back to article Latest in Apple v FBI public squabble over iPhone crack demand

In the latest salvo in a very public war, Apple's CEO and the FBI's director have published letters arguing their cases over gaining access to a locked iPhone. In Apple's corner, Tim Cook sent an all-staff email Monday morning in which he argued that the case represents a "precedent that threatens everyone's civil liberties …

  1. allthecoolshortnamesweretaken

    This is shaping up to be bigger than the Super Bowl. (And far, far more important too.)

    1. MrDamage

      Bigger than the superbowl

      But no matter which side has the "wardrobe malfunction", there isn't enough brain bleach in the world to supply everyone who is watching.

    2. tom dial Silver badge

      Almost anything is more important than the Super Bowl.

  2. chris 17 Silver badge
    Big Brother

    The more detail that emerges, it becomes clear the FBI are using this as a test case and leverage for forcing manufacturers to do their bidding in future cases & gain public support for less device encryption.

    I wonder if Apple would have cooperated if the FBI had asked quietly?

    1. Mark 85 Silver badge

      Supposedly, and it's depending on the news sources and who can be trusted, they were working quietly and Apple asked for a court order. For some reason, the FBI when public instead of secret court. Apparently Apple has worked on some 70 phones for the FBI previously.

      Now how much of this real, how much is BS, and how much is theatre, I have no idea.

      1. John H Woods Silver badge

        "Apparently Apple has worked on some 70 phones for the FBI previously. Now how much of this real, how much is BS, and how much is theatre, I have no idea." -- Mark85

        It'll make it harder for you to come to a decision if you don't dig a bit deeper.

        1. TRT Silver badge

          "Apparently Apple has worked on some 70 phones for the FBI previously"

          And no doubt 69 of those were because they set a precedent for an "exceptional" case.

    2. Vimes

      it becomes clear the FBI are using this as a test case

      Not just the FBI either...

      To that point, the New York City police commissioner, William J. Bratton, and the Manhattan district attorney, Cyrus R. Vance Jr., criticized Apple after it refused to comply with the court order and said that they currently possessed 175 iPhones that they could not unlock.

      Charlie Rose recently interviewed Mr. Vance and asked if he would want access to all phones that were part of a criminal proceeding should the government prevail in the San Bernardino case.

      Mr. Vance responded: “Absolutely right.”

      1. Anonymous Coward
        Anonymous Coward

        NYC police wanting access to phones that are "part of a criminal proceeding"

        I wonder how many of those 175 cases are minor crimes like bookmaking or dealing pot?

        This is why the FBI is pressing this case - they felt like they had a winner with this case about terrorism, but they (and every other law enforcement agency in the US) wants to use it for every crime under the sun. Not that it will be limited to only US law enforcement, once Pandora's box is opened it will be essentially impossible for Apple to refuse similar aid to law enforcement in the UK, EU and China among others.

        No doubt they'll charge some people with a crime they know won't hold up in court, just to get access to their phone for a fishing expedition or to harass and intimidate someone they don't like (like the ex wife of a cop, or a guy who films a cop doing something illegal) Eventually someone will die due to police misuse of the data they find, so it isn't only a 'good' where people are kept safer from terrorism like the FBI wants to portray.

    3. Robert E A Harvey

      Not so important

      Aye, no matter how we got here, it is now the precident that matters more than this case.

  3. Michael Thibault

    >a thorough and professional investigation under law

    I wonder what the chances of this being resolved are if the following, grosso modo, are possibilities and are acted on: a) the talented and trusted at Apple are 'deputised' and charged with the task of recovering the data; and, b) the FBI issues an undertaking not to demand more of Apple than the data? The former would allow the chain of evidence to remain unbroken, while the latter would allay Apple's concerns about the incidental, but certainly lucrative (to the TLAs), benefits of the reveal.

    The rub: precedent. I'm far more inclined to expect that Apple pulling the sought-for data out of anything will be taken as a precedent and the garotte turned a bit tighter; there's no point in any TLA saying--let alone promising--'now and forever, this far and no further'...

    1. Gordon861

      I thought the FBI had already confirmed that they just wanted the data, the phone could stay with Apple for them to destroy or do whatever they wanted rather than any chance it being reversed engineered to do the same on other phones.

      I wonder how big a fine Apple are willing to accept in order to not open the phone up, a million per week/day until the conform?

      1. Anonymous Coward
        Anonymous Coward

        Corporate fines for contempt of court as pretty small

        From what I could gather in a quick google yesterday (I'm not a lawyer, obviously) there's a Supreme Court case stating that a corporation can be fined a maximum of $100K for contempt of court. Even as a daily fine, I'm sure Apple would consider that a cost of doing business as $36.5 million/yr is chicken feed for them - less than 1/10th of one percent of their yearly profit.

  4. Anonymous Coward
    Anonymous Coward

    It is very easy to extract the data from any locked electronic device. I thought everyone knows this. You dismantle the item, connect probes to the memory chips and sequentially read out the data byte by byte. then you can load the data into a PC and display everything. easy! the data in the memory chips is not encrypted.

    this news item is all about politics, not tech.

    1. ZSn


      Did you pay attention to the technology behind this? There's quite a good article on it on Bruce Schneier's blog. Perhaps you should read that.

      1. Anonymous Coward
        Anonymous Coward

        Re: really?

        Just give it to Abby, she'll crack it in no time at all...

    2. JeffyPoooh

      "... the data in the memory chips is not encrypted."

      That's ---^ where you went wrong.

      I believe it's very likely possible to 'crack' their way past the phone's security, but I don't think it's "very easy".

      My assumption is that it's very unlikely that there's not at least several subtle implementation flaws. History of cryptography indicates that it's almost a general rule.

      1. John H Woods Silver badge

        Re: "... the data in the memory chips is not encrypted."

        "I believe it's very likely possible to 'crack' their way past the phone's security, but I don't think it's "very easy"." -- JeffyPoooh

        This is the key issue: whilst brute forcing the cryptography is probably infeasible (and if it were possible those capable of it would would be very reluctant for that to become known), that does not mean the device itself cannot be hacked open.

        If the phone were suspected of containing the date, time and location of a credible NBC attack, government would have deployed a good deal more effort: even the lack of forensic care during custody is evidence against any such effort having been considered. That leaves us with, at best, the possibility the FBI is trying to do this "on the cheap" without regard for significant ramifications; and at worst that it is a deliberate attempt at setting a precedent.

  5. Lobotoman

    Will it apply to other technology too?

    So, based on the FBI's reasoning, ASSA ABLOY, SentrySafe, etc. might be required to break into every safe or strongbox they manufacturer that might be used by criminals... and at their own cost? Muppets.

    1. MrDamage

      Re: Will it apply to other technology too?

      Who said it would be at their own cost?

      El Reg linked to the court order in previous articles, which clearly states Apple would be reimbursed for their efforts.

      For you to continue with utter bullshit claiming Apple are being forced to do it for free, weakens Apples stance as it shows that even their supporters have no clue.

      Be informed, and be correct. Its the best way to beat the government FUD.

      Icon, because that's exactly what I do when I read yet another git sprouting "facebook facts" as truth.

      1. Anonymous Blowhard

        Re: Will it apply to other technology too?

        "Who said it would be at their own cost?"

        Ah, in that case Apple should give them an FOQ; a simple statement saying that the estimated cost of the modification, including loss of goodwill (a major part of the company's value for a brand like Apple), is five billion dollars.

    2. Voland's right hand Silver badge

      Re: Will it apply to other technology too?

      They are actually. There is a gigantic precedent body on this and it is not in the lock/safe manufacturers favor. All they can do is charge costs.

      1. Ed 11

        Re: Will it apply to other technology too?

        What happens the day that the safe manufactures are able to build a safe which, when locked, not even they are able to get into? Will said safe manufacturer we asked to stop building said safe?

    3. John H Woods Silver badge

      Re: Will it apply to other technology too?

      "So, based on the FBI's reasoning, ASSA ABLOY, SentrySafe, etc. might be required to break into every safe or strongbox they manufacturer that might be used by criminals... and at their own cost? Muppets." -- Lobotoman

      In a small way, it's better than that -- it won't be at their own cost (although it seems unlikely they will be able to charge their reputational damage as cost). But in a bigger way, it's worse: not so much that they might be required to break into their own products but they might be required to create tools to allow others to do so.

      1. Anonymous Coward
        Anonymous Coward

        Re: Will it apply to other technology too?

        It cost Apple more to write Tom Crook's letter than it would do to for them to disable the pin retry counter.

        1. John H Woods Silver badge

          Re: Will it apply to other technology too?

          "It cost Apple more to write Tom Crook's letter than it would do to for them to disable the pin retry counter."

          Depends what you mean by cost: in one sense, it didn't cost Gerald Ratner anything to say that his products were "total crap" -- in another you could easily argue it cost £0.5 billion.

      2. circuitguy

        Re: Will it apply to other technology too?

        this is a form of "discovery" and Apple can recovery cost once it is approved by judge. Historically Courts have ordered individuals to handle over their "keys". In the end, every big name lawyer will side with the FBI because the legal system will grind to a halt if discovery of docs is restrained, because Everyone will store critical data on phones or sets of phones,etc.

  6. trammel

    13th Amendment Issues?

    I wonder at what point does the requirement to disclose information for an investigation, crosses the 13th amendment line and becomes a requirement to perform work, where "neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted" shall exist within the US?

    Supplying known information is one thing, but being required to work to create a version of an OS (key) that lets the government access information, doesn't feel like the same thing.

  7. Stevie Silver badge


    Show me the questions asked in that P.R. poll so I can properly assess the worth of the conclusions P. R. drew.

  8. Deltics

    Precedent is a legally defined process, not just an accident of history

    UK commentators should bear in mind that UK legal system and the US legal systems differ significantly in their treatment of legal precedent.

    In legal terms a "precedent" is not just an easy term for "a previous decision". Unfortunately in the coverage of this talking about how this would "establish" a precedent, this crucial distinction is being criminally overlooked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Precedent is a legally defined process, not just an accident of history

      Perhaps the crucial distinction being literally criminally overlooked? No wait..

    2. nijam

      Re: Precedent is a legally defined process, not just an accident of history

      > In legal terms a "precedent" is not just an easy term for "a previous decision".

      In practice it is... just as in mathematics a theorem can be deduced from axioms, but usually is deduced from earlier theorems because it is easier. Judges in both jurisdictions will take into account laws (as passed by the appropriate government) and case law (reasoning as applied by judges, often from a higher court, in previous cases)

      It doesn't alter the outcome, legally speaking, but it does make future cases easier for judges to assess.

      1. Anonymous Coward
        Anonymous Coward

        Re: Precedent is a legally defined process, not just an accident of history

        If the case goes to the Supreme Court and they reach a majority decision (that detail may be crucial as the Supreme Court looks to be short the 9th member for at least another year) then the decision IS legal precedent which every lower court is required to observe. Unless the opinion is written to specifically apply in just this one case, it will open up the floodgates for thousands of requests.

        All the FBI wants to establish is that they can force Apple to do work for them. The fact that it may be far more difficult to do this on a newer iPhone, and will require tons of resources for them to do to thousands of phones once requests start rolling in from every podunk PD in the country, won't matter once that precedent has been established.

        The FBI wanted Apple to fight it all the way to Supreme Court, so they can get this precedent.

  9. a_yank_lurker Silver badge

    Look up traitor

    When you look traitor now the synonym is Comey.

  10. Ole Juul

    FBI's Comey

    ". . . we have awesome new technology that creates a serious tension between two values we all treasure – privacy and safety," he wrote.

    I take it he thinks that if all privacy is eliminated then we would all be completely safe. Brilliant.

    1. P. Lee Silver badge

      Re: FBI's Comey

      >I take it he thinks that if all privacy is eliminated then we would all be completely safe. Brilliant

      With this information, we'll be able to stop the shooter striking again!

      1. Hey Lobotoman! CALL -151!

        Re: FBI's Comey

        Ummm, isn't the shooter dead already? Or did I miss something.

    2. John H Woods Silver badge

      Re: FBI's Comey

      ". . . we have awesome new technology that creates a serious tension between two values we all treasure – privacy and safety," -- Coney

      I wonder if one of the obstacles to useful debate is the presentation of this as a simple tension between the privacy and safety. My view is that anything that causes the innocent to have less privacy tends to decrease their safety, even if you were to accept (and I don't necessarily agree) that governments to pose no threat to such safety.

  11. Mitoo Bobsworth


    I read that the couple had other mobile phones which they destroyed before their rampage - surely those would have been the most likely to have produced some evidence. Why smash them otherwise?

    Also, if Farook was working in a public service capacity, surely the last thing a covert terrorist (if he & his partner were so) would want would be to raise suspicion or leave a trail by using a work supplied phone. The records suggest he made "sporadic" icloud backups of the iPhone in question.

    Seems to me the Feds are leveraging this tragedy with a rather overbearing focus on the encryption/decryption agenda. That the San Bernardino officials changed the iCloud password at the behest of the FBI only makes me more suspicious.

    1. John H Woods Silver badge

      Re: Overreach

      "I read that the couple had other mobile phones which they destroyed before their rampage - surely those would have been the most likely to have produced some evidence" -- Mitoo Bobsworth

      Perhaps the Farooks forgot that this was a (possibly MDMd) work phone and were careless. And perhaps they just forgot to destroy this phone. And perhaps the iPhone has contact details for the Mr Big behind it all. And perhaps they never called Mr Big so there are no phone records. So perhaps this is necessary for the FBI to get his number ...

      But Mr Big probably reads the news. So he's probably destroyed his burner phone anyway.

  12. Anonymous Coward
    Anonymous Coward

    Let there be one ruler, one king

    Apple need to realise that, big and rich as they are, they're not above the law. Comply with the lawful order of a court within the jurisdiction you do business, or face the consequences. Love to see Tim Cook slapped in jail until he purges his contempt and issues directions for Apple to comply with the order, might teach him a lesson in humility.

    Their mistake was allowing the technique the FBI is using to work in the first place. DFU mode shouldn't allow a new firmware image to be installed without permission from the owner of the device, signified by unlocking it. They need to lick their wounds, and fix that in future iOS versions.

    1. Public Citizen

      Re: Let there be one ruler, one king

      Since a corporation has the same legal standing and subject to the same legal privileges and immunities as an individual under US Law the courts would have the same problem in attempting to jail Cook as they would in attempting to jail a portion of a persons anatomy for some trespass of the law.

      Cook, the Board of Directors of Apple, the stockholders, and etc. can't be put in jail over this matter as they have done nothing that would trigger such an order and any judge that would issue such an order in this case would quickly find the whole weight of the entire US Legal System falling upon their head.

      The most that can be done is to find the ~Corporation~ in Contempt of Court and issue a fine for every day they are In Contempt. The publicity value of such an order would offset any dollar amount that the court could lawfully impose.

      Tim Cook and the BoD of Apple have responsibilities to the stockholders that are clear cut in this case and if they engage in any sort of compliance activity that is not clearly covered by existing law they can find themselves individually and collectively on the receiving end of some very expensive actions brought against them by unhappy stockholders

      1. Anonymous Coward
        Anonymous Coward

        Re: Let there be one ruler, one king

        When talking about the law, it helps if you know (or do some research) how it actually works, rather than how you think it might or should work. Some useful search terms to google are: "corporation contempt of court"

        You'd find that officers of a company can be both fined and imprisoned for their failure (whether willful or not, whether a named party to the court order or not) to ensure an order against their company is complied with.

        In short, you're utterly wrong about everything.

    2. Jess

      Re: and fix that in future iOS versions.

      They need to fix it in an immediate update. Once that is worldwide, they can then produce the firmware for the specific phone, without it being a generic back door.

    3. nijam

      Re: Let there be one ruler, one king

      > Comply with the lawful order of a court within the jurisdiction you do business, or face the consequences.

      The consequence is a legal challenge to the validity of the court order.

      1. John H Woods Silver badge

        Re: Let there be one ruler, one king

        "The consequence is a legal challenge to the validity of the court order." -- nijam

        Exactly: it's extraordinary how many people who use as their main argument some version of "it's the law, stupid" understand (or want to portray) Apple using the appeals process as outright defiance of the court. The court gave them leave to appeal when it made the order; Apple don't agree with the decision, so they are appealing it. There is (as yet) no failure to "comply with a lawful order."

    4. Doctor Syntax Silver badge

      Re: Let there be one ruler, one king

      "Comply with the lawful order of a court within the jurisdiction you do business, or face the consequences."

      Which court? This is only at the magistrates level. It can, and probably will, be appealed right up to the US Supreme court. Only if and when Apple lose at that level do they have to comply or face the consequences.

      1. Danny 14

        Re: Let there be one ruler, one king

        I thought the DoJ filed a motion to compel apple - that would bypass any appeals in US law wouldn't it?

    5. Anonymous Coward
      Anonymous Coward

      The problem with blocking iOS updates in DFU mode

      Is that there is no way to recover from an update that is interrupted in progress, or if Apple provides a borked update that stops phones from properly booting.

      As a compromise DFU mode could authenticate the phone to iTunes. When an unlocked phone is connected to iTunes it would create a public/private key pair, with one half stored on the phone in a location where it can be read in DFU mode and the other in iTunes.

      In order to perform a DFU mode update the phone would be required to authenticate that public/private key pair. If they did this it would still allow end users to recover from a bad flash (if they had access to an iTunes they had connected their unlocked phone to once) but block updates from third parties who didn't have access to an iTunes you'd used previously.

  13. dan1980

    When all the talking stops and all the soap boxes are put away, one fact will still remain: the government is trying to compel individual people* to build them the equivalent of a set of lock-picking tools to break into the device in question.

    We - and the government - can say that they are getting 'Apple' to do this but there is no disembodied entity called 'Apple' that will be writing the lines of codes required - it will be flesh and blood human beings.

    And those humans have their own thoughts and feelings and beliefs and principles and may well feel very strongly about what they are being asked to do.

    Sure, they are employed by Apple so if they want to stay employed, they should perform the tasks assigned to them, but what if they refuse, on principle? I've certainly refused certain 'requests' from bosses in the past when I felt strongly about them. Thankfully I haven't been fired due to this stubbornness but in each case, I wouldn't have taken the stance unless I was willing to be fired for it.

    So what happens then?

    Apple is ordered to get this done and so the board agree it should be done. They pass it on down the chain and, when it finally gets to a group of engineers, they all refuse. It goes back up the chain and 'Apple' reply to the government/the courts that they are unable to comply because they do not have anyone with suitable technical knowledge who is willing to do this.

    Would Apple be compelled to hire new engineers?

    If so, they will need to train them and, as the work they would be doing is very sensitive, there would have to be a bit of legal back-and-forth with the contracts, resulting in significant delays.

    That's all hypothetical, of course, but the point is that the government wants to command individuals who are not in their employment to create something whether they like it or not.

    * - I.e. the engineers at Apple who will actually design and build and load the software.

    1. Anonymous Coward
      Anonymous Coward

      Try it, and the next order dropping through Apple's mailbox will be to provide the iOS source code, a working build environment, all extant iOS and build procedure documentation, and their precious signing key.

      This is a site for tech experts. It's disingenuous to claim that finding lines like if ( numTries > 10 ) or calls to sleep() require superhuman levels of technical wizardry that only Apple employees are capable of. This is the sort of job any half way competent contractor earns their bread and butter from.

      And if I was doing it? I'd change the name string to FBiOS at the same time for the lulz.

      1. dan1980


        Absolutely, and I am not oblivious to the other options. I left the question open, not because I could see no way forward for the government but because the way forward was clear.

        While I wouldn't go so far as to say that this is a site for 'tech experts', it certainly is a site frequented by such people and that is the very reason why I didn't feel it necessary to spell out the alternative - I left it hanging, as it where.

        So, let's explore this, then.

        Apple's employees have refused and Apple have taken that information back to the government. So now the government insists that, as 'Apple' won't play ball, they must now hand over the necessary credentials and information and servers to allow the government to do it themselves.

        Two thoughts come to the fore, however.

        First is that the government can no longer claim some kind of narrow scope - they are now genuinely demanding the ability to hack any iPhone belonging to anyone at their convenience and without requiring a specific court order each time.

        Second is that the company 'Apple' is being punished because individual staff members quit rather than comprise their own personal ethics and principles. Is that fair? Okay sure, assuming that any of this is 'fare' is naive but hwo can the government defend such a course of action publicly?

        Because this is very much a public debate. Sure, it;s all a game of 'rock-paper-scissors' where the government holds the only stick of dynamite but they clearly have a strong interest in winning the public over on this one and both the above options would be complete contradictions of their current rhetoric and so would be utterly counter to their push for public acceptance and backing.

        Not that this changes anything legally but the question I have been posing is: how far is the government willing to stretch its arm and how strongly and uncompromisingly is it willing to exert its powers?

        Asking 'Apple' to do this and having 'Apple' provide the requested services is clearly the government's best result at the moment, but if it gets down to individual human beings having to choose between keeping their jobs and betraying the faith of the customers and compromising their own morals, is the government really prepared to keep talking tough when it is no longer possible to pretend their request are reasonable and routine?

        And if they do hold that line and the staff at Apple are STILL willing to lose their jobs to prevent this dangerous precedent being set in stone - what then? Will the government - who have repeatedly insisted it's just one device - really demand access that is unable to be played down as targeted and not a 'back door'?

        I don't have the answers but it feels to me as though we are finally nearing a point where some company will force the government's hand such that they can no longer lie about the access the want and have.

        Ignoring, for a moment, the stories of potential secret deals, it seems that the CURRENT stance of Tim Cook et al is that they are willing to force the government to show its true colours if it wants to ensure 'victory'.

        1. Danny 14

          apple already had dialogue with the FBI. I imagine the FBI already knows apple CAN do the job, apple then said "get a court order" which the FBI did. I suspect apple thought they could get the court order thrown out - which didn't happen. Now a court order is in place (and has the backing of the DoJ) apple have limited options.

          For right or wrong it is the law at fault, afterall the FBI went via the courts.

      2. tom dial Silver badge

        The chance that a court would issue such an order is zero, as is the chance that the Congress would enact a law requiring it.

  14. tom dial Silver badge

    FUD and nonsense

    Several US Attorneys surely are trying for a precedent here (beginning in New York in September or October, 2015, in a case involving guns and illegal drugs. That criminal case ended with a guilty plea, but both the government and Apple asked the judge not to drop their controversy as moot. Apple wants a precedent too, but one that denies application of the All Writs Act. Any statement that a precedent is not sought, or that only the government seeks a precedent, are rubbish. Similarly, choosing a hot-button terrorist event to hang this on, especially with an ongoing case that appears legally nearly identical, is disingenuous at best and appears designed to confuse the issue with terrorism when that appears to be involved in only one of probably several hundred similar cases that will appear at Apple's door within days of a decision for the government. Terrorism does, however, seem to be popular, and it would be quite interesting to have results from a poll where the questions were phrased in terms of "serious crime."

    Apple's statement also is liberally sprinkled with FUD that borders on outright dishonesty. The claim that the government wants "and entirely new operating system for their use", the suggestion that what the government wants would weaken the normal security of devices in public circulation, and the mention of surveillance, eavesdropping, and tracking are somewhere between wild exaggeration and lies, and appear crafted to induce fear of both the government and criminals that is beyond what can be justified rationally. The release later states that the hundreds of similar warrants waiting in line after this one (more likely a few thousand a year) would be equivalent to having a master key that would unlock millions of locks. Apple either know this to be false, or are describing their private software signing key, which is a master key that they already have.

    Apple might have been better off in the long run to do the work the government wants and continue with the real work of securing their hardware and software so that in the future they can say honestly that they cannot provide meaningful assistance with search warrants, while crossing their fingers against the real threat that the governments - US and other - will enact laws requiring that they be able to do so. And the government might have been better off to hold back while the New York case goes to completion (or another, if the judge junks it as moot), and agitate in Congress for legal support if they lose.

    1. chris 17 Silver badge

      Re: FUD and nonsense

      @tom dial

      Where have you been this last week?

      iPhones newer than the one in question are not susceptible to this kind of brute force as the pin entry and rate counter is in hardware not software. Even if the 10 wrong pins and wipe feature is disabled on new phones, the rate limit slows so it will take over a year to try all combinations of a 4 digit pin.

      To do what the fbi want involves Apple creating a new os for that iPhone that removes the max pin tries and rate limit permitting the fbi to rapidly try all pin combinations

      If they succeed in this case and delete the os, how long before other TLA's and governments ask for the same, especially since they know it's possible.

      1. Anonymous Coward
        Anonymous Coward

        Re: FUD and nonsense

        You missed his point, once the FBI has a precedent with the All Writs Act they can then ask for anything, and Apple (and everybody else) would have to comply, even to the point of removing the current high-level security in a later version

        1. David Nash

          Re: FUD and nonsense

          "removing the current high-level security in a later version"

          Except that, as I understand it, the current high-level security is implemented in hardware so a later version of iOS would not be able to remove it.

          Whether Apple could extract the keys or PIN from the more modern hardware security mechanism by physical means, I don't know, but it would be sensible to have designed it to be as difficult as possible to do that.

          1. Charles 9 Silver badge

            Re: FUD and nonsense

            "Except that, as I understand it, the current high-level security is implemented in hardware so a later version of iOS would not be able to remove it."

            True, but what if Apple's compelled to remove the hardware for future phones?

        2. tom dial Silver badge

          Re: FUD and nonsense

          No, I dd not say that, and it is not true that a government win would open the (back) door for a demand to modify OS or device security going forward. That would require enactment of a law, which is possible but certainly not a slam dunk.

          The law generally cannot order what is not possible, and courts cannot order under the All Writs Act actions that would be excessively burdensome, something that would, as in this case, be subject to argument in court. This case might set a precedent for determining that burden, and it surely would set a precedent for hundreds (more likely thousands) of very similar individual demands for assistance. The Manhattan (NY) district attorney has stated publicly that he presently has 175 waiting. It probably also would be followed by a comparable number of similar demands from other countries, with which Apple might be required to comply by treaty arrangements or its commercial interest. There is no reason, however, that those foreign request could not be made now or later, irrespective of the outcome of this case.

      2. tom dial Silver badge

        Re: FUD and nonsense

        @chris17: The article at Trail of Bits suggests that current Apple devices are vulnerable to similar, although different and somewhate more complcated, procedures.

        I would not consider, and do not know personally any other programmer who would consider, making a moderate number of changes to a moderat number of OS modules to be "creating a new os" even though making single character change to a single module might, in a few contexts, be so described.

        The FBI did not make this request to Apple, but to the US Attorney, who asked for and received an order from a US court. The procedure would be approximately the same for any other order from any other government agency, three-letter or not. For the NSA, it probably would have to come directly from the US Attorney General's office, and that might also be the case for DHS.

        It should be possible to discuss the technical and legal issues around this without engaging in hyperbole and using loaded language, as both the FBI and Apple, as well as a great many of those who comment here and elsewhere have done. And that was my original point.

    2. John H Woods Silver badge

      Re: FUD and nonsense

      "the mention of surveillance, eavesdropping, and tracking are somewhere between wild exaggeration and lies, and appear crafted to induce fear of both the government and criminals that is beyond what can be justified rationally" -- tom dial

      You may be on thin ice here, as it could be argued that the treatment of the terrorist threat does exactly the same.

      1. tom dial Silver badge

        Re: FUD and nonsense

        The FBI almost surely had in mind the emotional appeal of "because of terrorism" in choosing this case, although they probably really do want to search the phone. The case at hand is not intrinsically tied to terrorism, and the first case like it that Apple opposed had to do with guns and illegal drugs.

    3. Anonymous Coward
      Anonymous Coward

      Re: FUD and nonsense

      If Apple "does the work the government wants" but makes changes so they can't do that work in the future, do you think the government will just say "oh well I guess we're SOL now". No, they will demand Apple undo the changes that increased security beyond Apple's ability to help - or claim they can help even if they can't and hope that an uneducated law enforcement friendly judge will buy their version and order Apple to do something that is impossible.

      Once Apple starts down this road there will be no end of demands. Did you see the link someone else provided to Charlie Rose, where the NYPD commissioner said they had 175 iPhones they couldn't access and would be asking Apple to access all 175 of them if this case was decided in the FBI's favor?

      1. tom dial Silver badge

        Re: FUD and nonsense

        @ Charles9: A court could not order that (and expect not to be overturned rather quickly on appeal). Requiring design changes would require legislation, passage of which would be uncertain at best and subject to presidential veto and later court consideration as to constitutionality. A recent Pew poll result suggests it might be possible, but extrapolation of poll results to context different from the one in which they were obtained is very uncertain.

  15. Winkypop Silver badge

    Thin edge of the wedge

    "a journey of a thousand miles begins with a single step"

    Who do you trust?

    1. Anonymous Coward
      Anonymous Coward

      Re: Thin edge of the wedge

      Increasingly, NO ONE. But of course, that means anarchy.

  16. noj

    Pew Research Center

    May be as reputable for lack of bias as claimed in the article but I question whether it can really depict public sentiment after reading this article:

    where Pew itself said that only a 9% response rate to telephone opinion surveys.

    1. tom dial Silver badge

      Re: Pew Research Center

      That only a fraction of the population (and apparently quite a small one) is willing to participate in polls is a serious problem for those engaged in the business. It is difficult to be sure whether the willing and unwilling are alike enough that the willing can stand in for the others.

      The sample size here was 1002 if I recall correctly, large enough for the results to be meaningful, and the results are so nearly uniform across the demographic classifications that nonresponse bias probably is not significant. It would be useful to those whose occupation includes design and analysis of surveys, to know the exact texts of the questions asked, but Pew has a decent reputation and it is reasonable to assume they were not biased beyond what follows from putting it in the context of "terrorist." It would be interesting if the survey were repeated with "terror*" substituted by something like "serious crime" possibly with a list of examples that covered more of the types of crime likely to lead to demands for search warrants against cell phones.

      Recent elections (e. g., the last UK general election) have cast a lot of doubt on survey reliability, but in this case the only notable discriminator was (Republican-leaning-independent) vs (Democratic-leaning-independent). This may be understood best as a result of independents being less informed compared to other groups (both generally and on the specific issue) and deriving their expressed attitude from what they think are the likely opinions that go with their "leaning." (It is well documented that those describing themselves as independent are likely to be deficient in politically relevant knowledge compared to strong identifiers with any established political party).

      1. Roland6 Silver badge

        Re: Pew Research Center

        @Tom - I wouldn't under-estimate the impact of the UK 2015 election on survey reliability, because as was shown the survey organisations got it consistently wrong for many weeks... Basically, whilst the math behind the sample size may be reliable, the selection of candidates from across a population to include in any sample isn't.

        Then we have the other factor; the phrasing of the question and any background information people may have on the subject. In this respect it is interesting to read the research findings into the UK's EU Referendum, where both the question was trialled and the use of terms other than 'Yes and 'No', resulting in the use of the words 'Remain' and 'Leave'.

        But inspite of all that, if you are confident in your understanding of the audience then your 'gut' feeling may be spot on even though the polls indicate otherwise - as was the case with the Conservative 2015 election campaign.

  17. Roland6 Silver badge

    What does Snowden know?

    5. Alternative means for gaining access to this device -- and others -- exist that do not require the manufacturer's assistance."

    If we are to believe Edward Snowden then the NSA did have a working backdoor on this iPhone/iOS...

    1. theOtherJT

      Re: What does Snowden know?

      Quite possibly they do, but they're not going to be lending that to small fish like the FBI. The NSA isn't exactly known for playing well with others, and the longer they can pretend they don't have something, the longer they can keep using it with impunity to serve their own interests - whatever they may be.

      1. Anonymous Coward
        Anonymous Coward

        Re: What does Snowden know?

        For all we know the NSA cracked Apple's signing key through unknown/unpublished weaknesses in AES that only the NSA knows. No point in worrying about them, their capabilities are a black box.

  18. Anonymous Coward
    Anonymous Coward

    According to the FT

    Sir Bill of Gates has now waded in...against the stream.

  19. TopBanana

    Encryption doesn't kill people

    "Fourteen people were slaughtered and many more had their lives and bodies ruined."

    None of whom were killed or injured because of a phone, or its encrypted content. Maybe the FBI should try to get a court order to change America's ridiculous firearms laws first, then they wouldn't have to worry about encryption.

    1. Charles 9 Silver badge

      Re: Encryption doesn't kill people

      9/11, Bath Township, and Oklahoma City never used guns yet killed more people than any gun massacre in US history.

      1. Ed 11

        Re: Encryption doesn't kill people

        Just trying to understand the points you are trying to make... is it that guns are ok because the massacres they cause are less horrendous than massacres executed via other means?

        1. Charles 9 Silver badge

          Re: Encryption doesn't kill people

          The point is you're going at it from the wrong angle. Don't take on the tool. Take on the man. A man can switch his tools but can't switch bodies last I checked. But of course, that proves infeasible since "Haters gonna Hate" and a lone wolf usually doesn't become obvious until it's too late.

  20. Anonymous Coward
    Anonymous Coward

    The iPhone's data is not important to the case

    I think it is the case that the various LEOs have other evidence that would allow them to make a compelling case against the owner/user of this iPhone - The data extract, over and above the the iCloud backup they already have for this phone, as well as the carrier records of calls and messages to and from it, would provide all the involved LEOs all they need to know, along side the other evidence they must already have...

  21. Anonymous Coward
    Anonymous Coward

    1. Remove Privacy from the masses, assimilating 'hard working families' into the great Capitalism Machine.

    2. Issue new laws that require 24/7/365 work output from humans, abstinence punishable by death.


    4. Profit!!!

    I, for one, welcome our Beowolf cluster of New World Order Overlords.

    I'll get me electronic tag..

  22. Bernard M. Orwell

    Appropriate Imagery

    Can't stress how appropriate your cover picture for this story is.

    Distastefully, two cocks illegally fighting? Yep, perfect.

  23. Doug Kelley

    One of the implications NO ONE want's to talk about

    This court order is to compel Apple to assist in bypass of the lockout for bad attempts in entering an incorrect PIN/password used to decrypt the iPhone, but the HUGE PROBLEM is the precedent if Apple is forced to comply:

    1. Can a company be forced by law to bypass safeguards to prevent brute forcing?

    2. Can a company be forced to make hardware (TouchID) electronically "believe" the correct finger has been placed on the sensor allow the secure enclave to decrypt the memory?

    3. Can a company be required to CREATE NEW software or methods to facilitate these actions?

    If yes, then the NSA or any country would begin forcing companies not to decrypt the contents, but create processes and software to allow the state/country to "pick the lock" at will.

    1. tom dial Silver badge

      Re: One of the implications NO ONE want's to talk about

      The answer to the first question is that companies probably could be required by law to provide for law enforcement access. In the US, based on the Constitution and over 200 years of additional history, using the legal authority would require a warrant based on probable cause and so on. Other nations would have other constraints (or not).

      Second question: Maybe, like the first, but there would be no reason for law enforcement agencies to care about the details of the method.

      Third: probably not, but they probably could be prohibited from selling noncompliant equipment and might find it in their interest to do so.

      "NSA" here should be replaced by "the government" or something similar. The NSA is not a police agency and operates in a gray area where the applicability of US law depends on citizenship and location. The same would be true of similar agencies of other sovereign nations. A good deal of its activities are quite illegal somewhere, and they rely methods and techniques that go far beyond what Apple has been ordered to do. The FBI is a police agency, and its history includes instances of serious overstepping. However, J. Edgar Hoover has been dead for over 40 years and it might be time to cut them a wee bit of slack and not assume that their institutional goal involves routine and widespread infringement of civil rights. Their objective is to be able to access any iPhone for which they have a valid search warrant. That is an objective that they share with every other law enforcement agency in the country, and very likely the world, as problematic as that may be for some of them.

    2. This post has been deleted by its author

  24. Ed 11

    Is there a hardware method which device manufacturers could look to build in to future devices which would render requests such as these entirely redundant, as there would be nothing the vendor could do from a software side to bypass a lost password?

    I know this was a 5C which lacks the secure enclave of Apple's Touch ID devices. My reading around seems to suggest the FBI request would be materially different if it had been a more recent device (specifically there would have been a need to flash the software on the secure enclave in addition to the wider iOS), but that such a request would not be beyond the capabilities of Apple.

    1. Charles 9 Silver badge

      They try to create a true "black box," but against an adversary such as a State with deep pockets and perhaps the ingenuity of something like the CCC, that's going to be a tall order. Some of those crackers have been able to defeat on-chop booby-traps by operating on them in extreme or meticulous conditions.

    2. Anonymous Coward
      Anonymous Coward

      The secure enclave (in phones that have it) enforces the 10 try limit itself, so upgrading iOS would not work. It is an open question whether it is possible for Apple to deliver a firmware update to the secure enclave. They probably can, but maybe it is so simple that its 'OS' is read-only (or now that Apple has incentive to, it will be read-only in future versions)

      I suspect that even if they can deliver a firmware update to the secure enclave, that may not be possible with the phone locked like regular firmware updates can (which can be updated from 'DFU mode' which is a sort of pre-boot state) If Apple can deliver new firmware to the secure enclave AND that can be done in DFU mode, it would be a simple fix to deliver a firmware update to the secure enclave that disallows such updates when in DFU mode.

      I also outlined a way for Apple to limit firmware updates in DFU to using iTunes installs the phone has been previously connected to (when unlocked) So I think Apple has some ways to block future requests of this type even if they are eventually forced to comply in this case. Quite what the government's response will be when Apple announces "we made it impossible for us to ever do this again" we'll have to see. I imagine they won't be happy, because despite their assurances to the contrary, it is quite obvious this is being done to set a precedent (that's why they refused Apple's request to file this case under seal)

  25. chris 17 Silver badge

    Protection considerations of those Creating the FBI iOS

    If Apple are compelled to do this for the FBI, what protection considerations would be provided to those tasked with investigating and coding this?

    I imagine:

    Tim Cook would be the only overseeing manager,

    at least 2 bods researching the mechanisms to make such a process viable,

    the same 2 bods to build and test the code & finally apply to the phone?

    So that's at least 2 people that would have the knowledge of creating an iOS that can defeat an iPhone 5c.

    Its not to hard to imagine that If a foreign power knew there was sensitive data on an iPhone5c or above that had fallen into the hands of another foreign power that they didn't want them to have, they may go to extraordinary lengths to ensure that data remained secure. The flip side of the story is as equally compelling. Suddenly there is a massive money can't buy premium on those individuals with intimate knowledge of undermining iOS security, from all sides criminal and government.

    For the sake of my family I'd not want to be the guy that investigates and codes that custom FBI iOS.

  26. Anonymous Coward
    Anonymous Coward

    What's next?

    So the message is trust your government. Surrender your privacy. Know that the government will only use it sparingly and for the greater good. Do you really trust the government? OK, what about the next one, or the one after that?

    How long before "security concerns" lead to this needing to be done in secret, without scrutiny of the courts?

    Slippery, slippery slope.

    1. tom dial Silver badge

      Re: What's next?

      This seems to be an argument that because government actors might do something when it is illegal, they should be prevented from doing it when it is legally permitted. A somewhat comparable example might be to argue that because police officers could make illegal traffic stops and shake down their victims they should not be allowed to make traffic stops at all. Even as egregious as some of the authorized procedures are, I am not sure that really makes sense.

      1. Anonymous Coward
        Anonymous Coward

        Re: What's next?

        "I am not sure that really makes sense."

        It does when you factor in corruption. And the higher up the chain you get, the more likely you run into the problem. Not to mention we're talking the United States: a country founded on the distrust of government. Finally, we're considering a matter of judicial precedent that can literally open a Pandora's Box or a Genie Bottle, meaning once it's open it can never be contained again.

  27. Sanctimonious Prick

    Fuck It! Fuck You!

    Tim Cook: "At stake is the data security of hundreds of millions of law-abiding people, and setting a dangerous precedent that threatens everyone's civil liberties."

    James Comey meanwhile wrote a letter published on Sunday in which he argued the opposite: that the legal argument "is actually quite narrow"

    (Can't find a link with this exact text right now) "NYC has 90 iPhones, they want unlocked,"

    It has also been reported (elsewhere on this site) that Apple are doing this for publicity.

    I don't care if they're doing it for publicity! Because, ultimately, what they are doing is protecting the privacy of millions and millions of people all over the world! Screw you, FBI!

    Oh, and as to why Apple haven't spoken up about the other Secret Court orders to hack other iPhones, is due to the gag order, d'oh!

    And why the bloody hell should Apple help, even if they're paid? [example, example, example - (there's a search engine out there)]..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020