US Attorney General Loretta Lynch talks iPhone encryption case with Stephen Colbert

Posted:
in General Discussion edited March 2016
U.S. Attorney General Loretta Lynch toed the line in an appearance on The Late Show with Stephen Colbert on Thursday, and reiterated that the government is merely requesting Apple for help in unlocking a single iPhone linked to last year's San Bernardino terror attack, not a backdoor into iOS.




While not the main topic of discussion, Colbert touched upon the contentious encryption debate sparked by Apple's resistance of a court order compelling its assistance in the ongoing FBI investigation.

"Well, you know we've disagreed publicly in court, and I've had a number of great discussions with [Apple CEO] Tim Cook on issues of privacy," Lynch said. "What I'll say about this, though, is I understand why this is important to everybody, because privacy is an important issue for everyone. It's important to me as the attorney general, it's important to me as a citizen."

Attempting to provide context, Colbert incorrectly claimed the Department of Justice wants Apple to create a backdoor into iPhone, specifically a device issued to terror suspect Syed Rizwan Farook by his former employer the San Bernardino County Health Department. As stated in legal briefs and a very public campaign for public sentiment, the DOJ is asking Apple to create and sign an intentionally flawed version of iOS to suppress the passcode attempt counter on Farook's phone. FBI agents will brute-force the device to extract actionable data pertaining to the case, if any is present.

Colbert brought up one of Apple's main contentions in its case to resist government pressure, noting that the creation of a new operating system puts undue burden on the company's resources. He also made note of the slippery slope argument presented by Cook and other Apple executives in recent interviews.

Apple has argued that a government win in the San Bernardino court case sets dangerous precedent for future law enforcement requests. The FBI and fellow agencies would be granted a powerful tool that could one day be used to compel technical assistance far beyond software construction. For example, Cook and SVP Eddy Cue said in separate interviews that government agents might leverage precedent to force Apple to remotely turn an iPhone camera or microphone.

"First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead."



Lynch said much the same in an interview earlier this month when she suggested Apple treat the case like a normal customer service call.

Last night's segment comes on the heels of a court filing from federal prosecutors in support of the government's request of Apple, a letter that both addressed and attempted to dismantle each of Apple's assertions.

Apple and the DOJ are set to discuss the issue in court on March 22.
«134

Comments

  • Reply 1 of 67
    "she suggested Apple treat the case like a normal customer service call."
    I thought I read that apple did treat it like a customer service call and gave the fbi steps to take to update the iCloud backup... Until someone reset the iCloud password.
    edited March 2016 maciekskontaktnouserjustadcomicsSpamSandwichlostkiwiyoyo2222badmonk
  • Reply 2 of 67
    radarthekatradarthekat Posts: 2,933moderator
    For those new to the FBI versus Apple battle...

    Here is what's going on.  

    The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture.  This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE.  So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.

    To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key.  Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.

    So you need to enter each password guess into the iPhone you are trying to unlock.  And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts.  This feature is what makes a simple four digit passcode such a strong security measure.  Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations.  The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone.  But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.

    The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password.  10,000 tries, even if done manually, wouldn't take very long.  Of course, they are also asking for two additional weaknesses.  One is to allow passwords to be sent to the phone electronically (wirelessly).  That would save time over manually sitting there trying one after another passcode.  And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip.  You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over.  So that puts the lie to the FBI's stance that they want this only for this one time.

    Apple is not being asked to use any method they want to just get the data.  Apple is being demanded to build a forensic tool for law enforcement's repeated use.  Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available.  This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system.  Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.

    Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.

    Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.

    Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.
    cincymacfotoformatanantksundaramEezibleedpscooter63gtrjbishop1039davenjbdragonnouser
  • Reply 3 of 67
    irelandireland Posts: 17,537member
    Another propaganda piece by the government. Also, I wish to punch that audience.
    edited March 2016 jbdragonnouserjustadcomicsbadmonk
  • Reply 4 of 67
    Normal customer service call : Normal Customer : "Apple can you help ?" Apple : "We've had a look, the answer is No we can't help." Normal Customer : "Ok, thanks for trying." This 'normal service call' US Government : "Apple can you help ?" Apple : "We've sent people down, we've given you advice and you ignored it. That's all we can do." US Government : "Tough, we want in & we're gonna lie to the Media and Public, until you relent and sue you because we want to spy on the world." US Government to everyone : "Our quadruple billions of NSA money used to spy on everyone in world can't get into the iPhone and we really need to look 'just this once'. Trust us we won't ever need it again (other than all the other cases we're pursuing quietly), we're the guardians of liberty and privacy." Everyone : "I think Not, we've heard this before and heard testimony to congress that you promised you weren't spying on us, then we found out you were. Once bitten..."
    edited March 2016 wonkothesanegtrbrakkenstsknouserstevehjustadcomicsjony0metrix
  • Reply 5 of 67
    tenlytenly Posts: 707member
    [quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    edited March 2016
  • Reply 6 of 67
    tenly said:
    "First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead."

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    A lot of people are starting to leave their passwords in their will, that way your son could unlock your phone once you have gone, and no apple don't unlock even with a certificate
    mr ojbdragonjony0
  • Reply 7 of 67
    williamhwilliamh Posts: 630member
    tenly said:
    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    1) True about obtaining a used iPhone - but the county owns the phone and did not obtain a used iPhone.  It's a county-owned phone for work, the user had no expectation of privacy, and the data belongs to the county.  The county should have had some MDM system to control this.  The issue at hand is not whether the government has the right to access the data - of course they do and for multiple reasons.  The issue is whether Apple can be forced to develop a tool to circumvent the device security.  Would not even have come up if the county had used MDM.

    2) Good question.  There is probably a way to do this.  Plenty of folks die without disclosing their password to their next of kin - must be a lot of folks just forgetting the passwords.  I suppose it would be bad form to use the finger of the deceased at an open casket funeral to unlock the phone. :*
  • Reply 8 of 67
    The way our government officials lie through their teeth, in public, without the slightest hint of hesitation, with utter contempt for its citizens and companies, is simply unbelievable.

    There are no consequences anymore, apparently.  
    pscooter63gtrjbdragonration alstsknouserjustadcomicsGTRownsUbuzdotsjony0
  • Reply 9 of 67
    terrorists have succeeded in spreading fear to the wide population by using governments to do their bidding. They have also managed to have governments do what they themselves could not do, undermine the Constitution (US), our principles as a free society. The way governments should fight terrorism is to do exactly the opposite. That's is, to FERVENTLY protect privacy, to make everyone feel secure, to adhere to the Constitution, to strike the proper balance between law enforcement and civil liberties, and to improve government so that it can serve better.
    edited March 2016 ration alGTRownsUlostkiwiretrogustoxamaxjony0
  • Reply 10 of 67
    john.bjohn.b Posts: 2,716member
    What a shill, I just lost all respect for Colbert...   :|
    nouserlostkiwiicoco3
  • Reply 11 of 67
    I think, what Apple should do is to not only do what the FBI is asking, but go a step further and create a new version of iOS that is completely open and hackable so the government has access to everyone's data - and so that the Russian, Chinese and other nefarious hackers can steal everyone's data, bank accounts, etc.

    It's just ridiculous that the FBI is hanging its hat on this one iPhone, which just happens to be the one thing the perp didn't destroy...hint, hint, maybe because it's got nothing on it worth hiding...


    ration al
  • Reply 12 of 67
    lkrupplkrupp Posts: 6,620member
    john.b said:
    What a shill, I just lost all respect for Colbert...   :|
    So you finally discovered that Liberals and Conservatives are basically the same in wanting big government to micromanage our lives by “taking care” of us?
    ration aldesignrnouserlostkiwiicoco3
  • Reply 13 of 67
    mike1mike1 Posts: 1,808member
    tenly said:
    "First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead."

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    You're wrong about the ownership. If your employer provides your phone, they own it and everything on it, including the data (that means pics, folks). They can look into it at any time, with or without your permission or knowledge. Even though it's a drag, I strongly suggest that anybody with a company provided phone also have a personal phone. Years ago, the company I worked for replaced my Blackberry with an iPhone, I went out and bought an iPod Touch and used that for all my personal uses except actual phone calls. I did set up a Skype # for those few times I didn't want to make a call from my company phone. When the company instituted a BYOD policy, it was simple to just move everything from my iPod to my new iPhone.
    nouser
  • Reply 14 of 67
    tdsmactdsmac Posts: 13member
    [quote]"First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, [/quote]

    So let's break down this paragraph in reverse. Yes it's true that the county is the owner and they are asking Apple to do what they want. But, just like any other customer, Apple can't retrieve your login credentials. You loose them then you need to start over. This is no different then any encrypted software like 1password or File Vault.  If you loose the key the data can't be retrieved period. 

    Lynch is correct that in that they have not asked to turn on anything to spy on anyone. But that is not to say that once the first hurdle is crossed, by writing iOS software to bypass security features that it would be easier to then require a software vendor to take that next step. 

    As far as the first sentence, Lynch is correct but only with semantics.  With everything discussed it's disingenuous to state this position. In order to comply with the last sentence, one must write software which creates a back door. She is also ignoring the testimony Comey who even stayed on the record that there are over a hundred other phones, where law enforcement wants access, and can use this as a precedent.  

    Total sham. 



    ration alpscooter63nousersessamoidlostkiwijony0
  • Reply 15 of 67
    dewmedewme Posts: 1,900member
    If the owners of the phone wanted to exert total and absolute control over the phone they would have used mobile device management (MDM) software to manage the phone. These tools are readily available and used by thousands of commercial and government entities around the world. They chose not to use MDM either through ignorance or choice. So now, having failed to take the actions necessary to properly control their own assets and information they want Apple to mitigate their chain of ineptitude by compromising every single one of Apple's billions of other customers because they consciously made bad business and management decisions around protecting themselves, their assets, and their information. This is the United State of Litigious America - you screw up - then you find a way to blame your screw up on someone else. To see a government official playing spin games and trying to fabricate a fictional narrative in order to cover their tracks, agenda, and evil intent is appalling. 

    This is yet another great example that shows how inept, inefficient, and ineffective government agencies are as a whole. Yeah, they're understaffed, underfunded, don't get to skim from the top of the talent pool, some are ridiculously underpaid for the responsibilities they hold, some are grossly overpaid for the load they add to the system, everyone loves to hate them, and they are frustrated and jealous of the compensation that their peers in industry enjoy. But in many parts of the country the government is the largest employer and government jobs and bureaucracy are basically what keeps the unemployment rate less than 30-40% that it would otherwise be. When you add in government contractors and other entities sucking money from the never ending supply of money in government coffers - all of which is squeezed from taxpayers, the impact of government bureaucracy on everyday life in the US is staggering. If not for the relatively few private entities, Apple included, that actually create wealth and value outside of the constantly flowing pipeline of government spending we'd all be working for the government. You could argue that the US government creates and secures an environment in which companies like Apple can be successful - and to a large extent you'd be right - if it were 1975 today. But in a global economy the situation has changed.

    The only way companies like Apple can be successful on a global scale and in the global economy is to have global credibility around protecting the fundamental rights of all of its customers in all of the markets it serves. It has to provide products that are intrinsically secure and private. If individual countries or other entities decide that they don't want to allow Apple's products to be used in their pure form in their environments, there are non-Apple tools like MDM to allow masters of government and industry to foist control over their subjects. The tools are there. If the FBI, NSA, DOJ, or a mom & pop hot dog stand business issues an asset that they need total control over to their subjects that is their prerogative and a condition of employment for everyone who signs on with the employer. That's the way it should work. All these terrorphobics who think the FBI should have the power to compel Apple to break their product for the investigation of a crime should have no opposition to signing up to have an FBI managed MDM system installed on their phone. Make it opt-in and then we'll see how many people would back their commitment to law enforcement based on the will of the enforcer. On the other hand the government should not be allowed to force Apple to automatically and universally opt-in all of its customers into an expansion of the mass surveillance programs already in place. Those kinds of actions should not take place in a democracy. Maybe in North Korea, Nazi Germany, Soviet Union, or whatever rebranding would come to the US if Trump becomes Grand Master of the Republican Party - maybe Trumpsylvania? 

    The bottom line: owners of smartphones already have ways to provide total control of their devices in a way that circumvents the Apple provided privacy protections. If they choose not to use these tools that's their problem, not Apple's. If other owners of devices want to opt-in to other device management programs run by other agencies, say the FBI, DOJ, Google, or whatever, they should be allow to do so by by choice. Anything less than "by choice" is unacceptable. 

     


    edited March 2016 ration alpscooter63nousersessamoidxamaxyoyo2222
  • Reply 16 of 67
    tenlytenly Posts: 707member
    nitrokev said:
    tenly said:
    "First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead."

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    A lot of people are starting to leave their passwords in their will, that way your son could unlock your phone once you have gone, and no apple don't unlock even with a certificate
    That's a very bad thing to do.  The contents of a will are public.  If someone gets the password before the intended, grieving recipient has a chance to change it - they could steal the account.   It might even still have a valid credit card attached to it - they could purchase loads of music and even demand a ransom for the return of the account...  People should be advised not to leave passwords in their will...however I don't know what the best way to handle the situation would be.
    xamax
  • Reply 17 of 67
    I think, what Apple should do is to not only do what the FBI is asking, but go a step further and create a new version of iOS that is completely open and hackable so the government has access to everyone's data - and so that the Russian, Chinese and other nefarious hackers can steal everyone's data, bank accounts, etc.

    It's just ridiculous that the FBI is hanging its hat on this one iPhone, which just happens to be the one thing the perp didn't destroy...hint, hint, maybe because it's got nothing on it worth hiding...


    the US Govt is not interested in keeping your data secure. They are hypocritical and flat out liars. It is a fact from the Snowden leaks, that the US Govt is more interested in finding zero day threats, not to patch them (or let private companies know of threats) to keep everyone safe, but to exploit them to spy on the wide population or mount cyber attack to other countries. They go a step further and infiltrate industry groups to water down encryption standards, so that they can break them easily. Now the FBI and DOJ are forcing Apple to undermine data security of their products. The US Govt is shortsighted in every thing it does and fails at everything it does.

    The US Govt clearly does not have America's best interests in mind and we are now left with the private sector defending our interests. It is sad.
    edited March 2016 ration alnouserlostkiwixamax
  • Reply 18 of 67
    jungmarkjungmark Posts: 6,634member
    Lynch is full of sh1t. It's not just one phone. It sets a precedent for all future requests. Today it's terrorism, tomorrow it's protesters. 
    ration alnouserpalominelostkiwixamaxjsnow
  • Reply 19 of 67
    tdsmactdsmac Posts: 13member
    tenly said:
    [quote]Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    They can't. Also not everyone wants to give access to private info when deceased. If you want someone to have access to your device(s) when you die, you need to divulge your passcode in some way. Be it a will, Saftey deposit box, etc.  You should be doing the same with your passwords for all you financial accounts as well. Best option would be to include all of these things in a program like 1password and leave the master password, as stated above, in case of death.  This way your loved ones have all your info and don't have to go finding papers and hunting around. 

    Maybe one thing Apple could possibly do is allow the creation of a secondary passcode on a device, which can be used in case of death. Better yet, allow you to designate another idevice(s) to receive an authentication code which can unlock your device.  This way no codes are given out manually.  Thus a trusted device.  Now that Apple has a management system, which they will be releasing soon,  for the education market maybe features could be added to manage devices within a household/trusted member.  
    brakken
  • Reply 20 of 67
    jbdragonjbdragon Posts: 1,966member
    tenly said:
    [quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]

    The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county.  Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

    Hey - here's an unrelated question.  I have an iPhone protected by the Activation Lock feature.  Nobody has my Apple ID password.  What happens if I die unexpectedly?  If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID?  Will Apple disable the Activation Lock upon presentation of a death certificate?
    If the owner of the phone, in this case the Government agency, that hired this terrorists that the U.S. Government let into this country want into Employee's phones, they should have been using MDM software installed on their phones!!! Then they could have gotten right in, and the Government could have snooped all they wanted. It's not Apple's job to create new software to get around security measures. This lie about being one phone is just that, a LIE!!! Why it keeps being repeated is a joke. I'm sure the Government thinks it'll work. Repeat a lie enough times and most people will believe it. If you lose, or can't remember your passcode, it's not Apple's job to break into your own, even IF you're the owner. If you're memory is that bad, don't passlock your phone or keep the code in your safe or something.
    nouser
Sign In or Register to comment.