FBI director says iPhone unlock demands are limited, won't 'set a master key loose'

Posted:
in General Discussion
The FBI's demand that Apple help it crack the iPhone 5c of San Bernardino shooter Syed Farook has a "limited" scope, without impact beyond that case, according to a new editorial by FBI Director James Comey.




"The particular legal issue is actually quite narrow," Comey wrote in Lawfare. "The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve."

The FBI has been asking that Apple modify iOS 9 on a single iPhone to remove a limit on passcode attempts. When on, the feature prevents hackers from trying a brute-force unlock, since iOS will automatically delete a device's data after the limit is reached.

"We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land," Comey added.

The comment is a direct reference to Apple CEO Tim Cook's argument that creating a workaround for the FBI would also create a "master key" that could be used to break into any iPhone, not just Farook's, and undermine the security of all iOS devices.

Comey suggested that there is now a "serious tension" between privacy and security created by new technology, which should be resolved not by corporations or the FBI but by the American public, which also needs to find the "right balance" given the long-term impact. He also invoked the memory of the San Bernardino victims however, saying that the FBI "simply must do all we can under the law" to investigate.

On Monday Cook issued a memo to Apple workers, calling on the FBI to withdraw its demands. He also supported the idea of a government commission or panel to address the issue of encryption.

Recently it was revealed that the FBI worked with San Bernardino County to reset the Apple ID password associated with Farook's iPhone, ironically preventing Apple from retrieving data via an iCloud backup.
originalnature
«1345

Comments

  • Reply 1 of 98
    Said the guy whose organization screwed up the investigation. 
    AMCSpamSandwichmwhiteicoco3bdkennedy1002drowbaconstanglatifbpjbdragonanantksundaram
  • Reply 2 of 98
    muppetrymuppetry Posts: 3,328member
    matrix077 said:
    Said the guy whose organization screwed up the investigation. 
    That they screwed up is only of peripheral significance to what should happen next.
  • Reply 3 of 98
    melgrossmelgross Posts: 31,475member
    I wrote this a short while ago in a post to a Monday Note article about this.

    "
    melgross

    All a search warrant does is to allow the government to ATTEMPT to open a safe, or read your mail, etc. it doesn’t mean that you have to cooperate. It means that if necessary, the government has to do the work.

    That’s no different here. If the government want to try this themselves, no one is saying that they shouldn’t. But requiring Apple to do so is putting everyone on edge. A problem is that a company is only required to do this if it doesn’t present an undue burden.

    While the FBI is saying that it’s only one phone, that’s nonsense, and they know it. If Apple does this one phone, they will get thousands of requests from US law enforcement for every imaginable offense. Then Apple will get thousands of “requests” from every foreign government. They will need to open a department of programmers and manage to, as well as a legal team to evaluate every request, and to implement those that they consider legal, which itself will lead to some possible court action.

    This is both improper, and impossible.'

    mike1AMCfotoformatSpamSandwichmwhiteicoco3punkndrubliccincymachlee1169baconstang
  • Reply 4 of 98
    muppetrymuppetry Posts: 3,328member
    melgross said:
    I wrote this a short while ago in a post to a Monday Note article about this.

    "
    melgross

    All a search warrant does is to allow the government to ATTEMPT to open a safe, or read your mail, etc. it doesn’t mean that you have to cooperate. It means that if necessary, the government has to do the work.

    That’s no different here. If the government want to try this themselves, no one is saying that they shouldn’t. But requiring Apple to do so is putting everyone on edge. A problem is that a company is only required to do this if it doesn’t present an undue burden.

    While the FBI is saying that it’s only one phone, that’s nonsense, and they know it. If Apple does this one phone, they will get thousands of requests from US law enforcement for every imaginable offense. Then Apple will get thousands of “requests” from every foreign government. They will need to open a department of programmers and manage to, as well as a legal team to evaluate every request, and to implement those that they consider legal, which itself will lead to some possible court action.

    This is both improper, and impossible.'

    That really seems to sum up the situation very well.
    mwhiteicoco3anton zuykovnumenoreananantksundaram
  • Reply 5 of 98
    muppetry said:
    matrix077 said:
    Said the guy whose organization screwed up the investigation. 
    That they screwed up is only of peripheral significance to what should happen next.
    Quite significant because they would have had the information that they want without putting the entire client base of iPhone users at risk. The government is not very good at protecting their own data and secrets. Why on earth would I want them with this key. Plus once created other countries like China could demand the same. 

    SpamSandwichbaconstangjbdragonnumenorean
  • Reply 6 of 98
    You can't limit anything after you open the door. Once the door is open that's it. And it would also set a precedent that they could ask any company at anytime to do the same which means all privacy would be GONE! It's not just about 1 phone or one company. It's about all companies and all products would no longer have any privacy period. It would also mean that communist countries would have free rain of our information as well.
    badmonkjbdragon
  • Reply 7 of 98
    leptonlepton Posts: 110member
    I believe he is lying, that he knows very well that if successful, this request will be made again. And again, and again, and 10,000 times more.

    Even worse, less-nice countries like China, will start making these requests as well - this might happen regardless of the outcome of the current dispute. "Want to sell phones in our country? Then let us unlock the phones we want to unlock. Now." - says every other country. Thanks, FBI.
    hlee1169baconstangbadmonkjbdragonnumenorean
  • Reply 8 of 98
    muppetrymuppetry Posts: 3,328member
    genovelle said:
    muppetry said:
    That they screwed up is only of peripheral significance to what should happen next.
    Quite significant because they would have had the information that they want without putting the entire client base of iPhone users at risk. The government is not very good at protecting their own data and secrets. Why on earth would I want them with this key. Plus once created other countries like China could demand the same. 

    SIgnifcant in that way yes - but not to what happens next. The screw up happened. That does not, presumably, mean that the FBI should just give up and say game over, we messed up, let's go home. They have to keep trying. But personally I agree that they should not be able to force Apple to go to such lengths to help them, especially if it compromises the fundamental security of the platform.
    hlee1169anton zuykovnumenorean
  • Reply 9 of 98
    jungmarkjungmark Posts: 6,664member
    Bullshit. The scope isn't limited. It sets a precedent. If Apple complies, the FBI and other countries will demand to use it as well. Apple should not be in the business of hacking its customers. 
    SpamSandwichmwhitebaconstangjbdragonnumenorean
  • Reply 10 of 98
    maestro64maestro64 Posts: 4,481member
    jungmark said:
    Bullshit. The scope isn't limited. It sets a precedent. If Apple complies, the FBI and other countries will demand to use it as well. Apple should not be in the business of hacking its customers. 

    That is the point Apple is making it they do it one they will be required to do it every time and for any police agency in the world or government agency otherwise they run the risk of being shut out of the market place. Also it just mean if people know they can not trust apple they will go to some other source outside the US government control. But they could do like they did for year not allow certain technology to be exported, they will just no allow certain technologies to be imported to the US.
    jbdragon
  • Reply 11 of 98
    Why not deliver the phone to Apple, they could apply a patch and deliver the data?
  • Reply 12 of 98
    wood1208wood1208 Posts: 1,877member
    Let's steer this discussion away from Apple. The San Bernardino terrorists did not use iphone to kill Americans but used freely available Guns.So, before messing up with privacy,security,civil rights, freedom and liberty, let's put better Gun control laws that would not allow any Muslim to possesses gun in this country.
    punkndrublic
  • Reply 13 of 98
    muppetrymuppetry Posts: 3,328member
    jungmark said:
    Bullshit. The scope isn't limited. It sets a precedent. If Apple complies, the FBI and other countries will demand to use it as well. Apple should not be in the business of hacking its customers. 
    Potentially worse than that even, if they were able to reverse engineer the software. I haven't seen much informed commentary on whether an iPhone loaded with a weakened operating system would open the possibilty of a true backdoor in the wild if it got into the wrong hands.
    baconstangbadmonk
  • Reply 14 of 98
    pmzpmz Posts: 3,433member

    "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land," Comey added.
    Just the fact that he says this proves he's not listening, or doesn't care. The truth is that what he asks for is not possible. You can't have your cake and eat it too.
    ewtheckmanbaconstangjbdragon
  • Reply 15 of 98
    Your fucking Honorable James Comey, Director of fucking Female Booty Investigation.

    What does "No" do you not understand? No mean NO! That is too fucking dangerous! If Apple had to comply the order, and compel to open the encryption that Apple said it is IMMPOSSIBLE, the blood will be on your hands. It'll be too tough to remove that blood off your hands. Where that "blood" come from? The communist countries who murder innocent people all over stupid phones with encryption. 
  • Reply 16 of 98
    Sorry but I am confused. There are many suggestions how the scope of the FBI request is limited but I don't see much discussion about the practical/technical consequences of the proposed solution.

    1) How to get an iPhone to load a new version of iOS without wiping the user-data content from the phone. Whenever I've done a restore it has been after a local or iCloud backup has been taken and after the iPhone wipe, a restore is done from that backup.
    1a) Installing a fresh iOS (one containing the hack) would require the iPhone already be unlocked with the PIN (from what I recall, the backup and restore process requires an already PIN-unlocked phone). If they already had the PIN to perform this process the FBI would not need this request.

    2) Perhaps the hack is going to be introduced via an application download. Loading software into the user's iCloud space, will result in it being auto-downloaded to the iPhone (in the background) but only if that option is already set by the user in advance.
    2a) if the user has not set the auto-download option in advance, can Apple set it remotely (where is this state kept)?
    2b) for this option to make any difference, it would not only have to be an auto-download but also an auto-execute on the iPhone. I thought that was blocked by iOS (again requiring a different operating system (see #1, above)).

    In other words I do not see how this request can be of any benefit to the case it is being applied. All solutions result in a wipe-before-backup of the user data. A direct consequence is that the hack can only be of benefit to future cases, making a lie (for purely technical/practical reasons) of the FBI's request.

    What am I missing here?
    edited February 2016 ewtheckman
  • Reply 17 of 98
    pmzpmz Posts: 3,433member
    muppetry said:
    I haven't seen much informed commentary on whether an iPhone loaded with a weakened operating system would open the possibilty of a true backdoor in the wild if it got into the wrong hands.
    Uh, you don't need to see it. As Apple says quite clearly, if it exists, it will happen. Period.
    AMC
  • Reply 18 of 98

    What are Apple Iphone users so defensive about ?? Are you techies all buying drugs or watching child porn or something????????

    Apple users are sick , terrorist supporting commie lib drug dealing child porn watching sickos.....


    What's with the huge influx of new POS trolls lately? AI has always had a few idiots show up now and then, but the last few months it seems we get several new posters per article.
    SpamSandwichmwhitejbdragonnolamacguypscooter63anantksundaram
  • Reply 19 of 98
    muppetrymuppetry Posts: 3,328member
    pmz said:

    "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land," Comey added.
    Just the fact that he says this proves he's not listening, or doesn't care. The truth is that what he asks for is not possible. You can't have your cake and eat it too.
    He is implying that if Apple modifies the phone to allow unlimited, rapid attempts, then that will not permit them, or anyone else, to use that on any other phone. Great in principle except, as pointed out before, at a minimum it sets a precedent to make a court-sanctioned request for more than just information, would demonstrate that this vulnerability exists, and sets the bar much higher for the level of assistance LE can expect from third parties in an investigation. In the worst case, he is wrong, and it does become a master key.
    jbdragon
  • Reply 20 of 98
    There is far more to this than just breaking in to the iPhone. There is a great blog article by a Forensics expert regarding this wish of the FBI. He explains how one of the biggest problems is when things hit the courts and information found on the phone is involved. Here is the URL to the article. I found it extremely enlightening as I had never thought about this part of the problem. http://www.zdziarski.com/blog/?p=5645
    muppetrysilversquonkjony0pscooter63
Sign In or Register to comment.