News Community Reacts to Apple vs FBI Story

[Dr. Courtney]

No. The motion explicitly states that the FBI is willing to work with Apple to come up with a mutually agreeable solution. It is within Apple's power to comply with this request in a way that utterly prevents the FBI from gaining the tool itself.

Of course. But that has nothing to do with this case, because that isn't on the table. It isn't a possible outcome of this case.

Reasonable need? What Apple has done is totally unprecedented as far as I can tell* - at least I've never heard of a computer company not installing a back-door to their software. I consider the need to conduct reasonable searches and seizures to be a "reasonable need".

The government has done a really poor job lately keeping the info they have secure. It is entirely foreseeable that any back doors they have into electronic communications will also be accessed by third parties with criminal intent. It is widely agreed in the technical community that making back doors only the good guys can access is impossible.

 

[Dr. Courtney]

Both of those things happened before I was born - and I'm 40. To me, that's a spectacularly good history. Probably more to the point, everyone's opinions are based on what they know and have experienced and having never experienced things that haven't happened since before I was born, it is easy for me to set them aside as being no longer necessarily relevant/true to today.

The FBI director mentioned in an interview that he is aware of more recent illegal intrusions by the FBI, and everyone knows about the NSA.

 

[russ_watters]

The government has done a really poor job lately keeping the info they have secure. It is entirely foreseeable that any back doors they have into electronic communications will also be accessed by third parties with criminal intent. It is widely agreed in the technical community that making back doors only the good guys can access is impossible.

Agreed.

The FBI director mentioned in an interview that he is aware of more recent illegal intrusions by the FBI...

I'd be interested to hear about them and can't judge them without explanation.

...and everyone knows about the NSA.

Certainly. And everyone also knows they are not a party to this case, so we probably shouldn't be discussing them here.

 

[Dr. Courtney]

It is also noteworthy that there is after-the-fact recourse here. If the police/FBI seize something they were not entitled to, the courts can still render it inadmissible. It isn't an uncorrectable wrong.

But if private information is made public, that cat cannot be reversed. There is also very little recourse for recovery of criminal uses of back doors.

Anyway, as I've said before, I'm not a big believer in secrecy/anonymity. There is literally nothing I wouldn't be willing to tell/give the FBI access to, warrant-free.

Personally, I am much less worried about the honest government agents than criminals.

*I said "most" in my previous post, but am amplifying here because the more I think about it, the more I think I've never seen/heard of such a thing.

The idea for tighter security and encryption without backdoors became more popular after the Snowder revelations about the NSA abuses.

The new Android OS also has the capability.

A number of open source efforts are underway to provide systems without back doors.

 

[Dr. Courtney]

Certainly. And everyone also knows they (the NSA) are not a party to this case, so we probably shouldn't be discussing them here.

Are you really so naive as to believe that abuses that went unpunished in the NSA will not crop up in other government agencies? The NSA abuses were a motivation for many to improve the security in the first place.

Do you really think the precedent set in this case will not be extended to other government agencies?

 

[russ_watters]

Personally, I am much less worried about the honest government agents than criminals.

I want to point something out here and I'm not even really asking for an explanation, I just want you to be aware: your worldview and mine are so different from each other, that I'm honestly having trouble even understanding your position. Privacy? Security? Indentured servitude? Honest government agents? Government criminals? Non-government criminals? These issues seem so vague and in many cases disconnected from each other to me that I'm having a lot of trouble getting a handle on the specific issues that you are concerned about and why. I don't really understand what is important to you, much less why, much less how important it is. I guess I have one question from that I'd like an answer to, with or without an explanation:

Do you believe that peoples' personal privacy/security is better or worse today than it was 50 years ago when a person could pick-up their party-line phone and listen to their neighbors' phone call and police didn't need to crack encryption to place a bug on it?

Me personally, I think in general privacy/security is better today, but the risks are different. It is essentially impossible for my neighbor to listen in on my phone calls today, but there is a risk of someone from far away (in California or China) stealing my credit card. They are also harder to identify/quantify/counter, which in my perception plays into and raises vague fears.

 

[russ_watters]

Are you really so naive as to believe that abuses that went unpunished in the NSA will not crop up in other government agencies?

Well, I'm still hopeful Snowden and Assange will be brought to the USA to face justice for their abuses in the NSA.

I'm not naive about broad risks. I just don't assume/pre-judge negatives about people's actions or motives without evidence. To me, it seems like you are doing to the FBI what you believe they are doing to you: assuming everyone could be a criminal. I don't see any way to deal with such a fear beyond living permanently in a panic room.

Do you really think the precedent set in this case will not be extended to other government agencies?

Of course precedents get extended to other similar circumstances. That's what "precedent" means! But it seems to me that you aren't looking at precedents, but rather are looking at slippery slopes. Precedents are not slippery slopes. I'll be specific:

If Apple cracks this phone and gives the data on the phone to the FBI but not the tool for cracking the phone, the precedent set enables them and the police - but not the NSA - to do it again, with exactly the same scope and method: getting a warrant/court order and getting the vendor to crack just the one phone for them. It would not allow (or even enable!) the FBI to crack phones themselves, intercept our calls and emails without a warrant or do any other nefarious thing that I'm having trouble even imagining.

 

[Dr. Courtney]

Are you really so naive as to believe that abuses that went unpunished in the NSA will not crop up in other government agencies? The NSA abuses were a motivation for many to improve the security in the first place.

Do you really think the precedent set in this case will not be extended to other government agencies?

Do you believe that peoples' personal privacy/security is better or worse today than it was 50 years ago when a person could pick-up their party-line phone and listen to their neighbors' phone call and police didn't need to crack encryption to place a bug on it?

If a citizen doesn't take care, their privacy and security are likely worse than they were 50 years ago.

If a citizen takes due care, there are opportunities for their privacy and security to be much better.

I don't have an iPhone. I'm not sure if the phone I have even has the capability of being locked with a pass code. But knowing this, I take due care not to have info on the phone that can be used to harm me or my family if it gets lost or stolen.

But a lot of folks have much greater info on their phone, including credit card, ssn, and direct banking info. If I did this, I would prefer an iPhone with the autowipe feature after 10 failed pass codes. Backdoors tend to be exploited by criminals.

See: https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004–05

 

[Dr. Courtney]

I'm not naive about broad risks. I just don't assume/pre-judge negatives about people's actions or motives without evidence. To me, it seems like you are doing to the FBI what you believe they are doing to you: assuming everyone could be a criminal. I don't see any way to deal with such a fear beyond living permanently in a panic room.

Of course precedents get extended to other similar circumstances. That's what "precedent" means! But it seems to me that you aren't looking at precedents, but rather are looking at slippery slopes. Precedents are not slippery slopes. I'll be specific:

If Apple cracks this phone and gives the data on the phone to the FBI but not the tool for cracking the phone, the precedent set enables them and the police - but not the NSA - to do it again, with exactly the same scope and method: getting a warrant/court order and getting the vendor to crack just the one phone for them. It would not allow (or even enable!) the FBI to crack phones themselves, intercept our calls and emails without a warrant or do any other nefarious thing that I'm having trouble even imagining.

I have posted ample evidence. Further, the FBI doesn't want Apple to crack the phone and give them the evidence. (This would be a more reasonable position, and help to dispel concerns of future abuses.)

The FBI wants Apple to give them the tools to hack the phone themselves. Why do they need this if they truly only want the info on THAT phone rather than the broader capability to hack other phones? If they accept a compromise that allows Apple or McAfee to crack the phone and pass along the data without the tools, it would appear they are only interested in this single phone (at least for now). If they continue to insist that Apple give them the tools to hack the phone or if they circle back around and start asking for back doors again, their real motives should continue to be questioned.

 

[russ_watters]

I have posted ample evidence.

What you've posted just plain isn't how "evidence" in criminal wrongdoing works. You can't convict someone of a crime because someone else, 50 years ago, committed one!

The FBI wants Apple to give them the tools to hack the phone themselves.

You've said that before and I don't think that's true. Please provide a quote from the motion or court order that states that.

...McAfee...

You mentioned McAfee before and even setting aside the murder allegations, I don't think hiring him to crack it would be legal/ethical. He's a 3rd party business owner who represents a separate security risk and financial interest counter to Apple's.

 

[russ_watters]

Just in case we cross-post, a separate one:

You've said that before and I don't think that's true. Please provide a quote from the motion or court order that states that.

Here's what the FBI says they want (and I submit since this is the only thing before the court, speculation on what else they might want is irrelevant):

In sum, the government seeks an order that Apple assist in enabling the search commanded by the warrant by removing, for the SUBJECT DEVICE only, some of the additional, non-encryption barriers that apple has coded into its operating system, such as the auto-erase function...

While the government proposes a specific means of accomplishing this, the government requests that the order allow Apple to achieve the goals of the order in an alternative technical manner if mutually preferable.

I see no indication that the FBI is requiring that they be provided with the tool (they want it created and used by Apple, not provided to the FBI) and they are explicitly stating they are open to other options. It seems most amenable to me.

One of the reasons I object to pre-judgements is that I think it gets in the way of actual judgement. There are other possible reasons here for the FBI offering the things that are actually on the table. For example, by asking Apple to install a tool to reduce the security, they relieve Apple of the responsibility for the additional step of actually cracking the phone. It may or may not be a meaningful distinction to Apple, but it could be, so I think it is worthwhile to offer it merely to be amenable to Apple's potential concerns.

 

[Dr. Courtney]

I see no indication that the FBI is requiring that they be provided with the tool (they want it created and used by Apple, not provided to the FBI) and they are explicitly stating they are open to other options. It seems most amenable to me.

Here's the text of the order:

Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

That definitely has Apple handing over the tools to the FBI for the FBI to crack the phone.

 

[russ_watters]

That definitely has Apple handing over the tools to the FBI for the FBI to crack the phone.

Please explain in more detail. I don't see any form of the word "tool" or its implication anywhere in the quote. I see "Apple...will bypass..." not "Apple will provide a tool to the FBI enabling it to bypass..."

 

[Kilo Vectors]

This "hacking a phone" is not difficult for any skilled hacker and elite organisation like the FBI.

I really cannot help but chuckle at apple and other big companies, they claim to resist such encroachments but it has been seen that they collaborated with these same agencies to plant backdoors in these technologies. I already know all too well the capabilities of hackers, it would not be difficult to do this. So, the one of the biggest spying organisation in the world can't even hack a phone? xD (their brother, the NSA can surely break into almost anything)

It all seems like another well orchestrated fraud/PR stunt to seem like they actually bother protecting consumer data/privacy and freedoms.

 

[zoobyshoe]

Please explain in more detail. I don't see any form of the word "tool" or its implication anywhere in the quote. I see "Apple...will bypass..." not "Apple will provide a tool to the FBI enabling it to bypass..."

From Greg's link:

So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Although the FBI isn't asking for a tool, what it want to accomplish has to be accomplished by means of a tool, a tool that Apple would have to create and install on the phone. The FBI would receive the phone back from Apple with the tool, specifically "a crippled version of the firmware," installed on it.

 

[russ_watters]

From Greg's link:

Although the FBI isn't asking for a tool, what it want to accomplish has to be accomplished by means of a tool, a tool that Apple would have to create and install on the phone. The FBI would receive the phone back from Apple with the tool, specifically "a crippled version of the firmware," installed on it.

Basically correct.*

*Caveat 1: I would say "used on it", not "installed on it". I think the difference matters. What is installed on the phone isn't the tool itself it is modifications made by the tool (a patch tool).
Caveat 2: The FBI has proposed alternatives such as Apple keeping the phone and opened the door to other alternatives Apple might propose.

 

[russ_watters]

The more I think through this issue, the more I side with the FBI. Originally, I had some sympathy for Apple over compliance breaking a promise to their customers, but that is waning. The promise Apple has made, as applied here, is the ability/tool to evade a legal search warrant. I think such a tool should be illegal. As it happens, Apple made a flawed tool, one they can still bypass, which means that now it is Apple itself who is evading a legal search warrant. That sounds like a prosecutable obstruction of justice crime to me.

There's still a way out for Apple, and that is compliance after losing their court case. Then they can somewhat truthfully claim to their customers that it isn't their fault and they had no choice.

 

[Dr. Courtney]

Well, I'm still hopeful Snowden and Assange will be brought to the USA to face justice for their abuses in the NSA.

Fact check: When was Julian Assange ever "in the NSA"?

Further, why should foreign journalists who are neither US Citizens nor residing nor even present in the USA, be subject to the laws of the USA?

Should the US hand it's journalists over to foreign countries in cases where those foreign countries claim our citizens have broken their laws in cases where our citizens were never even in the foreign country when the laws were purportedly broken?

 

[anorlunda]

The consequences that could follow this case may be more important than the details of the order or the alternatives.

Reportedly, attorneys General and local cops are preparing for their own orders. Foreign governments may demand more than the FBI. The more onerous Apple makes the procedures for this case, the bigger the army if Apple employees they'll need for future cases.

The select few Apple employees who know how to break iPhone security will have their personal security compromised for years. For self defense, they will be motivated to leak the secret to the internet.

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

 

[zoobyshoe]

The consequences that could follow this case may be more important than the details of the order or the alternatives.

Reportedly, attorneys General and local cops are preparing for their own orders. Foreign governments may demand more than the FBI. The more onerous Apple makes the procedures for this case, the bigger the army if Apple employees they'll need for future cases.

The select few Apple employees who know how to break iPhone security will have their personal security compromised for years. For self defense, they will be motivated to leak the secret to the internet.

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

Clarify your second sentence for me. You are saying there are reports that attorneys General and "local cops" are waiting in line behind the FBI to issue orders to Apple to unlock other cell phones? And that foreign governments would be able to do this as well? What's the source of such reports?

 

[russ_watters]

As it happens, Apple made a flawed tool, one they can still bypass...

Even that is too generous.

This isn't a bug, it's a feature. Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

Apple has always been this way because of their long-time corporate philosophy of of supremacy over their customers. The "1984" Super Bowl commercial was a trick: it was always Apple, not IBM/Microsoft who was Big Brother, tightly controlling the user experience in all of their products. The particular feature we're discussing - the ability to update the users' software without their knowledge/consent - was just, for the first time, added to a Microsoft operating system (Windows 10), touching-off a minor firestorm. Windows users have always been accustomed to more direct access to the function of the operating system and MS asking permission to make alterations of it.

If this was Enron/Arthur Andersen, we wouldn't be having this discussion. AA destroyed Enron documents in order to evade/help Enron evade a legal search warrant and was convicted of felony obstruction of justice for it.

We've talked about potential slippery slopes with the FBI: what about Apple's slippery slope? The FBI is constrained from going down a slippery slope by the law, but Apple - thus far - is constrained only by their imagination. People are saying that the FBI is moving down a slippery slope, but Apple is building the slope and by necessity, the government is following them down it. I think this case may bear-out that Apple is not entitled to just go as far as they want.

 

[russ_watters]

Fact check: When was Julian Assange ever "in the NSA"?

It was a lazy wording. I should have said "in/of". Their actions though are most ironic because they are the ones who made real the danger they said the NSA was creating! It's like proving someone's house is violating the fire code by lighting it on fire. The owners of the house may have been breaking the law, but arson is a much worse crime.

Further, why should foreign journalists who are neither US Citizens nor residing nor even present in the USA, be subject to the laws of the USA?

Really? You do know there are international laws and treaties, right? Espionage is a crime that doesn't respect international borders.
http://www.washingtonpost.com/wp-dyn/content/article/2010/11/29/AR2010112905973.html

Should the US hand it's journalists over to foreign countries in cases where those foreign countries claim our citizens have broken their laws in cases where our citizens were never even in the foreign country when the laws were purportedly broken?

I'd be willing to entertain the question if it ever comes up. But fortunately for us, that question isn't on the table as a hypothetical for an Assange, much less an American: Assange isn't in his home country.

 

[jack476]

Isn't the right to use software encryption covered by the Second Amendment or something? I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

 

[Dr. Courtney]

Isn't the right to use software encryption covered by the Second Amendment or something? I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

You get the credit for the most interesting viewpoint!

That is an interesting angle to explore, but I think it is more directly covered by the right to privacy.

See: https://en.wikipedia.org/wiki/Right_to_privacy

 

[Vanadium 50]

This isn't a bug, it's a feature. Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

I had not heard this. Where can I read this?

 

[jack476]

You get the credit for the most interesting viewpoint!

That is an interesting angle to explore, but I think it is more directly covered by the right to privacy.

See: https://en.wikipedia.org/wiki/Right_to_privacy

I just looked it up. I guess encryption software is technically a "munition" rather than a weapon (not sure what the distinction is) https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States

But either way, the right to self-defense from things like identity theft and computer viruses still factors in along with right to privacy.

 

[Vanadium 50]

I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

Even if that were the case (IANAL, but it sounds improbable) the owner of the phone has given permission.

 

[Astronuc]

San Bernardino County tweets it reset terrorist's iCloud password with FBI
http://www.mercurynews.com/ci_29543811/san-bernardino-county-tweets-it-reset-terrorists-icloud

However - Apple says investigators ruined best way to access terrorist data

"A backup feature might have provided the FBI with a way to access data from the iPhone of a San Bernardino terrorist. But a change to the Apple iCloud password foiled that idea."

http://www.cnet.com/news/apple-says...-most-promising-way-to-access-terrorist-data/

According to senior Apple executives on Friday, the FBI might have been able to obtain data from an iPhone 5C belonging to Syed Farook, one of the San Bernardino terrorists, by connecting it to a familiar Wi-Fi network and having it create a new backup on Apple's iCloud service.

The idea was foiled, the executives say, because the password to the terrorist's iCloud account was reset shortly after the FBI took possession of the phone. That meant iCloud and the iPhone couldn't recognize each other, the executives said.
. . . .

https://gma.yahoo.com/san-bernardino-shooters-apple-id-passcode-changed-while-234003785--abc-news-topstories.html#

 

[anorlunda]

Clarify your second sentence for me. You are saying there are reports that attorneys General and "local cops" are waiting in line behind the FBI to issue orders to Apple to unlock other cell phones? And that foreign governments would be able to do this as well? What's the source of such reports?

My source was the Washington Post. Sorry, no link. But here are some, similar articles, the 2nd us from Australia.
http://www.bloomberg.com/news/artic...says-iphone-unlock-order-carries-global-peril
http://www.huffingtonpost.com.au/2016/02/17/apple-san-bernardino-phone_n_9259410.html

Google news has 8148 hits on apple+"attorney general" today.

 

[anorlunda]

Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

Source please

 

[mheslep]

Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

I believe that statement is out of date, and that since the discovery some years ago that Apple had back doors being used by governments, Apple changed their security, making it inaccessible to them too. Google followed suit with Android platforms.

 

[russ_watters]

Isn't the right to use software encryption covered by the Second Amendment or something? I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

I can honestly say I have never heard that logic before. I don't agree with it, but even if it were true that it is a weapon, it wouldn't automatically be legal under the 2nd amendment. As I'm sure you are aware, lots of weapons are not legal for civilians to own/use - particularly when used against the government!

 

[russ_watters]

I had not heard this. Where can I read this?

Source please

It's described in the text of the Wired article Greg posted:

Apple specifically altered its software in 2014 to ensure that it would not be able to unlock customer phones and decrypt any of the most important data on them; but it turns out it overlooked a loophole in doing this that the government is now trying to exploit...

To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone.

The loophole is the fact that Apple still retains the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting. [emphasis added]

Wired refers to it as a "loophole" that they "overlooked" and I describe it as a long established "feature", but either way, what it is is the ability to update the user's software (operating system) without their permission.

It's kind of funny actually: Apple has created uncrackable security, while retaining the ability to turn it off!

 

[russ_watters]

I believe that statement is out of date, and that since the discovery some years ago that Apple had back doors being used by governments, Apple changed their security, making it inaccessible to them too. Google followed suit with Android platforms.

If that were true, we wouldn't be having this conversation. We're having this conversation because the contents of the phone are accessible to Apple and the FBI has obtained a court order requiring Apple to essentially unlock the door for the FBI to open it.

 

[russ_watters]

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

That's certainly a possibility, as is the banning of the sale of such products in the USA.

 

[Astronuc]

Common software would have let FBI unlock shooter's iPhone
http://finance.yahoo.com/news/common-software-let-fbi-unlock-160352000.html

WASHINGTON (AP) -- The county government that owned the iPhone in a high-profile legal battle between Apple Inc. and the Justice Department paid for but never installed a feature that would have allowed the FBI to easily and immediately unlock the phone as part of the terrorism investigation into the shootings that killed 14 people in San Bernardino, California.

If the technology, known as mobile device management, had been installed, San Bernardino officials would have been able to remotely unlock the iPhone for the FBI without the theatrics of a court battle that is now pitting digital privacy rights against national security concerns.

Certainly continues to get interesting.

https://gma.yahoo.com/apple-cant-surrender-civil-liberties-fight-over-shooters-184504995.html
Ted Olson, a former U.S. Solicitor General now representing Apple, defended the company’s decision to refuse to comply with the FBI’s request to unlock an iPhone left behind by one of the shooters in the San Bernardino terror attack.

 

[anorlunda]

It's described in the text of the Wired article Greg posted:

I think the passage that you're talking about is this.

The loophole is the fact that Apple still retains the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

2/22/
Unless Apple has confirmed that, or unless someone publishes the exploit, that is unsupported speculation.

That's certainly a possibility, as is the banning of the sale of such products in the USA.

That's brilliant Russ. Then the USA can be the only country in the world with no cell phones.

The following illustrates how the USA is promoting encryption all over the world except USA.

The tools it recommended - ChatSecure and Cryptocat - are popular throught the Middle East making them easily available to extremists from that part of the world. They were also developed largely with money from the US government.
...
Some federal agencies have funded the development of nearly unbreakable encryption software, while others, especially in intelligence and law enforcement, fume over their inability to read protected messages.
..,
The U.S. Justice Department has sought a court order to force Apple ... Meanwhile, at least five federal agencies are developing similar encryption tools, with the aim of helping military officers and pro-democracy advocates, avoid detection overseas.

Tor was also designed by US money, and it is supported by the US government overseas (but not at home).

 

[Borg]

Then the USA can be the only country in the world with no cell phones.

Two things wrong with that conclusion. Just because one version of a product isn't allowed, doesn't mean that no products are allowed. And, even if the government declared all non-decryptable Apple phones illegal in the US, Apple would quickly build a phone that complied with the rules. The alternative would be to lose market share in one of the largest markets. I don't think that their so-called principles extend far enough for that.

 

[anorlunda]

Common software would have let FBI unlock shooter's iPhone
...
mobile device management,

https://www.washingtonpost.com/news...-makes-money-from-it/?wpmm=1&wpisrc=nl_volokh

MDM is not a back door, because setting up MDM on a password-protected phone requires knowledge of the phone's password. If MDM could be set up without the phone's password, a hacker or thief could access any password-protected phone simply by setting up MDM.

Once MDM is set up, it can be used only by presenting a specific set of secret credentials (essentially a second password held by the organization that owns the phone). That is the key difference between MDM and a back door: a back door allows third parties to access the phone without permission of the owner/user, while MDM is set up by the owner and can thereafter be used only by the owner.

MDM allows corporations to do several things to phones in their control. None of those things includes arbitrary data access. Here's why:

The relevant functionality you’re noticing is that MDM allows a controller of an MDM phone to push applications to that phone, to remove and update *those same applications*, and (in some cases) to push and retrieve data *from those same applications*. That distinction is not trivial: unlike Android phones, iOS gives each application its own sandboxed, encrypted area to write data in. Applications cannot write outside that zone. Thus, no matter how excited a corporation gets, they can’t use this functionality to intercept data, and would only at best be able to retrieve data created with one of the applications they control. This is thus not a backdoor for your purposes, no matter how malicious the company running MDM is—and the security that powers this design is the same that underpins *all* iOS app store apps. It’s why on iOS (unlike Android) arbitrary third-party apps can't read your Facebook friends without your permission.

(There is a sharing mechanism built in as well—that’s how you can, e.g., share photos—but this is done via a “push” mechanism: the app with the data has to basically put it in the mailbox of the application that wants it. If the application with the data is a personal app, not an MDM one, then MDM still won’t help.)

 

[russ_watters]

Unless Apple has confirmed that, or unless someone publishes the exploit, that is unsupported speculation.

Speculation by whom? The FBI and Wired? I guess I'm going to trust that they've done some homework, but also you should put some logic into it: if Apple were incapable of doing what the FBI requested, there'd be no reason/need to fight the request it in court! Apple discusses in detail what the FBI has asked them to do in their response letter and makes no indication that what is being asked of them is impossible.

That's brilliant Russ. Then the USA can be the only country in the world with no cell phones.

C'mon, you are better than that. This is a normal thing that applies all the time. All products of all kinds are required to comply with local laws in all countries or risk being prohibited from sale. If you don't believe me, go try to buy a VW clean diesel.

 

[anorlunda]

That's certainly a possibility, as is the banning of the sale of such products in the USA.

Russ and Borg are certainly entitled to their opinions, but so am I. I think that it is highly unlikely that the US Congress would have the courage to pass a law that even hinted that hoards of liberal Democrats might be cut off from their beloved Apple products. Especially in an election year, Apple could bluff and the government would fold its hand, IMO. Do you think that Congress has been courageous in recent years? Even an executive order would need more courage than Obama has shown on anything so far.

 

[russ_watters]

Russ and Borg are certainly entitled to their opinions, but so am I. I think that it is highly unlikely that the US Congress would have the courage to pass a law that even hinted that hoards of liberal Democrats might be cut off from their beloved Apple products. Especially in an election year, Apple could bluff and the government would fold its hand, IMO. Do you think that Congress has been courageous in recent years? Even an executive order would need more courage than Obama has shown on anything so far.

Who said who to what, now? I don't know where any of that came from - it certainly has little or nothing to do with anything I or Borg said. I was responding to your absurd quip that the USA could become a country without cell phones and then you seemed to back up a step. The above isn't/hasn't been/never was on the table and certainly no one here suggested it until you mentioned it.

I think you need to slow down and catch your breath.

 

[anorlunda]

Breaking from the above spat; here's another view with some points not mentioned hereto.

http://america.aljazeera.com/opinio...-is-a-big-farce-to-get-inside-your-phone.html

The author argues:

The government’s goal in this case has little to do with unlocking a single iPhone, and everything to do with establishing a legal precedent that guarantees them the ability to achieve this access on any device.

Here are some of the arguments he uses to make his case.

the FBI’s assertion that the phone contains valuable evidence is at odds with the known facts of the case. The court order notes that Farook destroyed several other phones to hide evidence prior to the attack. It’s extremely doubtful he’d neglect to destroy the remaining phone if it had any evidence on it. Another reason to be skeptical: The device was actually owned by Farook’s employer, the San Bernardino county health department. Given the lengths he went to destroy evidence, it’s highly unlikely Farook would plan attacks using a company device, since it would be reasonable to assume his employer might be monitoring it. The phone was discovered by agents with the “Find My iPhone” feature turned on — a very strange setting to have activated on a device being used to coordinate terrorist plots.
...
Even more suspicious is how the FBI reacted when finding the phone. According to court documents, they seized the device while it was still on, but allowed the battery to drain. This is baffling because it would have been far easier for investigators to try and access the phone’s contents if they had simply kept it powered and turned on. (The device is fully locked with encryption and tamper-prevention measures when turned off)

The government’s own descriptions of the information it seeks to obtain by forcing Apple to help unlock the phone are also highly questionable. This crucial information includes “who Farook and Malik may have communicated with to plan and carry out the [San Bernardino] shootings, where Farook and Malik may have traveled to and from before and after the incident, and other pertinent information that would provide more information about their and others’ involvement in the deadly shooting.”

All of this information could almost certainly be obtained through other, far more constitutionally sound means. “Who Farook and Malik may have communicated with” could be easily determined by issuing a subpoena to their cell phone, email and Internet service providers; those companies all retain customers’ calling records
...
The same point applies to location information, which is constantly gathered by phone companies as customers’ cellphones move about and connect to their towers. This too would be obtainable without a warrant.

 

[russ_watters]

...here's another view with some points not mentioned hereto.

http://america.aljazeera.com/opinio...-is-a-big-farce-to-get-inside-your-phone.html

The author argues:

Here are some of the arguments he uses to make his case.

Let's assume for the time being that all of that speculation about the FBI's "real" motive is true (that the FBI lied in a legal motion and follow-up public discussion):
1. So what?
2. Can the current course of action achieve what it is claimed they want? (note we have already discussed that...)

 

[Psinter]

Legendary iPhone hacker weighs in on Apple’s war with the FBI
https://www.yahoo.com/tech/legendary-iphone-hacker-weighs-apple-war-fbi-181729112.html

Thank you very much for that link Astronuc. Finally someone who understands. It is a thuggish tactic, a trap like it says in the link and a very clever one.

The[/PLAIN] government also said the judge's ruling was restricted to a single iPhone, and rejected Cook's argument that the order requires Apple to create a "back door" to all its iPhones. "It does not provide 'hackers and criminals' access to iPhones," said the filing, "it does not require Apple to 'hack [its] own users' or to 'decrypt' its own phones; it does not give the government 'the power to reach into anyone's device' without a warrant or a court authorization; and it does not compromise the security of personal information."

Heh. Like clearly stated in the link Astronuc posted, in courts, when prosecutors or defenses want to do something, they base themselves on whether it was done in the past or not. If this is done, in the future other prosecutors will use this case as basis to justify that they can do it. Basic law. It is the first thing books about law have in them. Exercises for the students in the form of cases where other cases have been used as example to boost and/or justify prosecutors and/or defenses arguments/motions.

Plus, justified by law or not, it is compromising security on personal information. Here's the thing (an example): When they couldn't access it, it was secure. When they could access it by force, it was not secure. It was accessed by force, therefore compromised. What security of personal information will you have when warrants begin being issued left and right all over the place because they claim that since it was done once, why not do it again? Let me give you my answer: You won't have any.

 

[gleem]

Can John McAfee of Intel Security Group save http://www.escapistmagazine.com/news/view/166513-John-McAfee-Says-He-Will-Hack-the-San-Bernardino-Phone-to-Save-America-From-Itself? He said He would eat his shoe an national TV if His team cannot break into Syed Farook"s iPhone in three weeks.

 

[Psinter]

I'm very interested to hear what the PF community thinks of this story

Sorry for double posting, but I'm curious, some have given their thinking, but what is OP opinion on the story?

 

[russ_watters]

Thank you very much for that link Astronuc. Finally someone who understands. It is a thuggish tactic, a trap like it says in the link and a very clever one.

Heh. Like clearly stated in the link Astronuc posted, in courts, when prosecutors or defenses want to do something, they base themselves on whether it was done in the past or not. If this is done, in the future other prosecutors will use this case as basis to justify that they can do it. Basic law. It is the first thing books about law have in them. Exercises for the students in the form of cases where other cases have been used as example to boost and/or justify prosecutors and/or defenses arguments/motions.

Since Apple has in the past complied with dozens of similar legal search orders and the [poorly implemented or not] capability of this phone is new, it is Apple who is trying to set the precedent, not the FBI: Apple is trying to set the precedent that it no longer has to comply with legal search orders.

What security of personal information will you have when warrants begin being issued left and right all over the place because they claim that since it was done once, why not do it again? Let me give you my answer: You won't have any.

Correction: you don't have any. Present tense. There is nothing you have that the FBI/police are not entitled to search if they get a warrant. Apple is trying to change that. I find that prospect ominous.

 

[Dr. Courtney]

Correction: you don't have any. Present tense. There is nothing you have that the FBI/police are not entitled to search if they get a warrant. Apple is trying to change that. I find that prospect ominous.

Apple is not trying to change that. They are just saying that they don't want to be forced to help.

Refusing to help is not the same as hindering the process if law enforcement can figure out how to conduct the search independently.

The government wants to go beyond being entitled to search with a warrant. They want to be able to compel third parties to assist in such searches. Congress has refused to pass a law forcing tech companies to provide means for searches to be facilitated. Now the FBI wants to use court orders to accomplish the same end, even though Congress was asked to pass a law, and they did not.

Why not grant John McAfee the same presumption of innocence and good faith and let him crack the phone? Why force one party to crack the phone against their will when another party is offering to do it for free?

 

[Psinter]

@russ_watters - Thanks for the corrections. It is present tense. I got it wrong.

I find that prospect ominous.

What prospect? Do you mean Apple's prospect? If it's that, I don't find it ominous. What I find ominous is their reaction to Apple's decision to not concede them what they ask for. This was fine, but then the way they filed this motion... It leaves much to be desired from them. Their reaction and wordings are... I don't know how to say it, probably dictatorial is the word, but I'm not sure if it is the correct way to express it.