News Community Reacts to Apple vs FBI Story

[russ_watters]

Just in case we cross-post, a separate one:

You've said that before and I don't think that's true. Please provide a quote from the motion or court order that states that.

Here's what the FBI says they want (and I submit since this is the only thing before the court, speculation on what else they might want is irrelevant):

In sum, the government seeks an order that Apple assist in enabling the search commanded by the warrant by removing, for the SUBJECT DEVICE only, some of the additional, non-encryption barriers that apple has coded into its operating system, such as the auto-erase function...

While the government proposes a specific means of accomplishing this, the government requests that the order allow Apple to achieve the goals of the order in an alternative technical manner if mutually preferable.

I see no indication that the FBI is requiring that they be provided with the tool (they want it created and used by Apple, not provided to the FBI) and they are explicitly stating they are open to other options. It seems most amenable to me.

One of the reasons I object to pre-judgements is that I think it gets in the way of actual judgement. There are other possible reasons here for the FBI offering the things that are actually on the table. For example, by asking Apple to install a tool to reduce the security, they relieve Apple of the responsibility for the additional step of actually cracking the phone. It may or may not be a meaningful distinction to Apple, but it could be, so I think it is worthwhile to offer it merely to be amenable to Apple's potential concerns.

 

[Dr. Courtney]

I see no indication that the FBI is requiring that they be provided with the tool (they want it created and used by Apple, not provided to the FBI) and they are explicitly stating they are open to other options. It seems most amenable to me.

Here's the text of the order:

Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

That definitely has Apple handing over the tools to the FBI for the FBI to crack the phone.

 

[russ_watters]

That definitely has Apple handing over the tools to the FBI for the FBI to crack the phone.

Please explain in more detail. I don't see any form of the word "tool" or its implication anywhere in the quote. I see "Apple...will bypass..." not "Apple will provide a tool to the FBI enabling it to bypass..."

 

[Kilo Vectors]

This "hacking a phone" is not difficult for any skilled hacker and elite organisation like the FBI.

I really cannot help but chuckle at apple and other big companies, they claim to resist such encroachments but it has been seen that they collaborated with these same agencies to plant backdoors in these technologies. I already know all too well the capabilities of hackers, it would not be difficult to do this. So, the one of the biggest spying organisation in the world can't even hack a phone? xD (their brother, the NSA can surely break into almost anything)

It all seems like another well orchestrated fraud/PR stunt to seem like they actually bother protecting consumer data/privacy and freedoms.

 

[zoobyshoe]

Please explain in more detail. I don't see any form of the word "tool" or its implication anywhere in the quote. I see "Apple...will bypass..." not "Apple will provide a tool to the FBI enabling it to bypass..."

From Greg's link:

So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Although the FBI isn't asking for a tool, what it want to accomplish has to be accomplished by means of a tool, a tool that Apple would have to create and install on the phone. The FBI would receive the phone back from Apple with the tool, specifically "a crippled version of the firmware," installed on it.

 

[russ_watters]

From Greg's link:

Although the FBI isn't asking for a tool, what it want to accomplish has to be accomplished by means of a tool, a tool that Apple would have to create and install on the phone. The FBI would receive the phone back from Apple with the tool, specifically "a crippled version of the firmware," installed on it.

Basically correct.*

*Caveat 1: I would say "used on it", not "installed on it". I think the difference matters. What is installed on the phone isn't the tool itself it is modifications made by the tool (a patch tool).
Caveat 2: The FBI has proposed alternatives such as Apple keeping the phone and opened the door to other alternatives Apple might propose.

 

[russ_watters]

The more I think through this issue, the more I side with the FBI. Originally, I had some sympathy for Apple over compliance breaking a promise to their customers, but that is waning. The promise Apple has made, as applied here, is the ability/tool to evade a legal search warrant. I think such a tool should be illegal. As it happens, Apple made a flawed tool, one they can still bypass, which means that now it is Apple itself who is evading a legal search warrant. That sounds like a prosecutable obstruction of justice crime to me.

There's still a way out for Apple, and that is compliance after losing their court case. Then they can somewhat truthfully claim to their customers that it isn't their fault and they had no choice.

 

[Dr. Courtney]

Well, I'm still hopeful Snowden and Assange will be brought to the USA to face justice for their abuses in the NSA.

Fact check: When was Julian Assange ever "in the NSA"?

Further, why should foreign journalists who are neither US Citizens nor residing nor even present in the USA, be subject to the laws of the USA?

Should the US hand it's journalists over to foreign countries in cases where those foreign countries claim our citizens have broken their laws in cases where our citizens were never even in the foreign country when the laws were purportedly broken?

 

[anorlunda]

The consequences that could follow this case may be more important than the details of the order or the alternatives.

Reportedly, attorneys General and local cops are preparing for their own orders. Foreign governments may demand more than the FBI. The more onerous Apple makes the procedures for this case, the bigger the army if Apple employees they'll need for future cases.

The select few Apple employees who know how to break iPhone security will have their personal security compromised for years. For self defense, they will be motivated to leak the secret to the internet.

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

 

[zoobyshoe]

The consequences that could follow this case may be more important than the details of the order or the alternatives.

Reportedly, attorneys General and local cops are preparing for their own orders. Foreign governments may demand more than the FBI. The more onerous Apple makes the procedures for this case, the bigger the army if Apple employees they'll need for future cases.

The select few Apple employees who know how to break iPhone security will have their personal security compromised for years. For self defense, they will be motivated to leak the secret to the internet.

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

Clarify your second sentence for me. You are saying there are reports that attorneys General and "local cops" are waiting in line behind the FBI to issue orders to Apple to unlock other cell phones? And that foreign governments would be able to do this as well? What's the source of such reports?

 

[russ_watters]

As it happens, Apple made a flawed tool, one they can still bypass...

Even that is too generous.

This isn't a bug, it's a feature. Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

Apple has always been this way because of their long-time corporate philosophy of of supremacy over their customers. The "1984" Super Bowl commercial was a trick: it was always Apple, not IBM/Microsoft who was Big Brother, tightly controlling the user experience in all of their products. The particular feature we're discussing - the ability to update the users' software without their knowledge/consent - was just, for the first time, added to a Microsoft operating system (Windows 10), touching-off a minor firestorm. Windows users have always been accustomed to more direct access to the function of the operating system and MS asking permission to make alterations of it.

If this was Enron/Arthur Andersen, we wouldn't be having this discussion. AA destroyed Enron documents in order to evade/help Enron evade a legal search warrant and was convicted of felony obstruction of justice for it.

We've talked about potential slippery slopes with the FBI: what about Apple's slippery slope? The FBI is constrained from going down a slippery slope by the law, but Apple - thus far - is constrained only by their imagination. People are saying that the FBI is moving down a slippery slope, but Apple is building the slope and by necessity, the government is following them down it. I think this case may bear-out that Apple is not entitled to just go as far as they want.

 

[russ_watters]

Fact check: When was Julian Assange ever "in the NSA"?

It was a lazy wording. I should have said "in/of". Their actions though are most ironic because they are the ones who made real the danger they said the NSA was creating! It's like proving someone's house is violating the fire code by lighting it on fire. The owners of the house may have been breaking the law, but arson is a much worse crime.

Further, why should foreign journalists who are neither US Citizens nor residing nor even present in the USA, be subject to the laws of the USA?

Really? You do know there are international laws and treaties, right? Espionage is a crime that doesn't respect international borders.
http://www.washingtonpost.com/wp-dyn/content/article/2010/11/29/AR2010112905973.html

Should the US hand it's journalists over to foreign countries in cases where those foreign countries claim our citizens have broken their laws in cases where our citizens were never even in the foreign country when the laws were purportedly broken?

I'd be willing to entertain the question if it ever comes up. But fortunately for us, that question isn't on the table as a hypothetical for an Assange, much less an American: Assange isn't in his home country.

 

[jack476]

Isn't the right to use software encryption covered by the Second Amendment or something? I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

 

[Dr. Courtney]

Isn't the right to use software encryption covered by the Second Amendment or something? I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

You get the credit for the most interesting viewpoint!

That is an interesting angle to explore, but I think it is more directly covered by the right to privacy.

See: https://en.wikipedia.org/wiki/Right_to_privacy

 

[Vanadium 50]

This isn't a bug, it's a feature. Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

I had not heard this. Where can I read this?

 

[jack476]

You get the credit for the most interesting viewpoint!

That is an interesting angle to explore, but I think it is more directly covered by the right to privacy.

See: https://en.wikipedia.org/wiki/Right_to_privacy

I just looked it up. I guess encryption software is technically a "munition" rather than a weapon (not sure what the distinction is) https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States

But either way, the right to self-defense from things like identity theft and computer viruses still factors in along with right to privacy.

 

[Vanadium 50]

I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

Even if that were the case (IANAL, but it sounds improbable) the owner of the phone has given permission.

 

[Astronuc]

San Bernardino County tweets it reset terrorist's iCloud password with FBI
http://www.mercurynews.com/ci_29543811/san-bernardino-county-tweets-it-reset-terrorists-icloud

However - Apple says investigators ruined best way to access terrorist data

"A backup feature might have provided the FBI with a way to access data from the iPhone of a San Bernardino terrorist. But a change to the Apple iCloud password foiled that idea."

http://www.cnet.com/news/apple-says...-most-promising-way-to-access-terrorist-data/

According to senior Apple executives on Friday, the FBI might have been able to obtain data from an iPhone 5C belonging to Syed Farook, one of the San Bernardino terrorists, by connecting it to a familiar Wi-Fi network and having it create a new backup on Apple's iCloud service.

The idea was foiled, the executives say, because the password to the terrorist's iCloud account was reset shortly after the FBI took possession of the phone. That meant iCloud and the iPhone couldn't recognize each other, the executives said.
. . . .

https://gma.yahoo.com/san-bernardino-shooters-apple-id-passcode-changed-while-234003785--abc-news-topstories.html#

 

[anorlunda]

Clarify your second sentence for me. You are saying there are reports that attorneys General and "local cops" are waiting in line behind the FBI to issue orders to Apple to unlock other cell phones? And that foreign governments would be able to do this as well? What's the source of such reports?

My source was the Washington Post. Sorry, no link. But here are some, similar articles, the 2nd us from Australia.
http://www.bloomberg.com/news/artic...says-iphone-unlock-order-carries-global-peril
http://www.huffingtonpost.com.au/2016/02/17/apple-san-bernardino-phone_n_9259410.html

Google news has 8148 hits on apple+"attorney general" today.

 

[anorlunda]

Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

Source please

 

[mheslep]

Apple has already purposely created a back door into the iPhone, for their own use, with tools they already posess and they are denying access to the FBI in contradiction of a legal search warrant.

I believe that statement is out of date, and that since the discovery some years ago that Apple had back doors being used by governments, Apple changed their security, making it inaccessible to them too. Google followed suit with Android platforms.

 

[russ_watters]

Isn't the right to use software encryption covered by the Second Amendment or something? I'm sure I read somewhere that encryption is technically a "weapon" and therefore protected by the right to bear arms.

I can honestly say I have never heard that logic before. I don't agree with it, but even if it were true that it is a weapon, it wouldn't automatically be legal under the 2nd amendment. As I'm sure you are aware, lots of weapons are not legal for civilians to own/use - particularly when used against the government!

 

[russ_watters]

I had not heard this. Where can I read this?

Source please

It's described in the text of the Wired article Greg posted:

Apple specifically altered its software in 2014 to ensure that it would not be able to unlock customer phones and decrypt any of the most important data on them; but it turns out it overlooked a loophole in doing this that the government is now trying to exploit...

To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone.

The loophole is the fact that Apple still retains the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting. [emphasis added]

Wired refers to it as a "loophole" that they "overlooked" and I describe it as a long established "feature", but either way, what it is is the ability to update the user's software (operating system) without their permission.

It's kind of funny actually: Apple has created uncrackable security, while retaining the ability to turn it off!

 

[russ_watters]

I believe that statement is out of date, and that since the discovery some years ago that Apple had back doors being used by governments, Apple changed their security, making it inaccessible to them too. Google followed suit with Android platforms.

If that were true, we wouldn't be having this conversation. We're having this conversation because the contents of the phone are accessible to Apple and the FBI has obtained a court order requiring Apple to essentially unlock the door for the FBI to open it.

 

[russ_watters]

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

That's certainly a possibility, as is the banning of the sale of such products in the USA.

 

[Astronuc]

Common software would have let FBI unlock shooter's iPhone
http://finance.yahoo.com/news/common-software-let-fbi-unlock-160352000.html

WASHINGTON (AP) -- The county government that owned the iPhone in a high-profile legal battle between Apple Inc. and the Justice Department paid for but never installed a feature that would have allowed the FBI to easily and immediately unlock the phone as part of the terrorism investigation into the shootings that killed 14 people in San Bernardino, California.

If the technology, known as mobile device management, had been installed, San Bernardino officials would have been able to remotely unlock the iPhone for the FBI without the theatrics of a court battle that is now pitting digital privacy rights against national security concerns.

Certainly continues to get interesting.

https://gma.yahoo.com/apple-cant-surrender-civil-liberties-fight-over-shooters-184504995.html
Ted Olson, a former U.S. Solicitor General now representing Apple, defended the company’s decision to refuse to comply with the FBI’s request to unlock an iPhone left behind by one of the shooters in the San Bernardino terror attack.

 

[anorlunda]

It's described in the text of the Wired article Greg posted:

I think the passage that you're talking about is this.

The loophole is the fact that Apple still retains the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

2/22/
Unless Apple has confirmed that, or unless someone publishes the exploit, that is unsupported speculation.

That's certainly a possibility, as is the banning of the sale of such products in the USA.

That's brilliant Russ. Then the USA can be the only country in the world with no cell phones.

The following illustrates how the USA is promoting encryption all over the world except USA.

The tools it recommended - ChatSecure and Cryptocat - are popular throught the Middle East making them easily available to extremists from that part of the world. They were also developed largely with money from the US government.
...
Some federal agencies have funded the development of nearly unbreakable encryption software, while others, especially in intelligence and law enforcement, fume over their inability to read protected messages.
..,
The U.S. Justice Department has sought a court order to force Apple ... Meanwhile, at least five federal agencies are developing similar encryption tools, with the aim of helping military officers and pro-democracy advocates, avoid detection overseas.

Tor was also designed by US money, and it is supported by the US government overseas (but not at home).

 

[Borg]

Then the USA can be the only country in the world with no cell phones.

Two things wrong with that conclusion. Just because one version of a product isn't allowed, doesn't mean that no products are allowed. And, even if the government declared all non-decryptable Apple phones illegal in the US, Apple would quickly build a phone that complied with the rules. The alternative would be to lose market share in one of the largest markets. I don't think that their so-called principles extend far enough for that.

 

[anorlunda]

Common software would have let FBI unlock shooter's iPhone
...
mobile device management,

https://www.washingtonpost.com/news...-makes-money-from-it/?wpmm=1&wpisrc=nl_volokh

MDM is not a back door, because setting up MDM on a password-protected phone requires knowledge of the phone's password. If MDM could be set up without the phone's password, a hacker or thief could access any password-protected phone simply by setting up MDM.

Once MDM is set up, it can be used only by presenting a specific set of secret credentials (essentially a second password held by the organization that owns the phone). That is the key difference between MDM and a back door: a back door allows third parties to access the phone without permission of the owner/user, while MDM is set up by the owner and can thereafter be used only by the owner.

MDM allows corporations to do several things to phones in their control. None of those things includes arbitrary data access. Here's why:

The relevant functionality you’re noticing is that MDM allows a controller of an MDM phone to push applications to that phone, to remove and update *those same applications*, and (in some cases) to push and retrieve data *from those same applications*. That distinction is not trivial: unlike Android phones, iOS gives each application its own sandboxed, encrypted area to write data in. Applications cannot write outside that zone. Thus, no matter how excited a corporation gets, they can’t use this functionality to intercept data, and would only at best be able to retrieve data created with one of the applications they control. This is thus not a backdoor for your purposes, no matter how malicious the company running MDM is—and the security that powers this design is the same that underpins *all* iOS app store apps. It’s why on iOS (unlike Android) arbitrary third-party apps can't read your Facebook friends without your permission.

(There is a sharing mechanism built in as well—that’s how you can, e.g., share photos—but this is done via a “push” mechanism: the app with the data has to basically put it in the mailbox of the application that wants it. If the application with the data is a personal app, not an MDM one, then MDM still won’t help.)

 

[russ_watters]

Unless Apple has confirmed that, or unless someone publishes the exploit, that is unsupported speculation.

Speculation by whom? The FBI and Wired? I guess I'm going to trust that they've done some homework, but also you should put some logic into it: if Apple were incapable of doing what the FBI requested, there'd be no reason/need to fight the request it in court! Apple discusses in detail what the FBI has asked them to do in their response letter and makes no indication that what is being asked of them is impossible.

That's brilliant Russ. Then the USA can be the only country in the world with no cell phones.

C'mon, you are better than that. This is a normal thing that applies all the time. All products of all kinds are required to comply with local laws in all countries or risk being prohibited from sale. If you don't believe me, go try to buy a VW clean diesel.