This article is kind of sloppy. Was it written in a hurry? There are several grammatical mistakes. There are also inaccuracies and lots of speculation and opinion that is presented as fact.
This issue is difficult enough to discuss without all that. People are arguing with emotion instead of fact and many people act like they've never heard of the constitution.
[quote] Investigators have been unsuccessful in their attempts to break into Farook's iPhone 5c, which is protected by a strong encryption method designed to thwart brute-force attacks. [/quote]
My understanding is that the phone in question is only protected by a 4-digit passcode. A brute force attack would take half an hour or less to find the right passcode whereas a well chosen passphrase could take hundreds or thousands of years to crack. A four digit passcode is hardly a component of a strong encryption method. The thing that makes it difficult to crack in this case is the auto-wipe feature which wipes the phone after 10 incorrect password attempts. While that's part of the security model in place - it's not part of the "encryption method" and like it or not, I think the government would be able to declare it illegal and force Apple to remove it - not the encryption - just the booby trap which once triggered - destroys evidence (which is already illegal). If the government chose to pursue the auto-wipe in isolation - I think they'd be able to compel Apple to remove it from this particular phone (not all phones) without Apple having any grounds to object. If this ability were to "get out", it wouldn't compromise Apples encryption - but it would force us all to use passwords or passphrases to ensure our data remains private from governments and hackers alike. 4-digit codes would no longer offer any real security. This would acutely completely solve the problem for this "one phone" however, it doesn't set a useful precedent and would be useless against phones using proper passwords which is why (I presume) they are not going this route. But by ignoring this approach which would solve their problem for "this one phone", they are proving that their intentions do not end with "this one phone" as they have stated publicly.
[quote] To circumvent this particular security layer Apple would need to write a new, compromised version of its iOS operating system, sign the code and install it on the device. But Apple is refusing to comply, citing an overreach of federal authority and potential First Amendment rights implications. [/quote]
This, I believe is speculation. If all they wanted to do is to disable the auto-wipe booby trap - they wouldn't have to touch the operating system. All Apple would have to do is take the existing firmware - find the line that adds 1 to the "incorrect password counter" and change the formula so that it adds "0" instead of "1". Then, they would just have to replace/update the existing firmware with the 1-byte tweak and give the phone back to the FBI. They could pay a clerk to start entering passcodes with 0-0-0-0 and incrementing by 1 until they find the code that unlocks the phone. Shouldn't take any longer than a couple of days I would think. And even if (when) the FBI lost control of this "revised firmware" - it would quickly become completely useless as everybody concerned with pricacy (which should be all of us) would stop using 4-digit codes and begin using secure passphrases. Apple could even help speed up this process by eliminating 4 digit passcodes ame forcing users to choose something secure.
In any case - speculating that a new, compromised OS would have to be created seems like fear-mongering. That is certainly one-possibility - but an extremely unlikely one. There are other ways that Apple could comply with a law requiring them to help - if such a law is indeed created that passes all constitutional challenges.
Chang of topic.
On many of these recent threads, there are many people who are arguing about what Apple should or shouldn't do in response to the demands of the FBI. These are useless debates. It's clear what Apple should be doing - and it appears that they are doing exactly that. Apple is a private company, responsible to its shareholders. They don't have a choice. They must do what is in the best interest of the company and its shareholders. Tim Cook is not the owner of the business and cannot choose to ignore a law, risking punishment simply because he disagrees with it. If it is in the best interest of Apple to do business in the USA, Apple must comply with their laws. If the law doesn't seem right - they can (and should) challenge it all the way to the Supreme Court - but - when the dust settles and the final ruling is made - Apple must (and Apple will) comply with the law. In this case - that is exactly what is happening. It would be irresponsible - and not in the best interest of Apple, its shareholders - and all of us - for Apple to not challenge the existing demands, so they can and will fight this with all legal options open to them. When they run out of legal options to refuse - they will comply with any law that comes out of this. They have to.
I dont want to give up my privacy and I am happy that Apple is challenging the FBI. I hope they win - but the debates on these forums are useless if they ignore the constitution, if they ignore reality and if they ignore reality.
This article is kind of sloppy. Was it written in a hurry? There are several grammatical mistakes. There are also inaccuracies and lots of speculation and opinion that is presented as fact.
This issue is difficult enough to discuss without all that. People are arguing with emotion instead of fact and many people act like they've never heard of the constitution.
[quote] Investigators have been unsuccessful in their attempts to break into Farook's iPhone 5c, which is protected by a strong encryption method designed to thwart brute-force attacks. [/quote]
My understanding is that the phone in question is only protected by a 4-digit passcode. A brute force attack would take half an hour or less to find the right passcode whereas a well chosen passphrase could take hundreds or thousands of years to crack. A four digit passcode is hardly a component of a strong encryption method. The thing that makes it difficult to crack in this case is the auto-wipe feature which wipes the phone after 10 incorrect password attempts. While that's part of the security model in place - it's not part of the "encryption method" and like it or not, I think the government would be able to declare it illegal and force Apple to remove it - not the encryption - just the booby trap which once triggered - destroys evidence (which is already illegal). If the government chose to pursue the auto-wipe in isolation - I think they'd be able to compel Apple to remove it from this particular phone (not all phones) without Apple having any grounds to object. If this ability were to "get out", it wouldn't compromise Apples encryption - but it would force us all to use passwords or passphrases to ensure our data remains private from governments and hackers alike. 4-digit codes would no longer offer any real security. This would acutely completely solve the problem for this "one phone" however, it doesn't set a useful precedent and would be useless against phones using proper passwords which is why (I presume) they are not going this route. But by ignoring this approach which would solve their problem for "this one phone", they are proving that their intentions do not end with "this one phone" as they have stated publicly.
[quote] To circumvent this particular security layer Apple would need to write a new, compromised version of its iOS operating system, sign the code and install it on the device. But Apple is refusing to comply, citing an overreach of federal authority and potential First Amendment rights implications. [/quote]
This, I believe is speculation. If all they wanted to do is to disable the auto-wipe booby trap - they wouldn't have to touch the operating system. All Apple would have to do is take the existing firmware - find the line that adds 1 to the "incorrect password counter" and change the formula so that it adds "0" instead of "1". Then, they would just have to replace/update the existing firmware with the 1-byte tweak and give the phone back to the FBI. They could pay a clerk to start entering passcodes with 0-0-0-0 and incrementing by 1 until they find the code that unlocks the phone. Shouldn't take any longer than a couple of days I would think. And even if (when) the FBI lost control of this "revised firmware" - it would quickly become completely useless as everybody concerned with pricacy (which should be all of us) would stop using 4-digit codes and begin using secure passphrases. Apple could even help speed up this process by eliminating 4 digit passcodes ame forcing users to choose something secure.
In any case - speculating that a new, compromised OS would have to be created seems like fear-mongering. That is certainly one-possibility - but an extremely unlikely one. There are other ways that Apple could comply with a law requiring them to help - if such a law is indeed created that passes all constitutional challenges.
Chang of topic.
On many of these recent threads, there are many people who are arguing about what Apple should or shouldn't do in response to the demands of the FBI. These are useless debates. It's clear what Apple should be doing - and it appears that they are doing exactly that. Apple is a private company, responsible to its shareholders. They don't have a choice. They must do what is in the best interest of the company and its shareholders. Tim Cook is not the owner of the business and cannot choose to ignore a law, risking punishment simply because he disagrees with it. If it is in the best interest of Apple to do business in the USA, Apple must comply with their laws. If the law doesn't seem right - they can (and should) challenge it all the way to the Supreme Court - but - when the dust settles and the final ruling is made - Apple must (and Apple will) comply with the law. In this case - that is exactly what is happening. It would be irresponsible - and not in the best interest of Apple, its shareholders - and all of us - for Apple to not challenge the existing demands, so they can and will fight this with all legal options open to them. When they run out of legal options to refuse - they will comply with any law that comes out of this. They have to.
I dont want to give up my privacy and I am happy that Apple is challenging the FBI. I hope they win - but the debates on these forums are useless if they ignore the constitution, if they ignore reality and if they ignore reality.
Is this a discussion about grammar? If so,then you should read your own posts before posting. You are misspelling words and have duplicates.
I always laugh at people who have never done software development/programming. Simpletons like you think that what the courts are asking Apple to do is a one-line code change. I am actually surprised that Apple has estimated up to 4 weeks of work. I would have thought that this could take months. It is not only the software development, but all the testing involved that takes lots of time. It is tricky. You do not want to brick the target iPhone.
The fact is that this court order is an overreach of government powers. This is no longer about Apple 's willingness to help. Apple has always been expeditious in responding to warrants. However, when Apple has to pull a considerable amount of resources to develop a product that undermines its own product by court order, it is no longer reasonable.
I do not know how you can write "I dont want to give up my privacy and I am happy that Apple is
challenging the FBI. I hope they win" when everything you have written shows that your position is quite the opposite.
This article is kind of sloppy. Was it written in a hurry? There are several grammatical mistakes. There are also inaccuracies and lots of speculation and opinion that is presented as fact.
This issue is difficult enough to discuss without all that. People are arguing with emotion instead of fact and many people act like they've never heard of the constitution.
[quote] Investigators have been unsuccessful in their attempts to break into Farook's iPhone 5c, which is protected by a strong encryption method designed to thwart brute-force attacks. [/quote]
My understanding is that the phone in question is only protected by a 4-digit passcode. A brute force attack would take half an hour or less to find the right passcode whereas a well chosen passphrase could take hundreds or thousands of years to crack. A four digit passcode is hardly a component of a strong encryption method. The thing that makes it difficult to crack in this case is the auto-wipe feature which wipes the phone after 10 incorrect password attempts. While that's part of the security model in place - it's not part of the "encryption method" and like it or not, I think the government would be able to declare it illegal and force Apple to remove it - not the encryption - just the booby trap which once triggered - destroys evidence (which is already illegal). If the government chose to pursue the auto-wipe in isolation - I think they'd be able to compel Apple to remove it from this particular phone (not all phones) without Apple having any grounds to object. If this ability were to "get out", it wouldn't compromise Apples encryption - but it would force us all to use passwords or passphrases to ensure our data remains private from governments and hackers alike. 4-digit codes would no longer offer any real security. This would acutely completely solve the problem for this "one phone" however, it doesn't set a useful precedent and would be useless against phones using proper passwords which is why (I presume) they are not going this route. But by ignoring this approach which would solve their problem for "this one phone", they are proving that their intentions do not end with "this one phone" as they have stated publicly.
[quote] To circumvent this particular security layer Apple would need to write a new, compromised version of its iOS operating system, sign the code and install it on the device. But Apple is refusing to comply, citing an overreach of federal authority and potential First Amendment rights implications. [/quote]
This, I believe is speculation. If all they wanted to do is to disable the auto-wipe booby trap - they wouldn't have to touch the operating system. All Apple would have to do is take the existing firmware - find the line that adds 1 to the "incorrect password counter" and change the formula so that it adds "0" instead of "1". Then, they would just have to replace/update the existing firmware with the 1-byte tweak and give the phone back to the FBI. They could pay a clerk to start entering passcodes with 0-0-0-0 and incrementing by 1 until they find the code that unlocks the phone. Shouldn't take any longer than a couple of days I would think. And even if (when) the FBI lost control of this "revised firmware" - it would quickly become completely useless as everybody concerned with pricacy (which should be all of us) would stop using 4-digit codes and begin using secure passphrases. Apple could even help speed up this process by eliminating 4 digit passcodes ame forcing users to choose something secure.
In any case - speculating that a new, compromised OS would have to be created seems like fear-mongering. That is certainly one-possibility - but an extremely unlikely one. There are other ways that Apple could comply with a law requiring them to help - if such a law is indeed created that passes all constitutional challenges.
Chang of topic.
On many of these recent threads, there are many people who are arguing about what Apple should or shouldn't do in response to the demands of the FBI. These are useless debates. It's clear what Apple should be doing - and it appears that they are doing exactly that. Apple is a private company, responsible to its shareholders. They don't have a choice. They must do what is in the best interest of the company and its shareholders. Tim Cook is not the owner of the business and cannot choose to ignore a law, risking punishment simply because he disagrees with it. If it is in the best interest of Apple to do business in the USA, Apple must comply with their laws. If the law doesn't seem right - they can (and should) challenge it all the way to the Supreme Court - but - when the dust settles and the final ruling is made - Apple must (and Apple will) comply with the law. In this case - that is exactly what is happening. It would be irresponsible - and not in the best interest of Apple, its shareholders - and all of us - for Apple to not challenge the existing demands, so they can and will fight this with all legal options open to them. When they run out of legal options to refuse - they will comply with any law that comes out of this. They have to.
I dont want to give up my privacy and I am happy that Apple is challenging the FBI. I hope they win - but the debates on these forums are useless if they ignore the constitution, if they ignore reality and if they ignore reality.
Is this a discussion about grammar? If so,then you should read your own posts before posting. You are misspelling words and have duplicates.
I always laugh at people who have never done software development/programming. Simpletons like you think that what the courts are asking Apple to do is a one-line code change. I am actually surprised that Apple has estimated up to 4 weeks of work. I would have thought that this could take months. It is not only the software development, but all the testing involved that takes lots of time. It is tricky. You do not want to brick the target iPhone.
The fact is that this court order is an overreach of government powers. This is no longer about Apple 's willingness to help. Apple has always been expeditious in responding to warrants. However, when Apple has to pull a considerable amount of resources to develop a product that undermines its own product by court order, it is no longer reasonable.
I do not know how you can write "I dont want to give up my privacy and I am happy that Apple is
challenging the FBI. I hope they win" when everything you have written shows that your position is quite the opposite.
Do you know how to program? I've got two decades under my belt - and what I described *would* in fact disable the booby trap with a 1 byte change to the source code. Beyond that, the code would have to be recompiled, signed and tested of course but such a small change doesn't require the full regression testing that a new version of iOS would require.
There could be many reasons why Apple is quoting 4-weeks or more - most likely though is the fact that their plan would be to do something different than what I suggested - because the FBI is asking for something different than what I suggested. It could be many things - perhaps a self-destruct (I hope) or code to limit it to work only on the 1 device which is also reasonable.
As for the grammatical errors and double words in my posts, they're mostly a result of trying to compose the measure on my iPhone and fighting with auto-correct. I often re-read and correct after I post and always find errors. This time I didn't have time to - but my errors are completely irrelevant to my comment. Articles posted my journalists are (and should be) held to a higher standard than we who comment on them. Mikey's articles rarely have these errors which is why I speculated that this one may have been composed hastily.
You seem to have a problem with comprehension as you obviously didn't understand much of what I wrote. You are a good example of what I meant by people who ignore reality and are therefore unable to contribute anything of value to the discussion. If you could "comprehend", you'd see that I clearly stated (many times) how privacy and security could/would be preserved. We don't live in a world of black and white - but you don't seem to understand that. You apparently lash out at anything you don't understand. We are both on Apples side and we both want to preserve our rights to privacy - but when I pointed out that there is a small part of the overall issue that the FBI *might* be able to "win" based on existing legislation - you stopped listening.
You didn't contradict any of my points with reasons why that would be bad - or why it wouldn't apply the way I think it would, or anything else. You added no value to the discussion. You just called me names and picked on my typos. Not very mature. Not very open minded. No signs of any kind of intelligence from you. Grow up.
To think that a shooting spree that left 14 dead would have more of an ongoing investigation than did 9/11 which killed over 3000 people and an estimated 2 million people in the so called war on terror is an insult to the American people and the thousands of dead soldiers and the estimated 2,000,000+ people that were exterminated in this so called "War on Terror". America wake up. To find the truth you need only watch the actions of the individuals involved. Stop listening to words spoken. These lies can all be debunked by 5th graders. The war on terror is almost as big of a joke as the war on drugs, which has already cost millions of lives, not to mention the last 7 US drug Czars have been busted for transporting drugs from various spots in the world. Everyone knows we are in Iraq because of the special interest of the big oil companies, and big pharma has us in Afghanistan for the opium, just as they did in Vietnam. We don't have to be Nostradamus to predict what will happen next people. Simply open your history books and you will see.
Um.... Wandered into the wrong site?
The shooting spree that left 14 dead was the reason the FBI was wanting backdoor access to Apple's phones. Not sure what rock you crawled out from under, but I would suggest going back before someone comes along and takes it while you are distracted by truth and facts. Just sayin.
Posting on Facebook is easy and it's also a waste of time.
You must make the real effort of calling AND writing to YOUR ELECTED REPRESENTATIVES. If your representatives feel overwhelming public support for Apple they'll want to support Apple. Their reelection is dependent on their responsiveness to their constituents.
When this goes to the Supreme Court the government will look a the clowns they all are. They hire idiots like Snowden and bark at their own people for not doing their F-Ing JOB! They should put all those efforts in helping companies protect us from Chine- Russia- Korea and all other cyber attacks on our companies and institutions! MORONS!!!
Currently China - Russia - Korea has to work hard to break in to various companies network. Once government gets unbound access to systems guess who will get that access from government? Government gets hacked more than any other company. Our adversaries will have full access as well. Give a little thought before you start yelling.
This article is kind of sloppy. Was it written in a hurry? There are several grammatical mistakes. There are also inaccuracies and lots of speculation and opinion that is presented as fact.
This issue is difficult enough to discuss without all that. People are arguing with emotion instead of fact and many people act like they've never heard of the constitution.
[quote] Investigators have been unsuccessful in their attempts to break into Farook's iPhone 5c, which is protected by a strong encryption method designed to thwart brute-force attacks. [/quote]
My understanding is that the phone in question is only protected by a 4-digit passcode. A brute force attack would take half an hour or less to find the right passcode whereas a well chosen passphrase could take hundreds or thousands of years to crack. A four digit passcode is hardly a component of a strong encryption method. The thing that makes it difficult to crack in this case is the auto-wipe feature which wipes the phone after 10 incorrect password attempts. While that's part of the security model in place - it's not part of the "encryption method" and like it or not, I think the government would be able to declare it illegal and force Apple to remove it - not the encryption - just the booby trap which once triggered - destroys evidence (which is already illegal). If the government chose to pursue the auto-wipe in isolation - I think they'd be able to compel Apple to remove it from this particular phone (not all phones) without Apple having any grounds to object. If this ability were to "get out", it wouldn't compromise Apples encryption - but it would force us all to use passwords or passphrases to ensure our data remains private from governments and hackers alike. 4-digit codes would no longer offer any real security. This would acutely completely solve the problem for this "one phone" however, it doesn't set a useful precedent and would be useless against phones using proper passwords which is why (I presume) they are not going this route. But by ignoring this approach which would solve their problem for "this one phone", they are proving that their intentions do not end with "this one phone" as they have stated publicly.
[quote] To circumvent this particular security layer Apple would need to write a new, compromised version of its iOS operating system, sign the code and install it on the device. But Apple is refusing to comply, citing an overreach of federal authority and potential First Amendment rights implications. [/quote]
This, I believe is speculation. If all they wanted to do is to disable the auto-wipe booby trap - they wouldn't have to touch the operating system. All Apple would have to do is take the existing firmware - find the line that adds 1 to the "incorrect password counter" and change the formula so that it adds "0" instead of "1". Then, they would just have to replace/update the existing firmware with the 1-byte tweak and give the phone back to the FBI. They could pay a clerk to start entering passcodes with 0-0-0-0 and incrementing by 1 until they find the code that unlocks the phone. Shouldn't take any longer than a couple of days I would think. And even if (when) the FBI lost control of this "revised firmware" - it would quickly become completely useless as everybody concerned with pricacy (which should be all of us) would stop using 4-digit codes and begin using secure passphrases. Apple could even help speed up this process by eliminating 4 digit passcodes ame forcing users to choose something secure.
In any case - speculating that a new, compromised OS would have to be created seems like fear-mongering. That is certainly one-possibility - but an extremely unlikely one. There are other ways that Apple could comply with a law requiring them to help - if such a law is indeed created that passes all constitutional challenges.
Chang of topic.
On many of these recent threads, there are many people who are arguing about what Apple should or shouldn't do in response to the demands of the FBI. These are useless debates. It's clear what Apple should be doing - and it appears that they are doing exactly that. Apple is a private company, responsible to its shareholders. They don't have a choice. They must do what is in the best interest of the company and its shareholders. Tim Cook is not the owner of the business and cannot choose to ignore a law, risking punishment simply because he disagrees with it. If it is in the best interest of Apple to do business in the USA, Apple must comply with their laws. If the law doesn't seem right - they can (and should) challenge it all the way to the Supreme Court - but - when the dust settles and the final ruling is made - Apple must (and Apple will) comply with the law. In this case - that is exactly what is happening. It would be irresponsible - and not in the best interest of Apple, its shareholders - and all of us - for Apple to not challenge the existing demands, so they can and will fight this with all legal options open to them. When they run out of legal options to refuse - they will comply with any law that comes out of this. They have to.
I dont want to give up my privacy and I am happy that Apple is challenging the FBI. I hope they win - but the debates on these forums are useless if they ignore the constitution, if they ignore reality and if they ignore reality.
So...before everybody just starts flaming me - this is a genuine question. I can't see how many dislikes this post got, but I can see from the change in my total, that it got quite a few and I'm trying to understand why.
Was it because I criticized Mikey and suggested the article was sloppy? If so - I'm prepared to offer an apology to Mikey for that. My comments came out a lot harsher than I intended. I usually enjoy his articles and just noticed what I thought was a difference in the style of this one which made me think it may have been either written hastily or even ghost written by someone else. In retrospect, it wasn't worth commenting on. Sorry Mikey.
Or were all the dislikes because people disagreed with my suggestion that the FBI could separate the issue of the "booby trap" from the issue of decrypting the content of the phone? If so - it might have been nice if even one of you that "disliked" the thought had replied with some genuine reasons why I might be wrong.
To recap: - I support Apple's decision to challenge the court order and/or any laws current or future that would force them to build backdoors, master decryption keys or tools to decrypt our data - as long as they have a legal avenue to do so. - But as soon as Apple runs out of legal ways to challenge these things, they realistically must comply with whatever laws remain - even if you or I or they disagree with them. I don't see that they would have any other alternative at that point other than to completely exit the US. We can't expect them to deliberately break or disregard the law and risk financial penalties or other punishments (UNLESS that turns out to be in the best interest of its shareholders). - It's great that Apple is leading this fight - but, as a private company they can only take it so far and it is up to us to join the fight by writing our elected representatives and demanding that they represent our interests.
I doubt anyone would take offense to the above points. They are all kind of obvious. So perhaps it was the following suggestion regarding de-coupling the auto-wipe feature from the privacy/encryption debate. I may not have phrased this correctly on my original post, but my suggestion itself was meant to be more of a question, or idea to spark debate and something that I thought they *COULD* do - as opposed to something that I thought they *SHOULD* do. Here it is again, reworded slightly. I'm genuinely interested in any replies where people can rebut it with reasons and facts that go beyond "I don't like that" or "I don't want them to do that". If the FBI took this approach - would Apple have any legal grounds to refuse or challenge the request?
- Given that there is an existing law that prohibits destroying evidence: - Would this law apply to the users encrypted data on the phone? - How does configuring an auto-wipe of a computing device materially differ from hiring someone to shred documents upon your death or arrest, or rigging an explosive device to a filing cabinet that destroys the contents if opened incorrectly? - Does something in the constitution give us the right to destroy evidence? - As far as forcing a person or corporation to create something new that will allow them to comply with lawful requests - how is that materially different from requiring the phone companies to provide the wiretap capabilities that have now been in place for decades?
I know that there are efforts underway to challenge some of these laws and to keep other new ones from being passed - and I reiterate my support for those endeavours. Much of the above speculation is hypothetical from a Devils advocate viewpoint.
So - if there is any part of this message that offends you personally - I apologize. It wasn't my intent. Kindly ignore that section. But if you have any thoughts on any of my other points - kindly share them. I'm genuinely curious as to how we can (realistically) fight these types of tactics/arguments and win them.
All of this is making me sick to stomach. FBI, DOJ and government is sounding more and more like an Evil Empire. Is that the Darth Wader's heavy breathing that I hear?
The Russians and the North Koreans are laughing their asses off.
Come on, America! Get it together!
If that was the case, I am really really disappointed in America. Wake up now!
I guess the FBI needs to find out where the shooting spree couple got that AR-15 App that turned their phones into the weapons used to shoot the guys coworkers? I have a 5c but I can't find the App at the app store or anyplace to attach the extra capacity magazine. on my iPhone.
Do you know how to program? I've got two decades under my belt - and what I described *would* in fact disable the booby trap with a 1 byte change to the source code. Beyond that, the code would have to be recompiled, signed and tested of course but such a small change doesn't require the full regression testing that a new version of iOS would require.
1 byte change? I guess you worked on iOS to determine it takes a 1 byte change.
why even comment out the booby trap. Just comment out the passcode or switch the passcode flag to N. Problem solved. /s
Apple and its lawyers argue that the government, if allowed to set precedent in this case, would be granted "limitless" power that could one day infringe on basic civil rights. On the flip side, the FBI, Justice Department and White House content an Apple-created exploit would be strictly limited to a single device.
I want anyone who believes that the FBI will limit the use of the exploit to a single device to contact me immediately, as I have just been made aware of a Nigerian prince in need of assistance in moving several million dollars our of his country!!!
Do you know how to program? I've got two decades under my belt - and what I described *would* in fact disable the booby trap with a 1 byte change to the source code. Beyond that, the code would have to be recompiled, signed and tested of course but such a small change doesn't require the full regression testing that a new version of iOS would require.
1 byte change? I guess you worked on iOS to determine it takes a 1 byte change.
why even comment out the booby trap. Just comment out the passcode or switch the passcode flag to N. Problem solved. /s
Yeah. 1 byte.
No, I haven't worked on iOS - but I do have 20 years of programming experience under my belt. The code that handles this particular function (the counter and the wipe) is not protected by the same encryption that protects all of the user data (obviously).
If you understand programming at all - you'd know that for this booby trap to work, somewhere in the code there is a line that adds 1 to an incorrect password counter. So if you change the 1 to a 0, you can enter as many incorrect passwords as you like. Each time you do, the counter will increase by 0 and therefore it will never hit 10.
I know you're trying to be sarcastic but your suggestion would require more than 1 byte be changed and it also wouldn't work. Entering the correct passcode is required to decrypt the user data. Bypassing the passcode entry gets you nothing.
1 byte change? I guess you worked on iOS to determine it takes a 1 byte change.
why even comment out the booby trap. Just comment out the passcode or switch the passcode flag to N. Problem solved. /s
Yeah. 1 byte.
No, I haven't worked on iOS - but I do have 20 years of programming experience under my belt. The code that handles this particular function (the counter and the wipe) is not protected by the same encryption that protects all of the user data (obviously).
If you understand programming at all - you'd know that for this booby trap to work, somewhere in the code there is a line that adds 1 to an incorrect password counter. So if you change the 1 to a 0, you can enter as many incorrect passwords as you like. Each time you do, the counter will increase by 0 and therefore it will never hit 10.
I know you're trying to be sarcastic but your suggestion would require more than 1 byte be changed and it also wouldn't work. Entering the correct passcode is required to decrypt the user data. Bypassing the passcode entry gets you nothing.
I would believe Tim Cook and his developers over some random guy on the Internet.
What a bunch of suppressive, fascist fk-ups.... Stand strong with Apple on this one... The government is trying to use this emotionally charged event to prevent us from securing our private data and must be stopped. This is not what a free democratic society is about. Then again, we are the best "democracy" bought and paid for by legalized corruption called lobbying and unregulated massive "donations" to the political process.
- As far as forcing a person or corporation to create something new that will allow them to comply with lawful requests - how is that materially different from requiring the phone companies to provide the wiretap capabilities that have now been in place for decades?
An idea on this analogy... This would be the same thing if the phone companies were forced to come up with a new process that breaks into their secure network in order to tap the line. Were they compelled to create a backdoor process or did they just let the FBI/NSA/etc have physical access and hack away? Were the phone companies secure in the first place?
I too hope Apple fights and wins this - they should win hands down with this specific case, but you know there will eventually be one that they lose. They shouldn't be compelled to create anything new, period.
I like you idea of changing the X counter bit to 0 if Apple really were compelled to crack an iPhone, that's one way. There now just needs to be a way to get that new firmware onto the phone without bricking it which is another problem. How many hoops would they need to jump through to comply with a court order - the burden starts to look very undue.
And if Apple loses, I'm sure there will be a ton of FOIA requests to see just how important the data was on this iPhone...
Comments
This issue is difficult enough to discuss without all that. People are arguing with emotion instead of fact and many people act like they've never heard of the constitution.
[quote]
Investigators have been unsuccessful in their attempts to break into Farook's iPhone 5c, which is protected by a strong encryption method designed to thwart brute-force attacks. [/quote]
My understanding is that the phone in question is only protected by a 4-digit passcode. A brute force attack would take half an hour or less to find the right passcode whereas a well chosen passphrase could take hundreds or thousands of years to crack. A four digit passcode is hardly a component of a strong encryption method. The thing that makes it difficult to crack in this case is the auto-wipe feature which wipes the phone after 10 incorrect password attempts. While that's part of the security model in place - it's not part of the "encryption method" and like it or not, I think the government would be able to declare it illegal and force Apple to remove it - not the encryption - just the booby trap which once triggered - destroys evidence (which is already illegal). If the government chose to pursue the auto-wipe in isolation - I think they'd be able to compel Apple to remove it from this particular phone (not all phones) without Apple having any grounds to object. If this ability were to "get out", it wouldn't compromise Apples encryption - but it would force us all to use passwords or passphrases to ensure our data remains private from governments and hackers alike. 4-digit codes would no longer offer any real security. This would acutely completely solve the problem for this "one phone" however, it doesn't set a useful precedent and would be useless against phones using proper passwords which is why (I presume) they are not going this route. But by ignoring this approach which would solve their problem for "this one phone", they are proving that their intentions do not end with "this one phone" as they have stated publicly.
[quote]
To circumvent this particular security layer Apple would need to write a new, compromised version of its iOS operating system, sign the code and install it on the device. But Apple is refusing to comply, citing an overreach of federal authority and potential First Amendment rights implications. [/quote]
This, I believe is speculation. If all they wanted to do is to disable the auto-wipe booby trap - they wouldn't have to touch the operating system. All Apple would have to do is take the existing firmware - find the line that adds 1 to the "incorrect password counter" and change the formula so that it adds "0" instead of "1". Then, they would just have to replace/update the existing firmware with the 1-byte tweak and give the phone back to the FBI. They could pay a clerk to start entering passcodes with 0-0-0-0 and incrementing by 1 until they find the code that unlocks the phone. Shouldn't take any longer than a couple of days I would think. And even if (when) the FBI lost control of this "revised firmware" - it would quickly become completely useless as everybody concerned with pricacy (which should be all of us) would stop using 4-digit codes and begin using secure passphrases. Apple could even help speed up this process by eliminating 4 digit passcodes ame forcing users to choose something secure.
In any case - speculating that a new, compromised OS would have to be created seems like fear-mongering. That is certainly one-possibility - but an extremely unlikely one. There are other ways that Apple could comply with a law requiring them to help - if such a law is indeed created that passes all constitutional challenges.
Chang of topic.
On many of these recent threads, there are many people who are arguing about what Apple should or shouldn't do in response to the demands of the FBI. These are useless debates. It's clear what Apple should be doing - and it appears that they are doing exactly that. Apple is a private company, responsible to its shareholders. They don't have a choice. They must do what is in the best interest of the company and its shareholders. Tim Cook is not the owner of the business and cannot choose to ignore a law, risking punishment simply because he disagrees with it. If it is in the best interest of Apple to do business in the USA, Apple must comply with their laws. If the law doesn't seem right - they can (and should) challenge it all the way to the Supreme Court - but - when the dust settles and the final ruling is made - Apple must (and Apple will) comply with the law. In this case - that is exactly what is happening. It would be irresponsible - and not in the best interest of Apple, its shareholders - and all of us - for Apple to not challenge the existing demands, so they can and will fight this with all legal options open to them. When they run out of legal options to refuse - they will comply with any law that comes out of this. They have to.
I dont want to give up my privacy and I am happy that Apple is challenging the FBI. I hope they win - but the debates on these forums are useless if they ignore the constitution, if they ignore reality and if they ignore reality.
I always laugh at people who have never done software development/programming. Simpletons like you think that what the courts are asking Apple to do is a one-line code change. I am actually surprised that Apple has estimated up to 4 weeks of work. I would have thought that this could take months. It is not only the software development, but all the testing involved that takes lots of time. It is tricky. You do not want to brick the target iPhone.
The fact is that this court order is an overreach of government powers. This is no longer about Apple 's willingness to help. Apple has always been expeditious in responding to warrants. However, when Apple has to pull a considerable amount of resources to develop a product that undermines its own product by court order, it is no longer reasonable.
I do not know how you can write "I dont want to give up my privacy and I am happy that Apple is challenging the FBI. I hope they win" when everything you have written shows that your position is quite the opposite.
There could be many reasons why Apple is quoting 4-weeks or more - most likely though is the fact that their plan would be to do something different than what I suggested - because the FBI is asking for something different than what I suggested. It could be many things - perhaps a self-destruct (I hope) or code to limit it to work only on the 1 device which is also reasonable.
As for the grammatical errors and double words in my posts, they're mostly a result of trying to compose the measure on my iPhone and fighting with auto-correct. I often re-read and correct after I post and always find errors. This time I didn't have time to - but my errors are completely irrelevant to my comment. Articles posted my journalists are (and should be) held to a higher standard than we who comment on them. Mikey's articles rarely have these errors which is why I speculated that this one may have been composed hastily.
You seem to have a problem with comprehension as you obviously didn't understand much of what I wrote. You are a good example of what I meant by people who ignore reality and are therefore unable to contribute anything of value to the discussion. If you could "comprehend", you'd see that I clearly stated (many times) how privacy and security could/would be preserved. We don't live in a world of black and white - but you don't seem to understand that. You apparently lash out at anything you don't understand. We are both on Apples side and we both want to preserve our rights to privacy - but when I pointed out that there is a small part of the overall issue that the FBI *might* be able to "win" based on existing legislation - you stopped listening.
You didn't contradict any of my points with reasons why that would be bad - or why it wouldn't apply the way I think it would, or anything else. You added no value to the discussion. You just called me names and picked on my typos. Not very mature. Not very open minded. No signs of any kind of intelligence from you. Grow up.
/s
https://www.facebook.com/we-stand-with-tim-cook
You must make the real effort of calling AND writing to YOUR ELECTED REPRESENTATIVES. If your representatives feel overwhelming public support for Apple they'll want to support Apple. Their reelection is dependent on their responsiveness to their constituents.
Was it because I criticized Mikey and suggested the article was sloppy? If so - I'm prepared to offer an apology to Mikey for that. My comments came out a lot harsher than I intended. I usually enjoy his articles and just noticed what I thought was a difference in the style of this one which made me think it may have been either written hastily or even ghost written by someone else. In retrospect, it wasn't worth commenting on. Sorry Mikey.
Or were all the dislikes because people disagreed with my suggestion that the FBI could separate the issue of the "booby trap" from the issue of decrypting the content of the phone? If so - it might have been nice if even one of you that "disliked" the thought had replied with some genuine reasons why I might be wrong.
To recap:
- I support Apple's decision to challenge the court order and/or any laws current or future that would force them to build backdoors, master decryption keys or tools to decrypt our data - as long as they have a legal avenue to do so.
- But as soon as Apple runs out of legal ways to challenge these things, they realistically must comply with whatever laws remain - even if you or I or they disagree with them. I don't see that they would have any other alternative at that point other than to completely exit the US. We can't expect them to deliberately break or disregard the law and risk financial penalties or other punishments (UNLESS that turns out to be in the best interest of its shareholders).
- It's great that Apple is leading this fight - but, as a private company they can only take it so far and it is up to us to join the fight by writing our elected representatives and demanding that they represent our interests.
I doubt anyone would take offense to the above points. They are all kind of obvious. So perhaps it was the following suggestion regarding de-coupling the auto-wipe feature from the privacy/encryption debate. I may not have phrased this correctly on my original post, but my suggestion itself was meant to be more of a question, or idea to spark debate and something that I thought they *COULD* do - as opposed to something that I thought they *SHOULD* do. Here it is again, reworded slightly. I'm genuinely interested in any replies where people can rebut it with reasons and facts that go beyond "I don't like that" or "I don't want them to do that". If the FBI took this approach - would Apple have any legal grounds to refuse or challenge the request?
- Given that there is an existing law that prohibits destroying evidence:
- Would this law apply to the users encrypted data on the phone?
- How does configuring an auto-wipe of a computing device materially differ from hiring someone to shred documents upon your death or arrest, or rigging an explosive device to a filing cabinet that destroys the contents if opened incorrectly?
- Does something in the constitution give us the right to destroy evidence?
- As far as forcing a person or corporation to create something new that will allow them to comply with lawful requests - how is that materially different from requiring the phone companies to provide the wiretap capabilities that have now been in place for decades?
I know that there are efforts underway to challenge some of these laws and to keep other new ones from being passed - and I reiterate my support for those endeavours. Much of the above speculation is hypothetical from a Devils advocate viewpoint.
So - if there is any part of this message that offends you personally - I apologize. It wasn't my intent. Kindly ignore that section. But if you have any thoughts on any of my other points - kindly share them. I'm genuinely curious as to how we can (realistically) fight these types of tactics/arguments and win them.
why even comment out the booby trap. Just comment out the passcode or switch the passcode flag to N. Problem solved. /s
RSA will eventually be cracked by quantum computers, but good luck with that!
No, I haven't worked on iOS - but I do have 20 years of programming experience under my belt. The code that handles this particular function (the counter and the wipe) is not protected by the same encryption that protects all of the user data (obviously).
If you understand programming at all - you'd know that for this booby trap to work, somewhere in the code there is a line that adds 1 to an incorrect password counter. So if you change the 1 to a 0, you can enter as many incorrect passwords as you like. Each time you do, the counter will increase by 0 and therefore it will never hit 10.
I know you're trying to be sarcastic but your suggestion would require more than 1 byte be changed and it also wouldn't work. Entering the correct passcode is required to decrypt the user data. Bypassing the passcode entry gets you nothing.
Were the phone companies secure in the first place?
I too hope Apple fights and wins this - they should win hands down with this specific case, but you know there will eventually be one that they lose. They shouldn't be compelled to create anything new, period.
I like you idea of changing the X counter bit to 0 if Apple really were compelled to crack an iPhone, that's one way. There now just needs to be a way to get that new firmware onto the phone without bricking it which is another problem. How many hoops would they need to jump through to comply with a court order - the burden starts to look very undue.
And if Apple loses, I'm sure there will be a ton of FOIA requests to see just how important the data was on this iPhone...