I’m not surprised. When will the government learn that you cannot break encryption for some without breaking it for all, and that there is no (easy) way for apple to get into an encrypted device, even if they made it?
Texas Rangers have obtained a search warrant for the contents of a blood-splattered iPhone SE belonging to gunman Devin Kelley who killed 26 people in a murder-suicide at a church. Over the weekend, the US state's cops served the Cupertino phone-flinger a warrant demanding photos, messages and other potential evidence on …
I remember reading that Apple after the last case closed a method where a firmware upgrade could be forced? As potentially they could have been forced to write a custom firmware that unlocked a device. So presumably now if a device is locked on current firmware Apple can say sorry no can do...
They just want another high profile case, this time one where they can say "please Apple, won't you think of the children?" The Texas Rangers may have filed the warrant, but we know who is behind it.
It will be interesting to see if he was even using iCloud backups. Just having an iCloud account doesn't mean backups are enabled to it (though it defaults to doing so I believe) It will get a lot more contentious if Apple says "sorry, he didn't have anything backed up to iCloud and sorry we can't get into the phone".
This post has been deleted by its author
"I’m not surprised. When will the government learn that you cannot break encryption for some without breaking it for all, and that there is no (easy) way for apple to get into an encrypted device, even if they made it?"
Looked at another way, in light of a court order, the only way Apple can refuse is if it's not technically possible. I can see why Apple might want to stall in that case because they rely on people believing it's not technically possible. It's not as if it would be financially non-viable for a company with Apples resources.
A mentally defective person kills a bunch of people with a weapon he should have never had access to and the US Gummint is upset about a phone.
So the weapons are not an issue, but we gotta check his phone. NRA will demand a ban on encrypted phones to protect their gun rights.
WHAT ABOUT THE WEAPONS? The phone didn't harm anyone!
"WHAT ABOUT THE WEAPONS? The phone didn't harm anyone!"
that's a rather puerile argument - of course the phones didn't harm people, but nut jobs that commit these crimes rarely commit them in a vacuum - unless its just they are a total nut job.
Wanting to check out the comms of these scumbags is a valid line of investigation - regardless of whether it eventually yields fruit or not it would be irresponsible not to and down right criminal to prevent them doing so if its possible.
but nut jobs that commit these crimes rarely commit them in a vacuum - unless its just they are a total nut job.
Granted, 'the phone didn't harm anyone; is a little puerile, but has a point on the 'nujob/total nutjob' front.
Merely because some terror attacks are group efforts doesn't mean all are networked affairs, social or otherwise.
People rarely commit them in a vacuum, yes, There is always some set of circumstances that set them off down the road, but often what drives them all the way there is a vacuum they create themselves. What Terry Pratchett referred to as 'spiralling inward' (Men at Arms).
However it does appear law enforcement are in the habit now of 'throwing an embarassing tantrum' in public every time it comes to the 'social media/contacts personal associations' checkbox of the investigation and they can't tick the box.
"Wanting to check out the comms of these scumbags is a valid line of investigation - regardless of whether it eventually yields fruit or not it would be irresponsible not to "
Wanting to check out the phone IS a valid line of investigation.
Breaking encryption for everyone just so law enforcement have things a little easier is an awful breach of civil liberties AND a stupid invitation for criminals to take over the internet,
Limiting (not banning) firearm purchases to limited capacity magazines to sane people with no prior convictions is NOT an infringement of civil liberties, nor a violation of the US constitution (if only people knew what a militia is!!!)
"Wanting to check out the phone IS a valid line of investigation."
If there was a chance to unlock the phone using the dead man's fingerprint and the investigation flubbed that they really don't have much of a leg to stand on in insisting the Apple do, at massive public interest cost, what they failed to do. I wouldn't like to be an investigator explaining to a court why I failed in the first place and why I think someone else should make up for may failure.
Size of the magazine is a detail - I'm not sure of the specifics in the USA, but in the UK for each calibre of ammunition, you have two limits - the number you can hold and the number you can buy at any one time.
e.g. Typically, for .22LR rimfire rounds (used for vermin control), that would be 1,200 holding and 1,000 purchase - the holding is larger so you can purchase in bulk as you run out to save money.
So, even in the UK, a person could have a LOT of ammunition. You just have to buy a lot of spare magazines and pre-fill them. You don't need a license for spare magazines.
Note that in the UK we're not allowed fully- or semi-automatic firearms as private individuals, or for that matter, pistols (except "black-powder") or assault weapons etc.
Oh, and we have a proper licensing system with vetting which, generally speaking, is extremely firmly enforced by each regional force.
"Wanting to check out the comms of these scumbags is a valid line of investigation - regardless of whether it eventually yields fruit or not it would be irresponsible not to and down right criminal to prevent them doing so if its possible."
The problem with your reasoning is that this isn't a cost free option and I'm not talking about financial cost. It's a cost in terms of the security of every phone of that type and, by extension every type of phone because this is what law enforcement really want. And it's not just the security of the phone itself, but of the contents and hence of the owner of those contents.
To provide such backdoors would be a trade off between two public interest issues. A crime investigator is not in a position to make that choice, especially in relation to a specific case. I've not even seen evidence that the political overseers of crime investigators have sufficient understanding to make that choice.
People with power get really annoyed when they encounter any restrictions on the knowable. They are the Elites with The Right to Know All Things no matter the cost to others directly or incidental. It's no accident that this demand has been increasingly strident after a civil engineer took out the place where so much of the elites trappings of power were centered [World Trade Center]. We've spent trillions of money that doesn't exist to prevent the recurrance of such an attack. Whether that's possible or not.
I'm waiting for the next step after this, where it is not allowed to use additional encryption methods over and above that which normally is applied to a device. I use at least two here.
I can only recommend reading the book 'Secrets' by Daniel Ellsberg. It gives a nice insight on how people in power get sucked into the belief they know more --> they know better --> the public shouldn't know (because they don't know better) . Easy to see how this leads to a vicious circle of the government collecting and controlling information. This mind-set will, of course, destroy democracy (ref.: top-10 evil regimes of human history) , but that is easy to forget when you just focus on the current crisis.
No need to invoke deep conspiracies. But then, “Just because you're paranoid doesn't mean they aren't after you.” (Joseph Heller, Catch-22)
Having studied the cross-section of the social sciences and toss in a deep appreciation of history, you definitely don't need to require deep conspiricies. Just people being people. Nothing has changed in the last 7,000 years which is a damned shame. We'll jolly our way into the mass graves of our own free stupidity.
Any argument that Apple should be compelled to write special software to unlock the phone (which was the one that the Government made with respect to the San Bernadino phone) has been fatally torpedoed by the fact that the Government apparently found a way to circumvent the security, removing the need for custom software.
If the could do it then, they can do it now....
Irrelevant to some point
if Apple are compelled to do so by a court then that's what they should do or face the consequences. The law applies to all of us, not just those who can afford expensive lawyers. If Apple are ordered by the courts and don't (assuming they can) then cell doors should be heard closing.
If you're ordered by a court to levitate 1m off the ground, even though that goes against the laws of physics, does that mean you should also go to jail because you cant do it?
Or to be a little bit less facetious (only a little bit admittedly), if you're ordered to hand over the keys to a Ferrari to the court even if you dont own one, and that means you will have to take out a huge loan, and then buy one, just to hand it over to the Courts, that you shouldnt fight that order to the best of your ability?
An iphone is an encrypted device. Creating a program to decrypt that device is not a trivial piece of work, it's highly expensive, would require numerous engineers and a lot of man hours of work, and in the end may not actually be physically possible (I'm not aware of what encryption they use on an iphone or whether they have methods to stop brute forcing or stop copies being made of the hard drive built in to the device). The encryption keys are not stored by Apple, so why should they be expected to know them or come up with a way to get around them.
Also, if an engineer at Apple refuses to work on this out of their personal beliefs, should they also go to jail? And if all their engineers refuse, what then?
When the lower Courts make unreasonable demands it's well within a person or company's rights to fight them. I'd be interested to know why you think Apple should bear the costs of breaking this encryption, not just the direct costs of working out a break (if it's even possible) but also the massive reptuational damage and almost certain loss in sales associated with having breakable encryption?
"Also, if an engineer at Apple refuses to work on this out of their personal beliefs, should they also go to jail? "
Yes, or Apple as a minimum should turf them as they are the ones being dragged through the courts.
I don't believe I should pay taxes which go to fund things like subsidising the restaurants in the houses of parliament or MPs second homes - but I have to - and if I don't I fully expect to be sanctioned by the courts system.
I can prove I don't own a Ferrari so wouldn't have to hand over my keys. The laws of physics say I cant levitate, so wouldn't have to prove that. If Apple can prove they have no physical way of doing the decryption then lay out the evidence, if Apple hadn't already worked out if its breakable or not before they put it out in the big wide world then they weren't doing their job back then as seeing if your system can be hacked is a fundamental in security design.
"if Apple hadn't already worked out if its breakable or not before they put it out in the big wide world then they weren't doing their job back then as seeing if your system can be hacked is a fundamental in security design."
Presumably when they did their tests, they weren't able to find a way to break it, and that's why the software got released.
"I can prove I don't own a Ferrari so wouldn't have to hand over my keys. The laws of physics say I cant levitate, so wouldn't have to prove that. If Apple can prove they have no physical way of doing the decryption then lay out the evidence"
You cannot prove a negative, you can only prove a positive. You cannot prove you do not own a Ferrari, in a bizarre incident someone may have just given you one. You can present evidence that shapes a belief that you do not own a Ferrari, but only a positive can prove you do own one.
Experience tells us humans cannot levitate, and yet the laws of physics have produced MagLev trains - trains that levitate. Positive proof of levitation. Just because you lack the desire to try does not prove it cannot be done.
Apple cannot prove there is no physical way to bypass the security, we can only take their word, and the word of their qualified peers, that is cannot be done. Courts have a duty to accept what is reasonable.
Similarly, Apple would have to prove an impossibility -- if, with a gun to their collective head, they can't, in fact, break the encryption. Either because they've done their self-selected job well. Or breaking the encryption just isn't within the realm of the possible. Putting things another way: How much of an effort should Apple expend if they're forced to walk the plank? Should they be required to try until the heat death of the universe?
"Yes, or Apple as a minimum should turf them as they are the ones being dragged through the courts."
Actually, such an engineer would demonstrate that he has the highest respect for the safety of Apple's customers and a high degree of work ethics, so Apple would never want to risk any such engineer.
"f you're ordered by a court to levitate 1m off the ground, even though that goes against the laws of physics, does that mean you should also go to jail because you cant do it?"
Another puerile comment on the reg.. Let's hope you never suffer at the hands of a nutjob because law enforcement were hamstrung by encryption technologies.
"Another puerile comment on the reg.. Let's hope you never suffer at the hands of a nutjob because law enforcement were hamstrung by encryption technologies."
Considering the chances of suffering at the hands of a nutjob that is on the loose because of, as you say, law enforcement being hamstrung by encryption technologies (Chance - extremely f%&king low) or the chance of suffering at the hands of law enforcement authorities with the ability to invade people's privacy at will (Chance - high - based on the results of any regime which has got to that point in the past e.g. Stasi East Germany, Stalin's Russia, and to a lesser or greater extent modern China), I'll take my chances with the nutjob any day of the week!
"The law applies to all of us, not just those who can afford expensive lawyers."
Yes, of course. The majority of Apple customers won't be able to afford expensive lawyers to protect them against government overreach so it's just as well that Apple are doing that for them. I'm glad you appreciated that point.
Apple have designed the system to be resistant to them breaking the encryption.
If the law were changed to prevent them from doing that, then the courts may well be able to order them to decrypt a device, but otherwise it's just the same as asking someone to prove a negative - it can't be done.
For example, Wallaby claims he can prove he doesn't own a Ferrari. Well, I'm sure he can generate enough evidence to create reasonable doubt as to whether he owns one or not, but there is no way to actually *prove* you don't own one. Same principle applies to Apple and breaking the encryption on their devices - which they have *specifically* designed to be secure (even from them).
The phone they got into before was a 5c, which does not have the secure enclave. This is an SE, which does. The method that was used to break into that other phone may not work on this one.
Not saying there isn't a way to break into this one, maybe there is, but the bar is a lot higher. They have to go through the motions of asking Apple and getting shot down again before they give it up to a third party company to have a whack at.
The FBI would probably prefer all third parties to fail to access it, so they can go to congress and whine about how evil Apple must be forced to give them a backdoor. I'm sure a lot of "tough on crime, clueless on technology" congressmen would be happy to go along with that, and we know the orange snowflake would sign such a bill since he's already spoken out against Apple last time. This fight could be much uglier than the last one if the phone is as secure as Apple intends.
The ability to break into an iPhone depends on the model and to a lesser extent on the iOS version.
The phone cracked by a third party was (if I recall correctly) an iPhone 5 or 5S (or as noted above, a 5c), and they have exploitable security holes that are no longer available in the more recent iPhone SE which has the on-chip secure enclave. So it is probable that the hack (I don't think the details of exactly what that hack was are in the public domain) that worked with the iP5 won't work on an SE.
Also worth noting that you get three "free" attempts at guessing a screen code, after that each successive failure is greeted by a longer period before another attempt can be made - assuming that the user hasn't set the permanently lock after X attempts flag. After the 4th failure one must wait 5 minutes for another entry attempt, after 5 I think it is 30 minutes, and so on up to 10. This does not, to my recollection, reset.
Many, if not most, iPhone users have a code with a visual pattern, so one could try that, but there are a lot of potential patterns; so not a strategy with a high probability of success given the limited number of possible tries.
Interesting that in the previous case, the phone's actual owner (the Utility the person worked for) had the ability to change the phone's password without knowing the actual login code and in fact did so. However that locked them out of the iCloud backup for the phone. So although they could access the phone itself they could not get to the extra information stored in iCloud.
The solution that is being asked for is for Apple to create a version of iOS that does NOT set a limit on the pass-code attempts so the number can be brute-force guessed. It will be at most (probably) a 6 digit number so the actual number of possible combinations isn't that large and is able to be brute forced reasonably quickly. It is secure in general because the inbuilt and not (other than through a forced iOS reload which Apple can force) avoidable hard limit on the number of actual guesses permitted before the phone locks up.
If there are any subsidiary charges they should be brought on Air Farce personnel who failed to do their duty. This is the real breakdown in this case as he was found guilty of domestic abuse in a court martial. By US law, this should automatically bar him from ever buying or possessing a gun. In his case possession would have been a feral felony. However, the Air Farce (the same idiots who brought the F-35) did pass this conviction the national database.
Over here, when you buy a gun there is a mandatory feral background database check. If you are in the database, you can not buy a gun period. There are several specific reasons you can end up in the database (mental illness, felony conviction, etc.) States may add more restrictions like a waiting period before actually taking possession. Obviously the system requires diligence by low level bureaucrats who often do not care about doing their jobs correctly to make sure information is passed on.
Also, I doubt there is anything of real investigatory interest on his phone (or backups) that they probably do not already know from talking to people who knew him. They should have the phone logs by now and know who to talk to. Plus, who else are they going to charge as some of his intended targets appeared to be his in-laws.
The only loop hole in the system is a private sale to another person. But this is risky as there is no record of the transfer and you are still listed as the owner of the gun. The paper trail stops with you and if the gun is used in a crime the flatfeet could come a'knockin. Legal but risky. You are better selling the going to licensed dealer which will create a further paper trail showing the transfer.
The only way some try to get around is the straw purchase where someone with a clean record buys the gun for a criminal. However, this is felony for both the purchaser and criminal with some very harsh feral penalties.
All dealers are required to run all sales through the database before the finalizing the sale regardless of sales location, the gun show 'exemption' does not exist. The process is basically fill out a one page form, provide proof of identity, and then check the database. Maybe takes 10 minutes with most of it being the customer filling out the form. Who all gets copies of the form, I am not sure, other than dealer must retain a copy.
..so they get access to the phone and then what?
Gun laws will remain the same,
Many, many, many more mass shootings will occur.
Nothing changes, they can fix it, but they are to corrupt / spineless / moronic.
Move along folks, nothing to see here, other than more erosion of liberty, due to ironically, those that claim they are protecting it.
@Lost all Faith
I can't see the gun situation ever changing in america. Too many loons who think you aren't a proper person unless you own guns.
They're at MORE THAN (on average) one mass shooting per day and it's not going away.
It's an instant election loss if implemented,probably to the point that party wouldn't hold power again for decades/ever.
It will take an actual war/battle type event happening for things to change.
Sadly though that's *exactly* what quite a proportion of the loons want. Obviously because the winners of such a conflict would be the one directing the changes.
"Too many loons who think you aren't a proper person unless you own guns."
Newspapers yesterday reported that "Sarah Palin says she doesn't get sexually harassed because she carries a gun"
The USA seems to have an almost endemic paranoia in believing that you are under threat from people you meet - and that shooting them is the only response. Such a mindset has been the stimulus to a mass killing by someone who feels they have been slighted in some way.
Trump calls the Philippines' President Duterte "a good man". The latter said he killed a man “just over a look,”
Last year, such an order was issued for an iPhone owned by one of San Bernardino shooters, prompting Apple to refuse the order on the grounds it would spark days of bad publicity, er, sorry, jeopardize the security of all its handsets and set a terrible precedent. The FBI eventually found a secret means to forcibly unlock the phone.
The crux of the discussion was that Apple has made damn sure it cannot gain access itself by any means, and by so in principle has protected the company itself from such attempts. Services are a different matter: as long as clients do not use their own crypto such as mounting drives via cryptomator, Apple has access to the data and can hand off as demanded.
There are ways to contain that too, but not when the data is in the US, managed by a US company with 100% US ownership - Microsoft has already discovered that the DoJ doesn't really care that a subsidiary is in another country, they still own it and are so deemed having the power to compel (a separate fight, but also worth watching because of the ability to completely screw the foreign business of the whole of Silicon Valley if they don't start using Trump's Mar-a-Lago and Trump Tower pretty quickly).
How many shootings (both individual and mass) will be prevented if gun control is tightened up? Comparative statistics (both between states in the US and between the US and other countries) says a lot.
How many shootings will be prevented if phones can be decrypted by law enforcement? Zero. Not individual shootings. Not mass shootings by a lone nutcase. And, these days now that terrorists know not to trust electronic communications for long-term planning, not mass shootings by terrorists. Yeah, you might find out that just before he went on a rampage, a terrorist messaged his buddies asking them to wish him luck, and that's about it.
>Specifically, the cops want all the messages, calls, social media passwords, contacts, photos, videos and other data since January
What for? To find out who did it? Or because they just want anything and everything they can lay their hands on?
Where is the judge asking them "what do you expect to find?"
"Take this down Darling.. recommendation to the Yale governors; heavy machine guns for inbrednecks"
Oh wait.. preaching to the choir (pun not intended).
it's sad when this happens but after it happens 10 times you tend to lose any sympathy. it's like the Unit Citation version of the Darwin Award mit Schwertern und Brillanten. I know, let's take a selfie with a hand resting on a 22kv bus bar.. bzzzrt.. only with guns.
As to the phone how about making a deal - the people responsible for this violent abusive psycho getting through under the radar for years, as mentioned above, get imprisoned for the US version of accessory to murder, and Apple plays ball.
And why oh why didn't this charming chappie pop over to westboro Baptists instead, he'd have gotten a standing ovation from most people I know. I do feel sorry for the pastors daughter though, wouldn't be at all surprised if she was singled out for special attention :(
If Apple have declared that there is no way to crack the encryption, as backed-up by their spec testing, and if they honestly believe that to be true, then I see no problem with Apple attempting to crack it. By their own declaration, they will not succeed.
However, given that they have declared this, and have the testing to 'prove' the uncrackable nature of the algorithm, why should they be forced to pay for the cracking process?
If the FBI insist that Apple have a go at it, let the FBI pay for the engineer time out of their own budget. That would likely put a natural cap on it somewhere, because someone would be bleating about the expense fairly rapidly, I would think.
If they physically the possess the iPhone, they can obtain whatever information is inside. They don't have the expertise, and apparently don't feel like hiring anyone that does have the expertise (or, they feel like back door insertion is a good idea... again.).
Dog must love stupid people, because he made so many of them.
Biting the hand that feeds IT © 1998–2021