the FBI that prohibited them from accessing the data on the phone in a method that would not require any of the current … shenanigans.
        In the middle of a live terrorism investigation, might FBI agents run a little op against NSA to learn their capabilities? Suppose knowledge was tightly compartmented, but curious people from one agency suspected that another agency might have a few tricks up their sleeves? Bright, curious, intelligent people…

        link to this | view in chronology ]

        • identicon
          Anonymous Anonymous Coward, 9 Mar 2016 @ 2:19pm

          Re: Re: Re: Legal question here

          No, they had the password changed. A stupid move, which their IT people probably knew was a stupid move.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Mar 2016 @ 3:10pm

            Re: Re: Re: Re: Legal question here

            FBI statement: iCloud password reset with FBI consent” (Published Feb 22, 2016 by County of San Bernardino)
            The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data.
            (Accord: Response to Ars Technica inquiry, posted by Cyrus Farivar.)

            link to this | view in chronology ]

            • identicon
              Anonymous Anonymous Coward, 9 Mar 2016 @ 4:06pm

              Re: Re: Re: Re: Re: Legal question here

              Yes, yes, we know all that. The issue is they failed to allow the phone to backup one more time before they changed that password. It has been discussed here several times, they could have taken the phone back to a known (to the phone) WiFi locale and allowed it to backup first. But they had already released the home to a big mess of outsiders and shut that WiFi down. Why was that? The hurrier they went the behinder they got. That is what I call stupid.

              You should climb off your agenda and take another look at what is going on here. From the FBI's point of view, there is a precedent to set here, nothing else. Or are you the FBI with your head stuck squarely in the sand?

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 9 Mar 2016 @ 4:37pm

                Re: Re: Re: Re: Re: Re: Legal question here

                You should climb off your agenda and take another look at what is going on here.

                Psychology of Intelligence Analysis by Richards J. Heuer, Jr.
                Chapter 8: Analysis of Competing Hypotheses
                The way most analysts go about their business is to pick out what they suspect intuitively is the most likely answer, then look at the available information from the point of view of whether or not it supports this answer. If the evidence seems to support the favorite hypothesis, analysts pat themselves on the back ("See, I knew it all along!") and look no further.

                link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Mar 2016 @ 5:27pm

            Re: Re: Re: Re: Legal question here

            Document 16-32: “Declaration of Lisa Olle in support of Apple Inc's Motion to Vacate Order Compelling Apple Inc. To Assist Agents In Search, and Opposition To Government's Motion To Compel Assistance” (Feb 25, 2016)
            4. I oversaw Apple's response to the legal requests that Apple received related to the December 2, 2015 shooting in San Bernardino, California.

            5. On Saturday, December 5, 2015, Apple's emergency 24/7 call center received a call at approximately 2:46 a.m. PST requesting information relating to the case. Throughout that day, Apple employees were in regular communication with the FBI regarding its investigation. The same day, Apple received legal process seeking customer or subscriber information regarding three names and nine specific accounts. In response to that request, Apple made two productions of information that same day.

            6. Throughout the investigation, I and other Apple representatives, including a senior engineer, continually made ourselves available to the government, on a 24/7 basis, participating in teleconferences, providing technical assistance, answering questions from the FBI, and suggesting potential alternatives for the government to attempt to obtain data from the Subject Device.

            7. On Sunday, December 6, 2015, Apple received a search warrant for information relating to three accounts, including, but not limited to, account information, emails, and messages, associated with the accounts. In response to that search warrant, Apple provided the government with information in Apple's possession that same day.

            8. On Wednesday, December 16, 2015, Apple received legal process seeking customer or subscriber information regarding one name and seven specific accounts. In response, Apple provided the government with information in Apple's possession that same day.

            9. On Friday, January 22, 2016, Apple received a search warrant for the iCloud account related to the Subject Device for the same types of information as in the previous warrant. In response, Apple provided the government with information in Apple's possession on Tuesday, January 26, 2016.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 10 Mar 2016 @ 9:21am

              Re: Re: Re: Re: Re: Legal question here

              The San Bernardino incident took place on Wed., Dec. 2, 2015. That day, Mr Obama said, “It's still an active situation. FBI is on the ground offering assistance to local officials as they need it.”

              The federal warrant to search the black Lexus, Cal lic.# 5KGD203, was issued at 2:27a.m. on Thu., Dec. 3rd. The government has also stated that the iPhone 5c was seized from the Lexus on the 3rd.

              Also on Thu., Dec. 3, FBI took the lead in the investigation. Additionally, Rep. Adam B. Schiff (Calif.), the ranking Democrat on the House Intelligence Committee was briefed.

              On Fri., Dec. 4, FBI announced at news conferences in San Bernardino and Washington, that it was treating the case as an “act of terrorism”.
              “We are going through a very large volume of electronic evidence,” Mr. Comey said.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 10 Mar 2016 @ 9:31am

              Re: Re: Re: Re: Re: Legal question here

              Also, on Fri., Dec. 4, 2015, the bizarre media invasion of the Redlands apartment took place.
              CBS News correspondent David Begnaud joins CBSN with a look inside the home of the two San Bernardino, California, mass shooters.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 10 Mar 2016 @ 9:46am

                Re: Re: Re: Re: Re: Re: Legal question here

                CBS News correspondent David Begnaud joins CBSN with a look inside the home of the two San Bernardino, California, mass shooters.

                Psychology of Intelligence Analysis by Richards J. Heuer, Jr.
                Chapter 10: Biases in Evaluation of Evidence
                The Vividness Criterion

                The impact of information on the human mind is only imperfectly related to its true value as evidence.Specifically, information that is vivid, concrete, and personal has a greater impact on our thinking than pallid, abstract information that may actually have substantially greater value as evidence.
                (Footnote omitted.)

                link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Mar 2016 @ 6:04pm

            Re: Re: Re: Re: Legal question here

            Document 16-33: “Declaration of Erik Neuenshwander In Support Of Apple Inc's Motion To Vacate Order Compelling Apple Inc. To Assist Agents In Search, and Opposition To Government's Motion To Compel Assistance” (Feb 25, 2016)
            59. The government may also have been able to obtain the latest data from the device through iCloud backup had the FBI not instructed the SBCPHD to change the iCloud password associated with the account.

             . . .

            61. Shortly after the shooting, in the course of voluntarily providing the FBI with guidance, Apple recommended to the FBI that that the device be connected to a known Wi-Fi network, such as one at the subject’s home or at the SBCPHD, and plugged into a power source so it could potentially create a new iCloud backup automatically. If successful, that backup might have contained information between the last backup and the date of the shooting.

            link to this | view in chronology ]

    • icon
      John Fenderson (profile), 9 Mar 2016 @ 9:03am

      Re: Legal question here

      "Will that pass 'chain of evidence' challenges?"

      Well, in this particular case that's a nonissue. It's very clear that the feds don't actually think the phone contains anything that would be useful in court anyway. Further, their interest is not actually in the contents of the phone per se, but in gaining the legal precedent.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Mar 2016 @ 9:12am

        Re: Re: Legal question here

        It's very clear that the feds don't actually think the phone contains anything that would be useful in court anyway.
        Why don't you think that the feds are engaging in “parallel reconstruction” in the San Bernardino case?

        Further, their interest is not actually in the contents of the phone
        Doesn't the federal government have a long-standing record of protecting (or attempting to protect) the secrecy of sources, methods, and capabilities?

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 9 Mar 2016 @ 9:52am

          Re: Re: Re: Legal question here

          "Why don't you think that the feds are engaging in “parallel reconstruction” in the San Bernardino case?"

          Parallel reconstruction of what? There is no court case that such reconstruction would be used in.

          As to their record of protecting methods, etc., yes of course. But what does that have to do with their interest in compelling Apple?

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Mar 2016 @ 10:00am

            Re: Re: Re: Re: Legal question here

            There is no court case that such reconstruction would be used in.
            Yet.

            Further, that would not be the only application for “parallel reconstruction”.

            Suppose that the San Bernardino iPhone 5c was accessed early in the investigation by means of ‘national technical capabilities’. It seems a fair possibility that knowledge of that access may have leaked to task force members who had no need to know about the existence of that national technical capability.

            So, “parallel reconstruction” would explain the fact of access for those people who weren't read into the access capability that was actually used during the pressure of the investigation.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 9 Mar 2016 @ 12:23pm

              Re: Re: Re: Re: Re: Legal question here

              Evidence laundering (the proper name for it) is used to convict someone of a crime when the evidence was obtained via an illegal process. In this case the perpetrator was already dead when the phone was recovered so there is no one to convict regardless of what is obtained or how.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 9 Mar 2016 @ 12:36pm

                Re: Re: Re: Re: Re: Re: Legal question here

                In this case the perpetrator was already dead when the phone was recovered so there is no one to convict regardless of what is obtained or how.
                And the San Bernardino County District Attorney's conjecture about a reported third shooter just flows from the chaotic and confusing initial reports—combined with the utterly implausible musing of a raving lunatic?

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 9 Mar 2016 @ 1:13pm

                  Re: Re: Re: Re: Re: Re: Re: Legal question here

                  So this is where we are now... The DA not only has to invent a method by which evidence was obtained legally for a case, but also invent perpetrators in the case as well? How crazy is that?

                  link to this | view in chronology ]

                  • identicon
                    kallethen, 9 Mar 2016 @ 1:19pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Legal question here

                    Well, they already want Apple to invent software to crack into the phone, might as well invent everything else!

                    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Mar 2016 @ 12:43am

      Re: Legal question here

      no more so than giving the phone to apple and letting them do it.

      link to this | view in chronology ]

    • icon
      Dave Howe (profile), 10 Mar 2016 @ 8:55am

      Re: Legal question here

      Shouldn't matter - after all, the FBI are claiming this is "just about this one phone" and they aren't really in a position to prosecute it's owner.

      More generally though - they could take a forensic copy of both the flash and the onboard storage, and use that to prove a chain of evidence (in that the storage is not altered, and the intel came from that storage)

      link to this | view in chronology ]

    • identicon
      Anonymous coward, 10 Mar 2016 @ 2:19pm

      Re: Legal question here

      The files stored in NAND memory aren't the info that they're really looking for. What is on it is just standing in the way of brute forcing the passcode to the encrypted hard memory chip. The hard memory is a separate chip. The chip that contains the NAND files is changeable and will be changed but what is on this erasable memory isn't going to be used in court as evidence.

      It's the files in hard memory chip that they're trying to decrypt and this chip won't be removed from the phone or altered in any way when they do get in. They'll pull a copy to use as evidence leaving this separate chip unaltered.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 8:17am

    Are they asking Apple to circumvent copy protection?

    Isn't that illegal? Won't the world end if copy protections are circumvented? Won't we have total economic collapse? For the love all things good, Apple should not be compelled to do this!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 8:24am

    Fact # 1 Auto updates are a backdoor, that only the phone manufacture has the key to. The issue is the FBI also wants a key. ( and why should apple be the only one with access to your data?, at least the govt would have regulations on what can and can't be done with it. Apple has "no rules". They could sell your data to the terrorists. (And they probably already have).
    Fact #2, Spoof the auto update site, and the phone will update what ever script the spoofer wants. ( it has been done before).
    Fact #3, Apple is the easiest way to access the data on that phone.
    Fact #5 Anonymous stated that they wanted to assist in the capture of terrorists, The FBI should reach out to them.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 8:51am

      Re:

      2: It's not just a matter of spoofing the website; the code needs to be signed by the proper key. If the FBI can do this, security everywhere is in trouble.

      3: Probably, but "easiest" does not mean "easy". If the FBI can do this stuff with the hardware without bothering Apple, they should.

      It might be easiest for the local prosecutor to demand you jump start his car rather than calling a repair shop, but that doesn't mean he has the right to demand that from you. Even if it means a criminal goes free because he's late to court.

      link to this | view in chronology ]

  • icon
    TechDescartes (profile), 9 Mar 2016 @ 8:32am

    Perception is Reality

    To it, Apple is the obstacle standing between it and the wealth of information it [wants the public to] imagine[] might possibly be on that phone.
    A few edits for accuracy. The FBI knows there is nothing on this phone. They just want the power to go after every other phone. Public perception is just a pawn in the FBI's eyes.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 9:40am

    If brute forcing is not practical in a human lifespan, i'd say the characterization of 'permanently inaccessible' is pretty apt.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Mar 2016 @ 3:47pm

      Re:

      I think you missed the core of the article:
      A testing socket can be hooked up instead of the current NAND chip. This socket can have ignore the erase command.

      So: 4-digit PIN has 5040 permutations.
      This means they'll have to reset the NAND (or ignore the erase) a maximum of 504 times.

      Let's say entering 10 PINs takes 5 seconds. Let's say restoring the NAND takes 20 seconds.

      This means that it will take a maximum of 12600 seconds to try every permutation.

      To put that in perspective, that's 210 minutes, or 3.5 hours. That's shorter than the time it will take to get all the equipment into the same room, and WAY shorter than the time between March 1 (when Comey was challenged on this solution, to which he pled ignorance) and today -- just in case it was really a situation where nobody had thought to do it that way.

      It's no longer about the phone's contents at all. The FBI has been spoonfed an alternate method of getting those. This is purely about setting precedent compelling a private corporation to modify its software to defeat security protections.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Mar 2016 @ 12:50am

        Re: Re:

        This is purely about setting precedent compelling a private corporation to modify its software to defeat security protections.

        Modifying the software is a minor part of what they want, the real desire is forcing the company to sign and distribute the modified software. That way they become able to bypass code signing protections every time they can get a warrant, and if they can get a company to target a machine via its normal code distribution channels, they do not have to have possession of the machine, but can get software installed to aid their investigation prior to an arrest.

        link to this | view in chronology ]

      • identicon
        Jason, 10 Mar 2016 @ 6:10am

        Re: Re:

        Not to be pedantic, but "5040 permutations" implies that each number can only be pressed once. (10*9*8*7 = 5040) My phone has already gone to 6-digits, but I can still make a code with all six numbers the same, and I'm fairly sure the older 4-digit method allowed that too. That would mean it's really 10^4 = 10,000 combinations.

        Not a big difference in orders of magnitude--roughly double--so I don't think it changes the core argument here, but it's important to have the numbers right.

        link to this | view in chronology ]

  • icon
    Ninja (profile), 9 Mar 2016 @ 9:42am

    I assume that if they could get the precedent they'd say that by not getting access to that phone cancer, aids and dead puppies would spread like the plague. They are just throwing every argument they can without going into the complete nonsense field where even the ignorant on technology will call them for the bullshit.

    link to this | view in chronology ]

  • identicon
    Just Sayin, 9 Mar 2016 @ 9:54am

    The tail trying to wag the dog

    This three letter agency s/b dismantled brick by brick and the clowns running the show should be sent to Kansas to manage municipal dog pounds. Hoover took his payoffs at the race track by way of tips on fixed races. Latter day clowns and crooks made their separate deals with the Chinese et al, while playing Let's Pretend.

    A few good people s/b retained to establish a professional investigative agency that does not fear due process and citizens who insist on respect for the Bill Of Righrs, and harbor no ambitions to bend/make laws to entrap mentally challenged folks in order to pad their stats, not to mention outright murder as standard procedure ala Ruby Ridge, Waco (thanks Janet), etc.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 10:05am

    The victims, and the family of the victims should be disgusted....

    Not by Apple, or the tech companies though.
    They should be disgusted that they are used and that the attack is by extension of those who they should trust the most, still happening on some ways.
    They are being manipulated and lied to by those who should be giving some form of closure.
    I seriously doubt that the FBI exspects to find anything of even slight value on that phone and as time passes, they are revealed to be even bigger liars to say that they even needed this in the first place.
    Then they drag the victims and families out in the media to be a head of their lying scheme, by blackmailing them with "promises" of finding evidence that the sick people who did this are part of some evil conspieracy and thus that there is a chance that this is not just the meaningless actions of two sick minds, but that the death and destruction caused will untimately lead to a greater good.

    How sick and twisted the minds, of those who came up with this scheme, must be.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Mar 2016 @ 1:33pm

    "00:51:36 Darrell Issa: Let's assume that you can make an infinite number of copies once you make one copy, right?
    ....
    00:51:42 James B. Comey Jr.: I have no idea.
    . . . .
    00:53:18 James B. Comey Jr.: Firstly, I'm the director of the FBI. If I could answer that question, there'd be something dysfunctional in my leadership.
    . . . .
    0:54:07 James B. Comey Jr.: I -- I did not ask the questions you're asking me here today, and I'm not sure I fully even understand the questions. I have reasonable confidence --.."

    I'm not sure the US govt could pay me enough to get me to make such a complete idiot of myself in front of Congress and broadcast to the planet. Surreal. Does not Congress have the power to compel appearances by just about anyone they want? I would have insisted that Comey name names of the tech command hierarchy and compel each one to appear until one of them could answer the question: "If you could make one copy could you make many other copies? Yes or No". But of course it was all about plausible deniability '"Oh I must have misunderstood" "Oh I thought you were asking about.." "Oh I mis-spoke, that was nothing to do with me, these are not my pants, that is not my purse, and the other guy did it".

    link to this | view in chronology ]

  • identicon
    Digitari, 9 Mar 2016 @ 4:08pm

    So, which is it?

    Is Comey an idiot or just a lair? the Third alternative is just to scary to believe, He ACTUALLY thinks like this!

    I was in the Military 30 some years ago, this was not uncommon between the enlisted and and commissioned ranks.

    Officers made the Orders, and sometimes, even though not illegal, were still impossible to carry out.

    link to this | view in chronology ]

  • identicon
    Personanongrarta, 9 Mar 2016 @ 5:19pm

    Lies, Damn Lies and FBI

    Only a totalitarian government that is in fear of it's citizens is compelled to surveil their daily lives in minutiae. As it stands today the control freak authoritarians within the US government photograph every piece of mail sent via US Postal Service.

    The paragraph below was excerpted from NY Times:

    U.S. Postal Service Logging All Mail for Law Enforcement

    By RON NIXONJULY 3, 2013

    Mr. Pickering was targeted by a longtime surveillance system called mail covers, a forerunner of a vastly more expansive effort, the Mail Isolation Control and Tracking program, in which Postal Service computers photograph the exterior of every piece of paper mail that is processed in the United States — about 160 billion pieces last year. It is not known how long the government saves the images.

    http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html?_r=0


    There is also the "Bank Secrecy Act" where those same authoritarians force your bank to act as a snitch and report any transactions over $10,000.00.


    https://www.fincen.gov/statutes_regs/bsa/

    The US government excels at using the specious claim of preventing future acts of domestic terrorism from occurring as the justification for it's unconstitutional actions (they create the terrorists and then steal our liberties to provide for our "safety").

    Ending/weakening encryption is not the panacea the US government proclaims it would be: If we awoke one morning and found ourselves living within the realm of unicorns where the US government had the magic power to decrypt all data thus empowering Uncle Sam to peer into the nooks and crannies of every persons and businesses digital life there would still be acts of terrorism committed.

    This is the tell of the tale: US government surveillance has nothing to do with preventing terrorism and everything to do with totalitarianism (protecting the status quo from citizens who are becoming increasingly tired of being exploited every day of their lives).

    PS James Comey did not ascend to the lofty perch of FBI Director because he was the most capable person rather he is another in long line of pliably supine political appointees who clicks his/her heels, salutes smartly and then marches off unquestioningly to the beat of his masters drum.

    link to this | view in chronology ]

  • icon
    Monday (profile), 10 Mar 2016 @ 12:24pm

    Truth was there all along...

    THERE IT IS!!!

    "... [other] law enforcement groups filing briefs in support of the FBI that basically stated they, too, would like Apple to be forced to comply with orders like these..."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Mar 2016 @ 7:41pm

    … flux…
    Didja ever take the time to really learn about flux types and chemistry?

    More-or-less 'round about the time the European RoHS directive began make Pb-free a thing, I learned just enough about flux chemistry to begin to understand how much I didn't know about it.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.