back to article FBI says it helped mess up that iPhone – the one it wants Apple to crack

The United State Federal Bureau of Investigation (FBI) has absolved San Bernardino police of responsibility for changing passwords on the iPhone once used by suspected terror suspect, Syed Rizwan Farook. Last December, Farook and his wife Tashfeen Malik killed 14 co-workers, before themselves being killed by Police. It's …

  1. Aniya
    Facepalm

    Sometimes I wonder...

    ...if all our paranoia surrounding all the mass surveillance going on is justified. On one hand, yep, it does suck for sure. But on the other hand, they can't even seem to take two steps forwards with any evidence provided to them (while supposedly being on the job sober) without tripping or otherwise fumbling around.

    1. imanidiot Silver badge

      Re: Sometimes I wonder...

      Their (real or not) incompetence is no reason NOT to be paranoid about the datagathering. In fact, I'd take their incompetence as a reason to worry MORE as the chances of a false hit and an innocent person suffering the consequences become that much higher.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sometimes I wonder...

        Pretty much spot on, I'd rather not have to worry about people accidentally spunking my data out onto the net while they pore through it.

    2. Planty Bronze badge

      Re: Sometimes I wonder...

      Sometimes I wonder if people are idiots, iOS is obviously not unbreakable, FBI can crack this, but would rather apple made it easier for them to do so. (Cloning hardware for exsmple to get unlimited attempts),

      Apple are playing games, and using this to get PR and make people believe iphones are secure.

      Perhaps it's no longer the Jesus phone, its now the jihadi phone.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sometimes I wonder...

        The Apple F-91W...

    3. fajensen Silver badge

      Re: Sometimes I wonder...

      The movie "Brazil" nailed it: Sure, The Authorities are incompetent toss-pots relying on decrepit and crumbling infrastructure - but - they are still capable of hauling your ass in and torture you to death as required by Protocol (and even if they happen to get the wrong guy, and they know about this, it's just easier to go on with the torturing than to do the Non-Conformance Report ....)

  2. Keef

    Speculation?

    "Along the way, it's been suggested that Farook's iPhone has proved hard to crack because authorities in the county of San Bernardino handled the Phone without thought to the ramifications of iOS' lockout features. If true, such bungling would rather dent the argument that vendors need to make life easier for law enforcement authorities."

    That whole paragraph is suggestion and FUD.

    Provide evidence to back up your copy or leave it out, you can do better El Reg.

    1. Keef

      Re: Speculation?

      One thing I love about my fellow commentards is their ability to downvote because they have failed to comprehend my comment.

      1. Keef
        Happy

        Re: Speculation?

        I don't think you understand people.

        I'm right, you're wrong.

        End of argument.

        1. Keef

          Re: Speculation?

          And you don't get the smiley?

          Things are going downhill here.

          1. Keef

            Re: Speculation?

            I wonder if I will get the record for most downvotes in a single post?

            I want a moderator to let me know once you've all given your ill informed votes.

            1. JeffyPoooh
              Pint

              Re: Speculation?

              Keef asked "...most downvotes..."

              Nah, you have to denigrate Linux (which is a really stupid OS, by the way) to get lots of downvotes. In recent months, my best was:

              "...your Master Boot Record was delicious." 7 thumbs up & 24 thumbs down

              Good luck.

              1. James 51

                Re: Speculation?

                Given the hack on the Mint website over the weekend it all depends on what you say about it because you might actually have a point. Unlikely but possible.

            2. A Non e-mouse Silver badge

              @Keef Re: Speculation?

              I wonder if I will get the record for most downvotes in a single post?

              I suspect your down votes pale into insignificance compared to Eden's!

              1. Law

                Re: @Keef Speculation?

                "I suspect your down votes pale into insignificance compared to Eden's!"

                You mean Eadon, or has a worse troll popped up from under the bridge? :(

                I would have guessed Eadon too, but can't prove it as his entire el reg life was deleted by a vengeful (but just) moderator:

                http://forums.theregister.co.uk/user/34672/

                1. Anonymous Coward
                  Anonymous Coward

                  Re: @Keef Speculation?

                  "I suspect your down votes pale into insignificance compared to Eden's!"

                  You mean Eadon, or has a worse troll popped up from under the bridge? :(

                  What I don't get is that you keep bringing him/them up, and so continue to give these people oxygen AFTER they have been removed. FFS, shut up about them and move on.

                  1. Law

                    Re: @Keef Speculation?

                    "What I don't get is that you keep bringing him/them up, and so continue to give these people oxygen AFTER they have been removed. FFS, shut up about them and move on."

                    I didn't bring him up.

                    I think I've mentioned him twice since he was banned years ago - hardly counts as keep bringing him up.

                    Suggesting one of the worst trolls in El reg history when talking about who had the most downvotes is a pretty legit time to bring him up.

                    If trolls upset you that much perhaps the comments section of el reg isn't for you.

                    Maybe you should chill out a bit.

            3. malle-herbert
              Trollface

              Re: Most downvotes...

              Naaahhh.... I think that record belongs to Martin milan with his 200+ downvotes...

              1. Charlie Clark Silver badge

                Re: Most downvotes...

                Naaahhh.... I think that record belongs to Martin milan with his 200+ downvotes...

                That's amazing! At least he didn't start moaning about the down votes (or did he, too lazy to check).

              2. Not That Andrew

                Re: Most downvotes...

                I'm don't think I read that to downvoted it. Pity it's too late to do it now.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Most downvotes...

                  I'm don't think I read that to downvoted it. Pity it's too late to do it now.

                  That sentence doesn't parse 100%, but I assume you said you found it a pity you could no longer add to the downvotes. Well, this not the Guardian - you still can. I just did, just for entertainment's sake :)

      2. Charlie Clark Silver badge
        Thumb Down

        Re: Speculation?

        One thing I love about my fellow commentards is their ability to downvote because they have failed to comprehend my comment.

        Have a downvote for being a self-righteous cock.

        I'd like to give you another downvote for caring about the downvotes and another ten for complaining.

        1. Tom 13
          Happy

          @Charlie Clark

          I'd like to give you 10 upvotes, but El Reg limits me to one.

      3. Anonymous Coward
        Anonymous Coward

        Re: Speculation?

        One thing I love about my fellow commentards is their ability to downvote because they have failed to comprehend my comment.

        The question is if that is really an inability to comprehend or you being incomprehensible. The general content of this site suggests the latter. Whining about it won't change that.

    2. Public Citizen

      Re: Speculation?

      A few facts about the City of San Bernardino and San Bernardino County:

      The City is in bankruptcy.

      They don't employ the sharpest pencils in the box because they can't afford the wage scale available in Los Angeles or Orange Counties [neighboring counties, less than 2 hours commute time] for people with high levels of technical training. In addition, San Bernardino in general isn't known for being attractive to technically forward companies. These companies generally locate on the west side of Los Angeles [near LAX] or in Orange County so there isn't a large pool of potential applicants.

      San Bernardino has had a gang problem for decades, being used as a dumping ground for Los Angeles area gang bangers who have been court ordered to relocate outside of Los Angeles County. This has had a depressing effect on the entire area especially in the areas of amenities that technical workers are looking for in a community.

      How do I know this? I live on the Mojave Desert, within northern San Bernardino County with a very large mountain range between where we live and the City of San Bernardino.

      1. Steve Davies 3 Silver badge

        Re: Speculation?

        Have an upvote for adding something new to the debate. Sorry for you to have to live in that county but as you say, there are some nice geographic features between you and them.

      2. Craigie

        Re: Speculation?

        "Los Angeles area gang bangers"

        *snigger*

  3. Anonymous Coward
    Anonymous Coward

    there might be information on the phone

    That seems like a very open statement to justify all future invasions of privacy. There appears to be no limitations on the particular request as to whether the person is alive or dead and sets a dangerous precedent to force manufacturers to unlock a device or make them vulnerable based on a presumption of guilt rather than innocence.

    Yes I know that the particular individuals are dead and guilty as hell, but law being built on precedence makes this a risk to all. The following paragraph is also worrisome

    The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data.

    How legally did the county own the account? On death doesn't the contents of account become owned by Apple? A few years ago I believe that it was mentioned widely that Bruce Willis had no ownership rights over his iTunes content so could not bequeath it in a will.

    1. Mark 85 Silver badge

      It's a county-owned phone. Farook didn't own it nor pay the account. Thus, the "account reverting Apple" wouldn't apply.

      I'm suspecting that there may be some law action requiring that employees will need to supply their passwords on all company or government owned equipment.

      Where I work, if an employee terminates, they can take the phone with them. If they choose not to, we ask for the login to unlock it and clean it for the next user. If the employee dies, we're up the creek and phone gets tossed.

      1. HereIAmJH

        County owned phone?

        "It's a county-owned phone. Farook didn't own it nor pay the account."

        Wait, so they are asking Apple to unlock a phone that they legally own? County purchased the phone and paid for the service? And Apple refuses? Sounds like Gov't agencies and businesses should be considering removing Apple from their approved vendor list until they provide a master key for their devices that the owners (not the employee users) can use to recover the device and data.

        1. Anonymous Coward
          Anonymous Coward

          Re: County owned phone?

          Wait, so they are asking Apple to unlock a phone that they legally own?

          This is not like asking Mercedes to unlock a car, it's a bit more complicated than that. It's more like buying a super secure safe which has all sorts of countermeasures installed to protect the valuables you bought it for, and you're demanding the manufacturer breaks in because you were stupid enough to change the combination without looking.

          County purchased the phone and paid for the service?

          They paid for a secure device, because the county has an obligation to protect its information too. Now someone else has set the password, all of a sudden all that security is a problem. The bit they seem to forget is if this phone is indeed broken, they can't trust any of the other phones they bought anymore either.

          Worse, with the precedent this sets they will have to buy abroad to get any secure phones, because the precedent would give any agency the leverage to pretty much harrass any tech company to death.

          So, maybe this is an attempt to sponsor Sailfish or Jolla? The problem there is that this would amount to harming US interest to benefit parties abroad, and I think I've once heard the word "treason" mentioned if such happens. Kinda ironic to see the US legal system do that to itself..

          1. HereIAmJH

            Re: County owned phone?

            The county paid for a popular phone. Doubtful anything county related was super secret and requires a high level of encryption. This is being played out as privacy rights, but I doubt the employee actually has any right to privacy on this phone from his employer. Even if he hadn't gone on a shooting spree of his co-workers. I know that my employer has the ability to read my corporate emails, log my corporate IM, logs/proxies all my Internet activity, and can access anything on the encrypted drive of my laptop. Some businesses record phone calls on the company PBX. This is more about property rights. The county owns the equipment, not the employee.

            I personally think Apple sees this as a 'slippery slope' concern. They don't want to be deluged with subpoenas from a bunch of different LEAs with varying technical capabilities. This time they are being asked to turn off a couple security items, next time it could be 'decrypt this for us'. Some have mentioned that Apple is concerned about their 'unbreakable' image and the affect on sales. I doubt that there are many mainstream people out there that are going to be worried that law enforcement can get a subpoena and unlock their phone. There are no protests over CALEA, and it has been in place since 1994.

            Regardless of what eventually happens, I still think gov't/corporations who purchase corporate assets should require that the vendors provide them with a method of accessing those assets regardless of what the employee does. Those assets are owned by taxpayers and shareholders. Suppose an employee changed the locks on a company car. Should the automaker/dealer refuse to register a new key for the owner? (this is similar now that keys have RFIDs and software that control whether the actual key functions)

            1. Mark 85 Silver badge

              @HereIAmJH -- Re: County owned phone?

              Doubtful anything county related was super secret and requires a high level of encryption.

              As I recall, he worked for one of the health type departments which necessitates following HIPPA. And that opens up another can of worms. If the phone were lost, then other people's private heath information would be accessible to anyone who picked the phone up.

              Boils down to "screwed if you do, screwed if you don't".

            2. Anonymous Coward
              Anonymous Coward

              Re: County owned phone?

              Regardless of what eventually happens, I still think gov't/corporations who purchase corporate assets should require that the vendors provide them with a method of accessing those assets regardless of what the employee does.

              It does - that's what MDM is for. However, you can't blame Apple if an idiot in your organisation screws it up, which is what happened here.

            3. Tom 35

              Re: County owned phone?

              It's not like the car example, they can reset the phone and use it again, but that will wipe the data. If a company wants to keep control of company phones they should be using something like Blackberry with their own server. If they buy consumer phones, or do BYOD then they can't expect to have full control.

      2. D@v3

        @ mark85

        Where I work, we use a mobile device management system so that if a user forgets their unlock codes, or returns a device to us when they leave, but fail to tell us the code, we can remotely unlock the device / clear the password.

        Our devices are Android, but the system we use supports iOS, I believe it does this by installing a profile on the iOS device. I did some testing with my personal (iOS) device and it lets you add and remove apps, and change settings, set up email accounts, so I wouldn't expect unlocking to be out of the question......

      3. Tom 13

        @Mark 85

        If it's a company owned phone and you can't recover the phone for a dead person, you're using the wrong software to secure the phone. We use MaS360. One of it's components is that the user can reset his PIN, but I'm sure there are other ones out there. The process requires access to his email account. You go to the website, request the PIN reset, reset the PIN. The next time the phone synchs the PIN updates.

        Yes, the software needs to be installed before hand. Yes, if they use a personal email account instead of a company issued one you're still out of luck.

    2. dan1980

      @Philip Clarke

      ". . . to force manufacturers to unlock a device . . ."

      No, it's worse than that - they wish to force the manufacturer to create a custom set of lock-picking tools for use by the government.

    3. Pascal Monett Silver badge

      Re:"On death doesn't the contents of account become owned by Apple?"

      I should bloody well hope not, but thanks for the heads-up. One more reason for me not to post anything on "the Cloud".

    4. tom dial Silver badge

      Irrespective of the circumstances, the requirement for a search warrant to search a cell phone, reinforced in Riley v. California in 2014, still rules. Granting of a search warrant does not carry with it a legal presumption of guilt; the legal presumption is innocent until determined otherwise by a guilty plea or a trial. The presumption for a search warrant is "reasonable cause," and is considerably more relaxed.

    5. Dave 126 Silver badge

      >On death doesn't the contents of account become owned by Apple? A few years ago I believe that it was mentioned widely that Bruce Willis had no ownership rights over his iTunes content so could not bequeath it in a will.

      In the iTunes case you mentioned, the terms of the music licences meant that they couldn't be transferred to a beneficiary - the music licence in effect ceased (upon the death of the original buyer) and it didn't revert to Apple.

      In any case, user's own data is covered by different EULAs than purchased music. If all data on a phone became the property of Apple, no company would allow iPhones anywhere near them - and we would have heard an almighty stink about it.

      1. JetSetJim Silver badge

        iHard

        Except the Willis vs Apple suit was made up, even if it did make for an interesting discussion about Apple's T&Cs

    6. Doctor Syntax Silver badge

      "There appears to be no limitations on the particular request as to whether the person is alive or dead"

      This isn't an unmixed curse. At least it removes the incentive to ensure the phone user isn't a live suspect.

    7. Anonymous Coward
      Anonymous Coward

      Slippery, slippery slope

      Might be guilty of something.....

      Might contain some evidence.....

      There is only one way to be sure...... TAKE AWAY EVERYBODY'S PRIVACY!

      Back when people kept their private thoughts, hopes, wishes and affairs locked up in their minds and in paper diaries, the Constitution guaranteed that such information could not be snooped on by the authorities unless there was reasonable cause for suspicion and a warrant issued by a judge. There is reasonable grounds for suspicion here alright but now the perps and their victims are dead. What more can we possibly learn? Potentially ripping open everyone's cupboards to establish a case and find every last shred of potential evidence is not the way forward.

      Apple, even if it can do this, will lose any credibility as a company that cares about its customers' privacy. The Feds and elected leaders have already lost this credibility and continue their downward spiral and race to the bottom. People are getting increasingly pissed off, losing trust and feeling bad. That is the real problem, and it won't be fixed until people feel reasonably safe again. Stuff like this definitely doesn't help.

      As is stands, privacy is pretty damn precarious today. People walk around with their entire lives stored on electronic devices, inside emails, and so on. They should be able to protect this data against official prying eyes by any means available, unless they are being arrested. This needs to be re-established as a principle and respected by law enforcement and government reps. The government doesn't need to have eyes everywhere, no one does.

      The principle that our data is still private, secure and personal and deserves constitutional protection is what is at stake here. We can always justify a little less privacy for a little more security. Then one day we can all wake up with no privacy and probably no security either. We make trade-offs to remain free and conduct lives without fearing excessive government interference, over reach and meddling in our private sphere.

      Even without the the legal and technical difficulties raised by the FBI's case, this trade off question alone is sufficient reason to throw the case out and prevent the establishment of another dangerous precedent.

      The FBI thinks it will learn something from this company phone. All they ask in return is irreparable damage to a global company's reputation and weaker security for everyone's private data.

      This is bat shit insane and has to stop. I know it is an election year, but this is not a trivial problem here.

      The sooner the control freaks understand this, the sooner we might get some sanity into the debate. Right now, we are descending ever faster into cloud cuckoo land and it is only getting worse.

      1. Tom 13

        Re: Slippery, slippery slope

        No slippery slope here.

        They WERE guilty of something, and died while committing the crime. Their phone is thus evidence and Apple DOES have a civic duty to make all reasonable efforts to provide the data. Given the limits on the modification the government has requested, the effort is certainly reasonable.

        1. Anonymous Coward
          Anonymous Coward

          Re: Slippery, slippery slope

          No slippery slope here.

          They WERE guilty of something, and died while committing the crime. Their phone is thus evidence and Apple DOES have a civic duty to make all reasonable efforts to provide the data. Given the limits on the modification the government has requested, the effort is certainly reasonable.

          You're deliberately avoiding the consequences this has in US law because that would seriously undermine your own argument.

          Due to the way US law uses precedent as a method not having to go through the same arguments every time, this order being successful would AUTOMATICALLY result in this becoming precedent, or - expressed in language you can maybe comprehend - an easier route to getting permission for this again and again. Thus, the "this is a one-off" claims are quite simply false and as far as I can tell (based on the expected legal expertise of the people making that statement) potentially wilfully misleading.

          By its implications, the request is not quite as "reasonable" as both the court and the FBI wants us to believe, but you knew that or you would not have carefully omitted it from your multiple posts.

    8. anonymous boring coward Silver badge

      "That seems like a very open statement to justify all future invasions of privacy. "

      Well, frankly, if you go out and murder a bunch of people, I think your rights to privacy have just been cancelled. OK?

  4. Deltics

    This is despicable.

    The most depressing and worrying aspect of the widespread support for Apple in this case is that it reflects very clearly the complete collapse of trust in the government and law enforcement agencies that has occurred in recent years.

    If the people cannot trust their government to do the job for which it exists - to protect them and to promote their common welfare - all else is lost.

    - B. Obama

    Non-cooperation with evil is as much a duty as cooperation with good.

    - M. Ghandi

    (ask yourself where the "evil" lies in this case)

    Then again, by way of balance, we perhaps should also consider:

    Love your country, but never trust its government.

    - R.A. Heinlein.

    1. Anonymous Coward
      Anonymous Coward

      Re: This is despicable.

      Why is a lack of trust in the government and law enforcement depressing? They have only themselves to blame - in particular the course of action that they decided to pursue after 9/11 where they said "screw the Constitution, we want access to everything without warrants or review".

      Fortunately Snowden opened our eyes to what was going on, so we (and companies responding to what consumers want) can take steps to block them from doing this. The change Apple made in iOS 8 to hold the key to unlock an iPhone only on the phone was made in response to that. Previously Apple held a copy of the key, to help their customers who forgot their password or needed to unlock the phone of a decreased relative or whatever, but the way the government was acting thinking "all data are belong to us" meant this was no longer tenable.

      1. tom dial Silver badge

        Re: This is despicable.

        More than a bit over the top here, as in this case the government has both a constitutionally allowed search warrant and the phone owner's permission to search the phone. There might be a case somewhere, but it is not here.

        1. Doctor Syntax Silver badge

          Re: This is despicable.

          "There might be a case somewhere, but it is not here."

          The case is setting a precedent to order a manufacturer to breach the security it has built into its own product.

          We have a peculiar situation in that a commercial company is more trusted than its government. This is a very unusual and alarming situation. The government needs to rebuild trust. In the longer term backing off here in order to contribute to that might be a wiser choice than the one it's taking.

          1. Sporkinum

            Re: This is despicable.

            " Reply Icon

            Re: This is despicable.

            "There might be a case somewhere, but it is not here."

            The case is setting a precedent to order a manufacturer to breach the security it has built into its own product.

            We have a peculiar situation in that a commercial company is more trusted than its government. This is a very unusual and alarming situation. The government needs to rebuild trust. In the longer term backing off here in order to contribute to that might be a wiser choice than the one it's taking."

            The government can win the battle, but lose the war. Trump and Sanders are both doing well as anti-establishment candidates. Sanders not as well, as the Democrat machine is working hard to keep him out. The Republican side is so fractured they can't mount a coordinated defense against Trump.

          2. Someone Else Silver badge

            @Doctor Syntax -- Re: This is despicable.

            The government needs to rebuild trust. In the longer term backing off here in order to contribute to that might be a wiser choice than the one it's taking.

            Mentioning "government" and "wise" in the same sentence (well...OK they are in adjacent sentences, but together form a unified thought) is dangerously close to an oxymoron.

          3. Anonymous Coward
            Anonymous Coward

            Re: This is despicable.

            I'm surprised someone would think this is unusual.

            The state aparatus, and the government of the same, is in many ways a parasitic organism that will fight tooth and nail (mostly by swiping things under the rug) to defend it's established control and right to extract taxes.

            They don't really face the risk of consumers abandoning them if they aren't up to snuff ethically, unlike commerical companies. Occasionally some public officer may be hung out to dry, but you can't abandon paying your taxes.

        2. John H Woods Silver badge

          Re: This is despicable.

          "the government has both a constitutionally allowed search warrant and the phone owner's permission to search the phone." --- tom dial

          Surely, even if we disagree about who is in the right we can agree that this is more complex than a search warrant issue. Apple are not preventing the government from searching the phone. The phone and its contents are in the possession of the FBI; it's just likely that it will be rather (if not prohibitively) expensive to make sense of those contents without Apple's assistance. That assistance, whether you think it should be forthcoming or not, is not, as far as I can tell, covered by any outstanding "search warrant"

          Presumably, if a search warrant was issued against Apple (maybe on the basis they were a co-conspirator) they would have to hand over their firmware signing key. Then this would be a search warrant issue. As it stands, the direction of the court is 'make this thing then hand it over to (or use it under the supervision of) the FBI." The court has used the All Writs Act because such a direction is not a "search warrant".

          1. tom dial Silver badge

            Re: This is despicable.

            Exactly so. It is not about search, or about surveillance, or privacy, or encryption. It is about authority, in the sense of the power to issue commands and expect obedience. The All Writs Act is a catch all meant to cover cases similar to this one where the government needs help that the laws do not otherwise provide for to do something a court authorized it to do.

            Have an upvote for seeing the difference.

          2. KeithR

            Re: This is despicable.

            "Presumably, if a search warrant was issued against Apple (maybe on the basis they were a co-conspirator)"

            Hmmm...

            I don't know US law (that's me and the FBI both, apparently) but doesn't a search warrant get served against whoever owns/is responsible for the "evidence" in scope of the warrant?

            In other words - as Apple self-evidently does not have the "evidence", how can the US Courts serve a search warrant against them? What will they be searching for? It can't be the firmware signing key, because - in and of itself - it's not "evidence".

            1. Tom 13

              Re: how can the US Courts serve a search warrant against them?

              The search warrant is issued against the phone. In this case Apple has implemented a protections that prevents the search warrant from being executed. Therefore the courts have correctly issued an order to remove that protection from that single phone.

          3. Tom 13

            Re: we can agree that this is more complex than a search warrant issue.

            No we can't. Because it is that simple.

            The government has issued a valid warrant. You and the rest of the progtards on this site don't like the fact that the government can issue a valid warrant and are seeking to invalidate that power. The government HAS provided a limited, feasible, and easily implemented method of allowing them access to the records on the phone that DOES NOT compromise the phone you own.

            1. Someone Else Silver badge
              WTF?

              @Tom13 -- Re: we can agree that this is more complex than a search warrant issue.

              Actually, no it is not that simple, no matter how much you want to Fox-Noise it down. The Feds have the phone...they can search it all they want. Oh, wait,...searching it is hard. So they called a Waaah-mbulance and are trying to force a private corporation to do their search for them...because its easier.

              It is not a search warrant issue at all, it is the bad ol' Big-Gub'mint conscripting a few choice citizens and compelling their labor against their will. (Oh, and do remember that "Corporations are people, my friends!", so a corporation's will carries at least as much weight as that of a regular flesh-and-blood citizen.)

        3. Tom 13

          @tom dial

          Never let the facts get in the way of a good 2 minute rant. It could cost you your life one of these days. Fortunately here on El Reg, it only costs you downvotes.

      2. Anonymous Coward
        Anonymous Coward

        Re: This is despicable.

        Why is a lack of trust in the government and law enforcement depressing?

        Who will protect you if they don't? Remember, they have the guns (what you have been allowed to keep is no match for what they have been able to gather on your tax dime), the SWAT teams and the prisons which were originally there to keep the bad people away from you. Now it's more like a protection racket - give us your rights/votes or we won't protect you.

      3. Tom 13

        Re: They have only themselves to blame

        Nope. You have only yourself to blame. You are the government whether you like that statement or not.

        1. Someone Else Silver badge
          Unhappy

          @ Tom 13 -- Re: They have only themselves to blame

          Nope. You have only yourself to blame. You are the government whether you like that statement or not.

          That may have been true in the last millennium. However, in the post-Citizens United world, since I do not have the funds to match the Koch bothers' largesse, I don't quite have the wherewithal to buy state legislatures and governorships wholesale like they do. So I'm not quite the government anymore.

    2. Ole Juul

      Re: This is despicable.

      If the people cannot trust their government to do the job for which it exists - to protect them and to promote their common welfare - all else is lost. - B. Obama

      And that being the case, all is lost.

      1. Anonymous Coward
        Anonymous Coward

        Re: This is despicable.

        The strange thing is that they seem to interpret it as meaning "trust your government even if you have to ignore everything you know" rather than "hey, gubmit, be trustworthy."

    3. Doctor Syntax Silver badge

      Re: This is despicable.

      'ask yourself where the "evil" lies in this case'

      Two wrongs not making a right is a valid option in this case.

    4. Maty

      Re: This is despicable.

      Another quote for the list -

      'Government is not the solution to our problem; government is the problem' - Ronald Reagan.

      He also said

      "The nine most terrifying words in the English language are: I'm from the Government, and I'm here to help. "

      1. KeithR

        Re: This is despicable.

        All entirely true, in Reagan's case...

  5. dan1980

    . . . leading the FBI to secure a court order compelling Apple to build a special cut of its iOS software to allow unlimited attempts at guessing its password. iOS currently wipes a device after ten unsuccessful login attempts.

    I must be remembered that what is being asked - what the FBI wish to compel Apple to do - is not to hand over information, nor to provide technical assistance but instead to actually CREATE something that does not exist currently.

    In other words, they are trying to 'compel' Apple to work for them to produce a product.

    Now, I freely confess that I simply don't fully understand the laws in play here but if the FBI really are able to do what they are trying to do then that is the same as if they were to 'compel' a pharmaceutical company to produce a biological weapon.

    Extreme? Yes, and I am not suggesting these are actually the same RESULT, but the power they are attempting to use would, if successful, be shown to be sufficient to force a company to manufacturer custom goods for the government that they explicitly do NOT want to create.

    And, remembering that however large these companies are, they are comprised of people so what you are, in effect doing, is forcing individual people to do something that may very well be morally reprehensible to them.

    And what will the government (DOJ, FBI, etc . . .) do if Tim Cook and his board continue to refuse? Do they get thrown in jail?

    The 'justification' for this heavy-handedness appears to be that the government 'needs' the power to co-opt the services of their citizens in helping to fight the 'war on terror'.

    There's a word for that: conscription.

    1. Public Citizen

      Not only are they demanding that Apple produce a custom product to defeat the companies security system, they want Apple to do it ~For Free~.

      This goes beyond conscription into the realm of outright ~Slavery~.

      All of the US alphabet-soup agencies have international agreements to "share" protocols of the sort they are demanding Apple create with their fellow agencies both within the US and Foreign Governments.

      FBI probably doesn't have the technical talent as they have been unable to fill about 1/3 of the positions within the agency for people who are capable of even attempting this sort of project. So they want to bully Apple into doing it for them, then use the legal precedent as a wedge to force private companies to perform similar "services" ~For Free~ in the future.

      It has been reported today that the City of San Bernardino had purchased a corporate access system to override the security features for I-phones from Apple but neglected to install it on the phone in question.

      Point to ponder for today:

      How does a corporate or government users negligence in failing to install security override software purchased for that specific purpose create any legal obligation for Apple or any other private company to try to save the corp./gov. screwups from their own mistakes?

      1. tom dial Silver badge

        The FBI probably, and to a near certaint another government agency that we all could name, has the requisite expertise to develop what the government demands of Apple. It is likely that they could not do that as easily, cheaply, and safely as Apple, but more importantly they cannot (or so the FBI agent said in the application for the order) sign the code using Apple's secret key so that the modified memory image demanded would load and execute.

        The government does this based on a 227 year old law intended to give the federal courts effective power to ensure that lawful court orders are carried out when other laws do not do so adequately. It has been used with some frequency, but not often because most orders are issued in conjunction with existing legal requirements. Amendments to the law, and court decisions about it, have somewhat restricted its scope and limited what a court can order to a "reasonable burden ," however that may be defined in a particular case. There is indication, in the order's requirement that Apple provide cost information, that Apple is not expected to do the work without compensation (similar to payments made for PRISM and other similar activities). It is somewhat interesting, but probably irrelevant, that the FBI or the San Bernardino County agency that owns the phone made errors. Their position, and the court's, is that irrespective of the reason, they require the help now.

      2. MrDamage

        they want Apple to do it ~For Free~.

        Dont let facts get in the way of a rant, now, will you?

        They aren't being told they have to do it for free, as it clearly states in the court order, which El Reg linked to, they are to be compensated for their efforts.

        In this case, it's the government relying on FUD. The best chance we have to beat them on this, is to focus on facts, and not degenerate to their level and start using FUD or downright lies ourselves.

        1. Anonymous Coward
          Anonymous Coward

          Re: they want Apple to do it ~For Free~.

          "they are to be compensated for their efforts."

          Will that include lost sales? The refunds to companies that bought iPhones because of marketing people telling them no-one can gain access, not even Apple, etc etc?

          1. Dave 126 Silver badge

            Re: they want Apple to do it ~For Free~.

            @dan1980

            Whilst I largely agree morally with your point, I suspect that legally it wouldn't hold water.

            For the sake of your argument, you used the example of biological weapons - but that example stretches the argument a bit (on the grounds that biological weapons are banned by treaties). Perhaps a different example (an antidote to a poison, perhaps) would better help us to explore your point?

            I can't think of a direct precedent - the closest I can think of is governments banning the sale of products (cars) that don't include another product (seat belts).

            1. dan1980

              Re: they want Apple to do it ~For Free~.

              @Dave 126

              Indeed and that is a key difference but, as you infer, the point is largely the same.

              I actually came up with a much better comparison, which would be the government compelling an anti-virus company to make them a virus that specifically targets users of their software.

          2. John H Woods Silver badge

            Re: they want Apple to do it ~For Free~.

            "The refunds to companies that bought iPhones because of marketing people telling them no-one can gain access, not even Apple, etc etc?"

            Why not? If I were Tim Cook I would comply on the basis that the cost incurred would be the development of the exploit firmware + the cost of destroying unsold 5c stock + the cost of offering all existing 5c customers a free swap upgrade to a phone model that would not be compromised by the new firmware.

            1. Public Citizen

              Re: they want Apple to do it ~For Free~.

              How about the cost of lost customers from those who switch from any model I-phone to a different brand because of the publicity surrounding a government demanded full-press crack of I-phone security?

              Even if the crack won't work on newer model phones there are a lot of people out there who don't understand that and look upon "Apple security" as monolithic and not as a class of security schemes.

              The damage to the corporate brand is immense and going forward represents a significant chunk of the US Budget to offset the worldwide damage the proposed crack would create.

              Apple being compensated for direct costs is a lawyer trick, nothing more, when compared to the total loss involved and comparing the two loss columns still amounts to Apple being required to do the work ~for free~.

              Before this is all settled there will be a massive stockholder suit, based on loss of value, if Tim Cook blinks and complies with the order.

        2. Public Citizen

          Re: they want Apple to do it ~For Free~.

          Is Apple going to be compensated for their costs going forward in terms of loss of stock value caused by the damage compliance will cause to the corporate brand? I don't think so.

          When compared to the brand damage being compensated for the "costs" of doing the actual work are trivial and in fact are a "lawyers trick" to avoid having to admit the worldwide damage this course of action will inevitably create.

          Is Apple going to be compensated for the delays caused by removing top technical people from the projects they are working and the inevitable interruption in planned work flow? Don't think so.

          Is Apple going to be compensated for the marketing costs of having to mount an educational campaign worldwide to explain how this doesn't screw up the security on subsequent model I-phones? Don't think so.

          Is Apple going to suffer substantial uncompensated losses [loses that will go forward for a number of years] as a result of compliance with this court order? You can bank on it.

          That my friend is why they are being required to do the work ~for free~. The amount the government is willing to pay for the work compared to the damage caused is insignificant and therefore virtually free in the overall scheme of things.

      3. Charlie Clark Silver badge

        This goes beyond conscription into the realm of outright ~Slavery~.

        No, compelling someone to do something does not count as slavery.

        There are plenty of reasons why Apple should refuse to comply with the court order but preventing slavery isn't one.

        There is a case to be had as to whether Apple is obstructing the course of justice or even acting as accessory – I personally don't think it is – and the courts will have to decide. There is also the idea that the FBI doesn't really care about this phone – it already has access to the backups and the metadata –but wants a precedent decision so that hardware encryption, for which no backdoor cannot be created post-hoc, can be declared illegal.

        Let's hope the US Supreme Court is complete by the time this case eventually makes it there.

    2. tom dial Silver badge

      Under the laws in play here, a court can order (under the All Writs Act) actions in support of its other lawful orders. If a court could issue a lawful order that required a biological weapon to carry out, it might be able to order a company to produce the necessary biological weapon. It is pretty doubtful that a court could issue a lawful order that required a biological weapon.

      In this case the court issued an order for assistance in carrying out a search warrant that nobody claims is not lawful. Whether it requires Apple to create something new might be something reasonable people could disagree about. As the order reads, it seems plausible that it would require a moderate number of relatively minor changes to the code modules that limit the number and speed of pass code attempts and restrict input of such codes to the touch screen. In one day many years ago I wrote (by copying and modifying previous code) five or six different subprograms to validate and post transactions in a payroll system; I did not then, and do not now, think of that as "creating" the programs so much as coding the details of a decently thought out general plan.

      Should the appeals go against Apple, my guess is that they will create or modify the code as required; and if they continue to refuse they probably would be assessed a fine.

      1. Anonymous Coward
        Anonymous Coward

        "Under the laws in play here, a court can order (under the All Writs Act) actions in support of its other lawful orders. If a court could issue a lawful order that required a biological weapon to carry out, it might be able to order a company to produce the necessary biological weapon. It is pretty doubtful that a court could issue a lawful order that required a biological weapon."

        Sounds like you need to repeal the All Writs Act, as it's almost as much of an ass as the law can be .....

        1. tom dial Silver badge

          Repealing the All Writs Act would be a possibility. It could result in courts sometimes being unable to enforce orders they reasonably and lawfully issue, such as the search warrant for San Diego County's iPhone; that might not be a good thing.

          An alternative would be to remove search warrants from the scope of the All Writs Act by enacting a law explicitly authorizing the government to require individuals and companies to provide reasonable technical assistance, to the extent they can, in executing search warrants and other lawful court orders.

          1. Doctor Syntax Silver badge

            "reasonable technical assistance"

            Is destroying your product's reputation included in "reasonable"?

            1. Anonymous Coward
              Anonymous Coward

              A contempt of court fine will be cheap for Apple

              I did a quick google (and I'm no lawyer yadda yadda) but it looks like the maximum a federal court can fine a corporation for contempt of court is $100,000 (United States v. Twentieth Century Fox Film Corp., 882 F.2d 656 (2d Cir. 1989))

              Even if the court can fine Apple that every day, that's only $36.5 million a year. Apple makes at least that much per day in the US alone. The court can't hold corporate officers or directors legally responsible for the civil conduct of the corporation, at least not without overturning the whole basis upon which corporations are established.

              With a fine that's cheap as chips for Apple, they will need a new law with far heavier financial penalties (either fines, or bans on purchase of Apple products by the US government and any organization that accepts federal funding) if they wanted to put Apple into a situation where they are forced to reconsider. Though even then Apple could simply threaten to move their HQ to another country where they would be immune from such orders. Depending on how far each side is willing to take this, it could have major repercussions.

      2. Doctor Syntax Silver badge

        "In this case the court issued an order for assistance in carrying out a search warrant that nobody claims is not lawful. Whether it requires Apple to create something new might be something reasonable people could disagree about."

        The place in which to settle those reasonable disagreements isn't going to be the court of first instance.

        There's also the little matter of compensation. Not the compensation for doing the work but the much larger compensation for loss of reputation amongst potential customers.

        1. Anonymous Coward
          Anonymous Coward

          Slow down a bit, guys..

          The order repeatedly uses the word "reasonable" although I have a feeling that the definition of that depends on who you ask, and Apple was given leave to apply for relief within 5 business days if it thought this order to be unreasonably burdensome.

          That deadline is tomorrow, so let's see where this goes. I think from the perspective of practically anyone with a working brain and knowledge of how US law works, the term "unreasonably burdensome" is a pretty accurate description of the consequences.

          Final note: the presiding judge seems to be rather weak on tech background. She may have been thoroughly snowed by the FBI.

    3. Michael Thibault

      Here's a bit of a puzzler: what happens if Apple is forced to the ultimate wall on this court-ordered coercion, and all the requisite, technically-capable (and very trusted, obviously) individuals in its employ individually (and, for shits-n-giggles, severally) refuse the order of Apple's top brass to execute? Will the result be firing, then a firing squad?

  6. Anonymous Coward
    Anonymous Coward

    Last chance for privacy?

    If the FBI get their way, is that IT for general privacy as a concept?

    1. Emperor Zarg
      Big Brother

      Re: Last chance for privacy?

      What is this thing you call privacy???? Is this your first visit to El Reg?

    2. KeithR

      Re: Last chance for privacy?

      "If the FBI get their way, is that IT for general privacy as a concept?"

      Glad I don't live in - ahem! - The Land Of The Free...

      1. Anonymous Coward
        Anonymous Coward

        Re: Last chance for privacy?

        If US corporations are forced to compromise the security of their products under direction of US courts, you don't think that affects you if you live outside the borders of the US? If anything, it is worse for you, at least if you use products subject to US laws (like say those with operating systems written by say Google or Microsoft if you aren't an Apple guy)

  7. noj

    longer passcodes?

    Recently read this article on The Intercept, basically about using longer passcodes to keep an iPhone secure:

    https://theintercept.com/2016/02/18/passcodes-that-can-defeat-fbi-ios-backdoor/

    Makes sense to me - but I'm not a super tech. Comments from more knowledgeable folks on this thread are most welcome!

    1. Pascal Monett Silver badge

      Re: longer passcodes?

      Obligatory xkcd reference.

      Clear and easy to understand.

      1. Terry 6 Silver badge
        Joke

        Re: longer passcodes?

        Love that XKCD strip. If I was to try to hack a Geek's device that's the pw 'd try first.

      2. noj

        Re: longer passcodes?

        @Pascal Monett: Thanks for the link! Funny, makes the point.

  8. Anonymous Coward
    Anonymous Coward

    Cook is just grandstanding

    Apple has been running ALL OSX and IOS traffic (including Phone backups and email traffic) through their services for ages, scouring every bit of their users information to see what they can monetize. This is well documented, even in their own EULA's.

    Now all of a sudden he acts as if he cares about the privacy of their customers, which I am sure he does not give a rat's behind about. What DOES worry him, however, is het PR fallout when it turns out they have very little trouble supplying the FBI wants.

    As for the court orderr itself, maybe y'all should read it for yourself, instead of the interpretation given by interweb journos.

    You can find it here

    https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

    The boundaries are very clearly set.

    1. Steve Davies 3 Silver badge

      Re: Cook is just grandstanding

      Quote

      Apple has been running ALL OSX and IOS traffic (including Phone backups and email traffic) through their services for ages, scouring every bit of their users information to see what they can monetize. This is well documented, even in their own EULA's.

      citation please.

      Are you saying that if I go visit a web site (say www.theregister.co.uk) all the interation I have with that site gote through an apple server? [1]

      Are you saying that if I use my own email server in the mail app ALL the traffic to that server goes through an Apple Server? [1]

      given that apple don't sell any of your details to Ad agencies and that are basically shutting down iAd I find your statement rather confusing.

      [1]I don't own a smartphone but have a company iPhone and use it for email access. I think an awful lot of businesses would like to know if all the emails that their employees read/write using an iDevice is also reaad by Apple. I would imagine that an awful lot of lawsuits would be flying in Apple's directino if it were true.

      Please tell us why you believe that everying done on an iPhone goes through apple Servers.

      It would make a fantastic Article here.

      1. Anonymous Coward
        Anonymous Coward

        Re: Cook is just grandstanding

        OK, I'll bite. But only to get things going.

        When you backup your phone to iCloud, the backup is encrypted. However, it is not encrypted with YOUR passcode, but with THEIRS.

        Oh, ok, just for the hell of it. On iMessage, look up Cyril Cattiaux' opinion of their securety. A taste, maybe ?

        /quote

        When someone sends an iMessage, the iOS device pulls the recipient’s public key from Apple’s non-public key server to create the ciphertext, or encrypted message. The iMessage is decrypted by the recipient using their private key.

        The problem is “Apple has full control over this public key directory,” Cattiaux said.

        /unquote

        I'm sure you can unearth lots more information if you put your mind to it.

        1. cbars Silver badge

          Re: Cook is just grandstanding

          public key

          That is what they are for. That is not a security hole. Don't just quote random shit from random places, look it up. Public Key cryptography is well understood and extremely secure. I believe the problem was Apple keeping a copy of the private key, which as someone else has pointed out, is no longer the case.

    2. Dave 126 Silver badge

      Re: Cook is just grandstanding

      >Apple has been running ALL OSX and IOS traffic (including Phone backups and email traffic) through their services for ages, scouring every bit of their users information to see what they can monetize.

      That is Google's business model. Apple make plenty of money through high-margin hardware sales, and through taking a cut of music, video and app sales. If Apple really were making tons if cash from user data, then they would seek to bring more users into their fold (by selling cheap iPhones).

      >Now all of a sudden he [Cook] acts as if he cares about the privacy of their customers, which I am sure he does not give a rat's behind about.

      It helps differentiate his company's wares from Google's. Since Apple make plenty of money from people buying from/through them, they have a fairly good motive to keep that distinction.

      Cook's talk about privacy may be all in his financial self-interest (his reasons don't really matter), but he has been talking about privacy for some time now. Do keep up.

    3. noj

      Re: Cook is just grandstanding

      @Peter R. 1: Some of your comments have merit but you've left out some important points. Apple products, the iPhone in particular, have generally become more secure and more private with each generation. This trend has accelerated since Cook became CEO. Also, Cook publicly stated that privacy was a goal quite a while back, not "...all of a sudden..." as you assert. Here are some links that support my comments:

      http://www.theguardian.com/technology/2015/feb/13/apple-ceo-tim-cook-challenges-obama-privacy

      http://www.theguardian.com/technology/2015/jun/03/apple-tim-cook-google-facebook-privacy

      http://www.theguardian.com/technology/2015/feb/13/apple-ceo-tim-cook-challenges-obama-privacy

      https://www.eff.org/who-has-your-back-government-data-requests-2015

      https://www.eff.org/secure-messaging-scorecard

    4. Fitz_

      Re: Cook is just grandstanding

      "Apple has been running ALL OSX and IOS traffic (including Phone backups and email traffic) through their services for ages, scouring every bit of their users information to see what they can monetize. This is well documented, even in their own EULA's."

      Well in that case you will have no problem posting links to said documentation and EULAs will you?

      1. Anonymous Coward
        Anonymous Coward

        iCloud versus iMessage

        iCloud backups are encrypted differently depending on the data they protect. Files protection by the protection class "no protection" (which a lot of stuff on the iPhone is, for reasons too long to go into) are encrypted on iCloud backups using a key Apple stores. Everything else (from the trivial like Facebook passwords, to the less trivial like all the information stored in your Health app) are encrypted by keys that Apple has no access to, and thus they cannot read by Apple.

        If you don't want Apple to have access to anything on your phone, don't use iCloud. Backup to iTunes, using an encrypted backup. Only you have access to it, and it can only be decrypted with your password - i.e. if you forget the password the backup is worthless.

        Messages are in the "no protection" class so if you sync your iPhone to iCloud then Apple has the ability to decrypt your past iMessage and SMS traffic that is stored in iCloud. However if you aren't backing up to iCloud then no one has access to your iMessages - they are encrypted end to end and Apple doesn't hold the key. If the recipient of your iMessage backs up to iCloud then those would be theoretically readable, but they'd have to know to look in that person's iCloud store and I'm not sure how they'd know you'd be in communication with that person unless they basically did a search of hundreds of millions of iCloud stores looking for those that included conversations with you! SMS messages are never secure because it is well established the telcos in the US cooperate with the government so you should probably assume the NSA logs all SMS traffic within the US.

      2. Anonymous Coward
        Anonymous Coward

        Re: Cook is just grandstanding

        /Quote/ Well in that case you will have no problem posting links to said documentation and EULAs will you? /end quote/

        Yes, if course...

        Just one example, from iTunes,

        Apple may only use this information and combine it with aggregated information from the iTunes libraries of other users who also opt in to this feature, your iTunes Store purchase history data, aggregated purchase history data from other iTunes Store users...(cut)

        ... Provide recommendations regarding products and services to other users.

        1. Anonymous Coward
          Anonymous Coward

          Re: Cook is just grandstanding

          And another one, just for the helluvit

          b. Consent to Use of Data: You agree that Licensor may collect and use technical data and related information—including but not limited to technical information about your device, system and application software, and peripherals—that is gathered periodically to facilitate the provision of software updates, product support, and other services to you (if any) related to the Licensed Application. Licensor may use this information, as long as it is in a form that does not personally identify you, to improve its products or to provide services or technologies to you.

          As long as it is in a form that does not personally identify me...yeah right...

          1. Anonymous Coward
            Anonymous Coward

            Re: Cook is just grandstanding

            And another one, just for the helluvit

            b. Consent to Use of Data: You agree that Licensor may collect and use technical data and related information

            In both your examples you are talking about META data - the sort of information every service provider gets from their system. Your access to El Reg's website, for instance, will generate entries in the access.log and error.log (if things go south) of their webserver - there is no way ANY sales operation can work without it, but it does not represent access to your personal information such as email and pictures. Even the iCloud backups Apple provided were only possible because they did a password reset, something you would have noticed if it was your data and you were not already 6 feet under like the subject of this matter.

            There is a simple commercial reason why Apple has chosen not to give itself access to customer content: consequential liability. The moment you have access to customer data, you end up in the quagmire of responsibility that Google is desperate to avoid but has more and more trouble actually managing: censorship and protection of the customer from Bad Things People Say. See Right To Forget and other cases Google already had to face.

            Google HAS to, because its business IS your data and reading over your shoulder in Gmail to profile you and millions of others - that's its sole source of revenue because its advertising sales depend on this USP to make it more attractive (and I'm personally certain they do a LOT more with your personal data for agencies, but that is extrapolation, not fact). That's also why Google and privacy are always at opposite ends, Google would not be able to sell if it really respected privacy.

            Apple doesn't need to, because it is at its core a high margin hardware company - that's where it makes most of its money. It amplifies that by services, but Apple does not WANT access to your content, and the most beneficial path to making that certain is to ride the privacy bandwagon which also offers an extra sales argument (I'm avoiding personal opinion of the CEO here - let's stick with the simple facts). It avoids a lot of headaches that way.

            It's simple, cold business logic that makes Apple focus on privacy. The problem for the FBI is that it has become GOOD at it, in contrast to companies like Microsoft it appears to have used the talent it has inhouse productively. From a security perspective it has become Volvo, with only the occasional recall for hardware issues.

            1. SImon Hobson Silver badge

              Re: Cook is just grandstanding

              Missed the real biggie - the way they've rigged Safari to send a lot of information to Apple (and Google ?) by default. What's more, you can't turn this off without also turning search hints.

              So what does this actually mean in practice ?

              Well in the older versions, Safari had a search box - and I don't think many people would be surprise (or worried) that what you type into the search box is sent to a search engine. The address box was a separate entity, and whatever you types there was NOT sent to Apple or any search engine.

              In current versions, they've combined the search and address boxes - to make something that's a flipping sight harder to use (I get really really annoyed at the times I have to specifically go to a search engine page to search for things that Safari wrongly thinks look like a URL, and conversely, get even more annoyed when things that actually are a URL are treated as a search term).

              So you start typing a URL - with every keystroke, the entire URL is send out to ${somewhere}. That includes if you edit an existing URL - which of course could be a crappy internal system that encodes a lot of stuff into request parameters ...

              So to stop that leakage of information, you have to turn off search hints (and IIRC a couple of other things) - but of course you also need to know that you need to do this. But that then means your searches are "less convenient" all because a few people can't cope with the concept of "if you want to search, tell it to search" !

  9. LDS Silver badge

    Huawei?

    LOL! I can see the whole mobile division sent to a labor camp until they unlock any phone the Chinese government would like to put its nose into....

  10. Scott 53

    Killed by Police?

    I suppose they kept playing "De Do Do Do De Da Da Da" until he just couldn't take it any more.

    1. Anonymous Coward
      Anonymous Coward

      Re: Killed by Police?

      "Roooooooooxaaaaaaaaaaaaan"

      :)

  11. Anonymous Coward
    Anonymous Coward

    Just had a thought, rather than making dumb backdoors or forcing Apple to compromise security, why not make a patch that will allow customers to change their devices' pins from their iCloud account? Am I missing something obvious besides that the device in question would need to have the usual patching routine bypassed?

  12. Common guys...

    Right v. Wrong

    First, 14 people are dead. The shooters are dead. This is not a criminal trial regarding the presumption of innocence. This is a case about justice and duty of the citizens. The government (various branches), and citizens have a duty to seek justice.

    The information sought does not belong to any of these people. It belongs to a county law enforcement agency. (the actual original data). The ICloud information belongs to apple. (Or does it?)

    The FBI disclosed they led to the data now locked and erased by their attempts to obtain the information. The question is, are apple's claims of "creation" of data true? It is arguing that its supposed ICloud is their property and unreliable? That it cannot be an accurate portrayal, to be used as evidence for whatever reason? If so, then they should just say that. In my opinion, Apple is admitting its ICloud is unreliable in purported defense of a claim of "privacy" of citizens of this country to further its own interests.

    This is a case of terror upon this Country's citizens -- the same privacy interests. Which interest is greater? They dispute that a Court may order this; and, if it can this will "force any technology company to create malware that could undermine the security of their products." The thing is, several hackers and companies have stepped forward to say they can crack the phone, obtain the data and Icloud information, and will do so; they just fear some sort of retribution (from apple). (Mcaf)

    Apple should voluntarily provide the information as best it can, and let it be used by authorities determine its reliability. If those authorities take the information and obtain just results, through law means, why is this an issue? Apple is clearly trying to create public discussion to further its popularity. Law enforcement has already followed proper avenues. It is apple, who is hiding something. I suggest they have already committed crimes by not proving the Icloud data is unreliable. (But, they persistently state that it is, in every other scenario).

    Apple intends on turning this information over. It is the government who is trying to act lawfully. Apple is using delay tactics for financial purposes under the guise of unlawful "creation arguments". Apple has already created this supposed malware. Hackers and Companies have pointed this out. The all writs act -- that is law. And, if you read the statute, it applies. It's interpretation is compatible with both views of legal interpretation -- originalism and evolution of application of older laws.

    Apple needs to man up, do the right thing, and now. The Government could already have obtained this data lawfully -- but apple will not comply. Apple is using politics to delay acting to seek justice. It is sheer shamefulness.

    1. Doctor Syntax Silver badge

      Re: Right v. Wrong

      "This is not a criminal trial regarding the presumption of innocence. This is a case about justice and duty of the citizens."

      Quite so. The FBI are not looking for evidence to prosecute the phone's user. They're going on a fishing expedition and they want to set a precedent for having Apple help them so that the presumption of innocence can be breached in the future.

      1. Anonymous Coward
        Anonymous Coward

        Re: Right v. Wrong

        Do you mean fourteen victims have no right to be sure all the people involved in their murder are found, or innocent dischaged? Because the two who actually pulled the trigger are dead, it's enough?

        I'm sure it would have been very different if one of the victims had been a Cook relative...

        1. John H Woods Silver badge

          Re: Right v. Wrong

          "Do you mean fourteen victims have no right to be sure all the people involved in their murder are found, or innocent dischaged?" -- AC

          No, I didn't mean that, and I (a) struggle to see how you can have inferred that and (b) despair that you should respond to a plea to move away from simplistic arguments with a simplistic argument.

          There is obviously a proportionality issue here: I'm not just asserting common sense, the All Writs Act itself says [my emphasis]: "Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law."

          It is trivial to show that it cannot be the case that absolutely anything is necessary and appropriate for a terrorist shooting of 14 people: for instance, even if the perpetrators were still at large it would probably not be considered "necessary and appropriate" to interrogate every US Citizen on the matter.

          Furthermore a Supreme Court ruling in 1977 on an All Writs Act order was that, although it was justified in the case before the court in that instance, "the power of federal courts [using this Act] to impose duties upon third parties is not without limits; unreasonable burdens may not be imposed"

          So, it is not nearly as simple a matter as you suggest, which is rather the point of the comment to which you are replying so, rather in a triumph of hope over experience, I'm stating it again.

          ----

          Addendum: Whilst re-reading this reply I also realised that the phrasing of the Supreme Court ruling uses the term "burdens" rather than "resources" and so presumably that includes things that are easy (handing over the signing key) because the burden in terms of corporate/brand damage could be considered unreasonable.

          1. Someone Else Silver badge

            @John H Woods -- Re: Right v. Wrong

            No, I didn't mean that, and I (a) struggle to see how you can have inferred that and (b) despair that you should respond to a plea to move away from simplistic arguments with a simplistic argument.

            It's called creating a straw man, John, and it is a rhetorical device that is generally the approach of last resort when the arguer (the AC, in this case) cannot argue his/her point on its merits. In high school debating, it routinely loses you the debate, and when one is (allegedly) grown up, it unambiguously identifies you as a brain-addled Fox Noiser.

    2. John H Woods Silver badge

      Re: Right v. Wrong

      "Apple needs to man up, do the right thing, and now." --- Common Guys...

      Some of us think they are, and that is what is causing the problem. We know that the All Writs Act is a law on the statute books; that it seems likely the Act would support the order the court has made; that the phone belonged to a terrorist who killed 14 people; that Apple could do it quite easily; that Tim Cook may simply be grandstanding.

      Those of us who think Apple are doing the right thing (and that may well include some who think they're doing it for the wrong reasons) will not be persuaded by merely restating the above facts, because they are not in dispute. Are you really expecting anyone you are arguing with here to go "oh, shit, I've just realised which phone we are talking about" and change their mind?

      So, let's at least move the discussion on from "come on, you guys, it's simple"

      1. Common guys...

        Re: Right v. Wrong

        Why are they doing the right thing?

        1. John H Woods Silver badge

          Re: Right v. Wrong

          "Why are they doing the right thing?"

          When you have been given leave to do so, appealing a judgment with which you disagree may well be the right thing to do. People have to stop painting this as outright defiance of the court -- it isn't, at least, not yet.

    3. Anonymous Coward
      Anonymous Coward

      Re: Right v. Wrong

      This is a case of terror upon this Country's citizens --

      Maybe us un-citizens would feel a little twinge of sorrow if the US didn't stand for torture, mass surveillance, and aggressive droning of other un-citizens.

      Oh - and - *you* lot gave corporations human rights - so *oh Gawd* now they are using it, who'd have thunk so?

      As it is: You pissed the bed, now suck it up and you go lie in it!

      1. KeithR

        Re: Right v. Wrong

        "This is a case of terror upon this Country's citizens "

        Boo fucking hoo. Maybe if the US stopped behaving as World politics' Nelson Muntz, you've have less shit happen to you.

        Oh - and where was this Special Pleading when elements of the US were openly endorsing and sponsoring the IRA's bomb attacks and assassinations in the UK?

        It's a big word, so I'll type it slowly for you:

        Hypocrite.

      2. Common guys...

        Re: Right v. Wrong

        Which country are you from that wouldn't react this way? ? I'd love to move there. Sounds incredible. Do tell

    4. Public Citizen

      Re: Right v. Wrong

      First off, this is a despicable and reprehensible crime that has been committed.

      That said, I'd like to make observations that will dispel any misperceptions based on descriptive language.

      The description "law enforcement agency" has been used for the "owners of the phone". This is accurate only in the fact that the regulatory agency involved enforces the Health and Safety Code through the employment of "inspectors" who visit restaurants and other food preparation facilities, observe, and issue regulatory citations and permits for operation. This isn't the Uniform, Gun, and Badge sort of "law enforcement".

      What hasn't been widely publicised is the Fact that the County of San Bernardino had the appropriate security software, purchased from and licensed by Apple, to allow auditing of the information on the phone by the county. The County was ~negligent~ in not installing the appropriate tools on this particular phone.

      The County and the FBI [for purposes of its own and in order to set a legal precedent] are now using the courts in an attempt to force Apple to remedy negligence caused by the county when Apple has already performed to the ethical and moral level in fulfilling its contractual duties to the county.

      It can be argued that the greater morality lies with making every effort to get to whatever data the phone contains/contained. I suspect that the county level techs have already mucked the thing up to the point where there is no useful information to be recovered, based on past performance and knowledge of how San Bernardino County functions.

      The counter-argument is that to comply with this court order will cause irreparable public harm to the Apple brand and the I-phone product lines.

      Where does the greater public good lie? In accessing potential information about other terrorist cells, information which a vigilant FBI, NSA, et al. should already have from their regular operations in this area OR the damage to be caused worldwide to this company? I'm in a position to have private opinions but not to make the public decision so I just ask questions.

      1. Fred Flintstone Gold badge

        Re: Right v. Wrong

        Where does the greater public good lie? In accessing potential information about other terrorist cells, information which a vigilant FBI, NSA, et al. should already have from their regular operations in this area OR the damage to be caused worldwide to this company? I'm in a position to have private opinions but not to make the public decision so I just ask questions.

        Fair enough, but the "greater good" question is skewed by deliberate omission of consequences by the demanding parties.

        What is being asked here is NOT as limited as the parties involved seek to suggest because of the way the US legal system works, and none of the parties involved has the power to limit the consequences. As a matter of fact, by knowingly specifying limits they MUSt know not to apply to the precedent this sets, it could be argued that FBI, judge and DoJ are colluding to obfuscate what this order must be really about (the nature of the misdirection turns this pretty much into a certainty).

        If we strip the Apple logo off this case, and take away the emotional aspects which are only added as sauce to force a public opinion, we end up with the FBI asking a company to publicly break the security of its product, security it has spent a long time developing.

        It is worth mentioning here that the owners of the phone originally DID have access as the phone was in an MDM, but they screwed up and now want Apple to bail them out.

        The Greater Good questions are thus:

        1 - Can it be legally permitted to force a company to commit commercial suicide by publicly breaking its own product?

        2 - It is right to ask a company to do this after it has already assisted in getting any iCloud data (via a password reset) and thus shown to be willing to assist where it can, especially in the light of the fact that this phone was NOT wiped whereas all others WERE cleared by the criminals, which makes the likelihood of this device containing anything worth the effort pretty low?

        3 - is it right to so burden a company with the mistakes made by customers?

        4 - it is acceptable to set all of the above as a legal precedent that will allow permanent legal harassment of ANY OEM by demanding the above 3 items again and again?

        The issue is far wider than Apple, and especially the efforts to distract the audience from the precedent-setting nature of this request sends up red flares by anyone who is interested in correct execution of law and order. You would be hard pressed to find a soul who would not like to hand the FBI any data in that phone, but the method the FBI and now the DoJ have chosen have extremely severe consequences, consequences that will render the US IT industry basically untrustworthy.

        If this gets to pass, it's like a very big OFF switch to Silicon Valley, jeopardising not only the security of US voters, but also of clients abroad. You're talking about the safety of billions, and damages comfortably hitting multiple billions of dollars.

        If you want a small taste of what is to come, just do a survey of US companies how much they are already losing as a consequence of Facebook vs Europe. It'll be much, much worse.

        1. Anonymous Coward
          Anonymous Coward

          Re: Right v. Wrong

          What bothers me most in all this is the whiff of collusion between a supposedly independent legal body and an agency.

          Either the judge does not realise the precedent it sets, and her attempt to impose limitations on the scope of this order are thus the result of oversight;

          or

          the judge knows full well what precedent it sets, and the limitations in the order are thus there to knowingly mislead the public as to the scope of what she just ordered.

          The judge may not be that experienced in matters IT, but I think it would be fair to assume that you don't get called to be a federal judge if you're incompetent. This leads to very worrying implications, unless I missed a third option.

  13. Anonymous Coward
    Anonymous Coward

    owned by the county?

    How stupid exactly would you need to be to use a company/state provided communication device to organise a terrorist attack against said supplier of comms gear?

    The more I read about this the more worried I become about the ramifications if the TLAs get their way.

    1. fajensen Silver badge

      Re: owned by the county?

      Stupid enough to believe in sky-fairies and simultaneously not endowed with enough impulse control to stay with the original target schedule? I.O.W.. Very Stupid. Unstable too. If the TLA's were actually worth anything of what we pay for them, they would probably have seen a trail of aberrant behaviour a long way before.

      I think that the happy couple were planning a little Paris-style atrocity, but before that the idiot loses his shit about some real or imagined offence at work, runs totally amok and shoot up work with wifey - thus destroying the original plan.

  14. roger 8

    Im just wondering whats going to happen.If Apple say it can not be done without destroying the data.

    Without the password the phone is actually secure. I see this playing out a few different ways.

    1 Apple do help get the data. But actually make out that they cant and go though a play of being dragged through the courts. The result is everyone jumps over to apple in thinking they have a secure phone. In

    reality its now wide open

    2 Apple design a backdoor Everyone knows and your never secure. Some dumb idiot leaves a laptop on a bus with the backdoor tools on and it gets leaked.

    3 Apple have done a good job and the phone is actually bullet proof. Nothing can be done.

    Every spy agency is now pissed off. Apple execs start jumping on to planes to go to countries with no extradition treaties. As the the government now try to shut down apple.Because they have given the people what they want and not what they should have and the Iphone becomes a banded item. if you own one your a bad guy.

    1. tom dial Silver badge

      "If Apple say it can not be done without destroying the data" they might well get a contempt of court citation and a large, perhaps very large fine, because it is all but certain that Apple can do what the order requires with relatively little effort, and the government very probably can prove it if required.

      1. Anonymous Coward
        Anonymous Coward

        "If Apple say it can not be done without destroying the data" they might well get a contempt of court citation and a large, perhaps very large fine, because it is all but certain that Apple can do what the order requires with relatively little effort, and the government very probably can prove it if required.

        Bzzt - nope. If it was easy to prove, it would have been easy to break. If it was easy to break, there would have been no need to involve Apple in the first place.

        Your type of logic only works for Microsoft Office UI developers :)

    2. Robert Helpmann?? Silver badge
      Childcatcher

      Roger, Roger 8

      I think number 3 is off the table as Apple have no reason to push back if it is the case that they have come up with bulletproof phones. There are a few other ways to go with this. For example, the courts might compel Apple to provide the data but not the method to do so followed by Apple engineering that particular method away.

      To steer the conversation in a slightly different direction, if smart phones are based on Unix (or Windows) at some level, wouldn't that imply they have multi-user capabilities? If this is indeed the case, why couldn't an admin account be used to gain access, reset passwords, et cetera? I am more familiar with corporate environments than consumer, but I do not see why a preexisting admin account could not be set up to be used in cases of this nature where the owner of the machine wants to access data on its own property. I am not seeking to address the very real privacy concerns with this, but could someone more familiar with smart phones weigh in?

      1. Public Citizen

        Re: Roger, Roger 8

        The County of San Bernardino did in fact have something like what you described in terms of an admin account through software purchased from Apple.

        They screwed up by not installing this software on the device in question. Now the county and the FBI are attempting to use the courts to force Apple, who has fulfilled all relevant contractual requirements, to make up for the negligence of county technical employees.

        They are using a "lawyer trick" to hide behind a legal fiction that they will compensate Apple for the costs involved in performing this act when in fact, the amount of money they are willing to pay is a pittance compared to the brand damage and the future loss of revenue that will result from compliance.

  15. Stork Silver badge

    "the suspected terror suspect"

    I know this is OT, but does that mean FBI are not sure if the deceased is a suspect or not?

    1. allthecoolshortnamesweretaken

      Re: "the suspected terror suspect"

      I think it's a legal technicality - anyone remains a 'suspect' until they are convicted, but as you can't convict a dead man...

    2. KeithR

      Re: "the suspected terror suspect"

      "I know this is OT, but does that mean FBI are not sure if the deceased is a suspect or not?"

      That he's a murderer is not open to debate, but there's no explicit evidence that the murders were terrorism related.

      That'll be what the FBI's interest in the phone is about, at least to some extent.

  16. splodge

    Sometimes I wonder if the US police want to find out what someone believes or what their motivations are, maybe, not shooting them dead would be a good start?

    1. Charles 9 Silver badge

      Kinda hard to do when you're being shot at. At that point, instinct says it's you or him.

  17. Florida1920
    Holmes

    How about a few downvotes for the CSI types?

    That would be Criminal Science Incompetents, formerly known as the San Bernardino PD.

    "Watson, you obviously haven't read my paper on cracking iOS security."

  18. Anonymous Coward
    Anonymous Coward

    Isn't the iphone likely to have no useful info on it anyway

    The Farook's destroyed their "burner" phones, but didn't bother with the company iphone, implying that it wasn't used for anything dodgy/interesting. So months after the event the FBI suddenly decide that they "really" need to crack this particular phone, using a court order that "in no way sets a precedent" for any future cases...

    1. KeithR

      Re: Isn't the iphone likely to have no useful info on it anyway

      "The Farook's destroyed their "burner" phones, but didn't bother with the company iphone, implying that it wasn't used for anything dodgy/interesting. So months after the event the FBI suddenly decide that they "really" need to crack this particular phone, using a court order that "in no way sets a precedent" for any future cases..."

      'Zack'ly - it's bloody OBVIOUS what the FBI's real motivation is here.

    2. This post has been deleted by its author

  19. Ike Aramba

    Mobile Device Management?

    If it is a corporate owned device, why weren't they using some MDM software to manage the device? MobileIron has an unlock command & I'm pretty sure that their competitors would have the same (a quick google shows that AirWatch and Citrix XenMobile do, haven't researched more).

    The fact that the San Bernadino county were either too cheap or incompetent to manage their mobile devices effectively shouldn't be the cause of Apple having to undermine future iOS device sales by breaking the security of their devices.

    1. Anonymous Coward
      Anonymous Coward

      Re: Mobile Device Management?

      Indeed, I read elsewhere that remote unlock capability via MDM was available on some of the county's phones, but hadn't been configured for this one.

    2. ecofeco Silver badge

      Re: Mobile Device Management?

      Mobile Iron ain't cheap nor a fix-all.

  20. Anonymous Coward
    Holmes

    Choose your friends wisely

    I wonder if Cook has noticed that gays are usually thrown off high buildings by adherents of the RoP?

    Perhaps he lives in a bungalow and feels that's not an issue?

    1. Anonymous Coward
      Anonymous Coward

      Re: Choose your friends wisely

      Wait, are you claiming that ISIS support privacy? Given that they publicly accuse anyone they suspect?

      What's next? Are you going to claim that Trump supports unrestricted immigration and Jeremy Clarkson is a founder member of Friends of the Earth?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020