Interesting conundrum

[SA Friday]

Assuming the .gov hasn't already got the data they want from the phone...

Why not give the phone to Apple, have Apple get all data off the phone and decrypt it, Apple turns over data to FBI and keeps the phone if it would compromise how they unlocked it. I have no idea it that would work.

Essentially, this is what the FBI is requesting. Apple has extracted and turned over all information from the phone from the cloud back up. The FBI is missing the last months information as that was after the last back up.

Here's the problem. Once this occurs, then Apple is back in the business of cracking their customer's phones for LE agencies and even foreign LE/govt agencies. "Well, we know you can do it because you were forced to make software for the terrorist FBI investigation, so the judge orders you to do this phone too." Now they are in a position they are compelled to retain the software for further requests and it's open to theft or exploitation. It's even potentially open to relinquishment to the US Govt and then it clearly lost to a foreign government. There simply isn't "just this time" when it comes to a search like this. Apple doesn't want to even make the Genie much less let it out of the bottle. I agree. There are other avenues to gather this information, and if they can't, well that's the price of privacy. I wast told no during more than one warrant request and didn't find evidence during many an electronic and physical search. The way I see it, this is burning down a city to search a single houses basement.

[Aloha_Shooter]

I guess I have a different take. The FBI isn't asking Apple to install a backdoor on every iPhone, they're asking Apple to build a new version of the firmware that bypasses the autowipe function. It's very easy for Apple to build this and to control its use by not providing the new firmware release to the FBI. Instead, Apple builds the new firmware, gets the phone from the FBI, uploads the new firmware, then hands it to the FBI to crack the phone. Apple destroys the software version they created and they have an engineer watch the FBI to ensure they are not trying to copy the new firmware. Cumbersome but not really that challenging. Having said all that, what I object to is the government directing a private company to produce something. That's not far off from the government directing private citizens to buy something. Oh wait ...

[RblDiver]

I guess I have a different take. The FBI isn't asking Apple to install a backdoor on every iPhone, they're asking Apple to build a new version of the firmware that bypasses the autowipe function.

...How is that not adding a back door? That's providing a way to skip the normal rules. Even if such a thing were created that would leave the data encrypted but make it so you can have unlimited tries to break the encryption, such a thing can and would get into the hands of bad actors, who would exploit it. Hence, backdoor.

[roberth]

Bad actors and the government is the worst one of those. We simply cannot trust the government to do right by us, if Apple grants the government this power they'll be in YOUR phone in a heartbeat.

[Skip]

...How is that not adding a back door? That's providing a way to skip the normal rules. Even if such a thing were created that would leave the data encrypted but make it so you can have unlimited tries to break the encryption, such a thing can and would get into the hands of bad actors, who would exploit it. Hence, backdoor.

It absolutely is. Most people don't understand the technology.

A better solution is to create a finite number of "master keys" that are validated and immediately invalidated by a central server that only Apple owns. The gov can get a warrant, be issued a key, and use that key on one and only one device. This would maintain the integrity of the encryption.

As soon as the key is used it's dead.

Apple could then publish the number of keys used by various agencies with whatever details they are allowed to publish (some warrants are sealed). If we're in the dozens to hundreds then gov is behaving itself.

Physical possession of the device would be required.

[asmo]

Dear everyone that doesn't work in,or with, computer/network forensics - or at least in/with the computer security industry:

Don't hold strong opinions about things you don't understand.

What is being asked for is a one-sided deal with the devil. Nothing good can come of this.

That said, people thinking that Apple is on the side of the users here are dreaming, or just ignorant fan-bois.

[roberth]

All of this could have been avoided if the goddamn government hadn't let those 2 jihadis into the country in the first place.

The government is trying to use their utter failure to protect the borders as leverage to strip you of your privacy.

[Skip]

Dear everyone that doesn't work in,or with, computer/network forensics - or at least in/with the computer security industry:

Don't hold strong opinions about things you don't understand.

What is being asked for is a one-sided deal with the devil. Nothing good can come of this.

That said, people thinking that Apple is on the side of the users here are dreaming, or just ignorant fan-bois.

Yet was the status quo prior to IOS7 (IIRC).

Any thoughts on if Apple can currently break their encryption? I think they can and are over-stating the effort.

[Irving]

Aloha, I'm surprised that you think having an engineer watch an FBI agent is all it would take to prevent abuse in this situation.

[asmo]

Yet was the status quo prior to IOS7 (IIRC).

Any thoughts on if Apple can currently break their encryption? I think they can and are over-stating the effort.

They (the gubment) aren't asking Apple to "break" their encryption in the traditional sense (e.g. decryption). They are asking Apple to make it easier to brute-force by not auto-destroying after a given number of invalid attempts. e.g. send the phone a special 'software-update' that changes the phones behavior. This is doable by Apple, but would require an amount of effort that I don't think the gubment understands or cares to understand. Its akin to asking MS to re-do a special version of Windows. Could MS do it, yes. Is there a lot of effort involved in the development and testing of such a thing - more than most people who have never seen the soup being made actually realize.

The encryption that Apple uses is sound, and I do not believe that it has been backdoored by Apple. Therefore I don't believe Apple can 'decrypt' your phone on a whim. Could there be flaws in the cryptosystem that an attacker, or the gubment, could use to exploit the system? Always.