Apple says San Bernardino iPhone case is 'unprecedented,' cannot be decided in a vacuum

13»

Comments

  • Reply 41 of 47
    dabedabe Posts: 99member
    CMA102DL said:
    tmay said:
    http://www.theverge.com/2016/3/16/11244396/apple-vs-fbi-encryption-china-source-code-backdoor

    U.S. and China ratfuck citizens, smile and upload selfie to snapchat. World harmony follows.
    It is funny how the article indicates that Apple has delivered a backdoored OS to China and that the FBI is using it now. Well, if that's the case, then the FBI does not need the current court order executed....The FBI is just desperate.
    Where exactly does the article "indicate" this? Couldn't find it.
  • Reply 42 of 47
    stevehsteveh Posts: 480member
    JeffA2 said:

    Not only is there a risk of theft, there's a risk that Congress or a secret court commands Apple to turn over the software in the name of national security. I can see almost no good conclusion to this for Apple because the government will attack Apple for years until they get what they want. 

    Split Apple up into divisions (Apple EU, Apple Asia, Apple US, etc.) or into wholly separate businesses and let them comply with local laws so the entire company is not jeopardized.
    Theft doesn't matter -- the code won't load onto any other phone without a valid Apple certificate. Turning the software over to any agency doesn't change this.


    Which is only interesting if the code used cannot possibly be decompiled and modified. You can't seriously believe that, say, the NSA or other nations' equivalent agency couldn't do many interesting things with the executable here.
  • Reply 43 of 47
    JeffA2JeffA2 Posts: 82member
    CMA102DL said:
    JeffA2 said:

    I'm sorry but this is riddled with factual errors:

    1. Apple is explicitly allowed to retain custody of the phone. They only  need to permit the FBI to have remote access to enter the PIN data.
    2. The modification to the phone software is explicitly restricted to RAM. Once this phone powers off, it will no longer contain the patch that the FBI has requested.
    3. Even Apple doesn't claim that the requested software will 'cost many millions' to develop.
    4. This was terrorist act inspired by a group hostile to the United States. These groups have demonstrated their ability and will to attack America. This is qualitatively different from other killings.
    5. The county did install management software on the phone. Unfortunately, it was not activated. They screwed up. Lots of IT departments do.
    6. The widely repeated idea that the FBI could have retrieved the data if only they had not changed the iCloud password has been debunked. What they did was stupid but it didn't really matter in the end -- the phone was in a powered-off state when recovered. At power-on it still requires a PIN.
    7. There is no reason that the 5S would be less vulnerable to the procedure requested by the FBI. 
    8. Nothing in this case prevents Apple from making future versions of iOS hardened against the procedure. All they have to do is require a PIN to be entered before the phone will enter DFU mode.
    1. It would be good if Apple would get to keep the phone at the very end and destroy it. The phone is owned by the US Govt. and it is evidence, to be "borrowed" by Apple.
    2. Firmware is always stored in non-volatile memory. The US Govt. has made the case that they need some functions moved to RAM because they think that this will enable them to bruteforce the phone quicker. They want to connect to the phone via Wifi and be able to bruteforce remotely, so they say. Of course, we are not stupid. They will try to get a copy of the firmware via Wifi first. 
    3. It could definitely cost multiples of millions of dollars with 10 highly paid engineers and up to 4 weeks each on the project.
    4. Seriously, what makes this one more relevant to another mass shooting killing? All evidence in fact points to the fact that this was planned by Farook and wife and that other than help from a neighbor, they really received no other help. They were not connected with ISIS. ISIS wanted nothing to do with them. If Farook and Malik were well connected, then there would be tons of phone, social media and messaging metadata. But make no mistake, the FBI is labeling this as a "terrorist" attack for political reasons. Somehow the word "terrorism" makes this crime more relevant that others...which means that all of us in the USA need to give up our Constitutional rights for the greater good...This is stupid
    5, 6, 7 are just excuses
    8. No, once you have created this software, it could leak and compromise alike phones in the entire world and could be modified to compromise other phones. This is not about 1 iPhone. The DOJ has at least 170 phones that it needs unlocked and is looking to establish a court precedence. The FBI's goal is to ultimately entrap Apple and undermine everything Apple is doing to protect customer's data in their phones.

    I'd say NO to the FBI and DOJ.
    Sigh...so much misinformation. You should really try to read the actual court order. And try to learn something about software.

    The requested iOS mod will be loaded via DFU in RAM not flash. The court order actually specifies that the iPhone's flash memory not be modified in any way. And it doesn't need to be. The entire patch will be in RAM. When the phone reboots the patch will be gone. That's not an opinion. That's a fact.

    A typical 'highly paid' programmer has a fully burdened cost of < $200/hr. 10x4x40x200 = $320,000.00. And that's a generous overestimate.

    You point #4 is so illogical that it really doesn't bear refutation. But I can't help it, I'll try anyway. What makes this killing different is that it was a politically motivated expression of hostility to the United States of America. It wasn't a drive-by shooting, or a mugging or even 'typical' workplace violence -- as horrific as that sounds. It was an act of political expression that is part of a global movement. The Farook's considered it to be their part in carrying out Jihad. Unfortunately we've learned that there are many people who have a twisted view of Islam and some of them act on this view. To deny that this is a global movement is to willfully ignore the last 15 years of world history. 

    The way software is loaded via DFU requires a valid signed certificate. The certificate can only be issued by Apple and is specific to this phone and it's own unique UUID. Again, the court order specifies this in detail. Altering the UUID in the software so that it can load onto a different phone will invalidate the certificate. The revised software will simply fail to load. The only way to make it load would be for Apple to sign the new code. If you don't believe that's secure then stop worrying about the FBI. Anyone could hack your phone and steal your data. 

    I have no idea what you mean when you say "5,6 and 7 are just excuses". They are facts. And cases are tried on facts not some grand philosophy or principle.

    I realize that these are complex issues but the level of misinformation on this forum is beyond the pale. Virtually everything you have claimed in factually incorrect. This is not a matter of opinion. It's a verifiable fact. 
  • Reply 44 of 47
    JeffA2JeffA2 Posts: 82member
    steveh said:
    JeffA2 said:

    Theft doesn't matter -- the code won't load onto any other phone without a valid Apple certificate. Turning the software over to any agency doesn't change this.


    Which is only interesting if the code used cannot possibly be decompiled and modified. You can't seriously believe that, say, the NSA or other nations' equivalent agency couldn't do many interesting things with the executable here.
    Of course it can be decompiled and modified. But then DFU will fail to load it onto the target phone because it will not be properly signed. 

    The software has never been the issue here. The FBI could hire expert jailbreakers to create the patch they need. It would take longer and be a bit more failure prone. But creating the software is not impossible for a 3rd party. The problem is that the iPhone will not load it without being signed and only Apple can sign the code.
  • Reply 45 of 47
    JeffA2JeffA2 Posts: 82member
    jungmark said:
    JeffA2 said:

    I'm sorry but this is riddled with factual errors:

    1. Apple is explicitly allowed to retain custody of the phone. They only  need to permit the FBI to have remote access to enter the PIN data.
    2. The modification to the phone software is explicitly restricted to RAM. Once this phone powers off, it will no longer contain the patch that the FBI has requested.
    3. Even Apple doesn't claim that the requested software will 'cost many millions' to develop.
    4. This was terrorist act inspired by a group hostile to the United States. These groups have demonstrated their ability and will to attack America. This is qualitatively different from other killings.
    5. The county did install management software on the phone. Unfortunately, it was not activated. They screwed up. Lots of IT departments do.
    6. The widely repeated idea that the FBI could have retrieved the data if only they had not changed the iCloud password has been debunked. What they did was stupid but it didn't really matter in the end -- the phone was in a powered-off state when recovered. At power-on it still requires a PIN.
    7. There is no reason that the 5S would be less vulnerable to the procedure requested by the FBI. 
    8. Nothing in this case prevents Apple from making future versions of iOS hardened against the procedure. All they have to do is require a PIN to be entered before the phone will enter DFU mode.
    1. Until the FBI demands the tool and request it's use on 100s and 1000s of iPhones. 

    2.  You know this how?

    3. True but the Feds will keep requesting this tool and frankly no one works for free. 
    I know this because I have bothered to read the actual court order. You should read it sometime:

    http://www.ndaa.org/pdf/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf

    it's highly informative.

    The FBI and the US Attorney's office in NYC will certainly ask for this to be done for other phones. But each request will have to undergo judicial review. A warrant must be issued and then a court order. Both can be publicly reviewed and challenged. That's called the 'rule of law'. 
  • Reply 46 of 47
    tmaytmay Posts: 6,439member
    JeffA2 said:
    CMA102DL said:
    1. It would be good if Apple would get to keep the phone at the very end and destroy it. The phone is owned by the US Govt. and it is evidence, to be "borrowed" by Apple.
    2. Firmware is always stored in non-volatile memory. The US Govt. has made the case that they need some functions moved to RAM because they think that this will enable them to bruteforce the phone quicker. They want to connect to the phone via Wifi and be able to bruteforce remotely, so they say. Of course, we are not stupid. They will try to get a copy of the firmware via Wifi first. 
    3. It could definitely cost multiples of millions of dollars with 10 highly paid engineers and up to 4 weeks each on the project.
    4. Seriously, what makes this one more relevant to another mass shooting killing? All evidence in fact points to the fact that this was planned by Farook and wife and that other than help from a neighbor, they really received no other help. They were not connected with ISIS. ISIS wanted nothing to do with them. If Farook and Malik were well connected, then there would be tons of phone, social media and messaging metadata. But make no mistake, the FBI is labeling this as a "terrorist" attack for political reasons. Somehow the word "terrorism" makes this crime more relevant that others...which means that all of us in the USA need to give up our Constitutional rights for the greater good...This is stupid
    5, 6, 7 are just excuses
    8. No, once you have created this software, it could leak and compromise alike phones in the entire world and could be modified to compromise other phones. This is not about 1 iPhone. The DOJ has at least 170 phones that it needs unlocked and is looking to establish a court precedence. The FBI's goal is to ultimately entrap Apple and undermine everything Apple is doing to protect customer's data in their phones.

    I'd say NO to the FBI and DOJ.
    Sigh...so much misinformation. You should really try to read the actual court order. And try to learn something about software.

    The requested iOS mod will be loaded via DFU in RAM not flash. The court order actually specifies that the iPhone's flash memory not be modified in any way. And it doesn't need to be. The entire patch will be in RAM. When the phone reboots the patch will be gone. That's not an opinion. That's a fact.

    A typical 'highly paid' programmer has a fully burdened cost of < $200/hr. 10x4x40x200 = $320,000.00. And that's a generous overestimate.

    You point #4 is so illogical that it really doesn't bear refutation. But I can't help it, I'll try anyway. What makes this killing different is that it was a politically motivated expression of hostility to the United States of America. It wasn't a drive-by shooting, or a mugging or even 'typical' workplace violence -- as horrific as that sounds. It was an act of political expression that is part of a global movement. The Farook's considered it to be their part in carrying out Jihad. Unfortunately we've learned that there are many people who have a twisted view of Islam and some of them act on this view. To deny that this is a global movement is to willfully ignore the last 15 years of world history. 

    The way software is loaded via DFU requires a valid signed certificate. The certificate can only be issued by Apple and is specific to this phone and it's own unique UUID. Again, the court order specifies this in detail. Altering the UUID in the software so that it can load onto a different phone will invalidate the certificate. The revised software will simply fail to load. The only way to make it load would be for Apple to sign the new code. If you don't believe that's secure then stop worrying about the FBI. Anyone could hack your phone and steal your data. 

    I have no idea what you mean when you say "5,6 and 7 are just excuses". They are facts. And cases are tried on facts not some grand philosophy or principle.

    I realize that these are complex issues but the level of misinformation on this forum is beyond the pale. Virtually everything you have claimed in factually incorrect. This is not a matter of opinion. It's a verifiable fact. 
    I'm thinking that the DOJ isn't using the proper rule of law;

    https://backchannel.com/the-law-is-clear-the-fbi-cannot-make-apple-rewrite-its-os-9ae60c3bbc7b#.v7oe2qlbl

    But you being a legal authority likely were aware of that.
    tallest skil
  • Reply 47 of 47
    CMA102DLCMA102DL Posts: 121member
    dabe said:
    CMA102DL said:
    It is funny how the article indicates that Apple has delivered a backdoored OS to China and that the FBI is using it now. Well, if that's the case, then the FBI does not need the current court order executed....The FBI is just desperate.
    Where exactly does the article "indicate" this? Couldn't find it.
    Based on my understanding of the article, it appears that the FBI is alleging that Apple has provided accommodations to China for the WAPI wireless standard and that these are source codes. But you are correct, it was no backdoored OS. But again, this is another finger pointing from the  FBI to Apple and another failed attempt to force Apple to provide source code or access to the iPhone.

    "If Apple has already built backdoors for China, how can it object to building one for the FBI? In a filing in the San Bernardino case the next week, the government made a similar case. They told the judge about Apple's accommodation of the Chinese WAPI wireless standard and Chinese state media reports that suggested the company had turned over source code to the government. For prosecutors, those accommodations looked an awful lot like the same kind of measure Apple was now denying to the FBI. Yesterday, Apple pushed back. In submitted testimony to the court, Apple software chief Craig Federghi stated under penalty of perjury that the company has never built a backdoor for any country, never submitted source code, and never built the kind of custom access system proposed by the FBI. "

Sign In or Register to comment.