This is shaping up to be bigger than the Super Bowl. (And far, far more important too.)
Latest in Apple v FBI public squabble over iPhone crack demand
In the latest salvo in a very public war, Apple's CEO and the FBI's director have published letters arguing their cases over gaining access to a locked iPhone. In Apple's corner, Tim Cook sent an all-staff email Monday morning in which he argued that the case represents a "precedent that threatens everyone's civil liberties …
COMMENTS
-
-
Tuesday 23rd February 2016 05:07 GMT Mark 85
Supposedly, and it's depending on the news sources and who can be trusted, they were working quietly and Apple asked for a court order. For some reason, the FBI when public instead of secret court. Apparently Apple has worked on some 70 phones for the FBI previously.
Now how much of this real, how much is BS, and how much is theatre, I have no idea.
-
Tuesday 23rd February 2016 07:39 GMT John H Woods
"Apparently Apple has worked on some 70 phones for the FBI previously. Now how much of this real, how much is BS, and how much is theatre, I have no idea." -- Mark85
It'll make it harder for you to come to a decision if you don't dig a bit deeper.
-
-
Tuesday 23rd February 2016 09:05 GMT Vimes
it becomes clear the FBI are using this as a test case
Not just the FBI either...
To that point, the New York City police commissioner, William J. Bratton, and the Manhattan district attorney, Cyrus R. Vance Jr., criticized Apple after it refused to comply with the court order and said that they currently possessed 175 iPhones that they could not unlock.
Charlie Rose recently interviewed Mr. Vance and asked if he would want access to all phones that were part of a criminal proceeding should the government prevail in the San Bernardino case.
Mr. Vance responded: “Absolutely right.”
http://www.nytimes.com/2016/02/23/technology/apple-unlock-iphone-san-bernardino.html?_r=0
-
Tuesday 23rd February 2016 19:12 GMT Anonymous Coward
NYC police wanting access to phones that are "part of a criminal proceeding"
I wonder how many of those 175 cases are minor crimes like bookmaking or dealing pot?
This is why the FBI is pressing this case - they felt like they had a winner with this case about terrorism, but they (and every other law enforcement agency in the US) wants to use it for every crime under the sun. Not that it will be limited to only US law enforcement, once Pandora's box is opened it will be essentially impossible for Apple to refuse similar aid to law enforcement in the UK, EU and China among others.
No doubt they'll charge some people with a crime they know won't hold up in court, just to get access to their phone for a fishing expedition or to harass and intimidate someone they don't like (like the ex wife of a cop, or a guy who films a cop doing something illegal) Eventually someone will die due to police misuse of the data they find, so it isn't only a 'good' where people are kept safer from terrorism like the FBI wants to portray.
-
-
-
-
Tuesday 23rd February 2016 00:12 GMT Michael Thibault
>a thorough and professional investigation under law
I wonder what the chances of this being resolved are if the following, grosso modo, are possibilities and are acted on: a) the talented and trusted at Apple are 'deputised' and charged with the task of recovering the data; and, b) the FBI issues an undertaking not to demand more of Apple than the data? The former would allow the chain of evidence to remain unbroken, while the latter would allay Apple's concerns about the incidental, but certainly lucrative (to the TLAs), benefits of the reveal.
The rub: precedent. I'm far more inclined to expect that Apple pulling the sought-for data out of anything will be taken as a precedent and the garotte turned a bit tighter; there's no point in any TLA saying--let alone promising--'now and forever, this far and no further'...
-
Tuesday 23rd February 2016 15:17 GMT Gordon861
I thought the FBI had already confirmed that they just wanted the data, the phone could stay with Apple for them to destroy or do whatever they wanted rather than any chance it being reversed engineered to do the same on other phones.
I wonder how big a fine Apple are willing to accept in order to not open the phone up, a million per week/day until the conform?
-
Tuesday 23rd February 2016 19:15 GMT Anonymous Coward
Corporate fines for contempt of court as pretty small
From what I could gather in a quick google yesterday (I'm not a lawyer, obviously) there's a Supreme Court case stating that a corporation can be fined a maximum of $100K for contempt of court. Even as a daily fine, I'm sure Apple would consider that a cost of doing business as $36.5 million/yr is chicken feed for them - less than 1/10th of one percent of their yearly profit.
-
-
-
Tuesday 23rd February 2016 00:50 GMT Anonymous Coward
It is very easy to extract the data from any locked electronic device. I thought everyone knows this. You dismantle the item, connect probes to the memory chips and sequentially read out the data byte by byte. then you can load the data into a PC and display everything. easy! the data in the memory chips is not encrypted.
this news item is all about politics, not tech.
-
Tuesday 23rd February 2016 03:16 GMT JeffyPoooh
"... the data in the memory chips is not encrypted."
That's ---^ where you went wrong.
I believe it's very likely possible to 'crack' their way past the phone's security, but I don't think it's "very easy".
My assumption is that it's very unlikely that there's not at least several subtle implementation flaws. History of cryptography indicates that it's almost a general rule.
-
Tuesday 23rd February 2016 08:01 GMT John H Woods
Re: "... the data in the memory chips is not encrypted."
"I believe it's very likely possible to 'crack' their way past the phone's security, but I don't think it's "very easy"." -- JeffyPoooh
This is the key issue: whilst brute forcing the cryptography is probably infeasible (and if it were possible those capable of it would would be very reluctant for that to become known), that does not mean the device itself cannot be hacked open.
If the phone were suspected of containing the date, time and location of a credible NBC attack, government would have deployed a good deal more effort: even the lack of forensic care during custody is evidence against any such effort having been considered. That leaves us with, at best, the possibility the FBI is trying to do this "on the cheap" without regard for significant ramifications; and at worst that it is a deliberate attempt at setting a precedent.
-
-
-
Tuesday 23rd February 2016 02:23 GMT MrDamage
Re: Will it apply to other technology too?
Who said it would be at their own cost?
El Reg linked to the court order in previous articles, which clearly states Apple would be reimbursed for their efforts.
For you to continue with utter bullshit claiming Apple are being forced to do it for free, weakens Apples stance as it shows that even their supporters have no clue.
Be informed, and be correct. Its the best way to beat the government FUD.
Icon, because that's exactly what I do when I read yet another git sprouting "facebook facts" as truth.
-
Tuesday 23rd February 2016 11:43 GMT Anonymous Blowhard
Re: Will it apply to other technology too?
"Who said it would be at their own cost?"
Ah, in that case Apple should give them an FOQ; a simple statement saying that the estimated cost of the modification, including loss of goodwill (a major part of the company's value for a brand like Apple), is five billion dollars.
-
-
Tuesday 23rd February 2016 07:41 GMT John H Woods
Re: Will it apply to other technology too?
"So, based on the FBI's reasoning, ASSA ABLOY, SentrySafe, etc. might be required to break into every safe or strongbox they manufacturer that might be used by criminals... and at their own cost? Muppets." -- Lobotoman
In a small way, it's better than that -- it won't be at their own cost (although it seems unlikely they will be able to charge their reputational damage as cost). But in a bigger way, it's worse: not so much that they might be required to break into their own products but they might be required to create tools to allow others to do so.
-
-
Tuesday 23rd February 2016 10:56 GMT John H Woods
Re: Will it apply to other technology too?
"It cost Apple more to write Tom Crook's letter than it would do to for them to disable the pin retry counter."
Depends what you mean by cost: in one sense, it didn't cost Gerald Ratner anything to say that his products were "total crap" -- in another you could easily argue it cost £0.5 billion.
-
-
Tuesday 23rd February 2016 08:48 GMT circuitguy
Re: Will it apply to other technology too?
this is a form of "discovery" and Apple can recovery cost once it is approved by judge. Historically Courts have ordered individuals to handle over their "keys". In the end, every big name lawyer will side with the FBI because the legal system will grind to a halt if discovery of docs is restrained, because Everyone will store critical data on phones or sets of phones,etc.
-
-
-
Tuesday 23rd February 2016 00:52 GMT trammel
13th Amendment Issues?
I wonder at what point does the requirement to disclose information for an investigation, crosses the 13th amendment line and becomes a requirement to perform work, where "neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted" shall exist within the US?
Supplying known information is one thing, but being required to work to create a version of an OS (key) that lets the government access information, doesn't feel like the same thing.
-
Tuesday 23rd February 2016 00:58 GMT Deltics
Precedent is a legally defined process, not just an accident of history
UK commentators should bear in mind that UK legal system and the US legal systems differ significantly in their treatment of legal precedent.
In legal terms a "precedent" is not just an easy term for "a previous decision". Unfortunately in the coverage of this talking about how this would "establish" a precedent, this crucial distinction is being criminally overlooked.
-
Tuesday 23rd February 2016 10:52 GMT nijam
Re: Precedent is a legally defined process, not just an accident of history
> In legal terms a "precedent" is not just an easy term for "a previous decision".
In practice it is... just as in mathematics a theorem can be deduced from axioms, but usually is deduced from earlier theorems because it is easier. Judges in both jurisdictions will take into account laws (as passed by the appropriate government) and case law (reasoning as applied by judges, often from a higher court, in previous cases)
It doesn't alter the outcome, legally speaking, but it does make future cases easier for judges to assess.
-
Tuesday 23rd February 2016 19:21 GMT Anonymous Coward
Re: Precedent is a legally defined process, not just an accident of history
If the case goes to the Supreme Court and they reach a majority decision (that detail may be crucial as the Supreme Court looks to be short the 9th member for at least another year) then the decision IS legal precedent which every lower court is required to observe. Unless the opinion is written to specifically apply in just this one case, it will open up the floodgates for thousands of requests.
All the FBI wants to establish is that they can force Apple to do work for them. The fact that it may be far more difficult to do this on a newer iPhone, and will require tons of resources for them to do to thousands of phones once requests start rolling in from every podunk PD in the country, won't matter once that precedent has been established.
The FBI wanted Apple to fight it all the way to Supreme Court, so they can get this precedent.
-
-
-
Tuesday 23rd February 2016 07:49 GMT John H Woods
Re: FBI's Comey
". . . we have awesome new technology that creates a serious tension between two values we all treasure – privacy and safety," -- Coney
I wonder if one of the obstacles to useful debate is the presentation of this as a simple tension between the privacy and safety. My view is that anything that causes the innocent to have less privacy tends to decrease their safety, even if you were to accept (and I don't necessarily agree) that governments to pose no threat to such safety.
-
Tuesday 23rd February 2016 03:43 GMT Mitoo Bobsworth
Overreach
I read that the couple had other mobile phones which they destroyed before their rampage - surely those would have been the most likely to have produced some evidence. Why smash them otherwise?
Also, if Farook was working in a public service capacity, surely the last thing a covert terrorist (if he & his partner were so) would want would be to raise suspicion or leave a trail by using a work supplied phone. The records suggest he made "sporadic" icloud backups of the iPhone in question.
Seems to me the Feds are leveraging this tragedy with a rather overbearing focus on the encryption/decryption agenda. That the San Bernardino officials changed the iCloud password at the behest of the FBI only makes me more suspicious.
-
Tuesday 23rd February 2016 07:52 GMT John H Woods
Re: Overreach
"I read that the couple had other mobile phones which they destroyed before their rampage - surely those would have been the most likely to have produced some evidence" -- Mitoo Bobsworth
Perhaps the Farooks forgot that this was a (possibly MDMd) work phone and were careless. And perhaps they just forgot to destroy this phone. And perhaps the iPhone has contact details for the Mr Big behind it all. And perhaps they never called Mr Big so there are no phone records. So perhaps this is necessary for the FBI to get his number ...
But Mr Big probably reads the news. So he's probably destroyed his burner phone anyway.
-
-
Tuesday 23rd February 2016 03:50 GMT Anonymous Coward
Let there be one ruler, one king
Apple need to realise that, big and rich as they are, they're not above the law. Comply with the lawful order of a court within the jurisdiction you do business, or face the consequences. Love to see Tim Cook slapped in jail until he purges his contempt and issues directions for Apple to comply with the order, might teach him a lesson in humility.
Their mistake was allowing the technique the FBI is using to work in the first place. DFU mode shouldn't allow a new firmware image to be installed without permission from the owner of the device, signified by unlocking it. They need to lick their wounds, and fix that in future iOS versions.
-
Tuesday 23rd February 2016 07:26 GMT Public Citizen
Re: Let there be one ruler, one king
Since a corporation has the same legal standing and subject to the same legal privileges and immunities as an individual under US Law the courts would have the same problem in attempting to jail Cook as they would in attempting to jail a portion of a persons anatomy for some trespass of the law.
Cook, the Board of Directors of Apple, the stockholders, and etc. can't be put in jail over this matter as they have done nothing that would trigger such an order and any judge that would issue such an order in this case would quickly find the whole weight of the entire US Legal System falling upon their head.
The most that can be done is to find the ~Corporation~ in Contempt of Court and issue a fine for every day they are In Contempt. The publicity value of such an order would offset any dollar amount that the court could lawfully impose.
Tim Cook and the BoD of Apple have responsibilities to the stockholders that are clear cut in this case and if they engage in any sort of compliance activity that is not clearly covered by existing law they can find themselves individually and collectively on the receiving end of some very expensive actions brought against them by unhappy stockholders
-
Tuesday 23rd February 2016 10:41 GMT Anonymous Coward
Re: Let there be one ruler, one king
When talking about the law, it helps if you know (or do some research) how it actually works, rather than how you think it might or should work. Some useful search terms to google are: "corporation contempt of court"
You'd find that officers of a company can be both fined and imprisoned for their failure (whether willful or not, whether a named party to the court order or not) to ensure an order against their company is complied with.
In short, you're utterly wrong about everything.
-
-
-
Tuesday 23rd February 2016 11:12 GMT John H Woods
Re: Let there be one ruler, one king
"The consequence is a legal challenge to the validity of the court order." -- nijam
Exactly: it's extraordinary how many people who use as their main argument some version of "it's the law, stupid" understand (or want to portray) Apple using the appeals process as outright defiance of the court. The court gave them leave to appeal when it made the order; Apple don't agree with the decision, so they are appealing it. There is (as yet) no failure to "comply with a lawful order."
-
-
Tuesday 23rd February 2016 12:16 GMT Doctor Syntax
Re: Let there be one ruler, one king
"Comply with the lawful order of a court within the jurisdiction you do business, or face the consequences."
Which court? This is only at the magistrates level. It can, and probably will, be appealed right up to the US Supreme court. Only if and when Apple lose at that level do they have to comply or face the consequences.
-
Tuesday 23rd February 2016 19:49 GMT Anonymous Coward
The problem with blocking iOS updates in DFU mode
Is that there is no way to recover from an update that is interrupted in progress, or if Apple provides a borked update that stops phones from properly booting.
As a compromise DFU mode could authenticate the phone to iTunes. When an unlocked phone is connected to iTunes it would create a public/private key pair, with one half stored on the phone in a location where it can be read in DFU mode and the other in iTunes.
In order to perform a DFU mode update the phone would be required to authenticate that public/private key pair. If they did this it would still allow end users to recover from a bad flash (if they had access to an iTunes they had connected their unlocked phone to once) but block updates from third parties who didn't have access to an iTunes you'd used previously.
-
-
Tuesday 23rd February 2016 04:18 GMT dan1980
When all the talking stops and all the soap boxes are put away, one fact will still remain: the government is trying to compel individual people* to build them the equivalent of a set of lock-picking tools to break into the device in question.
We - and the government - can say that they are getting 'Apple' to do this but there is no disembodied entity called 'Apple' that will be writing the lines of codes required - it will be flesh and blood human beings.
And those humans have their own thoughts and feelings and beliefs and principles and may well feel very strongly about what they are being asked to do.
Sure, they are employed by Apple so if they want to stay employed, they should perform the tasks assigned to them, but what if they refuse, on principle? I've certainly refused certain 'requests' from bosses in the past when I felt strongly about them. Thankfully I haven't been fired due to this stubbornness but in each case, I wouldn't have taken the stance unless I was willing to be fired for it.
So what happens then?
Apple is ordered to get this done and so the board agree it should be done. They pass it on down the chain and, when it finally gets to a group of engineers, they all refuse. It goes back up the chain and 'Apple' reply to the government/the courts that they are unable to comply because they do not have anyone with suitable technical knowledge who is willing to do this.
Would Apple be compelled to hire new engineers?
If so, they will need to train them and, as the work they would be doing is very sensitive, there would have to be a bit of legal back-and-forth with the contracts, resulting in significant delays.
That's all hypothetical, of course, but the point is that the government wants to command individuals who are not in their employment to create something whether they like it or not.
* - I.e. the engineers at Apple who will actually design and build and load the software.
-
Tuesday 23rd February 2016 10:54 GMT Anonymous Coward
Try it, and the next order dropping through Apple's mailbox will be to provide the iOS source code, a working build environment, all extant iOS and build procedure documentation, and their precious signing key.
This is a site for tech experts. It's disingenuous to claim that finding lines like if ( numTries > 10 ) or calls to sleep() require superhuman levels of technical wizardry that only Apple employees are capable of. This is the sort of job any half way competent contractor earns their bread and butter from.
And if I was doing it? I'd change the name string to FBiOS at the same time for the lulz.
-
Tuesday 23rd February 2016 13:38 GMT dan1980
@AC
Absolutely, and I am not oblivious to the other options. I left the question open, not because I could see no way forward for the government but because the way forward was clear.
While I wouldn't go so far as to say that this is a site for 'tech experts', it certainly is a site frequented by such people and that is the very reason why I didn't feel it necessary to spell out the alternative - I left it hanging, as it where.
So, let's explore this, then.
Apple's employees have refused and Apple have taken that information back to the government. So now the government insists that, as 'Apple' won't play ball, they must now hand over the necessary credentials and information and servers to allow the government to do it themselves.
Two thoughts come to the fore, however.
First is that the government can no longer claim some kind of narrow scope - they are now genuinely demanding the ability to hack any iPhone belonging to anyone at their convenience and without requiring a specific court order each time.
Second is that the company 'Apple' is being punished because individual staff members quit rather than comprise their own personal ethics and principles. Is that fair? Okay sure, assuming that any of this is 'fare' is naive but hwo can the government defend such a course of action publicly?
Because this is very much a public debate. Sure, it;s all a game of 'rock-paper-scissors' where the government holds the only stick of dynamite but they clearly have a strong interest in winning the public over on this one and both the above options would be complete contradictions of their current rhetoric and so would be utterly counter to their push for public acceptance and backing.
Not that this changes anything legally but the question I have been posing is: how far is the government willing to stretch its arm and how strongly and uncompromisingly is it willing to exert its powers?
Asking 'Apple' to do this and having 'Apple' provide the requested services is clearly the government's best result at the moment, but if it gets down to individual human beings having to choose between keeping their jobs and betraying the faith of the customers and compromising their own morals, is the government really prepared to keep talking tough when it is no longer possible to pretend their request are reasonable and routine?
And if they do hold that line and the staff at Apple are STILL willing to lose their jobs to prevent this dangerous precedent being set in stone - what then? Will the government - who have repeatedly insisted it's just one device - really demand access that is unable to be played down as targeted and not a 'back door'?
I don't have the answers but it feels to me as though we are finally nearing a point where some company will force the government's hand such that they can no longer lie about the access the want and have.
Ignoring, for a moment, the stories of potential secret deals, it seems that the CURRENT stance of Tim Cook et al is that they are willing to force the government to show its true colours if it wants to ensure 'victory'.
-
Tuesday 23rd February 2016 14:09 GMT Danny 14
apple already had dialogue with the FBI. I imagine the FBI already knows apple CAN do the job, apple then said "get a court order" which the FBI did. I suspect apple thought they could get the court order thrown out - which didn't happen. Now a court order is in place (and has the backing of the DoJ) apple have limited options.
For right or wrong it is the law at fault, afterall the FBI went via the courts.
-
-
-
-
Tuesday 23rd February 2016 05:06 GMT tom dial
FUD and nonsense
Several US Attorneys surely are trying for a precedent here (beginning in New York in September or October, 2015, in a case involving guns and illegal drugs. That criminal case ended with a guilty plea, but both the government and Apple asked the judge not to drop their controversy as moot. Apple wants a precedent too, but one that denies application of the All Writs Act. Any statement that a precedent is not sought, or that only the government seeks a precedent, are rubbish. Similarly, choosing a hot-button terrorist event to hang this on, especially with an ongoing case that appears legally nearly identical, is disingenuous at best and appears designed to confuse the issue with terrorism when that appears to be involved in only one of probably several hundred similar cases that will appear at Apple's door within days of a decision for the government. Terrorism does, however, seem to be popular, and it would be quite interesting to have results from a poll where the questions were phrased in terms of "serious crime."
Apple's statement also is liberally sprinkled with FUD that borders on outright dishonesty. The claim that the government wants "and entirely new operating system for their use", the suggestion that what the government wants would weaken the normal security of devices in public circulation, and the mention of surveillance, eavesdropping, and tracking are somewhere between wild exaggeration and lies, and appear crafted to induce fear of both the government and criminals that is beyond what can be justified rationally. The release later states that the hundreds of similar warrants waiting in line after this one (more likely a few thousand a year) would be equivalent to having a master key that would unlock millions of locks. Apple either know this to be false, or are describing their private software signing key, which is a master key that they already have.
Apple might have been better off in the long run to do the work the government wants and continue with the real work of securing their hardware and software so that in the future they can say honestly that they cannot provide meaningful assistance with search warrants, while crossing their fingers against the real threat that the governments - US and other - will enact laws requiring that they be able to do so. And the government might have been better off to hold back while the New York case goes to completion (or another, if the judge junks it as moot), and agitate in Congress for legal support if they lose.
-
Tuesday 23rd February 2016 07:58 GMT chris 17
Re: FUD and nonsense
@tom dial
Where have you been this last week?
iPhones newer than the one in question are not susceptible to this kind of brute force as the pin entry and rate counter is in hardware not software. Even if the 10 wrong pins and wipe feature is disabled on new phones, the rate limit slows so it will take over a year to try all combinations of a 4 digit pin.
To do what the fbi want involves Apple creating a new os for that iPhone that removes the max pin tries and rate limit permitting the fbi to rapidly try all pin combinations
If they succeed in this case and delete the os, how long before other TLA's and governments ask for the same, especially since they know it's possible.
-
-
Tuesday 23rd February 2016 12:31 GMT David Nash
Re: FUD and nonsense
"removing the current high-level security in a later version"
Except that, as I understand it, the current high-level security is implemented in hardware so a later version of iOS would not be able to remove it.
Whether Apple could extract the keys or PIN from the more modern hardware security mechanism by physical means, I don't know, but it would be sensible to have designed it to be as difficult as possible to do that.
-
Tuesday 23rd February 2016 20:03 GMT tom dial
Re: FUD and nonsense
No, I dd not say that, and it is not true that a government win would open the (back) door for a demand to modify OS or device security going forward. That would require enactment of a law, which is possible but certainly not a slam dunk.
The law generally cannot order what is not possible, and courts cannot order under the All Writs Act actions that would be excessively burdensome, something that would, as in this case, be subject to argument in court. This case might set a precedent for determining that burden, and it surely would set a precedent for hundreds (more likely thousands) of very similar individual demands for assistance. The Manhattan (NY) district attorney has stated publicly that he presently has 175 waiting. It probably also would be followed by a comparable number of similar demands from other countries, with which Apple might be required to comply by treaty arrangements or its commercial interest. There is no reason, however, that those foreign request could not be made now or later, irrespective of the outcome of this case.
-
-
Tuesday 23rd February 2016 21:01 GMT tom dial
Re: FUD and nonsense
@chris17: The article at Trail of Bits suggests that current Apple devices are vulnerable to similar, although different and somewhate more complcated, procedures.
I would not consider, and do not know personally any other programmer who would consider, making a moderate number of changes to a moderat number of OS modules to be "creating a new os" even though making single character change to a single module might, in a few contexts, be so described.
The FBI did not make this request to Apple, but to the US Attorney, who asked for and received an order from a US court. The procedure would be approximately the same for any other order from any other government agency, three-letter or not. For the NSA, it probably would have to come directly from the US Attorney General's office, and that might also be the case for DHS.
It should be possible to discuss the technical and legal issues around this without engaging in hyperbole and using loaded language, as both the FBI and Apple, as well as a great many of those who comment here and elsewhere have done. And that was my original point.
-
-
Tuesday 23rd February 2016 11:19 GMT John H Woods
Re: FUD and nonsense
"the mention of surveillance, eavesdropping, and tracking are somewhere between wild exaggeration and lies, and appear crafted to induce fear of both the government and criminals that is beyond what can be justified rationally" -- tom dial
You may be on thin ice here, as it could be argued that the treatment of the terrorist threat does exactly the same.
-
Tuesday 23rd February 2016 20:09 GMT tom dial
Re: FUD and nonsense
The FBI almost surely had in mind the emotional appeal of "because of terrorism" in choosing this case, although they probably really do want to search the phone. The case at hand is not intrinsically tied to terrorism, and the first case like it that Apple opposed had to do with guns and illegal drugs.
-
-
Tuesday 23rd February 2016 19:53 GMT Anonymous Coward
Re: FUD and nonsense
If Apple "does the work the government wants" but makes changes so they can't do that work in the future, do you think the government will just say "oh well I guess we're SOL now". No, they will demand Apple undo the changes that increased security beyond Apple's ability to help - or claim they can help even if they can't and hope that an uneducated law enforcement friendly judge will buy their version and order Apple to do something that is impossible.
Once Apple starts down this road there will be no end of demands. Did you see the link someone else provided to Charlie Rose, where the NYPD commissioner said they had 175 iPhones they couldn't access and would be asking Apple to access all 175 of them if this case was decided in the FBI's favor?
-
Tuesday 23rd February 2016 20:19 GMT tom dial
Re: FUD and nonsense
@ Charles9: A court could not order that (and expect not to be overturned rather quickly on appeal). Requiring design changes would require legislation, passage of which would be uncertain at best and subject to presidential veto and later court consideration as to constitutionality. A recent Pew poll result suggests it might be possible, but extrapolation of poll results to context different from the one in which they were obtained is very uncertain.
-
-
-
Tuesday 23rd February 2016 07:29 GMT noj
Pew Research Center
May be as reputable for lack of bias as claimed in the article but I question whether it can really depict public sentiment after reading this article:
http://www.slate.com/articles/news_and_politics/politics/2012/05/survey_bias_how_can_we_trust_opinion_polls_when_so_few_people_respond_.html
where Pew itself said that only a 9% response rate to telephone opinion surveys.
-
Tuesday 23rd February 2016 21:43 GMT tom dial
Re: Pew Research Center
That only a fraction of the population (and apparently quite a small one) is willing to participate in polls is a serious problem for those engaged in the business. It is difficult to be sure whether the willing and unwilling are alike enough that the willing can stand in for the others.
The sample size here was 1002 if I recall correctly, large enough for the results to be meaningful, and the results are so nearly uniform across the demographic classifications that nonresponse bias probably is not significant. It would be useful to those whose occupation includes design and analysis of surveys, to know the exact texts of the questions asked, but Pew has a decent reputation and it is reasonable to assume they were not biased beyond what follows from putting it in the context of "terrorist." It would be interesting if the survey were repeated with "terror*" substituted by something like "serious crime" possibly with a list of examples that covered more of the types of crime likely to lead to demands for search warrants against cell phones.
Recent elections (e. g., the last UK general election) have cast a lot of doubt on survey reliability, but in this case the only notable discriminator was (Republican-leaning-independent) vs (Democratic-leaning-independent). This may be understood best as a result of independents being less informed compared to other groups (both generally and on the specific issue) and deriving their expressed attitude from what they think are the likely opinions that go with their "leaning." (It is well documented that those describing themselves as independent are likely to be deficient in politically relevant knowledge compared to strong identifiers with any established political party).
-
Wednesday 24th February 2016 10:24 GMT Roland6
Re: Pew Research Center
@Tom - I wouldn't under-estimate the impact of the UK 2015 election on survey reliability, because as was shown the survey organisations got it consistently wrong for many weeks... Basically, whilst the math behind the sample size may be reliable, the selection of candidates from across a population to include in any sample isn't.
Then we have the other factor; the phrasing of the question and any background information people may have on the subject. In this respect it is interesting to read the research findings into the UK's EU Referendum, where both the question was trialled and the use of terms other than 'Yes and 'No', resulting in the use of the words 'Remain' and 'Leave'.
But inspite of all that, if you are confident in your understanding of the audience then your 'gut' feeling may be spot on even though the polls indicate otherwise - as was the case with the Conservative 2015 election campaign.
-
-
-
-
Tuesday 23rd February 2016 10:28 GMT theOtherJT
Re: What does Snowden know?
Quite possibly they do, but they're not going to be lending that to small fish like the FBI. The NSA isn't exactly known for playing well with others, and the longer they can pretend they don't have something, the longer they can keep using it with impunity to serve their own interests - whatever they may be.
-
-
Tuesday 23rd February 2016 10:44 GMT TopBanana
Encryption doesn't kill people
"Fourteen people were slaughtered and many more had their lives and bodies ruined."
None of whom were killed or injured because of a phone, or its encrypted content. Maybe the FBI should try to get a court order to change America's ridiculous firearms laws first, then they wouldn't have to worry about encryption.
-
-
-
Tuesday 23rd February 2016 15:41 GMT Charles 9
Re: Encryption doesn't kill people
The point is you're going at it from the wrong angle. Don't take on the tool. Take on the man. A man can switch his tools but can't switch bodies last I checked. But of course, that proves infeasible since "Haters gonna Hate" and a lone wolf usually doesn't become obvious until it's too late.
-
-
-
-
Tuesday 23rd February 2016 10:47 GMT Anonymous Coward
The iPhone's data is not important to the case
I think it is the case that the various LEOs have other evidence that would allow them to make a compelling case against the owner/user of this iPhone - The data extract, over and above the the iCloud backup they already have for this phone, as well as the carrier records of calls and messages to and from it, would provide all the involved LEOs all they need to know, along side the other evidence they must already have...
-
Tuesday 23rd February 2016 10:58 GMT Anonymous Coward
1. Remove Privacy from the masses, assimilating 'hard working families' into the great Capitalism Machine.
2. Issue new laws that require 24/7/365 work output from humans, abstinence punishable by death.
3....
4. Profit!!!
I, for one, welcome our Beowolf cluster of New World Order Overlords.
I'll get me electronic tag..
-
Tuesday 23rd February 2016 13:08 GMT Doug Kelley
One of the implications NO ONE want's to talk about
This court order is to compel Apple to assist in bypass of the lockout for bad attempts in entering an incorrect PIN/password used to decrypt the iPhone, but the HUGE PROBLEM is the precedent if Apple is forced to comply:
1. Can a company be forced by law to bypass safeguards to prevent brute forcing?
2. Can a company be forced to make hardware (TouchID) electronically "believe" the correct finger has been placed on the sensor allow the secure enclave to decrypt the memory?
3. Can a company be required to CREATE NEW software or methods to facilitate these actions?
If yes, then the NSA or any country would begin forcing companies not to decrypt the contents, but create processes and software to allow the state/country to "pick the lock" at will.
-
Tuesday 23rd February 2016 22:09 GMT tom dial
Re: One of the implications NO ONE want's to talk about
The answer to the first question is that companies probably could be required by law to provide for law enforcement access. In the US, based on the Constitution and over 200 years of additional history, using the legal authority would require a warrant based on probable cause and so on. Other nations would have other constraints (or not).
Second question: Maybe, like the first, but there would be no reason for law enforcement agencies to care about the details of the method.
Third: probably not, but they probably could be prohibited from selling noncompliant equipment and might find it in their interest to do so.
"NSA" here should be replaced by "the government" or something similar. The NSA is not a police agency and operates in a gray area where the applicability of US law depends on citizenship and location. The same would be true of similar agencies of other sovereign nations. A good deal of its activities are quite illegal somewhere, and they rely methods and techniques that go far beyond what Apple has been ordered to do. The FBI is a police agency, and its history includes instances of serious overstepping. However, J. Edgar Hoover has been dead for over 40 years and it might be time to cut them a wee bit of slack and not assume that their institutional goal involves routine and widespread infringement of civil rights. Their objective is to be able to access any iPhone for which they have a valid search warrant. That is an objective that they share with every other law enforcement agency in the country, and very likely the world, as problematic as that may be for some of them.
-
This post has been deleted by its author
-
-
Tuesday 23rd February 2016 13:09 GMT Ed 11
Is there a hardware method which device manufacturers could look to build in to future devices which would render requests such as these entirely redundant, as there would be nothing the vendor could do from a software side to bypass a lost password?
I know this was a 5C which lacks the secure enclave of Apple's Touch ID devices. My reading around seems to suggest the FBI request would be materially different if it had been a more recent device (specifically there would have been a need to flash the software on the secure enclave in addition to the wider iOS), but that such a request would not be beyond the capabilities of Apple.
-
Tuesday 23rd February 2016 15:47 GMT Charles 9
They try to create a true "black box," but against an adversary such as a State with deep pockets and perhaps the ingenuity of something like the CCC, that's going to be a tall order. Some of those crackers have been able to defeat on-chop booby-traps by operating on them in extreme or meticulous conditions.
-
Tuesday 23rd February 2016 20:14 GMT Anonymous Coward
The secure enclave (in phones that have it) enforces the 10 try limit itself, so upgrading iOS would not work. It is an open question whether it is possible for Apple to deliver a firmware update to the secure enclave. They probably can, but maybe it is so simple that its 'OS' is read-only (or now that Apple has incentive to, it will be read-only in future versions)
I suspect that even if they can deliver a firmware update to the secure enclave, that may not be possible with the phone locked like regular firmware updates can (which can be updated from 'DFU mode' which is a sort of pre-boot state) If Apple can deliver new firmware to the secure enclave AND that can be done in DFU mode, it would be a simple fix to deliver a firmware update to the secure enclave that disallows such updates when in DFU mode.
I also outlined a way for Apple to limit firmware updates in DFU to using iTunes installs the phone has been previously connected to (when unlocked) So I think Apple has some ways to block future requests of this type even if they are eventually forced to comply in this case. Quite what the government's response will be when Apple announces "we made it impossible for us to ever do this again" we'll have to see. I imagine they won't be happy, because despite their assurances to the contrary, it is quite obvious this is being done to set a precedent (that's why they refused Apple's request to file this case under seal)
-
-
Tuesday 23rd February 2016 13:52 GMT chris 17
Protection considerations of those Creating the FBI iOS
If Apple are compelled to do this for the FBI, what protection considerations would be provided to those tasked with investigating and coding this?
I imagine:
Tim Cook would be the only overseeing manager,
at least 2 bods researching the mechanisms to make such a process viable,
the same 2 bods to build and test the code & finally apply to the phone?
So that's at least 2 people that would have the knowledge of creating an iOS that can defeat an iPhone 5c.
Its not to hard to imagine that If a foreign power knew there was sensitive data on an iPhone5c or above that had fallen into the hands of another foreign power that they didn't want them to have, they may go to extraordinary lengths to ensure that data remained secure. The flip side of the story is as equally compelling. Suddenly there is a massive money can't buy premium on those individuals with intimate knowledge of undermining iOS security, from all sides criminal and government.
For the sake of my family I'd not want to be the guy that investigates and codes that custom FBI iOS.
-
Tuesday 23rd February 2016 20:34 GMT Anonymous Coward
What's next?
So the message is trust your government. Surrender your privacy. Know that the government will only use it sparingly and for the greater good. Do you really trust the government? OK, what about the next one, or the one after that?
How long before "security concerns" lead to this needing to be done in secret, without scrutiny of the courts?
Slippery, slippery slope.
-
Tuesday 23rd February 2016 22:23 GMT tom dial
Re: What's next?
This seems to be an argument that because government actors might do something when it is illegal, they should be prevented from doing it when it is legally permitted. A somewhat comparable example might be to argue that because police officers could make illegal traffic stops and shake down their victims they should not be allowed to make traffic stops at all. Even as egregious as some of the authorized procedures are, I am not sure that really makes sense.
-
Wednesday 24th February 2016 19:23 GMT Anonymous Coward
Re: What's next?
"I am not sure that really makes sense."
It does when you factor in corruption. And the higher up the chain you get, the more likely you run into the problem. Not to mention we're talking the United States: a country founded on the distrust of government. Finally, we're considering a matter of judicial precedent that can literally open a Pandora's Box or a Genie Bottle, meaning once it's open it can never be contained again.
-
-
-
Wednesday 24th February 2016 10:27 GMT Sanctimonious Prick
Fuck It! Fuck You!
Tim Cook: "At stake is the data security of hundreds of millions of law-abiding people, and setting a dangerous precedent that threatens everyone's civil liberties."
James Comey meanwhile wrote a letter published on Sunday in which he argued the opposite: that the legal argument "is actually quite narrow"
(Can't find a link with this exact text right now) "NYC has 90 iPhones, they want unlocked,"
It has also been reported (elsewhere on this site) that Apple are doing this for publicity.
I don't care if they're doing it for publicity! Because, ultimately, what they are doing is protecting the privacy of millions and millions of people all over the world! Screw you, FBI!
Oh, and as to why Apple haven't spoken up about the other Secret Court orders to hack other iPhones, is due to the gag order, d'oh!
And why the bloody hell should Apple help, even if they're paid? [example, example, example - (there's a search engine out there)]..