Does the FBI and the USDOJ have the authority to do this?

http://www.theguardian.com/us-news/2016/feb/17/apple-ordered-to-hack-iphone-of-san-bernardino-shooter-for-fbi


Apple ordered to decrypt iPhone of San Bernardino shooter for FBI


Court says manufacturer must supply software to break encryption on Syed Farook’s phone so it can be accessed without wiping his data






https://i.guim.co.uk/img/media/c96cdca28356cd525c3725cb58cdc0c161c455d1/0_190_3000_1801/master/3000.jpg?w=300&q=85&auto=format&sharp=10&

(http://www.theguardian.com/us-news/2016/feb/17/apple-ordered-to-hack-iphone-of-san-bernardino-shooter-for-fbi#img-1) Tashfeen Malik and Syed Farook in airport surveillance footage. Photograph: Uncredited/APDanny Yadron (http://www.theguardian.com/profile/danny-yadron) in San Francisco

@dannyyadron
(http://twitter.com/dannyyadron)
Tuesday 16 February 2016 21.38 ESTLast modified on Tuesday 16 February 201621.51 EST



(https://www.facebook.com/dialog/share?app_id=180444840287&href=http%3A%2F%2Fgu.com%2Fp%2F4gz92%2Fsfb&redirect_uri=http%3A%2F%2Fgu.com%2Fp%2F4gz92)

(https://twitter.com/intent/tweet?text=Apple%20ordered%20to%20decrypt%20iPhone %20of%20San%20Bernardino%20shooter%20for%20FBI&url=http%3A%2F%2Fgu.com%2Fp%2F4gz92%2Fstw)

(?subject=Apple%20ordered%20to%20decrypt%20iPhone% 20of%20San%20Bernardino%20shooter%20for%20FBI&body=http%3A%2F%2Fgu.com%2Fp%2F4gz92%2Fsbl)
Share on Pinterest
(http://www.pinterest.com/pin/find/?url=http%3A%2F%2Fgu.com%2Fp%2F4gz92)
Share on LinkedIn
(http://www.linkedin.com/shareArticle?mini=true&title=Apple+ordered+to+decrypt+iPhone+of+San+Berna rdino+shooter+for+FBI&url=http%3A%2F%2Fgu.com%2Fp%2F4gz92)
Share on Google+
(https://plus.google.com/share?url=http%3A%2F%2Fgu.com%2Fp%2F4gz92%2Fsgp&hl =en-GB&wwc=1)







Save for later (https://profile.theguardian.com/save-content?INTCMP=DOTCOM_ARTICLE_SFL&returnUrl=http%3A%2F%2Fwww.theguardian.com%2Fus-news%2F2016%2Ffeb%2F17%2Fapple-ordered-to-hack-iphone-of-san-bernardino-shooter-for-fbi&shortUrl=/p/4gz92&platform=web:Chrome:wide)


A US federal magistrate has ordered Apple to help the Federal Bureau of Investigation unlock the iPhone of one of the San Bernardino shooters (http://www.theguardian.com/us-news/san-bernardino-shooting).
https://i.guim.co.uk/img/media/57cc89ca4978fc514a7b14cb0caa761e0e2d5e46/0_151_3000_1800/3000.jpg?w=460&q=85&auto=format&sharp=10&
FBI appeals for help to fill in 18 missing minutes of San Bernardino timeline


Read more



The order is the most high-profile case yet of the federal government trying to figure out how to use existing law to get around stronger encryption being used in consumers’ phones. It is likely to add more fire to an already heated debate between Silicon Valley and Washington DC about the balance between national security and electronic privacy.
In this case, FBI director James Comey has said his agents have been locked out of one of the shooter’s phones as they search for evidence about the mass shootings in December 2015.
Investigators are still trying to determine to what extent the shooters were influenced by radical Islamic terrorist groups and who they had been in touch with before the rampage.




In 2014, Apple began making iPhones with additional encryption software that they said they couldn’t unlock, even if faced with a court order. Apple (http://www.theguardian.com/technology/apple) said this was done in the name of consumer privacy and cybersecurity, but the company has been locked in a public feud with the FBI since.

Who among us thinks that the information that MIGHT be gleaned from the terrorists phones justifies this potentially far reaching court order?

I feel that once you take part in a terrorist act then you forfeit all rights and any and all means should be available, however we all know that the government will then use this as a precedent to do the same thing on other less high profile crimes. It's a sticky can of worms to open up.

Does the FBI and the USDOJ have the authority to do this?

According to the judge they do which is more proof that it's critical who gets elected into judgeships or who gets elected into offices that appoint judges.

The FBI and DOJ are not doing this. They applied for a court order and a US Federal Magistrate issued the order. At this point, Apple can comply, appeal the order to the circuit court, or explain how they are not technicaly able to comply.

This is pretty normal. It is actually pretty good publicity for Apple as it is a public acknowldgement that all of the federal resources available are not able to crack this phone.

Who owns the phone? If the owner is no longer alive, they have a diminished expectation of privacy. Evidence on the phone may provide leads on other known associates and conspirators involved in terrorist activity. Wouldn't you at least expect your government to pursue the evidence?

If you can burn women and children alive in Waco...

All I get from this is that Apple obviously pays for top talent. If the .gov wants to hack the latest encryption technology, it's going to have to pay top dollar for the best geeks.

I feel that once you take part in a terrorist act then you forfeit all rights and any and all means should be available, however we all know that the government will then use this as a precedent to do the same thing on other less high profile crimes. It's a sticky can of worms to open up.

Apple hasn't committed any terrorist acts though.

It is actually pretty good publicity for Apple as it is a public acknowldgement that all of the federal resources available are not able to crack this phone.
I don't buy that for a second. They can't use the information without revealing that they can decrypt the phone. Getting permission allows the information to come forward while letting iPhone owners assume that their information is still secure.

The FBI and DOJ are not doing this. They applied for a court order and a US Federal Magistrate issued the order. At this point, Apple can comply, appeal the order to the circuit court, or explain how they are not technicaly able to comply.

This is pretty normal. It is actually pretty good publicity for Apple as it is a public acknowldgement that all of the federal resources available are not able to crack this phone.?

My understanding is that Apple has previously made public that they are not able to decrypt their own security. It will be interesting to see where this goes and what response they give to this.

The FBI and DOJ are not doing this. They applied for a court order and a US Federal Magistrate issued the order. At this point, Apple can comply, appeal the order to the circuit court, or explain how they are not technicaly able to comply.

This is pretty normal. It is actually pretty good publicity for Apple as it is a public acknowldgement that all of the federal resources available are not able to crack this phone.

Who owns the phone? If the owner is no longer alive, they have a diminished expectation of privacy. Evidence on the phone may provide leads on other known associates and conspirators involved in terrorist activity. Wouldn't you at least expect your government to pursue the evidence?
This ^^^^What rights does a dead man have?




They are at least following due process... It's not like he was Arkancided

I don't buy that for a second. They can't use the information without revealing that they can decrypt the phone. Getting permission allows the information to come forward while letting iPhone owners assume that their information is still secure.
This is very plausible.

Who owns the phone? If the owner is no longer alive, they have a diminished expectation of privacy. Evidence on the phone may provide leads on other known associates and conspirators involved in terrorist activity. Wouldn't you at least expect your government to pursue the evidence?

I would expect the investigators to pursue all avenues to recover the data that are readily available. My concern is that they chose to apply for a court order to compel Apple to break an encryption technology that they(Apple) have previously stated was unbreakable, in essence to destroy or diminish the perceived value of one of their products. If they are successful in cracking the encryption, then it loses much of it's value in the marketplace, as well as casting doubts on their original claims of security, possibly opening them up to litigation from previous customers. The smart thing for them to do would be to fail, regardless of the possible value of the information on the phone.

My understanding is that Apple has previously made public that they are not able to decrypt their own security. It will be interesting to see where this goes and what response they give to this.


This right here. This is the key to this. Here's a link confirming this: http://www.macworld.com/article/2999804/security/apple-cant-decrypt-your-iphone-why-it-matters.html

The government (on all sides) is slowly attacking encryption behind the guise of anti-terrorism efforts. This is just the erosion of free speech.

Look at recent stories of college students getting expelled over "microaggressions" (hurting peoples feelings) over anonymous messaging services. (No relevant links because I'm lazy.)

States are trying to pass laws to penalize phone manufacturers for selling devices that do not have back doors: http://www.zdnet.com/article/apple-iphone-ban-new-york-looks-to-outlaw-sale-of-encrypted-smartphones/

My understanding is that they're asking Apple to disable the failed attempt phone wipe, not decrypt the phone. Then they can brute force the code pretty quickly.

Sounds like the phone was owned by the employer and they were terrorists so I don't have much of a problem with it. If it's possible I'd rather see Apple make the change, rather than give the .gov the tools to do it.

The real question is.

If the Feebs were able to unlock the phone. Would any of this have been made public?

Would anyone have been the wiser for it, until after the investigation OR an unnamed source in the federal investigation, said anything?

I feel that once you take part in a terrorist act then you forfeit all rights and any and all means should be available, however we all know that the government will then use this as a precedent to do the same thing on other less high profile crimes. It's a sticky can of worms to open up.

Yeah.. Screw that "innocent until proven guilty" thing.. That only matters for people you know, right?

Apple hasn't committed any terrorist acts though.

I wasn't saying that Apple committed terrost acts. My point was that the owner of the phone committed the terrorists acts and therefore should no longer have the right to privacy. If the info contained in that phone leads to an accomplice or plans for another attack then the feds should be able to act on that. But like I said, that leads to a slippery slope of what cases that they will use this as a precedent for in the future.

The court order is essentially a search warrant for the phone. So from a legal standpoint, certainly they have the authority to do it. It's no different than a search warrant to search their property or their car or bank account information.

Is someone going to argue that they don't have probable cause? :rolleyes:

The thornier question is whether Congress can pass a law that requires devices to have a "back door" to any encryption. From a strictly Constitutional standpoint I don't see why not but it would be interesting to see what would happen if they tried - I don't think it would go well for the government for a number of reasons.

Yeah.. Screw that "innocent until proven guilty" thing.. That only matters for people you know, right?
Because we definitely know the shooter didn't kill innocent people.

I wasn't saying that Apple committed terrost acts. My point was that the owner of the phone committed the terrorists acts and therefore should no longer have the right to privacy. If the info contained in that phone leads to an accomplice or plans for another attack then the feds should be able to act on that. But like I said, that leads to a slippery slope of what cases that they will use this as a precedent for in the future.

My point was that Apple has not lost the right to not have a back door into the phone.

Because we definitely know the shooter didn't kill innocent people.

Doesn't matter.

Bravo to apple for standing up to government. Because we all know once they have the key to unlock a phone the use won't stop on this one device.

Trump shows his colors...

http://www.macrumors.com/2016/02/17/donald-trump-on-apple-backdoor-refusal/


“I agree 100 percent with the courts. In that case, we should open it up." […] "I think security, overall, we have to open it up and we have to use our heads. We have to use common sense," Trump continued, echoing his recent common refrain. Somebody the other day called me a common-sense conservative. We have to use common sense."

I gotta agree with Apple on this: Creating a back door for law enforcement obviates any security that encryption provides. Additionally, given our government's track record with security (OPM breach, anyone?), it stand to reason that any back door would be quickly found and compromised by criminals, foreign governments, naughty and bored schoolkids, etcetera, once its existence was confirmed.

Maybe I'm wrong but from my understanding is that the feds/judge did not tell apple to simply unlock the phone. That would be similar to getting a court order to have ATT provide cellphone data. The phone at this point with it's softeware cannot be unlocked without causing all the data to be corrupted. What they ordered apple to do was to create software/iOS update that would backdoor into an iphone. They are ordering apple to work for the government in creating something for one of their products that they have no desire to create. That would cause apple's iPhone value or perceived value to go down since their phones would no longer have such great anti-theft, anti-hack software.
IMHO the feds have every right to the data in the phone (he's dead jim, you ain't having a trial to convict a dead guy (and girl)) but if they want, they gotta get it. And they gotta get it themselves.

Apple should not open up that phone. Do you think the government is going to differentiate the phone of a deceased, proven terrorist from someone the government only thinks is a terrorist?

If you think Apple should comply then you shouldn't care when Apple opens your phone to the government.

Another possible scenario:

Apple already provided the necessary tools to the FBI to unlock the phone.
The FBI wants terrorists to believe their phones are "unhackable" so they will use them in greater numbers.
Meanwhile, the FBI will continue quietly unlocking them.
For their efforts, Apple gets a marketing boost by publicly "standing up to the govt," and their phones are now certifiably "unhackable."

Nothing is as it appears.

Another possible scenario:

Apple already provided the necessary tools to the FBI to unlock the phone.
The FBI wants terrorists to believe their phones are "unhackable" so they will use them in greater numbers.
Meanwhile, the FBI will continue quietly unlocking them.
For their efforts, Apple gets a marketing boost by publicly "standing up to the govt," and their phones are now certifiably "unhackable."

Nothing is as it appears.
I like that, and very plausible.

As a general rule, I hate all things Apple. This is not one of them. Bravo.

Think about it: They build a backdoor into their system. Someone unscrupulous gets their hands on it (not a matter of if, but rather a matter of when). Now they can steal a person's phone and have access to all the data on it.

Plus, now the government knows it *can* access anyone's data, so it just creates simplistic reasons to ("this person 'might' be a terrorist...after all, they went to a tea party rally, so unlock their phone!").

Not worth it.

Wait.. a passcode is now encryption? Should have guessed better with those other 9 tries.

They're just trying to read his txt messages.. just change the apple pw, log in to itunes, back it up and put it on another phone. Oh wait... you still have to disable the passcode. It's NOT FUCKING ENCRYPTION!

What I'm hearing now is that they just want to remove the "time out" for failed passwords, so they can use a brute force attack to gain access to the phone, or they want Apple to devise a way around the password so that the data does not get erase/corrupted. Either way, it sets a bad precedent by proving that it *can* be done.

Assuming the .gov hasn't already got the data they want from the phone...

Why not give the phone to Apple, have Apple get all data off the phone and decrypt it, Apple turns over data to FBI and keeps the phone if it would compromise how they unlocked it. I have no idea it that would work.

What I'm hearing now is that they just want to remove the "time out" for failed passwords, so they can use a brute force attack to gain access to the phone, or they want Apple to devise a way around the password so that the data does not get erase/corrupted. Either way, it sets a bad precedent by proving that it *can* be done.

The government will abuse any and all power given to it.

I say no to the government being able to backdoor there way in. What's to stop them from using it on anyone else and not just IPhone users but all Americans. I still believe in privacy.

Sent from my SM-N910V using Tapatalk

The government will abuse any and all power given to it.

Not only the government but other bad actors as well. Proof of concept is all many black hats need to find motivation to accomplish a breach.

You guys need to see the silver lining in all this. The next three Bond movies can be about Bond struggling to protect his iPhone from the overwhelming force of the US government penetrating his back door!

The passcode is encrypted, the phone MAY be encrypted. Both Apple and Google changed practices ~8 years ago after a shitstorm hit them both, and there were no more default back doors to their products.

That said Apple has also done a bang up job of integrating their software and hardware on those devices, meaning you cannot separate the storage from the device, as it is actually paired to the device and a unique key value, while not exactly encryption it is of sorts.

All of that to say, No, I do not think Apple needs to unlock the phone if it compromises all phones. I mean weren't we already assured that they acted alone?

Living in a free society is not always safe, but I will accept that risk to continue to live in a free society.

Apple's letter to their customers - http://www.apple.com/customer-letter/


"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."

IMO, I am fairly certain that no court or government agency will be able to force any person or corporation to do what the FBI is asking Apple to do. It would be different if Congress passed legislation requiring this type of feature be built into products. I am guessing that if that were the case, a group of companies would then challenge the legislation in court and then the companies and the public would know what the government was doing and we would have an idea on the limitations or capability of products sold in the USA. Then the blackmarket in bootlegged jail broken products would grow.

Many of these issues are not new. I had an interesting conversation back in 1992 with Phil Zimmermann regarding PGP. Many of the issues being discussed in today's issue with Apple iOS and their encryption are the same issues we discussed back in 1992. Zimmermann was correct then and I agreed with him then.

For anyone interested, here is an open letter Zimmermann wrote back in 1991 - https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

http://market-ticker.org/akcs-www?post=231127

Folks, this is not what it appears nor how it is being reported.

I ran an Internet company in the 1990s. We used to get subpoenas from the government in the normal course of business; ironically, the most-common source was from Customs (at the time they handled most of the kiddie porn cases.)

The government can compel you to testify either in person or by record production -- that is, they can compel you to turn over something you have. That's what a subpoena or court order does and we complied with these subpoenas as an ordinary matter of operations because there is nothing legally -- or constitutionally -- wrong with being compelled to testify (whether by document or by personal utterance) to the truth before a court of law.

But the government has no power to compel you to make that which you do not have.

It does not matter if the government is offering to pay Apple or not, nor does it matter how much they are offering to pay. There is no authority anywhere in the Constitution and in fact there is an explicit prohibition against involuntary servitude, with pay or not, in the 13th Amendment:

"Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction."

Apple not only has not been convicted of a crime it has not even been accused of an offense.

There is simply no authority for the FBI or any other organ of the government to compel the company to make anything. They can compel the firm to hand over something the company possesses under due process of law but in this case the operating system version they wish to obtain does not exist.

A judicially-issued demand to Apple, or anyone else, that reads "Write software to do X for us" is facially invalid.

Such an "order" is nothing less than a demand that Apple submit to slavery, which is prohibited under the US Constitution. We fought a war in this country and large swaths of our nation were literally sacked, burned to the ground, over this exact issue 150 years ago.

Any government agency issuing such a demand is lawless, has attempted a bald unconstitutional act and no longer carries any legitimacy in this country, nor does any Judge have standing to issue such a facially void order.

Period.

Evidence on the phone may provide leads on other known associates and conspirators involved in terrorist activity.

That could be said of thousands of phones in this country. Where do you stop? one phone? only phones owned by people that have entered the country recently from the middle east? only phones of those who have filled out a 4473 in the past 30 years?


Wouldn't you at least expect your government to pursue the evidence?

I know you mean well, but that sounds all too much like paraphrasing "common sense reasonable gun control", and "if it could save just one life".

No, in this case, I'm willing to let the government to be blind.

Many of these issues are not new. I had an interesting conversation back in 1992 with Phil Zimmermann regarding PGP. Many of the issues being discussed in today's issue with Apple iOS and their encryption are the same issues we discussed back in 1992. Zimmermann was correct then and I agreed with him then.

For anyone interested, here is an open letter Zimmermann wrote back in 1991 - https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html


I wholeheartedly agree. I remember reading this, some years later, and being compelled to start using pgp (https://en.wikipedia.org/wiki/Pretty_Good_Privacy) (and subsequently gpg (https://www.gnupg.org/)) anytime I possibly could.

The above link is a must read.

Assuming the .gov hasn't already got the data they want from the phone...

Why not give the phone to Apple, have Apple get all data off the phone and decrypt it, Apple turns over data to FBI and keeps the phone if it would compromise how they unlocked it. I have no idea it that would work.

Essentially, this is what the FBI is requesting. Apple has extracted and turned over all information from the phone from the cloud back up. The FBI is missing the last months information as that was after the last back up.

Here's the problem. Once this occurs, then Apple is back in the business of cracking their customer's phones for LE agencies and even foreign LE/govt agencies. "Well, we know you can do it because you were forced to make software for the terrorist FBI investigation, so the judge orders you to do this phone too." Now they are in a position they are compelled to retain the software for further requests and it's open to theft or exploitation. It's even potentially open to relinquishment to the US Govt and then it clearly lost to a foreign government. There simply isn't "just this time" when it comes to a search like this. Apple doesn't want to even make the Genie much less let it out of the bottle. I agree. There are other avenues to gather this information, and if they can't, well that's the price of privacy. I wast told no during more than one warrant request and didn't find evidence during many an electronic and physical search. The way I see it, this is burning down a city to search a single houses basement.

I guess I have a different take. The FBI isn't asking Apple to install a backdoor on every iPhone, they're asking Apple to build a new version of the firmware that bypasses the autowipe function. It's very easy for Apple to build this and to control its use by not providing the new firmware release to the FBI. Instead, Apple builds the new firmware, gets the phone from the FBI, uploads the new firmware, then hands it to the FBI to crack the phone. Apple destroys the software version they created and they have an engineer watch the FBI to ensure they are not trying to copy the new firmware. Cumbersome but not really that challenging. Having said all that, what I object to is the government directing a private company to produce something. That's not far off from the government directing private citizens to buy something. Oh wait ...

I guess I have a different take. The FBI isn't asking Apple to install a backdoor on every iPhone, they're asking Apple to build a new version of the firmware that bypasses the autowipe function.

...How is that not adding a back door? That's providing a way to skip the normal rules. Even if such a thing were created that would leave the data encrypted but make it so you can have unlimited tries to break the encryption, such a thing can and would get into the hands of bad actors, who would exploit it. Hence, backdoor.

Bad actors and the government is the worst one of those. We simply cannot trust the government to do right by us, if Apple grants the government this power they'll be in YOUR phone in a heartbeat.

...How is that not adding a back door? That's providing a way to skip the normal rules. Even if such a thing were created that would leave the data encrypted but make it so you can have unlimited tries to break the encryption, such a thing can and would get into the hands of bad actors, who would exploit it. Hence, backdoor.

It absolutely is. Most people don't understand the technology.

A better solution is to create a finite number of "master keys" that are validated and immediately invalidated by a central server that only Apple owns. The gov can get a warrant, be issued a key, and use that key on one and only one device. This would maintain the integrity of the encryption.

As soon as the key is used it's dead.

Apple could then publish the number of keys used by various agencies with whatever details they are allowed to publish (some warrants are sealed). If we're in the dozens to hundreds then gov is behaving itself.

Physical possession of the device would be required.

Dear everyone that doesn't work in,or with, computer/network forensics - or at least in/with the computer security industry:

Don't hold strong opinions about things you don't understand.

What is being asked for is a one-sided deal with the devil. Nothing good can come of this.

That said, people thinking that Apple is on the side of the users here are dreaming, or just ignorant fan-bois.

All of this could have been avoided if the goddamn government hadn't let those 2 jihadis into the country in the first place.

The government is trying to use their utter failure to protect the borders as leverage to strip you of your privacy.

Dear everyone that doesn't work in,or with, computer/network forensics - or at least in/with the computer security industry:

Don't hold strong opinions about things you don't understand.

What is being asked for is a one-sided deal with the devil. Nothing good can come of this.

That said, people thinking that Apple is on the side of the users here are dreaming, or just ignorant fan-bois.

Yet was the status quo prior to IOS7 (IIRC).

Any thoughts on if Apple can currently break their encryption? I think they can and are over-stating the effort.

Aloha, I'm surprised that you think having an engineer watch an FBI agent is all it would take to prevent abuse in this situation.

Yet was the status quo prior to IOS7 (IIRC).

Any thoughts on if Apple can currently break their encryption? I think they can and are over-stating the effort.

They (the gubment) aren't asking Apple to "break" their encryption in the traditional sense (e.g. decryption). They are asking Apple to make it easier to brute-force by not auto-destroying after a given number of invalid attempts. e.g. send the phone a special 'software-update' that changes the phones behavior. This is doable by Apple, but would require an amount of effort that I don't think the gubment understands or cares to understand. Its akin to asking MS to re-do a special version of Windows. Could MS do it, yes. Is there a lot of effort involved in the development and testing of such a thing - more than most people who have never seen the soup being made actually realize.

The encryption that Apple uses is sound, and I do not believe that it has been backdoored by Apple. Therefore I don't believe Apple can 'decrypt' your phone on a whim. Could there be flaws in the cryptosystem that an attacker, or the gubment, could use to exploit the system? Always.

If anyone cares on the technical side of the encryption here are some high level descriptions specific to this case:

None of these get into the actual cryptanalysis - e.g. no math required. If anyone wants to talk about the math we can do that in a different forum.

High level
http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html

Slightly lower level
http://www.darthnull.org/2014/10/06/ios-encryption

And more importantly, for anyone that is thinking of voting for Trump:
http://www.nbcnews.com/news/us-news/donald-trump-boycott-apple-until-they-help-fbi-access-shooter-n522031

Oh and one last one - from the Demi-god of encryption himself (and an incredibly cool human being at that):

https://www.washingtonpost.com/posteverything/wp/2016/02/18/why-you-should-side-with-apple-not-the-fbi-in-the-san-bernardino-iphone-case/

...How is that not adding a back door? That's providing a way to skip the normal rules. Even if such a thing were created that would leave the data encrypted but make it so you can have unlimited tries to break the encryption, such a thing can and would get into the hands of bad actors, who would exploit it. Hence, backdoor.

You need to check the definition of a backdoor. Adding a global key that would give them entry would be a backdoor. This is creating a vulnerability they had fixed but that's not the same thing AND it's not being applied to every iPhone.

In this case, what they are asking for is a software update to a single phone. I have two problems with this, the first being compelling a private entity (person or corporation) to make something and the second being opening the door to other prosecutors and investigators wanting the same thing. OTOH, I don't buy the arguments coming from Apple either -- clearly they can produce a new software version and they would know exactly where in the code to stop it from auto-wiping after exceeding the built-in counter. Saying they can't do that is a whole lot of hooey. I'd be far more inclined to believe them if they said they were concerned the government would replicate the special software for illicit use on other iPhones or something else -- but that's NOT what they've said - and they could have proposed ways to ensure the special software load doesn't get out into the wild.

I have a question about the comments about the government requiring a company to create something that doesn't exist. How is that different than requiring seat belts, air bags, anti lock brakes, catalytic converters, etc on vehicles. Those things used to not exist, now they are required and exist because of it. I imagine this can be applied to every single related industry. So what's the difference?

I have a question about the comments about the government requiring a company to create something that doesn't exist. How is that different than requiring seat belts, air bags, anti lock brakes, catalytic converters, etc on vehicles. Those things used to not exist, now they are required and exist because of it. I imagine this can be applied to every single related industry. So what's the difference?

To me, there isn't any difference. I don't think companies should be REQUIRED to put those in either. However, the implementing legislation and regulation were founded on the fact the devices already existed (this special FBIOS presumably doesn't exist yet -- I was simply arguing against those who said it couldn't be done or that it was a "backdoor") and contributed substantially to overall safety. The attempts to force biometric handgun safeties tried to follow a similar pattern in requiring the devices once an effective design had been proven; IIRC at least one locality has actually passed the legislation but has not yet mandated the requirement BECAUSE no such effective design has yet been proven.

Seems like the government can "backdoor" those safety requirements by saying, 'you can make whatever vehicle you want, but in order to be used on public roadways, these features must be present.'

Seems like the government can "backdoor" those safety requirements by saying, 'you can make whatever vehicle you want, but in order to be used on public roadways, these features must be present.'

Yes, that's the way they're doing it. The one difference is that they generally do it only after an effective device has been proven to exist. Apple is saying FBiOS doesn't exist and they have concerns about the general safety if it were to exist. Very distinct concerns:

1. Does a version of iOS doing what the FBI wants exist? I think even the FBI agrees the answer to this is no.
2. Can a version of iOS doing what the FBI wants be created? Disputed.
3. If this special version of iOS is made, can it be protected from dissemination in the wild? Disputed.
4. If this special version of iOS is made, can the government be prevented from copying it?
5. If this special version of iOS is made, can the government be trusted to use it only for the one instance they have cited? Disputed.
6. If Apple complies with the FBI request, what's to prevent other LE or state prosecutors from making similar requests?

More esoterically,
7. Does FBiOS constitute a "backdoor" for all iPhones?
8. Is Apple being asked to "break" the cryptography on iPhones?

I add the last two esoterically simply because that's what some people are saying in their writings but note that a "backdoor" is a specific type of security vulnerability, usually involving installing one or more special keys or passwords that allow entry at will. This is more along the lines of circumventing rather than breaking the encryption. A laymen's analogy would be if I, as an architect or security company, purposely designed one or more blind entries into a bank or installation so I could get in at will -- that's a backdoor -- versus an Ocean's Eleven or Mission Impossible team breaking in by attacking how security was implemented or just brute forcing it with a Panzer round (ala Kelly's Heroes).

They (the gubment) aren't asking Apple to "break" their encryption in the traditional sense (e.g. decryption). They are asking Apple to make it easier to brute-force by not auto-destroying after a given number of invalid attempts. e.g. send the phone a special 'software-update' that changes the phones behavior. This is doable by Apple, but would require an amount of effort that I don't think the gubment understands or cares to understand. Its akin to asking MS to re-do a special version of Windows. Could MS do it, yes. Is there a lot of effort involved in the development and testing of such a thing - more than most people who have never seen the soup being made actually realize.

The encryption that Apple uses is sound, and I do not believe that it has been backdoored by Apple. Therefore I don't believe Apple can 'decrypt' your phone on a whim. Could there be flaws in the cryptosystem that an attacker, or the gubment, could use to exploit the system? Always.

So this is more about a permanent "back door" then the exceptional need to decrypt the terrorist's device? That is reason enough to oppose it. The Fourth Amendment is blanket protection that can only be violated with due process (exception) and we shouldn't be willing to give that up because TERRORISM!!!

It's interesting how gov overreach has turned this (and other things) into a boolean decision. Thinking of an example in meatspace where a lock company designs a file cabinet/lock that in impenetrable and a terrorist buys it. It's hard not to think of ways the company could satisfy the exceptional need (gov interest) to open that lock while maintaining the integrity of their product/privacy of other customers who have done nothing wrong.


[snip]

And more importantly, for anyone that is thinking of voting for Trump:
http://www.nbcnews.com/news/us-news/donald-trump-boycott-apple-until-they-help-fbi-access-shooter-n522031


I think Trump just lost a lot of support, particularly from Independents and Libertarians.

5. If this special version of iOS is made, can the government be trusted to use it only for the one instance they have cited? Disputed.


Can the government be trusted not to snoop once they have the technology to do so….. -That's pure unadulterated comedy right there.

So this is more about a permanent "back door" then the exceptional need to decrypt the terrorist's device?

Except in the digital realm - once it is created, its out there forever. All it takes is for a copy to get loose and now we all get to have fun. There is absolutely zero difference between a one-time/just-this-once/just for this device and a permanent backdoor for everyone. Once you get into the security of how the actual protections work you will see why that is the case.

64088

The government just wants to pile in your back door.

Snowden: FBI's claim that only Apple can unlock the iPhone is 'bullshit' (http://www.theinquirer.net/inquirer/news/2450268/snowden-fbi-claims-that-only-apple-can-unlock-the-iphone-are-bullshit)


WHISTLEBLOWER Edward Snowden has described the FBI's claim that only Apple can unlock an iPhone to investigate the communications of the San Bernardino shooters as "bullshit".

Snowden joins a growing number of commentators questioning the FBI's true intentions behind thedemands on Apple (http://www.theinquirer.net/inquirer/news/2447385/apple-refuses-fbi-demand-for-iphone-backdoor), which have been rebuffed by CEO Tim Cook who argues that the agency is in effect demanding that his firm makes obsolete security technology it has spent considerable time and effort creating.

Snowden was speaking by video feed at pro-democracy organisation Common Cause's Blueprint for a Great Democracy conference in Washington DC yesterday. He stated that "we have to use the technical community to enforce our rights" instead of allowing the government to force co-operation that may be unethical or undemocratic.

"We do have some evidence today of methods that do work. The Apple versus the FBI case is a good example of this," said Snowden (https://youtu.be/cJ6PpX6xg-E?t=30m2s), adding that "the FBI would not be as pissed off as they are" if Apple wasn't setting an important precedent by flatly refusing to co-operate.

Snowden, like others, disputes assertions that the FBI's demands on Apple are about simply getting to the bottom of one case.

"The FBI has said in court that Apple has the ‘exclusive technical means' - these are their words - the ‘exclusive technical means' [to access the device]," said Snowden. "Respectfully, that's bullshit."
Snowden explained that there have been similar attacks since the 1990s that the FBI has investigated without calling for any specific assistance from technology vendors.

David Davis, MP for Haltemprice and Howden, and a former shadow home secretary, agreed with Snowden in a recent conversation with The INQUIRER, stating that the FBI's argument for forcing Apple to develop a security bypassing tool seems unfounded.

"The truth is that terrorist encryption is often in the form of agreed phrases. The Omagh bombing in Northern Ireland, when the signal was given back by the bombers that the thing was placed, [the perpetrator] said: ‘The brick is in the wall.' He didn't say: ‘I've placed the bomb,'" Davis said.

"It's rather obviously a code phrase, but you might use a more mundane code phrase. So even if you did away with encryption, all you'd do is make them move on to something more sophisticated.

"So, generally speaking, I'm on Apple's side in this argument. It sounds hard, but the truth is what are they going to learn from these two [perpetrators]? They will already know who they talk to. They get that through metadata. They wouldn't need the phone for that."

I actually went and listened to Snowden's comments on it, and I have to agree.

The idea that so many apple-fan-boi's have, that apples encryption is unbreakable, is naive, bordering on stupidity. The FBI's cyber division can easily get into this phone, but they are pushing for the "legal" means to do it for EVERY phone they come across.

In reality, I know quite a few engineers that could get into the phone without apple's help, and without disabling the "x many tries, then wipe" "secucrity".

Something seems left out of the equation here (which I alluded to before): why do so many people think that you need physical access to a digital device to find out what's on it? Didn't the original Snowden revelations show that every big communications company including Comcast, Verizon, AT&T, Microsoft, Yahoo, and Google are already in cahoots with the NSA? Based on that, I think It's fairly safe to assume that any digital transmission is monitored/recorded in some way but would most of the relevant data for this case even be encrypted? What if there isn't anything relevant to the crime even encrypted on the phone?

The idea that so many apple-fan-boi's have, that apples encryption is unbreakable, is naive, bordering on stupidity. The FBI's cyber division can easily get into this phone, but they are pushing for the "legal" means to do it for EVERY phone they come across.
Bingo. You have to have an idea that we have the ability to break military grade encrypted communications....so an iPhone is easy pickings. They just need the cover that this legal action would provide.

So is this like a more boring version of Sicario?

Something seems left out of the equation here (which I alluded to before): why do so many people think that you need physical access to a digital device to find out what's on it? Didn't the original Snowden revelations show that every big communications company including Comcast, Verizon, AT&T, Microsoft, Yahoo, and Google are already in cahoots with the NSA? Based on that, I think It's fairly safe to assume that any digital transmission is monitored/recorded in some way but would most of the relevant data for this case even be encrypted? What if there isn't anything relevant to the crime even encrypted on the phone?

Phone conversations are stored for a set period of time (I don't actually know how long that is), unless they are given higher priority. Higher priority can be given for several things, including a long list of key words/phrases that the automated system watches for. Other reasons include NSA/CIA/Warranted LEO interest in certain people. But, unless you give them reason to want to go back through your recorded calls, they roll off the storage rather quickly. The record of the call (from, to, duration, cell tower used, often GPS, etc) is all stored by the phone company for a LOT longer. Texts take up very little space, so I assume they are stored for quite some time, but I have no idea how long. They are sent as plain text, not encrypted, so those are easy to scan realtime for concerns.

The problem is the actual space used for all of the NSA's intercepts, so they have to prioritize. When Snowden released his information, several years ago now, there were sites where they were collecting so much information that they could only store it for 24 hours. He was talking about 20+ Terabytes of data per day. Hard drives have gotten bigger, so they can probably hold it for longer, but the number of phones has also gone up. So who actually knows how long they can keep the un-prioritized data at this point.

Now, if all that data was over written before the phone number of the suspects was known, then the only thing left as a record is the information the phone company keeps, which can be helpful, but is pretty limited. They are going to want to go through the phone in great detail to try and uncover information about the attackers and accomplices that the phone records wouldn't/couldn't show.

Now the FBI is saying, "Nevermind. We found a way in and we have what we want." The FBI is also asking that the court case be vacated.

And in a surprising turn, Apple is now asking the FBI, "Hey. How'd you guys do it?"

Now, I'm no fan of gov't but I'd tell Apple to piss up a rope. I probably dislike Apple just as much as I dislike an overreaching gov't. Fuck 'em both. I knew the FBI could get in. Of course, if I were into conspiracies I'd be wondering a whole lot of things.

Did the FBI really hack the phone? Did Apple give the FBI what they wanted while pretending not to? And on and on and on...

Like the NSA couldn't crack the code? GMAFB

All encryption can be broken. Is the encrypted data worth the resources to break the encryption?

Someone in the DOJ and FBI should be getting a dressing down for making much ado about nothing. This should never have been a public confrontation.

All encryption can be broken. Is the encrypted data worth the resources to break the encryption?

Someone in the DOJ and FBI should be getting a dressing down for making much ado about nothing. This should never have been a public confrontation.

It was probably made public as a way to advertise to every techy in the world that they were looking for a way in. Look how fast they found someone.

I read somewhere that an Israeli company provided them access...

I read somewhere that an Israeli company provided them access...

And regardless of whether that is true or not, I am not surprised that an Israeli company is taking credit for it. It makes for good advertising.