Did The DOJ Lie At The Beginning Of Its iPhone Fight, Or Did It Lie This Week?
from the gallantly-the-DOJ-chickened-out dept
Perjury never felt so good. #FBIvsApple pic.twitter.com/9z5xpgpFhZ
— Edward Snowden (@Snowden) March 22, 2016
However, there's now a ton of speculation going around about the likely method (and the likely third party) that the FBI is probably using, involving copying the storage off the chip and then copying it back to brute force the passcode without setting off the security features or deleting the data. But, again, this possible solution isn't really new. Just a few weeks ago, during a Congressional hearing, Rep. Darrell Issa quizzed FBI Director James Comey about this very technique (which was so deep in the technical weeds, that many reporters and other policy folks were left scratching their heads):
Comey: We wouldn't be litigating it if we could [get in ourselves]. We've engaged all parts of the US government to see 'does anyone have a way -- short of asking Apple to do it -- with a 5c running iOS 9 to do this?' and we do not.At that point Issa starts asking really technical questions about can't the FBI remove the data from the phone to make copies of the storage, putting it with the encryption chip, trying passcodes, and then reflashing the memory before the 10 chance are used up -- thus brute forcing the passcode without setting off the security features. As Issa notes:
If you haven't asked that question, how can you come before this committee and before a federal judge and demand that somebody else invent something if you can't answer the question that your people have tried this? ... I'm asking who did you go to? Have you asked these questions? Because you're expecting to get an order and have somebody obey something they don't want to do and you haven't even figured out if you can do it yourself.Comey is clearly befuddled by the questions and basically says that he's sure that his people must have thought about this, but he assumes that they're watching and if they haven't thought of this then they'll test it out. But, really, a few people had suggested similar things early on, so if that is the solution then it only adds weight to the idea that the FBI didn't do everything it could possibly do before running to the judge.
Others have questioned the "two week" timeframe for the DOJ to issue a status report to the court, noting that a brand new solution would almost certainly take much longer to test thoroughly before using it on the iPhone in question.
And then there's the other question: if the FBI really has tracked down a new "vulnerability" in Apple's encryption... will it tell Apple about it so that Apple can patch it? Remember, the White House has told the various parts of the federal government that they should have a "bias" towards revealing the flaws so they can be patched... but leaving a "broad exception for 'a clear national security or law enforcement need.'" It's pretty clear from how the DOJ has acted that it believes this kind of hole is a "law enforcement need."
So, if the FBI really did figure out a vulnerability in Apple's encryption, it probably won't actually reveal it -- but I'd imagine that Apple's security engineers are scrambling just the same to see if they can patch whatever flaws there may be here, because that's their job. And, again, that gets back to the point here: there are always some vulnerabilities in encryption schemes, and part of the job of security folks is to keep patching them. And one of the worries with the demand for backdoors is that the introduce a whole bunch of vulnerabilities that they're then not allowed to patch.
Either way, the DOJ's actions here are highly questionable, and it seems pretty clearly an attempt to save face in this round. But the overall fight is far from over.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: all writs act, doj, encryption, fbi, forensics, iphone
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
When did FBI Lie?
[ link to this | view in chronology ]
Re: When did FBI Lie?
[ link to this | view in chronology ]
Re: When did FBI Lie?
1. The FBI did NOT exhaust all possible avenues. FBI might really have tried noting at all. They never really wanted to get into this particular phone. What FBI really wanted was unhindered access to any phone, any time, any where, and unsupervised. It thought if it just asked, it could get what it wanted. Relatively quietly.
2. The FBI does NOT presently have any actual plan for how it might recover secret information from the phone. This lie is merely a ploy to get this case closed and the public relations battle over.
What I would suggest a judge do to verify number 2 is have a court appointed observer witness whatever steps the FBI does. Do they make a genuine attempt? Is the theory of how the attack would work real? This would help prevent the FBI from destroying this phone, which would be another way they could manage to wiggle out of their lies.
Why do you think they are called the FIB?
[ link to this | view in chronology ]
Re: When did FBI Lie?
You can't let the criminals determine their operations.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
In practice, many one time pads are breakable because the pad was not randomly generated. Often a OTP has its own predictable characteristics that, if you've got data at rest, can be tested for infinite iterations until a theory proves true. This is especially true if you are able to run some of your own input through the OTP to test for predictable elements.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
The FBI could produce a pad that makes encrypted data say whatever it wants it to say.
Then plant that manufactured pad onto the party you wish to prosecute.
Of course, I'm probably giving them ideas for their next manufactured "look we stopped a terrorist plot!" PR booster.
But is that previous sentence any more offensive than the suggestion that Apple chooses to build secure systems strictly for marketing reasons while innocent people get killed?
[ link to this | view in chronology ]
Re: all crypto is breakable
[ link to this | view in chronology ]
Re: Re: all crypto is breakable
[ link to this | view in chronology ]
Latest rumors
• “Report: Israeli company helping FBI crack iPhone security”, by Sagi Cohen, Ynetnews, Mar 23, 2016
— About Ynetnews:
[ link to this | view in chronology ]
Re: Latest rumors
[ link to this | view in chronology ]
Re: Re: Latest rumors
Which certainly answers the following:
And then there's the other question: if the FBI really has tracked down a new "vulnerability" in Apple's encryption... will it tell Apple about it so that Apple can patch it? Remember, the White House has told the various parts of the federal government that they should have a "bias" towards revealing the flaws so they can be patched... but leaving a "broad exception for 'a clear national security or law enforcement need.'" It's pretty clear from how the DOJ has acted that it believes this kind of hole is a "law enforcement need."
If they really believe that the security hole is that valuable, valuable enough to classify, there is no chance whatsoever that they will tell Apple about it so that it can be fixed. Once again you get a situation where a government agency is acting contrary to the best interests of everyone else so that they can continue to benefit.
And they wonder why the tech industry doesn't trust them...
[ link to this | view in chronology ]
Re: Re: Re: Latest rumors
And a story from last month: “Cellebrite: What You Need to Know About Cell Phone Forensics”, by Jason Hernandez, North Star Post, Feb 23, 2016 — Direct link to referenced PDF: See p.14 in that PDF, para. 4 of document on CelleBrite letterhead, dated Dec 9, 2011, “Attention: Maurice Cernik”, signed “Jason Rogers, VP of Sales”.
[ link to this | view in chronology ]
Re: Re: Re: Re: Latest rumors
https://twitter.com/dannyyadron/status/712753764164194308
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Latest rumors
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Latest rumors
[ link to this | view in chronology ]
Re: Re: Re: Re: Latest rumors
[ link to this | view in chronology ]
Disclosure policy [was Re: Re: Re: Latest rumors]
[ link to this | view in chronology ]
Re: Re: Latest rumors
Ooops. I probably shouldn't have revealed that secret.
[ link to this | view in chronology ]
Re: Latest rumors
Google Translate (for link embedded in blockquote): "An Israeli company helped the FBI crack the iPhone", by Sagi Cohen, Ynet, Mar 23, 2016
[ link to this | view in chronology ]
Re: Latest rumors
“San Bernardino iPhone Data Recovery Statement”, DriveSavers, March 22, 2016 For those skimming, note well that DriveSavers is not Cellebrite.
[ link to this | view in chronology ]
DriveSavers method [was Re: Re: Latest rumors]
[ link to this | view in chronology ]
Re: DriveSavers method [was Re: Re: Latest rumors]
( Note Kim Zetter tweet (12:44 PM - 25 Mar 2016): )
[ link to this | view in chronology ]
Re: Latest rumors
“Israel's Cellebrite linked to FBI's iPhone hack attempt”, by Leo Kelion, BBC, Mar 23, 2016
[ link to this | view in chronology ]
Re: Re: Latest rumors
Apple: NOW you tell me! I just spent $150k on my legal brief!
---
This whole episode is payback for the hours that Comey spent with Apple tech support in India once upon a time...
[ link to this | view in chronology ]
Re: Re: Re: Latest rumors
[ link to this | view in chronology ]
In direct conflict with Betteridge's law of headlines, the answer to this question is actually "yes."
[ link to this | view in chronology ]
Again...
[ link to this | view in chronology ]
Re: Again...
[ link to this | view in chronology ]
Israeli Firm involved?
http://www.voanews.com/content/israeli-firm-helping-fbi-to-open-encrypted-iphone/3250762.html?u tm_content=socialflow&utm_campaign=en&utm_source=voa_news&utm_medium=twitter
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Also, as a criminal defense attorney, I have learned that if you have to ask "did you lie then, or are you lying now?" You are asking the wrong question. The correct is which lies did we catch you in the, and which of the lies you tell now will we eventually catch.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It still provides them with a smokescreen to cover their retreat -- most people are only going to remember "somebody found a flaw in iPhone security and then the FBI said they don't need Apple to unlock the phone".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
TFTFY
Did The DOJ Lie At The Beginning Of Its iPhone Fight, Or Did It Lie every time it opened it's mouth?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Director Comey's response to WSJ editorial
Today, in letters, the Wall Street Journal published FBI Director James Comey's response, “The FBI Is Trying to Crack the San Bernardino Case, Not Set a Precedent”:
[ Note: I'm reproducing Director Comey's letter here in full. 17 USC § 101: A “work of the United States Government” is a work prepared by an officer or employee of the United States Government as part of that person’s official duties. Further, even if Director Comey's inclusion of his official title was intended purely for identification purposes, due to the public controversy and other factors, I would nevertheless assert fair use in copying this short letter here in full. ]
[ link to this | view in chronology ]
Re: Director Comey's response to WSJ editorial
[ link to this | view in chronology ]
Re: Director Comey's response to WSJ editorial
Funny how he only pays attention to that 'technical creativity' now that it allows him to duck out of a case that backfired, instead of when numerous 'creative people' told him that what he was 'asking' for would create a notable risk to security.
[ link to this | view in chronology ]
AG and FBI Dir News Conference [was Re: Director Comey's response to WSJ editorial]
Approximate timemarks:
• 24:05 – 27:05
• 28:10 – 29:15
• 32:30 – 33:50
Director Comey, among other statements, repeated the substance of yesterday's letter to the Wall Street Journal, and during the 32:30 – 33:50 segment spoke directly about his letter.
[ link to this | view in chronology ]
Re: Director Comey's response to WSJ editorial
In that roundup, scroll down to, or search for, the item marked: Aside from inconsequential differences, the AP copy appears to be the same as the WSJ editorial.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Arguments
[ link to this | view in chronology ]