FBI Won't Tell Apple How It Got Into iPhone... But Is Apparently Eager To Help Others Break Into iPhones
from the just-one-phone! dept
Remember how the FBI insisted over and over again that the case in San Bernardino was not about setting a precedent and was totally about getting into "just that one phone?" Of course, no one believed it, but pay close attention to what's happening now that the FBI was able to hack into Syed Farook's work iPhone. The DOJ has also said that the crack was limited to just that type of phone and probably wasn't widely applicable. However, at the same time, the Justice Department probably has no interest in sharing the details of the vulnerability with Apple:The FBI may be allowed to withhold information about how it broke into an iPhone belonging to a gunman in the December San Bernardino shootings, despite a U.S. government policy of disclosing technology security flaws discovered by federal agencies.Or, as iPhone forensics guru Jonathan Zdziarski succinctly summarized:
Under the U.S. vulnerabilities equities process, the government is supposed to err in favor of disclosing security issues so companies can devise fixes to protect data. The policy has exceptions for law enforcement, and there are no hard rules about when and how it must be applied.
Apple Inc has said it would like the government to share how it cracked the iPhone security protections. But the Federal Bureau of Investigation, which has been frustrated by its inability to access data on encrypted phones belonging to criminal suspects, might prefer to keep secret the technique it used to gain access to gunman Syed Farook's phone.
FBI: You should do it, it's just one phoneYeah.
Apple: No it isn't
FBI: We got in
Apple: You should say how, it's just one phone
FBI: No it isn't
Meanwhile, the DOJ may not be interested in helping Apple patch that hole, but it is apparently at least willing to look into other cases where it can help law enforcement break into locked iPhones. There are some (somewhat conflicting) reports saying that the FBI has agreed to help prosecutors in Arkansas try to get into a couple of iOS devices in a murder case there. Of course, it may not be the same technique or situation (and the FBI might not be able to get in, either).
However, this does show just how eager law enforcement is to get into lots of phones, and how important it is that Apple actually be able to protect its users from those who do not have legitimate reasons to hack into phones. It's too bad that the FBI is apparently choosing to hold onto the info that helps it in a few cases while failing to protect the rest of the public who may use Apple devices.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: arkansas, disclosure, doj, encryption, fbi, going dark, iphone
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re: quite right
But we all know that it only takes one rotten apple to spoil a barrel.
[ link to this | view in chronology ]
Re: Re: Re: quite right
[ link to this | view in chronology ]
Having been fans of past media...
[ link to this | view in chronology ]
Re: Having been fans of past media...
...that put the FBI in positive light, such as The Silence of the Lambs and The X-Files, it's hard not to look back on them and see them as propaganda films.
Try watching Continuum, about police vs. terrorists / freedom fighters, and try to figure out who to root for. I'm in season 2 and I'm still not sure.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
And yet now we may very well see them unlock all sorts of iPhones WITHOUT warrants, even though so far they've kept implying that if companies were to build a backdoor they'd ONLY use it with a warrant.
As usual, the government is showing you just can't trust them with whatever they are saying, no matter at how many heart strings they are pulling to get you to agree when various crimes happen. They always seem to lie and always want to abuse the power that you're willing to give them.
[ link to this | view in chronology ]
Attacker sophistication
“There's no way to design a system or service that is secure against the most sophisticated foreign government hackers, while still allowing the least sophisticated local law enforcement to get access.”
—– Christopher Soghoian
[ link to this | view in chronology ]
Foreign Investors Should File A Dispute
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
It only makes sense, because if they ever cooperate, that will be held against them any time they don't roll over.
[ link to this | view in chronology ]
Re: Re:
In one single move they make it so that no tech company that's been paying attention will be willing to help them without a court order detailing exactly what they want done, and the ones who can fight back now have plenty of incentive to do so every single time since the FBI has made it clear that they will use willing cooperation in the past against a company if they balk at a request in the future.
[ link to this | view in chronology ]
Much like the stingrays being used illegally.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
In a normal world they would be charged probably or at the very least suspended from their jobs for doing what they are not supposed to and ruining lives to get what they want.
[ link to this | view in chronology ]
First, hit up the Chinese government and offer them buckets of cash to gain access to Chinese businesses.
Second, head over to Foxconn, with official documentation.
Third, watch closely as Foxconn details how it can manipulate the components it sends to the US in its phones (note: this applies to all Foxconn phones).
Fourth, lie to everyone about how it was done.
It's no secret the Chinese have had backdoors to our electronic devices for decades. Several chip makers have pressured the US government to stop importing their (govt system) chips because it was impossible to determine how the backdoors were implemented.
Ignored, as usual.
[ link to this | view in chronology ]
Closet criminals
[ link to this | view in chronology ]
Measure, counter measure
Hopefully the tech firms will eventually make devices that are as close to impossible to break as possible.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Behold the nomination post then
Apple: No it isn't
FBI: We got in
Apple: You should say how, it's just one phone
FBI: No it isn't
-Jonathan Zdziarski
[ link to this | view in chronology ]
Pity that his blog is offline
[ link to this | view in chronology ]
Works for me [was Re: Pity that his blog is offline]
[ link to this | view in chronology ]
Re: Works for me [was Re: Pity that his blog is offline]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Hooray for competition! None of the offerings would be as good without the others in the market.
PS there are more than two
[ link to this | view in chronology ]
Phone Hack
The apparent battle between Apple and the FBI at least tells us that the post-Snowden privacy debate is still alive. The subject of the controversy is an iPhone belonging to one of the San Bernardino shooters, and the FBI did not choose this case randomly.
http://thefreethoughtproject.com/fbi-hack-iphone-already-making-fight-apple-tactic-surveill ance-state/#gdSMxoogTxv0xOeD.99
[ link to this | view in chronology ]
play ball
What the FBI has done more than anything is create an amazing amount of doubt about the security of Iphones, and there is no benefit to the agency to change that any time soon. Apple reaps what it sows.
[ link to this | view in chronology ]
Re: play ball
Even-handed administration is not something the Obama government does.
[ link to this | view in chronology ]
Even-handed administration
Fixed it for you.
Unless you want to argue that the Bush administration was more even-handed than the Obama administration.
I mean, you might. It is April first.
[ link to this | view in chronology ]
Re: Even-handed administration
Not really more permanent than any other campaign pledge, even ones carved in stone.
[ link to this | view in chronology ]
Re: play ball
Still, it is amusing to see you mocking Apple security considering almost all iphones are encrypted while very few Android phones are (for instance). So we are talking about security that may have weaknesses (Apple) and no security at all (Android). It's hardly as bad as you'd love it to be to justify the insanity from the Government.
And I'm defending Apple again. Sadly.
[ link to this | view in chronology ]
Re: Re: play ball
I go for the simple statistical thing. 700 Million Iphones sold, and law enforcement has (by the most paranoid count) a couple of hundred in their possession waiting to be accessed. That's pretty much powerball winning odds. The chance that your personal phone is subject to any law enforcement access is, well... quite low unless you are a dick and break the law. More of your encryption needs are against hackers. Since Apple products are apparently totally immune to hackers (outside of social engineering) it would seem to be a fairly significant waste of effort. If someone steals your phone, your 6 digit pin code is probably more than enough to defeat them, and they are more likely to just try to wipe the phone or sell it on for a quick buck.
So, what is all the encryption really about? Not much apparently.
[ link to this | view in chronology ]
There's your problem right there.
As has been illustrated time and again and again, you don't need to be a dick to break the law. You just need a good lawyer to go through your stuff and find a law you've already broken.
And you don't need to break the law to be subject to police arrest and search. You just need an officer who believes you have broken a law, even if it's an imaginary law in his head.
You've been around here long enough to have seen countless examples, Whatever. Also examples enough to highlight that our law enforcement agencies see the people as adversarial. We are all suspects, and we are all guilty of something and we all belong in prison.
And if they could, they'd gulag each and every one of us down to the last dying grandmother and crawling infant.
We have every need to be protected against (our so-called) law enforcement, and not just for laws that work against the people.
[ link to this | view in chronology ]
When we give the FBI a bat...
Feel free to cite a time that the feds were restrained with their force.
I'm sure you could dig one up. It's the internet.
[ link to this | view in chronology ]
Re: play ball
It'll be interesting too recall all your anti-Apple bleating when something similar inevitably happens to an Android phone.
[ link to this | view in chronology ]
Re: Re: play ball
[ link to this | view in chronology ]
Re: play ball
Stay classy, Whatever.
[ link to this | view in chronology ]
Re: play ball
The FBI would benefit from everyone believing the opposite of whatever the truth is. If iPhones are actually secure, they would want people thinking they're not so that they use something possibly less secure. If iPhones are not secure, the FBI would want everyone using them so that they could get at whatever data they wanted.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Be Careful what you ask for
Maybe they can call it IOS 10.0 FTNSA (Fuck the NSA).
[ link to this | view in chronology ]
Re: Be Careful what you ask for
If they're going to have past assistance thrown in their face and used against them, and a major government agency claiming that they specifically designed their products to be 'immune to warrants'(which is rubbish, the only warrants they're 'immune' to is warrant presented to the wrong person), then I'd say it's time to make it so that they cannot, under any circumstances, provide assistance or comply with a warrant.
If the police and/or government want a device unlocked to access the contents they have to go to the owner of the device, because the company who made it cannot unlock it. Let them deal with that for a bit, enjoy the consequences of their actions.
[ link to this | view in chronology ]
Re: Re: Be Careful what you ask for
And the accompanying article has savory phrases like, “Deep Alabaman umbrage.”
[ link to this | view in chronology ]
Without the end-user password, the data is LOST.
Because times change and even well-meaning agencies turn antagonistic towards the rights of the people, and programs that involve small rights violations for specific purposes become programs that involve big rights violations for general purposes.
[ link to this | view in chronology ]
April Fools!
Also, did you guys realize that the Merriam-Webster Dictionary decided to remove the word 'gullible' from the English language? crazy huh?
[ link to this | view in chronology ]
Re: April Fools!
The link should start working again tomorrow:
http://www.merriam-webster.com/dictionary/gullible
[ link to this | view in chronology ]
Government "sharing"
I expect a lot of people in the tech sector are taking note of how "sharing" the government is.
[ link to this | view in chronology ]
So, like 80s action movie villains
So in the future we'll know not to trust them, right? We can refer to the San Bernadino iPhone incident, right?
Right?
[ link to this | view in chronology ]
I thought
OR is the Gov. ABOVE THE LAW..
[ link to this | view in chronology ]
Above the law.
Our affluent public is at the law.
The rest of us shlubs are beneath the law, and are subject to extrajudicial detention, search and seizure with fabricated probable cause and countless transgressions in the name of national security.
We're serfs to liege lords again. In America.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Just how long?
[ link to this | view in chronology ]
Sounds like it's all going according to plan.
So if a tool were created to open this phone, and Apple requests it in court, is unable to get it through court of law, but can then uncover it in the net later anyway when they inevitably leak.
Won't that just prove Apples point?
They don't need DOJ to release th hack, they need just enough information about the hack in the public, that they can demonstrate exactly why they shouldn't be asked to do this again in future.
[ link to this | view in chronology ]
FBI helping others
[ link to this | view in chronology ]
Interagency decision process
[ link to this | view in chronology ]
Re: Interagency decision process
It's like saying the NSA is well overseen by the FISA Court.
[ link to this | view in chronology ]
Kids..
[ link to this | view in chronology ]
FBI letter to local law enforcement
( H/T Cyrus Farivar at Ars Technica, “FBI offers crypto assistance to local cops: ‘We are in this together’ ”, Apr 2, 2016. )
( Also being reported by Engadget, attributing Reuters and BuzzFeed.Note that Reuters does not indicate who or how they obtained the letter. It may not be from an independent source. )
( FBI: Office of Partner Engagement. Note Assistant Director Kerry Sleeper box at top right. )
[ link to this | view in chronology ]
Re: FBI letter to local law enforcement
Why isn't this letter, or a link to it, just posted on the FBI News blog? Tell me that.
[ link to this | view in chronology ]
Re: FBI letter to local law enforcement
[ link to this | view in chronology ]