FBI director says iPhone unlock demands are limited, won't 'set a master key loose'
The FBI's demand that Apple help it crack the iPhone 5c of San Bernardino shooter Syed Farook has a "limited" scope, without impact beyond that case, according to a new editorial by FBI Director James Comey.
"The particular legal issue is actually quite narrow," Comey wrote in Lawfare. "The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve."
The FBI has been asking that Apple modify iOS 9 on a single iPhone to remove a limit on passcode attempts. When on, the feature prevents hackers from trying a brute-force unlock, since iOS will automatically delete a device's data after the limit is reached.
"We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land," Comey added.
The comment is a direct reference to Apple CEO Tim Cook's argument that creating a workaround for the FBI would also create a "master key" that could be used to break into any iPhone, not just Farook's, and undermine the security of all iOS devices.
Comey suggested that there is now a "serious tension" between privacy and security created by new technology, which should be resolved not by corporations or the FBI but by the American public, which also needs to find the "right balance" given the long-term impact. He also invoked the memory of the San Bernardino victims however, saying that the FBI "simply must do all we can under the law" to investigate.
On Monday Cook issued a memo to Apple workers, calling on the FBI to withdraw its demands. He also supported the idea of a government commission or panel to address the issue of encryption.
Recently it was revealed that the FBI worked with San Bernardino County to reset the Apple ID password associated with Farook's iPhone, ironically preventing Apple from retrieving data via an iCloud backup.
"The particular legal issue is actually quite narrow," Comey wrote in Lawfare. "The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve."
The FBI has been asking that Apple modify iOS 9 on a single iPhone to remove a limit on passcode attempts. When on, the feature prevents hackers from trying a brute-force unlock, since iOS will automatically delete a device's data after the limit is reached.
"We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land," Comey added.
The comment is a direct reference to Apple CEO Tim Cook's argument that creating a workaround for the FBI would also create a "master key" that could be used to break into any iPhone, not just Farook's, and undermine the security of all iOS devices.
Comey suggested that there is now a "serious tension" between privacy and security created by new technology, which should be resolved not by corporations or the FBI but by the American public, which also needs to find the "right balance" given the long-term impact. He also invoked the memory of the San Bernardino victims however, saying that the FBI "simply must do all we can under the law" to investigate.
On Monday Cook issued a memo to Apple workers, calling on the FBI to withdraw its demands. He also supported the idea of a government commission or panel to address the issue of encryption.
Recently it was revealed that the FBI worked with San Bernardino County to reset the Apple ID password associated with Farook's iPhone, ironically preventing Apple from retrieving data via an iCloud backup.
Comments
"
All a search warrant does is to allow the government to ATTEMPT to open a safe, or read your mail, etc. it doesn’t mean that you have to cooperate. It means that if necessary, the government has to do the work.
That’s no different here. If the government want to try this themselves, no one is saying that they shouldn’t. But requiring Apple to do so is putting everyone on edge. A problem is that a company is only required to do this if it doesn’t present an undue burden.
While the FBI is saying that it’s only one phone, that’s nonsense, and they know it. If Apple does this one phone, they will get thousands of requests from US law enforcement for every imaginable offense. Then Apple will get thousands of “requests” from every foreign government. They will need to open a department of programmers and manage to, as well as a legal team to evaluate every request, and to implement those that they consider legal, which itself will lead to some possible court action.
This is both improper, and impossible.'
Even worse, less-nice countries like China, will start making these requests as well - this might happen regardless of the outcome of the current dispute. "Want to sell phones in our country? Then let us unlock the phones we want to unlock. Now." - says every other country. Thanks, FBI.
That is the point Apple is making it they do it one they will be required to do it every time and for any police agency in the world or government agency otherwise they run the risk of being shut out of the market place. Also it just mean if people know they can not trust apple they will go to some other source outside the US government control. But they could do like they did for year not allow certain technology to be exported, they will just no allow certain technologies to be imported to the US.
What does "No" do you not understand? No mean NO! That is too fucking dangerous! If Apple had to comply the order, and compel to open the encryption that Apple said it is IMMPOSSIBLE, the blood will be on your hands. It'll be too tough to remove that blood off your hands. Where that "blood" come from? The communist countries who murder innocent people all over stupid phones with encryption.
1) How to get an iPhone to load a new version of iOS without wiping the user-data content from the phone. Whenever I've done a restore it has been after a local or iCloud backup has been taken and after the iPhone wipe, a restore is done from that backup.
1a) Installing a fresh iOS (one containing the hack) would require the iPhone already be unlocked with the PIN (from what I recall, the backup and restore process requires an already PIN-unlocked phone). If they already had the PIN to perform this process the FBI would not need this request.
2) Perhaps the hack is going to be introduced via an application download. Loading software into the user's iCloud space, will result in it being auto-downloaded to the iPhone (in the background) but only if that option is already set by the user in advance.
2a) if the user has not set the auto-download option in advance, can Apple set it remotely (where is this state kept)?
2b) for this option to make any difference, it would not only have to be an auto-download but also an auto-execute on the iPhone. I thought that was blocked by iOS (again requiring a different operating system (see #1, above)).
In other words I do not see how this request can be of any benefit to the case it is being applied. All solutions result in a wipe-before-backup of the user data. A direct consequence is that the hack can only be of benefit to future cases, making a lie (for purely technical/practical reasons) of the FBI's request.
What am I missing here?
What's with the huge influx of new POS trolls lately? AI has always had a few idiots show up now and then, but the last few months it seems we get several new posters per article.