Apple Might Be Forced To Reveal & Share iPhone Unlocking Code Widely

from the not-so-easy dept

Among the many questions swirling around the challenge to U.S. Magistrate Judge Sheri Pym's Order that Apple create software to bypass the iPhone passcode screen, a matter of paramount public interest may have been overlooked: Even if the government prevails in compelling Apple to bypass these iPhone security features: (A) evidence for use in a criminal trial obtained in this way will be challenged under the Daubert standard (described below) and the evidence may be held to be inadmissible at trial; and (B) the Daubert challenge may require disclosure of Apple's iPhone unlocking software to a number of third parties who would require access to it in order to bring the Daubert challenge and who may not secure the new software adequately. To state that neither consequence would be in the public interest would be an understatement in the extreme.

The Daubert challenge would arise because any proffered evidence from the subject iPhone would have been obtained by methodology utilizing software that had never been used before to obtain evidence in a criminal trial. The Supreme Court, in Daubert v. Merrill-Dow Pharmaceutical-Dow Pharmaceuticals, Inc., held that new methodologies from which proffered evidence is derived must, when challenged, be substantiated by expert scientific testimony in order to be admissible. In Daubert, the court stated that the criteria that must be utilized when faced with a defense challenge to scientific testimony and evidence are:
  1. Can the methodology used to reach the expert's conclusion (the new software here) be tested and verified?
  2. Have the methodology and software been peer-reviewed and has the review been published in a peer-reviewed journal?
  3. Do the techniques used to reach the conclusion (here, to obtain the evidence) have an ascertainable error rate?
  4. Has the methodology used to generate the conclusion (the evidence) been generally accepted by the relevant scientific community?
Under the Daubert standards, introduction of evidence from the iPhone, electronic communications and data stored in the phone, would require the testimony of an expert witness to, among other things:
  • establish the integrity of the data (and its reliability) throughout the chain of custody;
  • explain whether any person or software could modify the data coming off of the phone;
  • verify that the data that came off the phone as delivered by Apple and held by law enforcement was the data that had originally been on the phone;
  • explain the technical measures, such as the digital signatures attached to the data, used ensure that no tampering has occurred and their likely error rates.
Such an expert would, in preparation for his or her testimony, require access to and examination of the software, as it is inconceivable that defense counsel would simply accept the testimony of the Apple personnel without also demanding that their own, third-party, experts have access to the code.

In addition, defense counsel would undoubtedly demand the right for their own third-party experts to have access not only to the source code, but to further demand the right to simulate the testing environment and run this code on their own systems in order to confirm the veracity of evidence. This could easily compromise the security of the new unlocking code, as argued by in the amicus brief filed with Judge Pym by Jennifer Granick and Riana Pfefferkorn from Stanford's Center for Internet and Society (also covered previously by Techdirt):
There is also a danger that the Custom Code will be lost or stolen. The more often Apple must use the forensic capability this Court is ordering it to create, the more people have to have access to it. The more people who have access to the Custom Code, the more likely it will leak. The software will be valuable to anyone eager to bypass security measures on one of the most secure smartphones on the market. The incentive to steal the Custom Code is huge. The Custom Code would be invaluable to identity thieves, blackmailers, and those engaged in corporate espionage and intellectual property theft, to name a few. 
Ms. Granick and Ms. Pfefferkorn may not have contemplated demands by defense counsel to examine the software on their own systems and according to their own terms, but their logic applies with equal force to evidentiary challenges to the new code: The risk of the software becoming public increases when it is examined by multiple defense counsel and their experts, on their own systems, with varying levels of technical competency. Fundamentally, then, basic criminal trial processes such as challenges to expert testimony and evidence that results from that testimony based on this new software stand in direct tension with the public interest in the secrecy and security of the source code of the new iPhone unlocking software.

At best, none of these issues can be resolved definitively at this time because the software to unlock the phone has not been written. But the government's demand that the court force Apple to write software that circumvents its own security protocols maybe shortsighted as a matter of trial strategy, in that any evidence obtained by that software may be precluded following a Daubert inquiry. Further, the public interest may be severely compromised by a court order directing that Apple to write the subject software because the due process requirements for defense counsel and their experts to access the software and Apple's security protocols may compromise the secrecy necessary to prevent the proposed workaround from becoming available to hackers, foreign governments and others. No matter what safeguards are ordered by a court, security of the new software may be at considerable risk because it is well known that no security safeguards are impregnable.

The government may be well advised to heed the adage, "Be careful what you ask for. You may just get it." Its victory in the San Bernardino proceedings may be worse than Pyrrhic. It could be dangerous.

Kenneth N. Rashbaum is a Partner at Barton, LLP in New York, where he heads the Privacy and Cybersecurity Practice. He is an Adjunct Professor of Law at Fordham University School of Law, Chair of the Disputes Division of the American Bar Association Section of International Law, Co-Chair of the ABA Section of International Law Privacy, E-Commerce and Data Security Committee and a member of the Section Council. You can follow Ken @KenRashbaum

Liberty McAteer is an Associate at Barton LLP. A former front-end web developer, he advises software developers and e-commerce organizations on data protection, cybersecurity and privacy, including preparation of security and privacy protocols and information security terms in licensing agreements, service level agreements and website terms of service. You can follow Liberty @LibertyMcAteer
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: daubert standard, doj, encryption, evidence, fbi, security
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    TheResidentSkeptic (profile), 9 Mar 2016 @ 11:44am

    No reason to panic..

    ..we'll just pass a law making illegal for bad guys to have a copy.

    link to this | view in thread ]

  2. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 9 Mar 2016 @ 11:55am

    Call me thick, but this is the first time I've noticed that the FBI vs. Apple ruling was issued by a worthless whore. Wow - what a "surprise".

    link to this | view in thread ]

  3. icon
    SteveMB (profile), 9 Mar 2016 @ 12:02pm

    Even somebody who learned everything they know about the law from CSI: Wherever and Ace Attorney can see through the obvious absurdity of the "Apple can keep the backdoor code secure so it won't get out" argument. If the Feds actually allowed that (or pretended to allow that) it would open the door to scenarios like:

    Feds: We've got a search warrant for this phone, but we can't get in. Can you help?
    Me: (Sees owner's name engraved on phone back, and recognizes it as that of the asshole who stole my girlfriend, ran over my cat, and keyed my car) Sure! There's just one caveat, though -- I can't let you look at the code I'll be using because it might release a dangerous cyber pathogen.
    Feds: Well... OK.
    (later)
    Feds: Geezus Q. Christ! We thought this guy was just stealing credit card numbers, and it turns out that he's the world's biggest kiddie-porn meth-lab jihadist ringleader!

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 9 Mar 2016 @ 12:19pm

    Here's what Apple should do:

    1. Secretly write the backdoor software in the event that they lose the case
    2. If they lose, When told to hand it over, do so
    3. Release OS 9 the same day
    4. Tell the FBI, "Oh, sorry, you asked for software to unlock OS 8, you didn't say anything about OS 9..."

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 9 Mar 2016 @ 12:21pm

    It'll never be used in a criminal trial

    They'll find a parallel construction for anything useful in a criminal trial.

    (And nothing prevents what's found on the phone from being used in non-judicial ways like no-fly-lists, being added to NSA contact chaining, etc.)

    link to this | view in thread ]

  6. icon
    cjstg (profile), 9 Mar 2016 @ 12:25pm

    Isn't that the point?

    Isn't this what the whole fight is about? I'm not even a lawyer, and I realized the first time I read about this case how important it was that Apple simply refuse to do this (under any circumstances, including jail time for contempt of court). Once the phone evidence enters the courtroom, the entire process of unlocking the phone is subject to scrutiny. The precedence issue is secondary.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 9 Mar 2016 @ 12:41pm

    Cy Vance

    So it looks like Cy Vance's cybernetic pathogen is on that phone, it just does not exist yet. He is the one who wants Apple to make it.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 9 Mar 2016 @ 12:46pm

    The governments narrow tunnel vision to get what they want at any cost is beginning to look a lot like someone didn't think beyond this was a great way to open up the encryption access. The ramifications of what it would really mean in courts and the legal world were of no consequence at the time this theory to force Apple to open their encryption to LEO occurred.

    As time goes on and it is discussed, more and more this begins to look like a terrible idea.

    link to this | view in thread ]

  9. icon
    Groaker (profile), 9 Mar 2016 @ 12:49pm

    And I thought slavery was over when the draft ended. Seems it is back again.

    link to this | view in thread ]

  10. icon
    z! (profile), 9 Mar 2016 @ 1:01pm

    Brings up another thought- Daubert as applied to anything retrieved from an otherwise encrypted device. I wonder how much a defense could use it to challenge evidence. Would be also be an interesting approach to stingray-acquired evidence.

    link to this | view in thread ]

  11. icon
    aldestrawk (profile), 9 Mar 2016 @ 1:07pm

    clarification

    This article ought to have mentioned that any code used to update an Apple iPhone has to be digitally signed. Only Apple has the key necessary to sign such code. The FBI has not asked for that key and they will not be required to release it. This is the whole reason the FBI wants to compel Apple to write code that defeats their own security. The FBI may be capable of writing such code but they can't update an iPhone with their version. The FBI also asked Apple to make the update work on only the one iPhone in question. The way to do this is have the update check for one or more of the unique Ids used only on that particular phone (e.g UUID, serial #, cell IMEI, Bluetooth and WI-FI MAC addresses). The presence of a digital signature also means that the FBI, or anyone besides Apple, cannot alter the code even if they had a copy of the, un-compiled, source code.
    So, what's all the worry about then? I don't know the particulars of where, and how, these unique are stored on the iPhone. What may be possible though is to spoof these Ids to make another iPhone appear to be the one used by the San Bernardino terrorists. Another possible weakness is that every time a small change is made in the digitally signed code, it becomes easier to crack the key. A multitude of law enforcement agencies getting a new version for each case may allow the signing key to be discovered. I don't know if that is realistic in this instance, but it is something that should be looked at.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 9 Mar 2016 @ 1:12pm

    Re:

    Slavery will never end, it will just changes forms.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 9 Mar 2016 @ 1:18pm

    Re:

    I like this thinking, except iOS is on 9.2.1 right now. Let's just bump that to iOS 10.

    Or perhaps they can go the route of the Government when receiving FOIA requests and say development will take X months and cost $660 Million dollars.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 9 Mar 2016 @ 1:18pm

    Re:

    What happens when the defence challenges how evidence was obtained by compromising TOR, and wants proof that the software installed on machines was not used to plant evidence.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 9 Mar 2016 @ 1:23pm

    Expert examination?

    "Such an expert would, in preparation for his or her testimony, require access to and examination of the software,"

    Next proposal about that from the FBI: 'We' in the form of the US govt already have in place a standard procedure which should be used here, in the form of the TPP access procedures. The expert may be allowed to enter a room, with no pencils, paper, cameras or other recording devices, and then may look at a printout of the code (4-point type) and even perhaps at a hologram of the phone's internals. Director Comey will insist that is a sufficient examination, his experts told him so even though he didn't understand anything they told him (fully in the vein of the earlier TD story detailing his responses to Congress).

    Surely a procedure which is deemed adequate for treaty examinations must be good enough for a mere phone.

    link to this | view in thread ]

  16. identicon
    Brig C. McCoy, 9 Mar 2016 @ 1:33pm

    Re: Cy Vance

    It's not Cy Vance (NY DA) with the cybernetic pathogen, it's the DA from San Bernardino County, Michael Ramos. I mean, I can understand the confusion, they're both full of... shaving cream!

    ...brig

    link to this | view in thread ]

  17. icon
    ThatDevilTech (profile), 9 Mar 2016 @ 1:56pm

    Re: clarification

    I think that was discussed when all this initially started about the "one phone" bs. It may be about one phone THIS time, but who is to say someone doesn't get the rogue code and revers engineers it for ANY phone to work. Or to trick the signing functionality? I don't want Apple to do this for ANY phone. It just sets too big of a precedent.

    link to this | view in thread ]

  18. icon
    sigalrm (profile), 9 Mar 2016 @ 2:06pm

    Re: clarification

    Let me fix this for you:

    Only Apple is known to have the key(s) necessary to sign such code.

    link to this | view in thread ]

  19. icon
    art guerrilla (profile), 9 Mar 2016 @ 2:08pm

    Re: clarification

    "The presence of a digital signature also means that the FBI, or anyone besides Apple, cannot alter the code even if they had a copy of the, un-compiled, source code."

    wha ? ? ?
    NOT a programmer, but this set my BS meter pegging; not sure how in hell you can make the "un-compiled source code" un-editable/copyable/etc...

    link to this | view in thread ]

  20. icon
    sigalrm (profile), 9 Mar 2016 @ 2:09pm

    Re: Re: clarification

    everyone's obsessed with the fact that the computer in question is a phone.

    It's a computer, with an OS/Firmware.

    Functionality aside, It's fundamentally no different than any other Internet of Things device.

    "Dear Amazon: We think Individual X may be up to something illegal. Please provide a custom firmware for their Alexa...."

    "Dear Samsung: We think Individual X may be up to something illegal. Please provide a customer firmware for their smart TV..."

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 9 Mar 2016 @ 2:11pm

    Re: Re:

    OH, come on, not even....ONE BILLINO DOLLARS!? /Dr.Evil

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 9 Mar 2016 @ 2:25pm

    It's time for a serious crowdmock of the cyber-pathogen idiocy. We want T-shirts, bumper stickers, signature lines. Herewith some modest proposals:


    DORMANT CYBER PATHOGEN
    (Do not wake | Do not turn me on)

    I AM CYBER PATHOGEN
    AND I VOTE!

    CYBER PATHOGENS UNITE
    Today San Bernardino, Tomorrow the (World|Underworld)!

    UNLOCK THE iPHONE:
    FREE THE SAN BERNARDINO CYBER PATHOGEN!

    REAL CYBER PATHOGENS RUN ON ANDROID

    CYBER PATHOGEN EXTERMINATOR
    Your phone is pathogen-free.
    You owe me $1,000,000

    REAL PATHOGENS RUN ON DNA

    (A pictures of a unicorn in some appropriate but improbable pose--sleeping, rampant, penned up, dead, etc.--is optional but strongly recommended)

    Other media should't be overlooked: say, tinfoil caps labelled "cyber pathogen protector" (with, of course, a unicorn head in the traditional red slashed circle); "cyber-pathogen-free" stickers to post on pay phones and power outlets--"let a thousand snickers bloom, let a hundred online shops contend."

    link to this | view in thread ]

  23. icon
    Dismembered3po (profile), 9 Mar 2016 @ 2:36pm

    this certainly changes the calculus doesn't it?

    THE KEY! THE KEY! THE KEY! THE KEY! THE KEY! THE KEY!


    I'm not sure but I don't think this code itself is a big problem.

    The big problem seems to me that in order to validate the code, and that it works as advertised against a real device the expert would have to have access to Apple's signing key.

    Apple's signing key.

    APPLE'S SIGNING KEY.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 9 Mar 2016 @ 2:54pm

    Re:

    link to this | view in thread ]

  25. icon
    nasch (profile), 9 Mar 2016 @ 4:14pm

    Re: Re: clarification

    not sure how in hell you can make the "un-compiled source code" un-editable/copyable/etc...

    They can edit it all they want, but the phone won't run it after that.

    link to this | view in thread ]

  26. identicon
    jim, 9 Mar 2016 @ 4:15pm

    Re:

    So in their defense, you say it's okay for a foreign government to have that ability to unlock the phone anytime it wants, but not one trying a supposed drug dealer, and two dead people who shot at the cops? Interesting argument.
    I believe with the source code, telling the machines how to operate, it can be reverse engineered to show what is needed to make it operate, and what functions are needed to minimumly operate the machine.
    Believe they already have all the information off the device,but it is legally unusable. In both cases. So what else are they after? Or who? Unusable, no warrants at the time. But a court would let them get away with that, but to use as evidence, that would be a very odd court. But it could be presented to a grand jury as hearsay, for further action. But it still didn't get to the issue, why did Apple not fulfill the original request? It wasn't the privacy issue then. They did it on other occasions, why stop then? There is some other motive, but what. Fired the wrong guy? Didn't say pretty please? Wanting paid for the last time?

    link to this | view in thread ]

  27. icon
    Aaron Walkhouse (profile), 9 Mar 2016 @ 4:16pm

    Daubert and defence counsel access are both irrelevant here.

    Daubert requires a new methodology [such as DNA analysis]
    to trigger a scientific review. That's why the four prongs
    cited are an obvious poor fit to this case.

    1. This software is tested/verified by the sole defendant.
    2. Peer review is not, and never will be, relevant here.
    3. A backdoor works or it doesn't. There can be no error rate.
    4. There is no "relevant scientific community" for Apple's
    proprietary trade secrets, particularly when the original
    court order specified the software be destroyed upon use.

    The software proposed may be new but there is no new
    technological or scientific research needed to make the
    software or use it and development is limited to altering
    or disabling established code already in use.



    Likewise, the prospect of defence counsel demanding access
    falls moot before the fact that Apple is the sole defendant
    for this and future All-Writs cases on iPhones.

    Other defendants may wish to suppress evidence obtained by a
    backdoor but they won't be able to get their hands on the
    backdoor itself because the presence of the evidence proves
    that the backdoor worked. Nobody would be able to argue
    that a mere backdoor conjured up evidence that was not
    already there to be found and they couldn't use Daubert
    because it's just a backdoor and not a new scientific method.

    link to this | view in thread ]

  28. icon
    JoeCool (profile), 9 Mar 2016 @ 4:33pm

    Show of hands

    How many other people read that as a Dilbert inquiry? I could just see Wally being put in charge of the Custom Code and selling it to the Elbonians. :)

    link to this | view in thread ]

  29. icon
    Whatever (profile), 9 Mar 2016 @ 5:07pm

    Re: Daubert and defence counsel access are both irrelevant here.

    I think you nailed it here. There is no new technology, there is no new methodology in play. Encryption (and the decryption) of digital information is well known and reliable technology.

    Moreover, let's be clear here: When you decrypt something, you either get the data in the clear or you get garbage (you failed!). It's not like it's suddenly add "I buried the body in the backyard next to the orange tree" in every document.

    It seems like this argument is more of a defense lawyer trying to delay the inevitable rather than a strong legal argument. I'm not a lawyer, but even I can see this one as insanely weak and likely to be tossed.

    link to this | view in thread ]

  30. icon
    madasahatter (profile), 9 Mar 2016 @ 5:12pm

    Interesting Issue

    So, the DO(In)J has not thought trough the implications of their stupidity. That is not surprising given their level of incompetence.

    link to this | view in thread ]

  31. icon
    Aaron Walkhouse (profile), 9 Mar 2016 @ 5:28pm

    As both arguments are more likely to annoy a judge than create a delay…

    …I'd say any lawyer with actual skin in the game wouldn't even try either one.   ;]

    link to this | view in thread ]

  32. identicon
    Karen Vaisman, 9 Mar 2016 @ 5:36pm

    Feeling torn

    I see both sides. I'd like to see it argued publicly by knowledgeable people.

    link to this | view in thread ]

  33. icon
    nasch (profile), 9 Mar 2016 @ 5:53pm

    Re: Daubert and defence counsel access are both irrelevant here.

    Other defendants may wish to suppress evidence obtained by a
    backdoor but they won't be able to get their hands on the
    backdoor itself because the presence of the evidence proves
    that the backdoor worked. Nobody would be able to argue
    that a mere backdoor conjured up evidence that was not
    already there to be found and they couldn't use Daubert
    because it's just a backdoor and not a new scientific method.


    At what point is it demonstrated that it was in fact just a back door and not a malicious software package that planted evidence in the device?

    link to this | view in thread ]

  34. icon
    Aaron Walkhouse (profile), 9 Mar 2016 @ 6:16pm

    At the point where it was used, in the presence of FBI and
    Apple experts, to retrieve the data and put it directly
    into the chain of custody. ‌  Everyone present would be
    require to swear to every step of the procedure they
    carried out. ‌  It's standard practice which courts respect.

    As all it did was unlock the phone there was no opportunity
    for the backdoor to directly access the data; because that
    was done by the iPhone's normal operating system using it's
    normal, built-in functions that nobody can suspect as being
    new or unique to that one phone.

    It's like getting a landlord to unlock a door for you.   He
    never went inside after opening the door because that's the
    cops' job. ‌ Later on, all he can testify to is that he opened
    the door and let the cops in at that date and time; after
    that the scene is in police custody and only they can keep
    track of what they do and when; thus, a chain of custody.

    link to this | view in thread ]

  35. icon
    nasch (profile), 9 Mar 2016 @ 6:32pm

    Re:

    It's standard practice which courts respect.

    Of course, they also assume police never plant evidence or lie on the stand, and we see how well that plays out.

    because that
    was done by the iPhone's normal operating system using it's
    normal, built-in functions that nobody can suspect as being
    new or unique to that one phone.


    I thought this was about replacing the normal software with new software that disabled security features.

    link to this | view in thread ]

  36. icon
    sigalrm (profile), 9 Mar 2016 @ 6:52pm

    Maybe part of the problem here...

    is that people don't understand what a secret key looks like.

    This is a 2048 bit RSA key I just generated:


    -----BEGIN RSA PRIVATE KEY-----
    MIIEpAIBAAKCAQEAzSOE0cwXfpZdYP9NI1j7kqNth/oLho2k5gnlXMMrq6m1Ba/s
    HbvcPwU7tdovxUYg9+LVsN2YB/js i4jJG/njvO9O330IvQ8fKvbxezgvWdOGI+sP
    fm22WTZqRTdQ6NfUjL8DlJWsJZxihXhNP9SHLsQ4aa9j4iTRzYl+H6oa0msr4sfs
    hoHuOQpkszDGy0vJ2Gxr/N0VnxGrmsaVmgDuj514pNVgWr24L+SbhZb3fUfRztAP
    ky+q5N1AtE/INUAdPuEz+oO/OBymLOW6LKB7 RbOljWJzNev5RtfxiWdwiDfH2SH0
    TsslEQDk6/Ea1Ckz5EvH6pi93+su6zc8vbmAgQIDAQABAoIBACvMvqow4n9TyaJR
    QH4gnK5l mJhk6hsTmTbIvCE/Rs7DUHRjaI28s7z8+A/PA04iuB1VYH0AA1sIajEs
    xovjoh2QFw4e20PKu8PnsA24JFwQjt6SbN94u2t289/N fMgKdUaL7k7GWlg5eMu4
    sP3E+gwhN05RdYkuhWFWTwihwFJWz8ygoJHfvxxRMstD20uAntNMI7gmWAV1seDB
    BGnmzdhk1Ge9qVHv kjxbQYDlhjKCpWJQNM9ivPjNb57/2KYiHOmh0RyKS7QIQYtl
    3TppOoUwOrg9Ld55xkubRAuj13oHIXJewcT8DxOHjJp4zkNMqwbc pMRApQRhxk3l
    x9MLvKUCgYEA6D7XaNfMTKoihk2yHYR9MMyazGJ49gAdSB3VdeT2qXJqJfBN7FkS
    X7kkFhAreW/QI7zSfo88i2eJ Y/hKF38ok50BB7mVQR5hcIvhpYPa7O6F4C2WJOkv
    GhOIMTrlpX+jo68VThEhhH3TlIICa0ou3Ga/8UiHhV2NyjDK1vf+8i8CgYEA 4h7o
    5m3P1GFT3Hw93m9U6aejBrB4yyg55yXg6VrJnt1y5sFMNpkZDoRyJhEEZi1bujNU
    y0rCUvYfACnkgoRjoAenqiuvD1GyLfhB tGL8m0RzDikwk/kQSEd2UrjgGdmkKKyG
    TsJzKY5aoMhhmb90fZbDOUfnFS5uip90izmifE8CgYEAllQe8MFGf5Vc9ZwTH+Ij
    etPl m0heTbWzPnv5MO+87d+eb+JFPihFqWpYvmNHELrcelV91uf2Y7HoD6qmouDv
    LeVhxlNNFjKJFeWlcJKRwe1/AKXhWxEJKRLdhChA f8jH7mqlGrwh+vXLX4Rr9nC1
    NnrX4WF2P1BYODkvAsjR4IcCgYEAvV8xojn5Ql64gwEyN2V58a1JZULKByqLQ8B/
    Wi+Eh53iqsrb 7yXMzFGz35mE26XFGm3+57qWgDBLyjFLhNsnLFD85BFtrSC4XrN5
    I397GvX6fbOVUXfXYREoUSMv27ZgOwgx+yfylqz3zYvD4aVs A/oNSZ2kNCMMxN/C
    FQ+RuxUCgYA6yDOODkNRoYGsKrEcV3rtwk+tT1Avt+M9KiDpI9PAlnrna9DUoJ1W
    cHmHpyeGAiVk7vBtwgPy pi4jEjtksXKvJZ07P9qgAlNbnbjaI2Ubdi56GnuJskEg
    bLVa9iFrZvyKhsGCPmsxMnxFLs58HwLveuxjICQ0pqGPC72byUZHiA==
    -----END RSA PRIVATE KEY-----

    That's it. This is a textual representation of a 2048 bit RSA key. generate a CSR and a public key, and you can plug it into any Apache web server. Or use it to sign email. Or sign applications. And those signatures will be valid on any system with the public key installed as a certificate authority.

    If you were to see Apple's private key exported like this one is, it would look very similar, although (hopefully) 4096 bits instead of 2048 (twice as long). And it might be DSA, instead of RSA. I'm certain it's stored in a _very_ tightly controlled environment.

    This key fits trivially into a paste buffer. So would Apple's. You could print it and type it in by hand if you were so inclined. Or take a picture and OCR it. And if that happens - just once - it potentially puts the security of every Apple device on the planet at risk.

    Now, this is a simplistic example. I'm sure Apple's implementation utilizes a hierarchy of similar keys, with limited uses, etc, all signed by a single, master key which is stored in tamper-proof hardware, requires multiple people to get to it, etc. But that master key only has to get exported once to the wrong individual to compromise the entire system.

    link to this | view in thread ]

  37. icon
    Aaron Walkhouse (profile), 9 Mar 2016 @ 7:00pm

    The only functions involved in this All-Writs order is the
    login screen itself. ‌ That login screen has very little
    functionality because it is only designed for one task; so
    any elaborate spy code to meddle with data would cause an
    obvious case of bloat that any one of the people involved
    could detect. ‌ You can be sure that Apple techs would not
    let such shenanigans go unreported.

    One tech unlocks the phone, signs off on what he did and
    removes the tool, then the investigators go get the data,
    every step of which is logged and signed for. ‌ The process
    is rigorous.

    After that it's all unchanged IOS code being used by
    investigators directly because the phone and it's revealed
    unlock code is now in their sole custody. The custom login
    screen, no longer needed, would be replaced with the
    original so the iPhone could be unquestionably certified as
    absolutely in it's original state; thus placing it's
    contents securely in a properly managed chain of custody.

    If the folks operate as usual, dot all of their i's and
    cross all of their t's, a court will have no reason to
    question the process unless something unexpected happens;
    like evidence showing up early or late in the process and
    conflicting with the logs already in hand. That is rare.

    link to this | view in thread ]

  38. icon
    nasch (profile), 9 Mar 2016 @ 8:01pm

    Re:

    The custom login
    screen, no longer needed, would be replaced with the
    original so the iPhone could be unquestionably certified as
    absolutely in it's original state


    The only way the phone is in its original state is if it's factory reset. The fact that the original software was put back on the phone doesn't prove anything about what else might have happened to the data. Everything you're saying makes sense, but it seems to me (not a lawyer) falls short of proving that the data hasn't been tampered with. But maybe the defense just basically has to take the investigators' word that they didn't screw with it. That wouldn't surprise me.

    link to this | view in thread ]

  39. icon
    Aaron Walkhouse (profile), 9 Mar 2016 @ 8:46pm

    The original state of the evidence here is when the suspect
    last had it in hand
    , not before the factory shipped a new phone. ‌
    A blank phone is evidence only that a phone exists! ‌ ;]

    If all that's changed is the login screen, then after the
    access code is obtained with it and the original login
    screen is replaced, the logs of that process and the sworn
    testimony of all involved prove the OS and data have not
    been altered by the process at the time the data was
    finally accessed and copied to FBI assets. ‌ Even then,
    originals are preserved and locked away from subsequent
    investigators while backups are also locked away to
    preserve the chain of access.

    Until the phone is unlocked it is impossible to alter the
    encrypted data and after the phone is unlocked it is
    impossible for anyone to have unsupervised and unlogged
    access to the data.

    Because chain of custody procedures are followed only one
    person at a time has custody, usually supervising
    and/or assisted by one or more people as he/she works.

    These procedures, familiar to all officers, agents and
    courts, are trusted for good reason; because it is
    practically impossible to tamper with evidence without
    leaving "fingerprints" and the logs show who had custody
    when such "fingerprints" showed up.

    The legal system has had decades of practice with these
    procedures and it is very rare that someone finds new
    loopholes to exploit. You may theorize that one may exist,
    that someone has the means, motive and opportunity to
    exploit it, and that someone also coincidentally has custom-
    tailored false evidence to plant but the odds of [loophole]
    + [means] + [motive] + [opportunity] + [fake data that
    fools everybody] all coming together at the same time is so
    low that it tends to be impossible, especially in cases as
    complex as this with so many investigators and lawyers involved.

    It is those decades of history and case law which creates
    trust in chain of custody. Defense attorneys in other cases,
    [not this one because the criminals are dead] will often poke
    and prod at the chain of custody because that is what they
    are expected to do. ‌ Most of the time they only prove that
    the evidence is solid.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 10 Mar 2016 @ 2:16am

    Re: Maybe part of the problem here...

    Since when does 1,607 characters equal 2048 bits?

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 10 Mar 2016 @ 2:39am

    Re: Re: Re: clarification

    of course due process warrants, probable cause all would never enter into it, right?

    link to this | view in thread ]

  42. identicon
    Yes, I know I'm commenting anonymously, 10 Mar 2016 @ 4:13am

    The real reason

    Because of this, the data on the phone will never be submitted to the court (the FBI knows it does not need it).
    The only reason for the demand to Apple is to gain the precedent of access to mobile phones.

    link to this | view in thread ]

  43. icon
    Jeremy Lyman (profile), 10 Mar 2016 @ 4:32am

    Re: It'll never be used in a criminal trial

    Yup, no need to worry about using evidence in due process. If they could unlock these things without telling anyone we wouldn't be having this conversation right now. At least until the whole thing busted open like Stingray use in Baltimore.

    link to this | view in thread ]

  44. icon
    Jeremy Lyman (profile), 10 Mar 2016 @ 4:37am

    Re: Isn't that the point?

    I think the precedence is more important than that. An exploit for this version of the OS in the wild is bad, but setting the standard that companies are legally obligated to pour whatever resources the govt says into breaking their own tech is worse. It becomes an issue for corporate bean counters who will cost and risk analyze encryption with the knowledge that they may need to break it at some point. It's much more efficient to pre-engineer exploits. We'll never get a secure piece of software again.

    link to this | view in thread ]

  45. icon
    Jeremy Lyman (profile), 10 Mar 2016 @ 4:41am

    Re: Re: Re: Re: clarification

    Because terrorism.® Or whatever.®

    link to this | view in thread ]

  46. icon
    That One Guy (profile), 10 Mar 2016 @ 5:09am

    Re: Re: Isn't that the point?

    It becomes an issue for corporate bean counters who will cost and risk analyze encryption with the knowledge that they may need to break it at some point. It's much more efficient to pre-engineer exploits. We'll never get a secure piece of software again.

    I would(and have) argue that it's worse than that.

    Once the precedent is set that companies can be compelled to break their own encryption you can be sure that any move towards encryption that they cannot break will be painted as companies attempting to 'avoid their lawful obligations by making their products immune to legally issued warrants'. At that point it goes beyond a cost/risk analysis of how much it costs to develop encryption versus how much it would cost to break it, and moves into the realm where it becomes effectively impossible for them to ever implement truly secure encryption, as they'd face a PR and potentially legal nightmare if they ever tried.

    link to this | view in thread ]

  47. icon
    Jeremy Lyman (profile), 10 Mar 2016 @ 5:31am

    Re: Re: Re: Isn't that the point?

    Yes, we're headed towards Aero duck/not a duck territory with much more dire consequences. It's unlawful to create systems that you're unable to help the govt crack, because doing so would be sidestepping the law by following it.

    link to this | view in thread ]

  48. icon
    John Fenderson (profile), 10 Mar 2016 @ 5:36am

    Re: Re: Maybe part of the problem here...

    Since the invention of uuencoding.

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 10 Mar 2016 @ 5:44am

    Re: Re: Re: Maybe part of the problem here...

    Please splain it to us unedumacated folks. Thanks be unto ye.

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 10 Mar 2016 @ 7:15am

    All phones have a "backdoor", Its called auto updates. Apple is the only one that has a key to idevices. Apple does not have to "write a code" as they already have the code written.
    Apple is playing "I want to protect our users from the govt" to "up" their status among customers. When all I hear is Lies from them about why they don't want to assist the govt in accessing a known terrorists phone data. Apple is becoming a tool for the terrorists. Apple must want more terrorists to use their products. Apple has become a terrorist.

    link to this | view in thread ]

  51. identicon
    AJ, 10 Mar 2016 @ 8:16am

    Re:

    I think I read where Manhattan alone has upwards of 150 I phones in evidence that are "locked". So if they create the tool, then destroy it per the court order. Are they going to have to do that for every phone law enforcement wants to get into? There could potentially be thousands of phones across the country. Then what? Russia? China? This is a horrible idea.

    If I were Apple, this would compel me to release an immediate patch to all phones removing this as a possibility. It is after all, a security hole. They would be right to make it impossible to do, because if it's possible, we will force them to do it when it suits us, and do so regardless of the long term broader implications.

    link to this | view in thread ]

  52. icon
    nasch (profile), 10 Mar 2016 @ 8:16am

    Re:

    Apple does not have to "write a code" as they already have the code written.

    They have code already written to bypass the security lockouts on a phone? How do you know this? Neither Apple nor the FBI nor anyone else I've heard of is making this claim.

    Apple is becoming a tool for the terrorists. Apple must want more terrorists to use their products. Apple has become a terrorist.

    Toyota is becoming a tool for the terrorists. Toyota must want more terrorists to use their products. Toyota has become a terrorist.

    link to this | view in thread ]

  53. identicon
    cmbeid, 10 Mar 2016 @ 9:48am

    Defense?

    I have really never thought of this before, but who would be acting in defense of the terrorists? Is there a court-appointed defense attorney provided? Or would the Daubert challenge come from any of the other subsequent numerous cases where the software would be requested?

    link to this | view in thread ]

  54. icon
    nasch (profile), 10 Mar 2016 @ 10:14am

    Re: Defense?

    I have really never thought of this before, but who would be acting in defense of the terrorists?

    In this particular case? Nobody, they're dead.

    link to this | view in thread ]

  55. icon
    Aaron Walkhouse (profile), 10 Mar 2016 @ 10:30am

    I think the Apple plan is to prove that this proposal is
    both an unreasonable burden and an unlawful expansion of
    All-Writs.

    Forcing highly valuable resources to this unprecedented
    task costs a lot of money each time, especially as they
    will not be compelled to keep a copy for future uses. ‌ The
    FBI might claim they are willing to pay the bill but they
    have no idea how big it would actually be and once they do
    find out they will typically resort to asking the courts to
    force Apple to pay the full price because "civic duty".

    Worse, forcing Apple to be State Safe-cracker for more cases
    in an uncertain future will immediately devalue the entire
    corporation and all of it's products in the public view, and
    thus on Wall Street. ‌ The immediate loss will be billions
    even before the first phone is breached. If it continues
    on to other phones in other cases [using this as precedent]
    then those losses will become permanent and may even deepen
    to the point where thousands of American and Asian jobs will
    be lost forever. ‌ That is definitively an unreasonable
    burden which a court ignores at Apple's and it's own peril.


    All-Writs was crafted for access to available documents only!
    Redefining it to force "landlords" of any kind to become
    safecrackers for the state is clearly beyond the text and it's
    intention, no matter how the FBI want to portray it as an
    attempt to "keep up with the times". ‌ The courts will have
    no other choice but to tell the FBI that they will have to
    ask for new legislation because the courts don't have the
    authority to expand law past constitutional protections
    or the actual text of the legislation.

    Bending a law against the constitution to fit needs is not
    unusual but actually breaking it or changing a law to create
    new authorities or powers is legally impossible, inviting
    sanctions against an offending judge..

    link to this | view in thread ]

  56. icon
    nasch (profile), 10 Mar 2016 @ 11:07am

    Re:

    All-Writs was crafted for access to available documents only!
    Redefining it to force "landlords" of any kind to become
    safecrackers for the state is clearly beyond the text and it's
    intention, no matter how the FBI want to portray it as an
    attempt to "keep up with the times".


    Not a bad analogy. Has anyone ever attempted to use the All Writs Act to compel a locksmith or safe manufacturer to crack a safe that they didn't own? Not provide a key, but use their time and expertise to do it.

    link to this | view in thread ]

  57. icon
    Aaron Walkhouse (profile), 10 Mar 2016 @ 11:32am

    That would clearly be unnecessary. ‌ Police could do it
    themselves as long as they have served a warrant to it's
    owner and seized the safe. ‌

    Then they could hire one to do the deed if they couldn't.

    Of course, if nobody accepts the job, they're Short Of Luck. ‌ ;]

    link to this | view in thread ]

  58. icon
    Aaron Walkhouse (profile), 10 Mar 2016 @ 11:35am

    link to this | view in thread ]

  59. icon
    nasch (profile), 10 Mar 2016 @ 11:53am

    Re:

    Yeah, I didn't think it would have been used that way.

    link to this | view in thread ]

  60. identicon
    Anonymous Coward, 11 Mar 2016 @ 7:16pm

    Re: Re: Re: Maybe part of the problem here...

    Uuencoding forms end result characters out of 6 bit chunks, thus 2048 bits forms around 341 characters. 1,607 characters are displayed, approximately 5 times too many. So what are the other 1,266 for (far more there than needed for any overhead)?

    link to this | view in thread ]

  61. icon
    The Wanderer (profile), 17 Mar 2016 @ 7:54am

    Re:

    Either I'm misunderstanding what would happen here, or you are.

    According to my understanding, in order to get this phone to install the modified code, it would have to be provided as an updated iOS image.

    According to my understanding, when you replace or upgrade a smartphone OS version, you do so essentially wholesale; you drop in the entire OS image, replacing everything which was there before, not just the pieces which were changed.

    If that's correct, then there would be no way to replace just the login-screen code; you would have to replace everything. It's possible (even likely) that the replacements for everything else would not be (significantly) different from what was there before, but there would be no way to verify that without looking at the source code.

    Even if that's not true, I'm not certain that your apparent assumption that there would be logs of the OS-update process which would show enough detail to determine whether anything other than the login-screen code had been modified is accurate. Certainly I've seen no sign of such logs on the Android side of the fence.

    Beyond that, even if we assume that it can be proved that only the program(s) involved with handling the login screen were modified, there's no reason why the login-screen program(s) could not (be modified to) include code capable of modifying other parts of the system - and I would be extremely surprised if there were enough logging to be able to catch it if they did.

    Really, if you're paranoid about every possible angle of attack and you don't trust the people who are in charge of the operation to do the right thing and be honest about their actions and motives, there is no way to be certain that the modified code has not tampered with the data on the phone other than to see - and possibly to experiment with - the code itself.

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 23 Mar 2016 @ 11:48am

    Re:

    "Call me thick, but this is the first time I've noticed that the FBI vs. Apple ruling was issued by a worthless whore. Wow - what a "surprise"."

    You said it!!!

    link to this | view in thread ]

  63. icon
    Aaron Walkhouse (profile), 26 Mar 2016 @ 9:10pm

    Apple never said they couldn't do it as a targeted patch.

    In this case the court specifically ordered that just the
    one module be replaced. ‌ That module, designed for just the
    one function and that being on a cell phone, is very small.

    That makes it impossible to add sophisticated search-replace
    code which alters time stamps on files and also internal
    IOS logs and filesystem structures sufficiently well enough
    to fool forensics investigators on both sides of the case.

    Don't forget that this part of the job is for Apple alone.

    The other logs I mentioned are not those of IOS, but of the
    technical staff and investigators involved in all stages of
    the procedure, and most of those will be written by Apple
    staff who have sole and uninterrupted custody of both their
    logs and the source code of the proposed tool. ‌ Apple can't
    be elbowed out of the way and not all FBI agents, techs and
    officials can be compromised at the same time; so yes, the
    combined logs and testimony of all involved on both sides
    of the case does effectively make shenanigans a no-go.

    link to this | view in thread ]

  64. icon
    Truthistruth (profile), 26 May 2016 @ 2:05pm

    Why can't anyone secure my devices ? Including the great apple?

    For almost 2 years I've been dealing with identity theft , breeches hacked emails cloned Apple ID Microsoft accounts that are more harm than good . I spend hours every single day on the phone or in person with all kinds of support , fraud and criminal investigators and get no where ? I have been going to the local county library to check accounts because my information on all my devices at home is not reliable given the fact that the Internet and router have been compromised repeatedly . Today when I went to the local library to check on my google accounts that were hacked into I find out that the libraries Mac computer is not accessible and can't be used by the library staff because MY old Apple ID that had been compromised and removed from my phone had taken over their Mac !! Seriously not kidding and no I had not been there in a long time and I make sure anytime I use any id I signout to make sure my hackers don't have it easier . No it was not easy to remove took most of the day and 3 levels of senior support with apple , yes I know how senior they are but by the third one that apple connected after the others couldn't fix it really was someone who knew tech stuff but still no one can secure my devices 2 Apple ID still say signed into this phone ? Still have every account insecure . Did I tell you about the screen shots of my sign in account info in photos on the library computer !!

    link to this | view in thread ]

  65. icon
    Truthistruth (profile), 26 May 2016 @ 2:12pm

    It only happens in the movies

    I love it when people say no body really gets hacked or if you check your credit you are giving them access to your information ? Like anyone needs your approval to access your information ? All this apple talk is just another "bailout " to help apple sales . Now don't you fell more secure with your non hack able iPhone

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.