News Community Reacts to Apple vs FBI Story

[Dr. Courtney]

There is risk if the FBI loses to, that goes beyond this one cell phone if a company doesn't need to help law enforcement execute searches anymore, with or without encryption. And there is also risk associated with secure phones themselves.

This risk only exists until Congress passes a law creating the duty some parties are already claiming they have based on a law that pre-dates the Bill of Rights. To whatever degree the people and the Congress agree there is a real risk, it can be fixed very quickly.

 

[zoobyshoe]

It is an interesting line of speculation, but I think you are going too far. Lots and lots of employers provide their employees phones and it is mostly an issue of money: you can't expect an employee to do company business on their own phone, that they pay for. My company is relatively small, so it provides allowances/reimbursement for using personal phones for company business.

Good point.

I see no reason to believe that Farook's job required the use of a very secure phone.

I'm basing it on those two old articles:

Currently, the United States doesn't allow government workers or soldiers to use smartphones for sending classified messages because the devices have not met security certifications.
Officials have said they worry that hackers or rogue apps could tap into the commercial version of Android and spill state secrets to foreign governments or to the Web through a publisher such as WikiLeaks. As many as 5 million Android users may have had their phones compromised by a recent virus outbreak rooted in apps found on Google's market, said security software maker Symantec.
But with a secure smartphone, a soldier could see fellow infantry on a digital map, or an official could send an important dispatch from Washington's Metro subway without fear of security breaches.

Five years ago, at least, when that article came out, the government was all about secure phones. They still are:

If what you are suggesting were true, I would think we'd have seen a direct reporting of it: if nothing else, such policies should be easily accessible.

You're right, so I just googled, and found this interesting article:

High profile cases such as former Secretary of State Hillary Clinton using her personal phone and email server for government business highlight the prevalence of employees bringing their own devices to work, as well as the problems inherent in doing so when federal data is involved.

http://www.federaltimes.com/story/government/mobility/2015/03/31/agencies-need-byod-policies/70715578/
If you read the article you see the policy is not set, it is in the process of being worked out. But the Hilary mini-scandal demonstrates this is being scrutinized. The FBI vs Apple case has put Hilary's thing in the shadows and everyone's forgotten the flak she took for using insecure devices.

But, does this apply to County employees? Federal employees call County employees, so it might.

Even if the above line of reasoning were true, that still wouldn't be. Companies regularly make products for military use that are different from civilian versions of the same products.

At this point the FBI hasn't made that distinction and has a standing opposition to "going dark." But, that's a side issue to my larger point in inventing that scurrilous allegation, which was, you can take anyone who has any position on an issue and find a way to demonize them. When the crime was emotionally incendiary, the urge to do that becomes more severe.

 

[zoobyshoe]

You assume very, very incorrectly. No offense, but this sounds like Hillary Clinton style ignorance of security.

I'm going by what the article said:

But with a secure smartphone, a soldier could see fellow infantry on a digital map...

In combat, the location of fellow infantry would certainly be sensitive information.

 

[russ_watters]

I'm basing it on those two old articles:

I think you must be reading something that isn't there, because:
1. He wasn't a federal employee.
2. He would not have dealt with classified material.

So those articles don't appear to me to have anything relevant to say about this case.

But, does this apply to County employees? Federal employees call County employees, so it might.

I don't think you understand what it means for a communication to be "classified". You can call a federal employee from your home phone. The conversation won't be classified, even if you are reporting a possible terrorist attack in planning. You're implying that all government communications of all types are classified and that just isn't so.

I'm going by what the article said:

No you aren't. The key part you added was that it would be a unsecure, "off the shelf" phone. It is just plain absurd to think that soldiers would be carrying classified information on personal smartphones in combat, as a matter of policy. Do you really think the DOD is that stupid?

At this point the FBI hasn't made that distinction and has a standing opposition to "going dark."

Huh? You're suggesting the FBI is against secure government communications? If the first part of the line of reasoning just went too far, that is just pure nonsense, zooby. You're allowing your imagination to get away from you here.

 

[jim hardy]

If it can be hacked, it will

with thousands of clever kids like this out there - nothing is sacred.



check out his credit card hacker...

 

[russ_watters]

I've read the FBI's court documents.

Then I would appreciate if you stopped saying things you know aren't true or if you disagree with something being said, address it directly rather than saying something that implies you aren't even aware of the issue you are referring to.

Have you read Apple's that I posted a link to?

Yes.

Main points: 1) Some laws that pre-date the Bill of Rights are more limited in scope (or entirely unconstitutional) after the Bill of Rights.

Oy. Case in point to the above. If you did read the court documents, you are certainly acting like you didn't. It is tough to even know where to go with that. I was pointing out how fundamental the principle we were discussing is, but it has a long history of being re-affirmed that is discussed in the court documents. Again, if you really read them, you aren't acting like it.

One of Apple's legal arguments is that code is protected speech under the 1st Amendment. Your opinion is irrelevant, since the fact will depend on how the court rules (and subsequent appeals).

As is yours, but you could at least try applying some logic and studying history (or consult with some experts) in order to try to accurately predict whether that argument will succeed.

Lots of abuses of government power predate the Bill of Rights, I don't see how stating a law or principle pre-dates the Bill of Rights makes it more valid or compelling.

You've previously argued that this is a new power. That's a direct refutation of your previous false claims. But you are right, and more to the point: just being old doesn't mean it is valid. What makes it valid is that it has been renewed/affirmed over and over and over and over again.

Some are creating a conspiracy theory that Apple seeks to empower criminals of all kinds.

I've never seen anyone, anywhere make such a suggestion, so there is no good reason for you to raise it as a strawman here.

This risk only exists until Congress passes a law creating the duty some parties are already claiming they have based on a law that pre-dates the Bill of Rights.

All I can do is roll my eyes at such nonsense. Dr. Courtney, you are making rational discussion very difficult by continuously ignoring facts/issues discussed in documents you claim to have read. At this point, maybe it would be a good idea if you would start quoting the actual passages you disagree with and quoting arguments made by quality sources describing why they are wrong. This shooting from the hip stuff you are doing is producing a huge volume of nonsense.

 

[Astronuc]

Lots of abuses of government power predate the Bill of Rights, I don't see how stating a law or principle pre-dates the Bill of Rights makes it more valid or compelling.

Please provide some examples, or even one. Note that the Constitution (which provides for certain powers within the government), predates the Bill of Rights, so citing the Constitution could potentially be valid or compelling.

Abuse of power also post-dates the Bill or Rights. For example, the Alien and Sedition Acts.

Reference: http://www.archives.gov/exhibits/charters/bill_of_rights_transcript.html
https://www.loc.gov/rr/program/bib/ourdocs/Alien.html

From the second reference - "These acts increased the residency requirement for American citizenship from five to fourteen years, authorized the president to imprison or deport aliens considered "dangerous to the peace and safety of the United States" and restricted speech critical of the government. These laws were designed to silence and weaken the Democratic-Republican Party. Negative reaction to the Alien and Sedition Acts (1798) helped contribute to the Democratic-Republican victory in the 1800 elections."

The government is certainly entitled to protect the security of the nation, i.e., the people/public. The restrictions on speech critical of the government were seen by many, and rightly so, as an infringement on the freedoms of speech and the press as guaranteed in the first amendment.

 

[zoobyshoe]

So those articles don't appear to me to have anything relevant to say about this case.

Because you've forgotten the point I was making when I brought them up.

I don't think you understand what it means for a communication to be "classified". You can call a federal employee from your home phone. The conversation won't be classified, even if you are reporting a possible terrorist attack in planning. You're implying that all government communications of all types are classified and that just isn't so.

No, I am not implying all government communications are classified. I'm saying the situation might exist where a federal employee calls a county employee with classified information. Like when? Like after 911 or after San Bernadino, to name two I can think of. The vulnerability would be in the less secure phone.

No you aren't. The key part you added was that it would be a unsecure, "off the shelf" phone. It is just plain absurd to think that soldiers would be carrying classified information on personal smartphones in combat, as a matter of policy. Do you really think the DOD is that stupid?

You're just making my point for me: the Military wants soldiers to have secure phones. The fictional insecure phone scenario demonstrates why. It's not a description of how it is, it's a description of what the military doesn't want.

Huh? You're suggesting the FBI is against secure government communications? If the first part of the line of reasoning just went too far, that is just pure nonsense, zooby. You're allowing your imagination to get away from you here.

Afraid not. I'm not responsible for any strawmen your imagination accidentally concocts. Read carefully. Remember that thread about the origins of life where you mistook the article as saying the opposite of what it was actually saying?

The government is obviously concerned about the security of its phones. The old articles show the government actively exploring all makes. All phone makers, including Apple, want a piece of that pie. As big a piece as they can get.

 

[mheslep]

https://en.wikipedia.org/wiki/2015_San_Bernardino_attack

I don't know their exact criteria for determining there were no outside links, but they came to this conclusion fairly soon after the attack, so I think all major indicators of a linked group must have been absent. Farook and wife were as impossible to predict as all non-Muslin rampage killers.

Yes, the couple were homegrown per Comey. But, per testimony Dec 9th:

" JAMES COMEY: We're working very hard to understand exactly their association and the source of their inspiration. We're also working very hard to understand whether there was anybody else involved with assisting them, with supporting them, with equipping them. And we're working very, very hard to understand did they have other plans, either for that day or earlier?
...

LINDSEY GRAHAM: Is there any evidence that this marriage was arranged by a terrorist organization or terrorist operative, or was it just a meeting on the Internet?

COMEY: I don't know the answer to that yet.

GRAHAM: Do you agree with me that if it was arranged by a terrorist operative of organized, that is a game changer?

COMEY: It would be a very, very important thing to know."

http://www.npr.org/2015/12/09/459099429/fbi-director-provides-new-details-on-san-bernardino-shooters

Based on the FBI director's statements, the government has good reason to inspect the information on that phone.

 

[zoobyshoe]

Yes, the couple were homegrown per Comey. But, per testimony Dec 9th:

" JAMES COMEY: We're working very hard to understand exactly their association and the source of their inspiration. We're also working very hard to understand whether there was anybody else involved with assisting them, with supporting them, with equipping them. And we're working very, very hard to understand did they have other plans, either for that day or earlier?
...

LINDSEY GRAHAM: Is there any evidence that this marriage was arranged by a terrorist organization or terrorist operative, or was it just a meeting on the Internet?

COMEY: I don't know the answer to that yet.

GRAHAM: Do you agree with me that if it was arranged by a terrorist operative of organized, that is a game changer?

COMEY: It would be a very, very important thing to know."

http://www.npr.org/2015/12/09/459099429/fbi-director-provides-new-details-on-san-bernardino-shooters

Based on the FBI director's statements, the government has good reason to inspect the information on that phone.

I think the FBI has sufficient reason to inspect the information on the phone just based on whose phone it was. That's a different thing than saying they think there's a good chance there'll be something important on it.
This "arranged marriage" thing is news to me, and would be of importance. I don't get the impression the FBI, or anyone, thinks there is anything about that on the phone, though, and it turns out they already have access to emails or PMs the couple exchanged during the time they were talking online before they were married:

“We can see from our investigation that in late 2013, before there is a physical meeting of these two people resulting in their engagement and then journey to the United States, they are communicating online, showing signs in that communication of their joint commitment to jihad and to martyrdom,” Mr. Comey said. “Those communications are direct, private messages."

http://www.nytimes.com/2015/12/17/u...-jihad-in-private-messages-fbi-says.html?_r=0
That "arranged terrorist marriage" story seems to have its origins in the statements of a coworker:

Christian Nwadike, a colleague who worked beside Farook for almost four year, tells CBS News that Farook was different after he returned from Saudi Arabia, where he went on a pilgrimage.
"Do you believe that he was radicalized?" Begnaud asks him.

"Yes, by the wife, I think he married a terrorist," Nwadike says.

"He married a terrorist?"

"Yes, he was set up through that marriage," Nwadike tells CBS News.

http://www.usatoday.com/story/news/nation/2015/12/04/suspects-family-shocked-killings/76773382/
I assume the FBI went back and interviewed this guy after the NBC story appeared. At any rate, I'm not aware they've changed their assessment of "homegrown."

 

[mheslep]

At any rate, I'm not aware they've changed their assessment of "homegrown."...

Homegrown, i.e. radicalized here, is not in dispute. Outside links, i.e. " their association and the source of their inspiration", are unresolved, per the FBI. The FBI has good reason to not "move on". I would assess them as negligent it they did so without trying to the obtain phone info.

 

[zoobyshoe]

I would assess them as negligent it they did so without trying to the obtain phone info.

I agree. And they did try. But Apple has put an obstacle in their way. So, my question is how much of their resources do they want to divert into overcoming that obstacle for what seems to be a longshot?
If you, Meshlep, think they should pursue this all the way to the Supreme Court, then I suppose you're willing to go a lot farther after a long shot than I am. Or, it could be, you don't see it as a long shot.

 

[DiracPool]

I don't think the debate here comes down to who owns the phone, the terrorist or the county of San Bernadino, what the FBI's intentions are, or even if it is possible to hack just this one phone or not. It comes down to, as I stated in my posts #184 and #185, do you trust that Apple knows what it is doing and is not just trying to advance their brand image by creating a controversy in the press over customer security? It seems to me the commentors in this thread break up into two camps: 1) those who feel Apple should be forced to comply to hack the phone by the FBI, and 2) those who feel that Apple would do whatever they could help the FBI catch terrorists provided that effort did not put an even greater threat in play. I happen to belong to the latter camp and so does it seem James Woolsey, former CIA director. I'd be very interested to hear the reaction from the "Force Apple to comply with the FBI" camp (you know who you are ) to this recent brief interview with Woosley:

 

[russ_watters]

I don't think the debate here comes down to who owns the phone, the terrorist or the county of San Bernadino, what the FBI's intentions are, or even if it is possible to hack just this one phone or not. It comes down to, as I stated in my posts #184 and #185, do you trust that Apple knows what it is doing and is not just trying to advance their brand image by creating a controversy in the press over customer security?

Well... a lot of people are commenting on the FBI's intentions, so that I think makes it relevant (see your request below!), but I do agree with you that people are placing their trust in Apple in a way that is unwise. As I've said before, Apple isn't required to tell us the truth here. It doesn't have to tell us if money is a motivation. It doesn't matter: winning is winning. But the FBI can only win what it is actually asking for, regardless of what, in the bigger picture, it wants. Yes, it can force Apple to use the tool over and over, but it isn't asking for and therefore can't get:

I'd be very interested to hear the reaction from the "Force Apple to comply with the FBI" camp (you know who you are ) to this recent brief interview with Woosley:

Right here! [raises hand]
Here's what he said:

What's at issue here is that the FBI wants Apple to design its operating system in such a way as to make it possible for the FBI to get into cell phones by itself. It doesn't want to have to go to Apple and ask...

I think he's just plain wrong. I think he's bought a line being fed to him by Apple and "media" activists. How can the FBI possibly achieve that with this case if it isn't asking for that?

He continues:

Apple had a back door in its most recent operating system that Apple wanted to close...and the FBI doesn't want it to close the back door.

That part is correct, but I called it a back "hatch" because this particular entrance is one only Apple can easily use.

 

[russ_watters]

Apple is apparently now challenging other requests and today won one in New York:

A federal magistrate-judge in New York City has ruled that the U.S. government can't force Apple to hack an iPhone to investigate a drug dealer.
It's a win for Apple, which is being pressured by federal law enforcement agents to help it break into iPhones in at least 13 instances across the country. Apple says doing the federal government's bidding would undermine the security features in hundreds of millions of iPhones around the world.

So far, the Department of Justice is relying on the All Writs Act, passed in 1789, which gives judges broad discretion in carrying out the law.

http://money.cnn.com/2016/02/29/technology/judge-apple-feds/index.html

Related (linked through):

The Justice Department, in a court filing late Monday, accused Apple of suddenly changing its legal position on cooperating with federal law enforcement after years of complying with court orders based on a broad 1789 law.

http://www.cnn.com/2016/02/23/politics/apple-justice-department/index.html?iid=EL

It would appear Apple is going for broke, reversing years worth of compliance/cooperation in these fights -- and eight other active cases nationwide.

 

[Astronuc]

New York judge rules in favor of Apple in earlier locked iPhone case
https://finance.yahoo.com/news/new-...n-earlier-locked-iphone-case--001258264.html#

While Apple (AAPL) and the FBI have been busy battling over a dead terrorist's passcode-locked iPhone in a case in California, a federal judge in New York on Monday ruled for Apple in a similar case over a locked iPhone belonging to an admitted drug dealer.

In a 50-page ruling rejecting almost everything federal prosecutors had argued, Judge James Orenstein ruled that Apple could not be compelled to help get information off a locked iPhone used by methamphetamine dealer Jun Feng under the 1789 All Writs Act, the same law at issue in the California terrorism case.

Orenstein acknowledged that the debate over encryption and the needs of law enforcement required balancing competing interests. But Congress, not the courts, should make that decision, he said.

All Writs Act was part of the Judiciary Act of 1789
http://www.smithsonianmag.com/smart-news/what-all-writs-act-1789-has-do-iphone-180958188/?no-ist
https://memory.loc.gov/cgi-bin/ampage?collId=llsl&fileName=001/llsl001.db&recNum=196

 

[russ_watters]

No, I am not implying all government communications are classified. I'm saying the situation might exist where a federal employee calls a county employee with classified information. Like when? Like after 911 or after San Bernadino, to name two I can think of. The vulnerability would be in the less secure phone.

That wouldn't be classified either. What you are describing just isn't how such things work. Heck, I don't think state governments even have comparable classification systems and even if they did, they wouldn't necessarily be linked with the federal system.

You're just making my point for me: the Military wants soldiers to have secure phones. The fictional insecure phone scenario demonstrates why. It's not a description of how it is, it's a description of what the military doesn't want.

The fictional insecure phone scenario is false/nonsense. It doesn't prove anything because it is total fiction having no relationship with any current or future real situation. Soldiers would not be carrying personal phones in battle, much less sending/receiving operational communications on them.

Afraid not. I'm not responsible for any strawmen your imagination accidentally concocts. Read carefully.

In post 202 you said (and I quoted there in what you responded to):

the FBI hasn't made that distinction and has a standing opposition to "going dark."

That sounds pretty clear to me that you are saying the FBI is against secure government communications ("going dark"). If not, please don't just say I'm reading it wrong, but clarify it.

Remember that thread about the origins of life where you mistook the article as saying the opposite of what it was actually saying?

No, I haven't the slightest clue what you are referring to. I can't remember the last time I posted in such a thread. Are you saying I sometimes misread things? News flash, I'm human! I make mistakes! Are you holding some sort of grudge over a mistake I made a long time ago?

 

[russ_watters]

Apple engineers are now in a race against time to see if they can design an unbreakable iPhone in the next few months. They hope the added security can appear in the next iteration of Apple's operating system and its next iPhone model, according to several security researchers in direct contact with Apple employees...

In essence, the FBI http://money.cnn.com/2016/02/19/technology/apple-extension-unlock-iphone/index.html?iid=EL, showing that it was open to attack -- from its maker.

That's why engineers are now seeking to increase the security of Apple's flagship product. As it currently stands, Apple can't abide by its previous promise to customers: that its devices are impenetrable for the sake of security and privacy.

http://money.cnn.com/2016/02/25/technology/apple-unbreakable-phone/index.html?iid=ob_homepage_tech_pool&iid=obnetwork

Moving forward, this would make the current court cases moot, but the results will still apply to older phones or those running older software...

...unless Apple wins, then it can retain the ability to hack its own phones without fear of having to use that ability to help law enforcement (they could just use it for their own purposes). That would make the case interesting -- would Apple still make an uncrackable iPhone if it didn't need to to defeat law enforcement assistance orders?

On a nuts and bolts level, anyway, I wouldn't expect it to be difficult for Apple to make minor modifications to make the phones uncrackable. They just need a pop-up that requires a user to hit "ok" before a software/firmware update is installed. Shouldn't be a difficult "race" to win, they just have to make the decision to give up the power.

 

[Drakkith]

Soldiers would not be carrying personal phones in battle, much less sending/receiving operational communications on them.

I'm sorry, as I haven't read much in this thread already, but I wanted to make it clear that what you've said here is correct. Operations security (OPSEC) is taken very seriously in my personal experience in the military. The rules and regulations regarding it are, generally, very clear. Communications security (COMSEC) is probably taken even more seriously. Communications equipment used to transmit sensitive and classified information is specially designed and monitored, and those who violate the regulations are subject to extremely serious consequences. In addition, the average military member, regardless of branch, has zero access to this equipment or to sensitive/classified information.

Heck, I don't think state governments even have comparable classification systems and even if they did, they wouldn't necessarily be linked with the federal system.

I can honestly say I've never heard of such a thing. The federal regulations even apply to the national guard of each state. (I can provide references if need be)
I'd be extremely surprised to hear of classified information being passed from a federal to a state employee at all, let alone by phone.

You're just making my point for me: the Military wants soldiers to have secure phones.

I'm going to have to disagree with you here, zooby. I've personally worked with COMSEC equipment. It would be a godawful nightmare to have a few tens of thousands or hundreds of thousands of secure cell phones roaming around. I believe it would be extremely easy for a foreign power to acquire plenty of these phones and I'd expect someone to break their security essentially overnight.

 

[zoobyshoe]

I'm going to have to disagree with you here, zooby. I've personally worked with COMSEC equipment. It would be a godawful nightmare to have a few tens of thousands or hundreds of thousands of secure cell phones roaming around. I believe it would be extremely easy for a foreign power to acquire plenty of these phones and I'd expect someone to break their security essentially overnight.

I've heard stories that make it easy to believe foreign powers could acquire them, but I don't see how they could hack them. Could they hack the iPhone in question essentially overnight? If so, why can't the FBI?

 

[Drakkith]

I've heard stories that make it easy to believe foreign powers could acquire them, but I don't see how they could hack them. Could they hack the iPhone in question essentially overnight? If so, why can't the FBI?

I'd guess it's a matter of cost vs benefit. Hacking the i-phone gives you access to the phone, but only for a short amount of time (assuming the vulnerability is caught and corrected in a short amount of time). You might get some personal information that you can use, but on a national scale personal information is generally worth very little. Hacking a government-issue, secure cell phone gives you a good chance of having access to information that does matter at the national level. So in terms of cost vs benefit, hacking the i-phone would probably not be worth it considering how easy it is to fix leaks. But hacking a government's secure cell phone, and continuing to expend the resources to hack it again and again as vulnerabilities are fixed, is almost certainly worth it.

The FBI is much more limited in what it can and can't do, and the resources it has access to, than a foreign government, so I wouldn't expect it to be able to hack the phone and then keep hacking it as Apple makes updates and fixes vulnerabilities.

But that's all from a guy who knows essentially nothing about how the software and hardware of a modern cell phone works, so take it with a grain of salt if you must.

 

[russ_watters]

I've heard stories that make it easy to believe foreign powers could acquire them, but I don't see how they could hack them.

You don't need to hack the phone, you just capture the soldier carrying the phone and torture him into giving up the password!

 

[zoobyshoe]

I'd guess it's a matter of cost vs benefit. Hacking the i-phone gives you access to the phone, but only for a short amount of time (assuming the vulnerability is caught and corrected in a short amount of time). You might get some personal information that you can use, but on a national scale personal information is generally worth very little. Hacking a government-issue, secure cell phone gives you a good chance of having access to information that does matter at the national level. So in terms of cost vs benefit, hacking the i-phone would probably not be worth it considering how easy it is to fix leaks. But hacking a government's secure cell phone, and continuing to expend the resources to hack it again and again as vulnerabilities are fixed, is almost certainly worth it. The FBI is much more limited in what it can and can't do, and the resources it has access to, than a foreign government, so I wouldn't expect it to be able to hack the phone and then keep hacking it as Apple makes updates and fixes vulnerabilities. But that's all from a guy who knows essentially nothing about how the software and hardware of a modern cell phone works, so take it with a grain of salt if you must.

About when was that COMSEC gathering? You've been at PF for quite a while, and I'm thinking you wouldn't have time for that if you were still active military, so it might have been a while ago. The two articles I posted about the government/military interest in secure phones are about 5 years old. So, I'm thinking, even if, when you attended COMSEC, the military considered the then best in "government-issue, secure cell phone(s)" to be a joke (hackable overnight), it wouldn't mean they thought that a permanently insurmountable problem. The articles show they were doing all kinds of experimentation and exploration.

If you take my statement, "The government wants secure phones," to mean they want more of the joke secure phones (hackable overnight), then, of course, you'd have to disagree with the statement. However, what I meant by it was that they want authentically secure phones. Apple is on the verge of phones that they, themselves, can't hack, much less the FBI. My thinking is that this current resistance to the FBI demands may be a show for potential customers like the military, which wants authentically secure phones that foreign powers couldn't hack, regardless of their resources.

 

[mheslep]

the Military wants soldiers to have secure phones.

I'm going to have to disagree with you here, zooby. I've personally worked with COMSEC equipment. It would be a godawful nightmare to have a few tens of thousands or hundreds of thousands of secure cell phones roaming around.

Drakkith - Your comment was unfortunately the standard for years as used by the old school security folks in the DoD which failed to recognize the harm caused by a lack of pushing relevant information such as photos to a squad about to kick a door down. But the dam finally broke. Smart phones with appropriate levels of security have started to roll out to troops. These phones also don't have withstand ridiculous mil-standards that required equipment to, for instance, survive after hours in several feet of water when a replacement is available for a few hundred dollars, as opposed to some full-mil gear costing many thousands of dollars with weight in lbs instead of ounces, and thus impossible to ever become widely deployed.

 

[russ_watters]

Drakkith - Your comment was unfortunately the standard for years as used by the old school security folks in the DoD which failed to recognize the harm caused by a lack of pushing relevant information such as photos to a squad about to kick a door down. But the dam finally broke. Smart phones with appropriate levels of security have started to roll out to troops.

Google finds this:

http://gizmodo.com/inside-the-militarys-secretive-smartphone-program-1603143142

I'll be able to comment later.

 

[256bits]

That should be the https://en.wikipedia.org/wiki/Nett_Warrior,

In July 2013, the Army installed the https://www.physicsforums.com/wiki/Samsung_Galaxy_Note_II into Nett Warrior as the system's end user device. Each Galaxy is bought at the commercial price of $700 per phone, substantially lower than if the Army had to procure devices from contractors who would develop their own original devices. Once acquired, the phones have their commercial features including cellular antennas, https://www.physicsforums.com/wiki/Wi-Fi , and https://www.physicsforums.com/wiki/Bluetooth wiped out by Army engineers, and the Nett Warrior software is installed on the https://www.physicsforums.com/wiki/National_Security_Agency -approved Android operating system. The smartphones communicate through a https://www.physicsforums.com/wiki/USB connection with the hip-mounted, data-capable Rifleman radio for network connectivity. Because commercial products are being bought, a new smartphone will need to be acquired once the Note II production stops. Nett Warrior is currently fielded by the https://www.physicsforums.com/wiki/U.S._Army_Rangers and members of the https://www.physicsforums.com/wiki/10th_Mountain_Division .[5][6]

( Bold is mine )
Not exactly a smart cell phone anymore, but a graphical tool. Random signals dissallowed.

It is employed by direct connection to the battlefield radio for secure communication to the battlefield network. ( Rifleman is not this radio system. )
http://rf.harris.com/capabilities/tactical-radios-networking/an-prc-152a.asp
and at the present time not every soldier would have that piece of equipment.

Drakith IMHO is probably correct regarding COMSEC communication being a logistical nightmare if every soldier had in "in" to field support.

 

[russ_watters]

Drakith IMHO is probably correct regarding COMSEC communication being a logistical nightmare if every soldier had in "in" to field support.

Especially since most of the soldiers themselves are not cleared for such communications.

 

[Drakkith]

About when was that COMSEC gathering? You've been at PF for quite a while, and I'm thinking you wouldn't have time for that if you were still active military, so it might have been a while ago.

No, I had plenty of time while active duty. I was maintenance and worked an 8-9 hour day, 5 days a week for the most part. I've received COMSEC training within the last few years, but that training is at the unit level. It's very specific and wouldn't have included secure cell phones since we didn't have any. Don't get me wrong, I'm by no means an expert on the subject here. I could very well be incorrect.

If you take my statement, "The government wants secure phones," to mean they want more of the joke secure phones (hackable overnight), then, of course, you'd have to disagree with the statement. However, what I meant by it was that they want authentically secure phones. Apple is on the verge of phones that they, themselves, can't hack, much less the FBI. My thinking is that this current resistance to the FBI demands may be a show for potential customers like the military, which wants authentically secure phones that foreign powers couldn't hack, regardless of their resources.

I'm going to disagree with you again here. Given enough incentive and resources, I don't think a foreign power would have trouble hacking the phone. Note that I'm using hacking in a broad sense here. When I say hacking I mean that they could exploit flaws in the software/hardware, develop malware for the device, gain access to and procedures for using the phone along with the necessary codes or documents to allow them to exploit the system without having to hack the phone, along with any number of other things. Now, some of that may be a bit off topic, and if so, then I apologize.

But the dam finally broke. Smart phones with appropriate levels of security have started to roll out to troops.

Do you have a reference for this? I'd like to see the details. Phones like the ones used for the Nett Warrior are entirely different beasts from what I envisioned by "secure cell phones".

 

[zoobyshoe]

I'm going to disagree with you again here. Given enough incentive and resources, I don't think a foreign power would have trouble hacking the phone. Note that I'm using hacking in a broad sense here. When I say hacking I mean that they could exploit flaws in the software/hardware, develop malware for the device, gain access to and procedures for using the phone along with the necessary codes or documents to allow them to exploit the system without having to hack the phone, along with any number of other things. Now, some of that may be a bit off topic, and if so, then I apologize.

No, that doesn't strike me as off-topic. It's not the kind of hacking the FBI wants to do, but it absolutely pertains to the security of any military phone.

 

[DiracPool]

No, that doesn't strike me as off-topic. It's not the kind of hacking the FBI wants to do, but it absolutely pertains to the security of any military phone.

Why is half this thread about military phones/communications? The issue here is about civilian communications. The military executes a different standard that doesn't directly apply to the San Bernadino case that the OP (Greg) posted.

 

[zoobyshoe]

Why is half this thread about military phones/communications? The issue here is about civilian communications. The military executes a different standard that doesn't directly apply to the San Bernadino case that the OP (Greg) posted.

I started it:
https://www.physicsforums.com/threads/apple-vs-fbi.858107/page-9#post-5392716

 

[mheslep]

Google finds this:

http://gizmodo.com/inside-the-militarys-secretive-smartphone-program-1603143142

I'll be able to comment later.

Yep. I worked on several of the concepts. The impediments from the entrenched DoD internal and external contractor establishment were immense, and held back deployment for far too long. Repeated, unassailable evidenced argument about how deployment of cheap smartphones would stop casualties, have stopped casualties in experiments, would receive only more robotic, acronym laced, wrapped in the flag response about the rules of security, and ten year development cycles of custom gear. I've been in rooms where things began to change via just-back-from deployment officers who had enough, and launched into *loud* Colonel Jessup-in-the-courtroom objections to the standard contractor or government program manager line. US Commanders in the field have always been responsible for determining what was red/black in a war zone, i.e. classified/not, and they started asserting themselves.

Unfortunately none of this smart phone innovation gets deployed via main stream DoD programs, or at least it didn't when my shop worked on it. It gets out instead via ad-hoc methods, by special program or direct individual unit acquisition.

 

[anorlunda]

Especially since most of the soldiers themselves are not cleared for such communications.

Source

 

[russ_watters]

Source

Experience -- navy though. All officers have secret clearance at least, enlisted depended on the needs of the job, with most having nothing.

For the army though, there is clearly a conflict between operational security and information/modernization that is worse than on a ship (if you get separated from your ship, a map won't help you get back to it...).

 

[nsaspook]

Even if you have the required clearance and secure device there is also the 'need to know' the information with the vast majority of members having no need to know anything beyond what's needed to complete the immediate job at hand..(take weapon A and fire at target on hill B) I would think that these devices would increase the user knowledge of the sensitive but not classified immediate situation but actually decrease the requirements to give low-level personal operational information in advance if it's easy to send updates as they 'need to know' the next step in some plan. A micro-managers dream.

 

[zoobyshoe]

Yep. I worked on several of the concepts. The impediments from the entrenched DoD internal and external contractor establishment were immense, and held back deployment for far too long. Repeated, unassailable evidenced argument about how deployment of cheap smartphones would stop casualties, have stopped casualties in experiments, would receive only more robotic, acronym laced, wrapped in the flag response about the rules of security, and ten year development cycles of custom gear. I've been in rooms where things began to change via just-back-from deployment officers who had enough, and launched into *loud* Colonel Jessup-in-the-courtroom objections to the standard contractor or government program manager line. US Commanders in the field have always been responsible for determining what was red/black in a war zone, i.e. classified/not, and they started asserting themselves. Unfortunately none of this smart phone innovation gets deployed via main stream DoD programs, or at least it didn't when my shop worked on it. It gets out instead via ad-hoc methods, by special program or direct individual unit acquisition.

This is a very interesting post. However, I'm snagged on the concept of an "internal" contractor. What is that? My sense of the word "contractor" is such that contractors would always be essentially external entities.

 

[mheslep]

Source

Also, the scale of the matter shows clearing every soldier, marine is not plausible. On the order of a million members of the miltary, some with criminal records. The process requires a detailed background check, interviews of friends, neighbors.

 

[mheslep]

This is a very interesting post. However, I'm snagged on the concept of an "internal" contractor. What is that? My sense of the word "contractor" is such that contractors would always be essentially external entities.

Non governmental, external, contractors, and a large governmental, or internal, body of DoD civilian staff.

I worked for a time in a no-man's land of sorts: a small number of private but non-profit think tanks that consult to the government on technical issues but can't sell the govt any widgets (like military smart phones).

 

[russ_watters]

Even if you have the required clearance and secure device there is also the 'need to know' the information with the vast majority of members having no need to know anything beyond what's needed to compete the immediate job at hand.

Yes, I don't think most people realize that a "Top Secret" clearance isn't a license to view all "Top Secret" information: the information is pretty much always compartmentalized on a need to know basis.

The navigator of a ship wouldn't necessarily know how many of what type of missile are onboard and the weapons officer wouldn't necessarily know where the ship is going.

About the only people who have a "need to know" everything are the highest level commanders and the people receiving and distributing the message traffic.

The impediments from the entrenched DoD internal and external contractor establishment were immense, and held back deployment for far too long. Repeated, unassailable evidenced argument about how deployment of cheap smartphones would stop casualties, have stopped casualties in experiments, would receive only more robotic, acronym laced, wrapped in the flag response about the rules of security, and ten year development cycles of custom gear. I've been in rooms where things began to change via just-back-from deployment officers who had enough, and launched into *loud* Colonel Jessup-in-the-courtroom objections to the standard contractor or government program manager line. US Commanders in the field have always been responsible for determining what was red/black in a war zone, i.e. classified/not, and they started asserting themselves.

You certainly would know the details of that particular argument better than me, so maybe this is food for thought for others, but I wouldn't necessarily be so quick to judge the generals as being entrenched dinosaurs. This issue of operational security and compartmentalization of information predates this technology as does the push-pull between the grunts and the generals.

An easy example that applies both with digital and paper is maps. Most soldiers don't have maps and yes that can get a soldier killed if he gets separated from his unit and can't get back or get to an extraction point. But if he has a map with an X on the base or extraction point and is captured, that map can get everyone else in his unit killed and make the mission fail. Military units are strictly utilitarian in that way and I don't see the availability of technology as changing that. It is a difficult balance, but I would tend to think the mission risk is higher with too much distribution of information of that type than not enough.

Also, the scale of the matter shows clearing every soldier, marine is not plausible. On the order of a million members of the military, some with criminal records.

And, potentially, conscripts or "stop loss" or other disgruntled members. Such people can be substantial security risks.

 

[russ_watters]

This is a very interesting post. However, I'm snagged on the concept of an "internal" contractor. What is that? My sense of the word "contractor" is such that contractors would always be essentially external entities.

That's a mess even in the civilian world. A woman who worked in my consulting engineering firm got embedded with a client as a project manager. Then they hired her as a direct employee. Then they outsourced her job to a larger facilities services firm (who immediately hired her to do the job). All the while, her job title/description/office/email address/business card/direct boss didn't change, just the company name on her paychecks did. The distinction between "internal" and "external" or "contractor" and "employee" can dissolve.

 

[zoobyshoe]

Non governmental, external, contractors, and a large governmental, or internal, body of DoD civilian staff. I worked for a time in a no-man's land of sorts: a small number of private but non-profit think tanks that consult to the government on technical issues but can't sell the govt any widgets (like military smart phones).

That's interesting enough for me. I'll read your book if you write it.

 

[mheslep]

Yes, I don't think most people realize that a "Top Secret" clearance isn't a license to view all "Top Secret" information: the information is pretty much always compartmentalized on a need to know basis.

The navigator of a ship wouldn't necessarily know how many of what type of missile are onboard and the weapons officer wouldn't necessarily know where the ship is going.

About the only people who have a "need to know" everything are the highest level commanders and the people receiving and distributing the message traffic.

You certainly would know the details of that particular argument better than me, so maybe this is food for thought for others, but I wouldn't necessarily be so quick to judge the generals as being entrenched dinosaurs. This issue of operational security and compartmentalization of information predates this technology as does the push-pull between the grunts and the generals.

An easy example that applies both with digital and paper is maps. Most soldiers don't have maps and yes that can get a soldier killed if he gets separated from his unit and can't get back or get to an extraction point. But if he has a map with an X on the base or extraction point and is captured, that map can get everyone else in his unit killed and make the mission fail. Military units are strictly utilitarian in that way and I don't see the availability of technology as changing that. It is a difficult balance, but I would tend to think the mission risk is higher with too much distribution of information of that type than not enough.

And, potentially, conscripts or "stop loss" or other disgruntled members. Such people can be substantial security risks.

Problem has not been with the generals per se. That new smart (non) phone BTW got a push from the vice chief of staff of the army. It's more the acquisition rules pushed by Congress which is in part motivated in part getting money spent by contractors in districts. A ruggedized commercial mobile like this short circuits the main DoD appropriations process. It cuts our big DoD contractors and their civilian counterparts in the DoD. The DoD has spent billions on custom radio and computer programs for years.

Agree with you on no silver bullet technology. Hundreds of things have been tried to get more info to troops and most of it is scrapped, just like in the commercial world, as it must be.

 

[Borg]

That's a mess even in the civilian world. A woman who worked in my consulting engineering firm got embedded with a client as a project manager. Then they hired her as a direct employee. Then they outsourced her job to a larger facilities services firm (who immediately hired her to do the job). All the while, her job title/description/office/email address/business card/direct boss didn't change, just the company name on her paychecks did. The distinction between "internal" and "external" or "contractor" and "employee" can dissolve.

I've seen that more times than I can count. I know people who have 'retired' from government positions on Friday and returned to the same desk on Monday as a contractor - gue$$ why.

 

[Astronuc]

DOJ Lays Out Its Legal Case For Why Apple Should Help Crack An iPhone
http://www.npr.org/sections/thetwo-...ase-for-why-apple-should-help-crack-an-iphone

• Apple's response to the Justice Department's motion and the earlier court order is due by Feb. 26;

• U.S. attorneys' response will be due by March 10;

• Apple's reply brief will be due by March 15;

• A hearing has been scheduled at 4 p.m. ET on March 22 in federal court in Riverside, Calif.

http://www.reuters.com/article/us-apple-encryption-doj-idUSKCN0VS2FT

Hearing scheduled in Apple encryption case for March 22: U.S. Justice Dept
http://www.reuters.com/article/us-apple-encryption-hearing-idUSKCN0VS2J0

SAN MATEO, Calif. — The ID passcode to the iPhone the FBI wants Apple to hack for information about one of the San Bernardino, Calif., terrorists was changed less than a day after the government gained possession of it, Apple executives said in a phone briefing with reporters Friday afternoon.

Had the passcode not been changed, Apple said, a backup of the information the government is seeking could have been viewed. It is unclear who changed the Apple ID passcode while it was in the government’s possession, the executive said.

http://www.usatoday.com/story/tech/...scode-changed-government-possession/80632962/
I'm wondering - if someone changed the passcode - doesn't that person know the passcode? I think perhaps they are referring to the iTunes password and not passcode to the phone.

In a somewhat related case that bolsters Apple's defense, a federal magistrate ruled that the DOJ cannot compel Apple to unlock an iPhone in a criminal case.

Apple Wins Ruling in New York iPhone Hacking Order
http://www.nytimes.com/2016/03/01/technology/apple-wins-ruling-in-new-york-iphone-hacking-order.html

A federal magistrate judge on Monday denied the United States government’s request that Apple extract data from an iPhone in a drug case in New York, giving the company’s pro-privacy stance a boost as it battles law enforcement officials over opening up the device in other cases.

I think everyone agrees that law-abiding citizens have a right to privacy, and in particular from unwarranted government intrusion. However, there must be a balance with protecting the general welfare and providing for common defense. There is a reason that the government must secure a warrant to obtain reasonable 'search and seizure'.

I heard a statement yesterday that the DOJ is suing Apple, but other than going to court and filing a motion mentioned above, I've not seen any news article about a lawsuit.

 

[russ_watters]

I think everyone agrees that law-abiding citizens have a right to privacy, and in particular from unwarranted government intrusion.

The way it is being presented in this case and in tech media, I disagree.

 

[zoobyshoe]

I'm wondering - if someone changed the passcode - doesn't that person know the passcode?

Good point, which makes the problem more confusing to me. What I understand is: The FBI asked the County to reset "the password" so they could get into the phone. The County did that, but this action caused the phone not to back up it's current contents onto the cloud. You mention the iTunes password. Is the iTunes password the one that gets you access to the cloud on this phone? They got access to the cloud, but the last automatic backup to the cloud was a month and a half before the incident. The act of resetting the phone caused the un-backed up info to be lost.

You must be right that it wasn't the phone's 'primary' password they reset, because if they had, why couldn't they just open it? It must have been some different password that gets you into the cloud backup of the phone but not into the phone. It seems.

I read elsewhere that they allowed the phone battery to completely discharge after taking possession of it, and this was blamed for them having lost the info on the phone. That is: letting the battery discharge causes the cache of info that would be backed up onto the cloud to automatically clear. Just sayin' that's one version I read. I don't know this phone.

 

[Astronuc]

The way it is being presented in this case and in tech media, I disagree.

How so? The user/owner of the iPhone in question (in NY City) was involved in a crime (drug case). In the San Bernadino case, the user (owner is the County) was allegedly involved in a multiple homicide, but is now deceased. In either case, the users of the iPhones were certainly not law-abiding.

 

[Astronuc]

Is the iTunes password the one that gets you access to the cloud on this phone?

Yes. I use a passcode on my phone to unlock it. If I download an app, I have to use an iTunes account, which uses an id and password. I suspect that is the password that was changed, not the passcode on the phone.

Incidentally, I have a iPhone and Mac (work), and some notes from my iPhone ended up on my Mac (by synching) although I did not initiate the synching. Those are personal notes that I would not put on my work computer, but I have no idea how those notes got on my work computer other than somehow the software did an automatic synch somehow. Folks might keep that in mind when using an iPhone in the vicinity of foreign Macs.

 

[russ_watters]

How so? The user/owner of the iPhone in question (in NY City) was involved in a crime (drug case). In the San Bernadino case, the user (owner is the County) was allegedly involved in a multiple homicide, but is now deceased. In either case, the users of the iPhones were certainly not law-abiding.

The phone doesn't know who is law abiding and who isn't and given that a search warrant is not a conviction (presumption of innocence, even with suspicion of guilt, and not everyone suspected of a crime is convicted), law abiding citizens are served search warrants on a regular basis. Moreover, not everyone served with a search warrant is even suspected of a crime -- all that is needed is that they might hold evidence of the crime.

Law abiding citizens shouldn't be any more entitled to evade search warrants than lawbreakers.

And in the New York case, the police might not even have to wait for the case to go to the USSC: if they know who's phone it is, suspect or not, they could probably just throw the person in jail until they provide the passcode:

A material witness (in American law) is a person with information alleged to be material concerning a criminal proceeding. The authority to detain material witnesses dates to the First Judiciary Act of 1789.

https://en.wikipedia.org/wiki/Material_witness

I wonder how that would go over with the extremely pro privacy crowd?

[edit]
Perhaps not. A quick google:

Brits can—and have—been jailed for refusing to surrender their passwords to authorities. In 2014, a computer science student was jailed for six months after refusing a court order to surrender his password “on the grounds of national security."...

In the United States, however, there are certain protections in place. U.S. courts have ruled that a password and encryption key are classed as “knowledge”—and that the Fifth Amendment’s safeguards against forced incriminating testimony means there are constitutional protections against being forced to surrender them.

http://kernelmag.dailydot.com/issue-sections/features-issue-sections/11071/police-force-password-cellphone/#sthash.TSZgXGqM.dpuf

The 5th Amendment is an odd duck though: you can only use it if you are guilty, but if you aren't guilty and use it how would they know? Well, for one, it wouldn't apply to material witnesses.

 

[vela]

Yes. I use a passcode on my phone to unlock it. If I download an app, I have to use an iTunes account, which uses an id and password. I suspect that is the password that was changed, not the passcode on the phone.

The phone can be configured to back up to an iCloud account. It's the password to that account that the FBI told the county to change.

Incidentally, I have a iPhone and Mac (work), and some notes from my iPhone ended up on my Mac (by synching) although I did not initiate the synching. Those are personal notes that I would not put on my work computer, but I have no idea how those notes got on my work computer other than somehow the software did an automatic synch somehow. Folks might keep that in mind when using an iPhone in the vicinity of foreign Macs.

Are you talking about the Notes application? If so, are you logged into your iCloud account on the Mac? The way notes work with iCloud is similar to the relationship between e-mail and IMAP. The notes are stored on a server, and the phone and Mac essentially act as front ends to access the server. There's no flaky sync process that happens like in the past.