Apple Fights Order

[Zacha341]

Apple Fights Order to Unlock San Bernardino Gunman’s iPhone

http://www.nytimes.com/2016/02/18/technology/apple-timothy-cook-fbi-san-bernardino.html?_r=0

Interesting... with over 2700+ comments and counting!

[Lowell]

Yeah I’m conflicted on this one. This is a tough one. Nobody trusts the government but suddenly they say trust us. Use of emergencies is a long established tactic of governments to bypass law, be it the Reichstag fire, the internment of Japanese Americans, use of torture or, as Snowden revelations show, the illegal mass compiling of our private records.

It’s the old ‘we know something you don’t know but we can’t tell you what we know. So trust us,’ argument. That’s usually concluded with the nuclear argument. What it ‘they’ had a suitcase nuclear bomb and we thought you/I knew who ‘they’ are. Could we do whatever to you/me?

I don’t know. I ask what are we fighting for? Do we have to live in a police state to avoid a police state? Or as Benjamin Franklin famously said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”

I’m not fan of Apple as a corporation. They off-shore their profits, have a less than stellar record with their underpaid Chinese workers and Jobs was a well-known tyrant. But I love their products and a primary reason I have them is their unified structure gives them the greatest security.

It just seems to me that there has to be a third way - a technical solution. One that doesn’t compromise Apple’s security but gets data off this single phone. It just seems it has to be. I hope that’s what happens. Then they’ll probably find all he was doing was hitting porn sites.

[Zacha341]

I feel you on the conflict and the poli-tricks therein! I have my own private battle with Apple: love their computers, but refuse to answer the 'ringing phone' of their increasingly stupid and buggy system updates and cloud crud [[I run no higher than Lion or Yosemite OSX) and NEVER buy Mac computers new. NEVER! Only used.

And I buy two models behind on their Iphones, never the newest version. So I pay very little when I do upgrade [[used or refurb models).

[Honky Tonk]

I feel you on the conflict and the poli-tricks therein! I have my own private battle with Apple: love their computers, but refuse to answer the 'ringing phone' of their increasingly stupid and buggy system updates and cloud crud [[I run no higher than Lion or Yosemite OSX) and NEVER buy Mac computers new. NEVER! Only used.

And I buy two models behind on their Iphones, never the newest version. So I pay very little when I do upgrade [[used or refurb models).

Try their new ISIS model......

[Jimaz]

What I find most interesting about this case is that the FBI appears to be "admitting" that it is incapable of accomplishing this feat and that Apple is capable. I find either one or the other of those assertions [[and that the FBI is even making them) difficult to believe.

Security functions that can be bypassed are by definition not security functions.

“The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe,” Mr. Cook said.

If Apple designed truly strong encryption into that particular terrorist phone, by definition even Apple would not be able to retroactively add a back door into that particular phone. They could design back doors into future products but that wouldn't help the FBI in this particular case.

From what little I've read, at this point, I suspect Apple had built back doors into their devices but has denied the FBI that access and the FBI knows this. Of course Apple wouldn't want this to become public because they'd be seen as betraying their own customers. Was Apple withholding the back door keys from the FBI until the FBI agreed to some terms? Did the FBI go public to blow Apple's cover that they're not using strong encryption and are already [[partially) in bed with the FBI?

The ultimate irony is that even if the FBI gets their way, it is still possible for the bad guys to easily wrap their own strong encryption around any Apple back door, completely defeating it. Even Apple can't stop them. This has been known for decades. I am baffled as to why the FBI would pretend not to know this. They know this.

Security functions that can be bypassed are, by definition, not security functions.

[Zacha341]

Are we talking their OSX, iOS or hardware, or both!? ......

Try their new ISIS model......

[JBMcB]

Nobody seems to get exactly what is going on so here's a quick rundown:

1. Apple has already handed over everything on their servers to the FBI. This includes email, messages, phone logs, etc... The FBI gave them a warrant, they complied. This includes the iCloud backups of the iPhone in question, though there hadn't been a backup in a few weeks, so they weren't current.

2. The FBI wanted to get a newer copy of stuff off of the iPhone. Apple suggested they turn it on and leave it on a known network overnight - this would have triggered an automatic backup to the iCloud, and the FBI would have what the wanted. Problem is, the FBI changed the password on the iCloud account from the web, and the iPhone was trying to back up using the old password. Changing back to the old password would not fix this because of the way a properly designed password system works. Apple would be the one who has to do this, because the OS is cryptographically signed, and only Apple has the key to sign the OS.

3. On that particular iPhone model, you do not need to unlock the device to force a system upgrade [[by plugging it into a computer running iTunes) so what the FBI wants is for Apple to create a custom operating system version for that iPhone that would let the FBI unlock it without a password. This is not a trivial task - doing a custom fork of an entire OS, customized to bypass security checks and device encryption is a big deal.

4. Newer iPhones require you to unlock the device to force an OS upgrade, so this workaround would theoretically not work for them.

IMHO, the FBI's request is bogus. These guys were smart enough to destroy their hard drives and wipe out their on-line accounts. If their iCloud backups, nor email or message archives didn't have anything on them, their iPhone probably isn't going to have anything on it, either.

[G-DDT]

^^^being illiterate to the processes [[and be patient with me here, JBMcB), does this mean that the FBI's claim is nonsense, and all they're leveraging for is an App to be installed that allows them to listen onto anyone? Maybe I didn't understand what you typed, but is that what it boils down to, here?

[JBMcB]

^^^being illiterate to the processes [[and be patient with me here, JBMcB), does this mean that the FBI's claim is nonsense, and all they're leveraging for is an App to be installed that allows them to listen onto anyone? Maybe I didn't understand what you typed, but is that what it boils down to, here?

The FBI can already listen in on phone calls. The issue is that the data on the iPhone itself is encrypted [[application information, pictures, calendar info that wasn't on their iCalendar account, etc...) That's what the FBI wants.

This is kind of like saying, after subpoenaing all of a suspects phone calls, credit card statements, bank statements, computer data, and searching everything at their work, house and car - what you *really* need is what is in the suspect's wallet. Perhaps there is an important scrap of paper in there with a phone number on it, but you already have all the phone calls the suspect has made, and his card activity and everything - the odds of something else being in there are pretty slim.

[Now&then]

Sounds like they just want folk's-ahem-risque pictures.

[Johnnny5]

While I don't really want to be, I'm with the FBI on this one. As these technologies advance criminals will be storing everything from financial records to child porn on encrypted devices that the government will no longer have the ability to access [[not even with a warrant). If Apple succeeds in this case it could absolutely cripple law enforcement's ability to fight crime in the future.

[Jimaz]

...As these technologies advance criminals will be storing everything from financial records to child porn on encrypted devices that the government will no longer have the ability to access [[not even with a warrant). If Apple succeeds in this case it could absolutely cripple law enforcement's ability to fight crime in the future.

The cracking of truly secure cryptography in general has already been "absolutely crippled" since the 1970s. Despite dramatic accounts of heroic and triumphant WWII cryptanalysts, the era of secretly snooping on competent enemies has long passed.

To crack PKC, one would essentially have to discover a new way to quickly [[for even supercomputers) factor the product of two large prime numbers, a feat that has never been accomplished in the entire history of mathematics.

Although in this particular Apple case PKC may not have been a deciding factor, we know the technology already exists for black hats to communicate securely and there's nothing anyone in the universe can do to prevent it [[short of science-fictiony quantum computers).

Apple's success or failure in this case will have no influence whatsoever on the ability of competent bad guys to communicate securely. The FBI knows this.

These facts need to be taken into account when forming effective security policy.

[Johnnny5]

That may be true, but this won't just affect extreme cases where sophisticated criminals are using highly encrypted data. Apple purposely made changes to it's newest operating system that mean it is now offering unbreakable encryption technology for the masses, and it's basically set by default. More mundane, yet serious cases like missing children, murder investigations and many other crime investigations are going to hit brick walls if something as simple as a locked phone means that data is completely irretrievable.

[Jimaz]

That may be true, but this won't just affect extreme cases where sophisticated criminals are using highly encrypted data. Apple purposely made changes to it's newest operating system that mean that it is now offering unbreakable encryption technology for the masses, and it's basically set by default. More mundane, yet serious cases like missing children, murder investigations and many other crime investigations are going to hit brick walls if a locked phone means data is completely irretrievable.

Yes, and PKC doesn't affect just extreme cases or only sophisticated criminals. It's freely available to all independent of any action taken by Apple.

The important point is that bad guys can securely encrypt their data before Apple even sees it, whether extreme or not, whether sophisticated or not. So there's nothing Apple can do to allow that data to be revealed.

Yes, Apple and the FBI may have colluded in fostering a false sense of security among the bad actors who were foolish enough to rely on Apple's "security." That works to only a limited extent. Beyond that there's the bigger problem of dealing with the even worse actors who are not fools.

[EastsideAl]

The FBI apparently screwed up the phone on their own, and now wants Apple to go to some considerable lengths to bail them out, as JBMcB indicated. Given all that has happened with the FBI and the rest of the over-active hyper-security apparatus in our "free" country, and their obvious wish to get into everybody's everything, I can't say that I have any sympathy or warm fuzzies for them.

However, I can't be the only one troubled by the specter of a large corporation simply ignoring a lawful federal court order. Especially in an active criminal investigation. Apple may be above a lot of things, but the law shouldn't be one of them. If I was one of the people who lost someone in that shooting spree I don't think I'd find Apple's defiance of this court order in the name of their "principles" [[and protecting their own commercial interests, and, not too incidentally, selling a bunch more phones) to be so cool or even all that principled in any wider moral sense.

[Johnnny5]

"Court records released on Tuesday show the U.S. Justice Department has in the last four months sought court orders to force Apple Inc to help investigators extract data from 15 iPhones in cases across the country."

"According to Apple's letter, the technology company has objected to providing law enforcement assistance with regards to at least 12 of the 15 iPhones so far.

https://finance.yahoo.com/news/doj-s...--finance.html

[JBMcB]

OK, A few clarifications and updates from my last post.

The encryption on the iPhone isn't by-passable, that is - even with a custom operating system that bypasses the PIN code needed to access the OS, you still can't decrypt the files on the iPhone. So what the FBI is asking for is, essentially, a custom OS that bypasses the PIN for access to the device itself, bypasses the 10 try wipe feature [[after 10 bad PIN entries the device erases personal data) and lets the FBI enter a range of PIN codes to try to brute-force crack the encryption.

Second interesting thing is the FBI waited two months before asking Apple for help. So, they obviously don't think there is critically important information on the device, otherwise they would have asked much sooner.

In my opinion, it's one thing to ask a company for help bypassing security features - which Apple has done on multiple occasions in the past on older hardware. It's another entirely to ask them to develop attacks to breach the security they have developed, which is what the FBI is asking them to do.

To use the safe analogy, it's the difference between the FBI asking a safe manufacturer what metals are used in the construction of their safe so the FBI can choose the correct drill bit to use to drill into it - and having the safe manufacturer build a machine to crack the lock's combination.

[Richard]

"Court records released on Tuesday show the U.S. Justice Department has in the last four months sought court orders to force Apple Inc to help investigators extract data from 15 iPhones in cases across the country."

"According to Apple's letter, the technology company has objected to providing law enforcement assistance with regards to at least 12 of the 15 iPhones so far.

https://finance.yahoo.com/news/doj-s...--finance.html

12 were not even considered criminals yet,what do they call them potential criminals so we need to find out if other Americans may become criminals through their phones.

There are already apps out there where others can listen to your conversation through your phones speakers even if you are not talking on the phone.

What happened with the whole using the PS3 system to send coded messages,no more is being said,did PS3 hand over their encryption codes?

[G-DDT]

John Oliver had a lot to say on his show https://www.youtube.com/watch?v=zsjZ2r9Ygzwand on Colbert's show about the issue and the double standard importance of encryption [[Colbert took a fatalist and all-too-accepting-if not typical Devil's Advocate-stance that "I just naturally assume everything we do is monitored by the Government").

One important question we have to honestly ask ourselves: after all that fussing and struggling with Apple, the FBI gets it's way-okay, BUT, if there isn't one iota of new and pertinent information to add to their investigation into the matter, do you really think that the FBI will shrug and honestly and sheepishly admit that to the American public [["Uh, yeah, uh, well we really didn't find much of anything relevant, but the doors are now more open for us than ever to get what we want from your privacy.").

I find it interesting that when I see an ABC broadcast showing the matter, you got the FBI spokesman getting more say about the issue than the privacy-propounder at Apple who gets one sentence of talk and even that gets cut off halfway through it.

[G-DDT]

A news broadcast yesterday admitted the FBI found nothing important [[ I often wondered from the onset if the attacker had seen some very troubling things go down at the facility and was reprimanded as a whistle blower as part of his motive) or connecting to other organizations. CNN put up an article two days ago spinning it more on that it was "important" in the regards that it only deductively helped them "to certainly discount leads they were already sure were unhelpful". What was the fuss? Just to prove they can impose?

[Jimaz]

This video does a good job of explaining the folly/futility of attempting to create controlled-vulnerability encryption: Should all locks have keys? Phones, Castles, Encryption, and You. The ending neatly sums up the situation.

What was the point of creating all the drama about codes that can be cracked, if not to distract attention away from the codes that nobody can crack [[short of science-fictiony quantum computing)?

<sarcasm on>Yea! the FBI has discovered a way to crack ROT13! That must mean that they can crack anything!<sarcasm off> No, it doesn't. They're being disingenuous and they know it.

The significant question is why was this high-profile PR pretense constructed in the first place?