Quit spinning an agenda. I'm not sure if you're just yapping and/or ignorant. Look at the bigger picture of what the government is trying to do, and will certainly do in the near future. Apple is not in the business of doing the work of law enforcement. To my knowledge, all attacks happened regardless of what was on someone's phone.
Ignorant in what way? If I've said anything factually inaccurate, point it out and I'll be happy to retract it when shown the error. Many, many statements on this forum about the technical details of this issue are simply and provably wrong.
As for the philosophical argument we all have a different view of the 'bigger picture'. Mine (and my 'agenda') is that we are a nation of laws, protected by a constitution, a system of checks and balances and a system of judicial review. Nowhere in that system does a private corporation get to dictate matters of law. Ceding the rule of law to a corporation is far more dangerous than the contents of a phone.
Would you be as happy if it were IBM or Samsung hiding behind a privacy argument to defend their business model? Or General Motors? How about GE? Or Citibank? Just because we all like Apple products doesn't mean that they get to determine the law. Bernie Sanders entire political movement is based on the idea that private companies have usurped democratic powers. And that, I agree with.
Just to be clear, the previous two paragraphs are opinions, not facts. Feel free to disparage them. But if you bring up technical issues make sure you do enough research to get them right. If you don't understand the technology, don't make stuff up or just repeat what you read elsewhere. The signal to noise ratio on this forum is poor enough as it is.
---
You clearly haven't read the Apple response where they point out the exact opposite of what you contend; that it is the government who is attempting to hijack the law to their ends, in instance after instance that Apple's lawyers clearly and precisely point out. You are uninformed on the legal aspects of this case, and that casts serious doubt on your further contentions that you are an able judge of whether or not those here speaking to the technical aspects know of what they speak. You clearly do not.
I've read it, I just don't agree with it. But I don't claim to be a lawyer.
I do know more than a little about computers. Nothing I've said is factually incorrect, to the best of my knowledge. If I've made a technical error, point it out.
Though I hope that there is no GovtOS, would these employees be charged with "Contempt of Court"?
The court order is against Apple. The court presently has no jurisdiction over individual employees. That could be established, but then the USDOJ would be fighting the case on multiple fronts because the individuals have rights in addition to those pled by Apple (namely the constitutional ban against slavery and indentured servitude). Further, once they are no longer employees it would violate U.S. law for the coders to unilaterally use trade secret information without consent of the owner of that trade secret (and a court could not lawfully order otherwise because the prohibition is a statutory one that Congress would have to override first.)
that the feebs are finally saying "well then give us the source code and keys" indicates that someone on their legal team finally understands the All Writs Act. Apple can only be compelled to turn over that which it has. It has the original source code and security authenticate codes. Apparently, the feebs don't employ or contract with any hackers who can reverse engineer the source code which would moot the first part but not the second part.
I think your interpretation of the AWA is suspect but that's a matter for others. Your conclusion, however, is alarming. While I support the DOJ's original court order, I would be opposed to Apple turning over its encryption keys. Doing so places every current phone at risk of a man-in-the-middle attack. I would be surprised (and horrified) if a court found that risk acceptable. The DOJ's original approach is far short of that and they have cited relevant (so they think) precedent for using the AWA to compel the creation of code. That's where the court fight will play out.
For a bit more insight into the AWA debate, consider that this 'request' by the FBI effectively requires Apple to build a forensics division around the tool the FBI wants Apple to build. Defense attorneys will bring their own experts to inspect the tool (source code) to ensure that it doesn't alter the data it's designed to assist law enforcement in gaining access to. Apple engineers and management would be called to testify about the tool in case after case. Multiply by the hundreds of iPhones already in law enforcement's hands, plus more in tne future and you can quickly build a case for undue burden which is one of the dimension along which an argument can be made against application of the AWA. Layers upon layers to this case. Here's a good read on the topic... http://www.zdziarski.com/blog/?p=5645
Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.
Warrants be damned. No one with the intelligence of a gypsy moth believes the government will seek warrants. Snowmen proved that. The only reason the government would ever seek a warrant is because they want to introduce the evidence in court...
the feebs went court order this time because they cannot crack the system on their own. But if they could you and I (unless you are a jackbooted feeb) would have ever heard that the feebs had hacked the phone...cause they don't want to submit evidence in a trial. Further, had the feebs had the ability already they WOULDNT NEED A WARRANT IN THIS CASE ANYWAY since this phones owner would simply consent. We would never have even heard about this issue. And in terrorism cases in the future, if they get their way, we won't again because they will get to admit the evidence in trial in secret claiming national security...or they will just kill the suspected terrorists. Oopsy. Not like we go after feebs who murder publicly now anyhow. No defendant no trial no public knowledge.
Mother governments brief is ludicrous in that it asserts that the government should be allowed to decide what is best for you...not you decide. The founders are ALL spinning in their graves. We the People are supposed to decide not We the Despot Government.
It feels awful lot like new revolution is in the air. The government is overreaching too often and that is what got King George bitch slapped off this continent.
So this is what mystifies me. The very people who claim to care most about Constitutional rights are the first ones to dismiss them as irrelevant. Not me. For better or worse they've worked pretty well. The government overreaches sometimes, invariably gets caught, things tilt back and the cycle repeats. The alternative of a corporate plutocracy is a one-way ticket to despotism. I'll take flawed democracy every time.
For a bit more insight into the AWA debate, consider that this 'request' by the FBI effectively requires Apple to build a forensics division around the tool the FBI wants Apple to build. Defense attorneys will bring their own experts to inspect the tool (source code) to ensure that it doesn't alter the data it's designed to assist law enforcement in gaining access to. Apple engineers and management would be called to testify about the tool in case after case. Multiply by the hundreds of iPhones already in law enforcement's hands, plus more in tne future and you can quickly build a case for undue burden which is one of the dimension along which an argument can be made against application of the AWA. Layers upon layers to this case. Here's a good read on the topic... http://www.zdziarski.com/blog/?p=5645
Interesting argument. I'm not sure that's actually how things would play out though. The DOJ has already ceded physical control of the iPhone in the San Bernadino case to Apple. Doesn't that create a break in the chain of custody? The DOJ doesn't want to prosecute the Farook;s -- after al they're dead and even the FBI isn't that vindictive. What they want is the information on the phone.
To support a prosecution the current scheme would be unworkable. So, while Cyrus Vance Jr. has a roomful of phones he wants unlocked, I very much doubt that the kerfuffle over the Farook's is going to help him out. Unless he too just wants data to help point an investigation in the right direction and plans to submit independently gathered evidence in court. Now that could conceivably work.
I think your interpretation of the AWA is suspect but that's a matter for others. Your conclusion, however, is alarming. While I support the DOJ's original court order, I would be opposed to Apple turning over its encryption keys. Doing so places every current phone at risk of a man-in-the-middle attack. I would be surprised (and horrified) if a court found that risk acceptable. The DOJ's original approach is far short of that and they have cited relevant (so they think) precedent for using the AWA to compel the creation of code. That's where the court fight will play out.
That is exactly what the AWA allows...for a person to be required to turn over what they already have. It is superior to a straight subpoena because there are defenses to a subpoena for turning over things like trade secret. Had the judge ordered the surrender of the source code and keys Apple would have little in the way of argument.
But the source code is already on every phone running the iOS already. The feebs, in going this route silently admit they are not as sophisticated as they should be since they don't already have hackers hacked in to the code.
Technologically speaking, the County of San Bernardino is seriously at fault here. There should be no court case over this particular phone because if the County was using the built in administration features properly, or the software they purchased a license for this phone for, the County sysadmin could deactivate the wipe feature remotely and could prevent the user from changing that setting (and I know this to be true because I wrote the policy for my own company and know how those features work on iOS and Android and work closely with our technology distribution and management teams...when his story broke we confirmed that we had control of our own devices through our security policies and proved it on live devices...and BYOD was promptly ended.)
This could be used by Apple to show the burden on the company and how it affects freedom of speech.
No judge is going to care much about that pouting stance. The creation of an actual private from the government communication system is never going to fly. Never.
Too bad Apple's lawyers don't read AI, they would have known not to make similar comments in their brief yesterday.
But the source code is already on every phone running the iOS already. The feebs, in going this route silently admit they are not as sophisticated as they should be since they don't already have hackers hacked in to the code.
Huh? There is no iOS source code on an iPhone. And the FBI could probably hack the code anyway. They just can't sign it.
Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.
No Jeff that is not the case at all. The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password. If such a version were created and subsequently stolen/leaked it could be used on any other iPhone. Hence the "skeleton key" that opens all the locks analogy.
If *that* was all they wanted and it was going to end there it wouldn't be then end of the world at all. It would mean bye-bye to 4-digit passcodes that can be cracked in 30 minutes - but a well chosen passphrase would take thousands of years to brute force. The problem is that it *won't* end there. The FBI would quickly learn that it's *not* the skeleton key they hoped for and go back to court claiming the software "is broken" and demanding a "fix" that would let them get into the phone faster - perhaps forcing Apple to not allow passphrases longer than 8 characters or worse building the back door - and citing that this first case sets the precedent that they are legally entitled to the data and that Apple is legally required to write whatever software we need.
Disabling the auto-wipe to allow unlimited attempts isn't the issue at all. It's the precedent that it would set - that the government can force Apple to compromise their own product at the whim of the government that we're fighting against. If the government gets this precedent, there will be a non-stop flow of demands from the government that invade our privacy further and further until one day in the not so distant future people will think of privacy as a myth or a legend and not be able to comprehend that it ever existed.
If Apple ALREADY HAD THE SOFTWARE IT COULD BE FORCED TO TURN IT OVER BUT SINCE THE SOFTWARE DOESNT EXIST THE AWA IS NOT APPLICABLE. shouting is necessary because your to thick to get it otherwise.
Then I wonder why the DOJ cites not one but two prior precedents where Federal circuit courts found that companies could be compelled to write code under the AWA? Neither of those rulings has ever been overturned. I'm no lawyer and I'm not shouting in caps (and I'm not "to [sic] thick" either). Just wondering.
Sorry but the cases the DOJ cites actually didn’t require any computer programming like in this case, they didn’t create new software. Those companies already had the equipment necessary to do what was ordered and had already done those things to serve costumer requests. The programming was something like defining the phone number to monitor and took less than a minute.
Let's put this in terms you Apple sympathizers will understand. An awesome new company has just invented an encrypted physical key to a physical encrypted door to some child molesters creepy basement. Impervious to any locksmith and of course any court orders to open it with a warrant to search for your missing son or daughter that the government believes might be inside or might contain clues as to the whereabouts of your child. Now do you get it? Simpletons Apple helps terrorists!
Let me put in terms YOU understand! When the CIA chose to be the creepy child abductors for exploitation, they were no longer viewed as an organization looking out for the interest of the people. Please thoroughly review MK Ultra and maybe you would get a clue of what we FEAR!
Then I wonder why the DOJ cites not one but two prior precedents where Federal circuit courts found that companies could be compelled to write code under the AWA? Neither of those rulings has ever been overturned. I'm no lawyer and I'm not shouting in caps (and I'm not "to [sic] thick" either). Just wondering.
Sorry but the cases the DOJ cites actually didn’t require any computer programming like in this case, they didn’t create new software. Those companies already had the equipment necessary to do what was ordered and had already done those things to serve costumer requests. The programming was something like defining the phone number to monitor and took less than a minute.
I'm not sure that's a qualitative difference. They were compelled to write software they did not have. The court seemed only to be concerned with the question of 'undue burden.' But even Apple concedes that the software modifications are not complex or costly to do. Well, that's why the specifics of this are going to be heard by judges who know more about the law than I do -- probably all the way to the supreme court.
No Jeff that is not the case at all. The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password. If such a version were created and subsequently stolen/leaked it could be used on any other iPhone. Hence the "skeleton key" that opens all the locks analogy.
If *that* was all they wanted and it was going to end there it wouldn't be then end of the world at all. It would mean bye-bye to 4-digit passcodes that can be cracked in 30 minutes - but a well chosen passphrase would take thousands of years to brute force.
Well an 8-digit numeric code would take only a few weeks. Your right for a 8 character mixed-case alphanumeric code though.
Interesting argument. I'm not sure that's actually how things would play out though. The DOJ has already ceded physical control of the iPhone in the San Bernadino case to Apple. Doesn't that create a break in the chain of custody? The DOJ doesn't want to prosecute the Farook;s -- after al they're dead and even the FBI isn't that vindictive. What they want is the information on the phone.
To support a prosecution the current scheme would be unworkable. So, while Cyrus Vance Jr. has a roomful of phones he wants unlocked, I very much doubt that the kerfuffle over the Farook's is going to help him out. Unless he too just wants data to help point an investigation in the right direction and plans to submit independently gathered evidence in court. Now that could conceivably work.
Apple does not have or had any physical control over that iPhone, no chain of custody seems to have been broken, and if the FBI were only interested in intelligence gathering they could have chosen other options, like going to the NSA. It has become clear that they wish to use this precedent for other cases where Apple would most likely have to testify and provide documentation about this new "tool". Even for evidence gathering for a legal proceeding, there are other technical options according to iPhone security specialists.
No Jeff that is not the case at all. The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password. If such a version were created and subsequently stolen/leaked it could be used on any other iPhone. Hence the "skeleton key" that opens all the locks analogy.
The other issue Apple has is where does this end? At first the FBI said this is just for this one phone but them Comey (spelling?) admitted they would want to use such a compromised version many many times. So that would compel Apple to constantly maintain a compromised version of iOS in perpetuity.
Why do people keep saying this as if it were true? The 'version of iOS that allows infinite attempts at the password' is to loaded onto the phone in question via DFU mode. An iPhone will not load arbitrary software that way. It must have a valid signature and only Apple can do that. Furthermore, the software can (and by court order must) include the specific UUID of the target phone. Therefore even if this patch got out of Apple's hands, was disassembled and the UUID changed, it would fail to load on any iPhone because it would fail the signature check. To further ensure security the phone is allowed to remain in Apple's possession for the entire time it is running the altered software. As a final condition of the court order, the entire patch must be RAM resident. No flash memory on the phone can be altered. Therefore the patch will be erased from memory as soon as the target phone is unpowered.
What we have here is a procedure for producing a key for any specific phone, not a skeleton key. The difference is fundamental.
Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.
Your first paragraph is absolutely correct - but you'll get flamed for posting anything that even gives the slightest appearance that you're adding legitimacy to the FBI's position - no matter how true it might be.
I don't think that a PIN during DFU can be done - or that any mechanism can be created that would render it impossible for Apple to replace the boot firmware. The code that boots up the phone, displays your wallpaper, prompts you for your passcode, keeps track of the number of failed attempts and the software that actually wipes your phone all has to be unencrypted in order for it to run. Sure - all of your data is safely encrypted and can't be unlocked until the correct passcode is entered - but all of that pre-login stuff I just listed HAS to run PRIOR to the user logging in and therefore cannot be made secure. It's protected by Apple signing the code - so it can't be replaced by just any old hacker - but I think that Apple will always have the capability to replace or update that code - if they had physical access to the device. What I don't quite understand though is - *IF* Apple created the modified code that disables the auto-wipe - and codes it in such a way that it ONLY will execute on the phone with this exact UUID - and signs it (because they have to sign it for the phone to execute it)..,, Why wouldn't they just be able to invalidate the signature after a couple of days pass rendering that code useless forever after - even on that one phone it was written for?
I think that both sides are lying and exaggerating. The pro-FBI side is claiming that it's only one phone - which we all know is bullshit.... But the pro-Apple side is exaggerating the risk of this code escaping into the wild. It may not be possible to keep it from escaping - but it is possible to make it completely useless to anyone that does manage to steal a copy of it.
I'm definitely pro-Apple in this argument - but not because I'm scared of this one little piece of code. I'm scared about the precedent it sets and all the future little bits of code the FBI demands be written with ever increasing scopes and durations of validity!
I have a question: why not let the FBI create the software they want, and then apple signs it software with the key? That way Apple doesn't get involved with making something they don't want to, and their keys never make it to the FBI.
I have a question: why not let the FBI create the software they want, and then apple signs it software with the key? That way Apple doesn't get involved with making something they don't want to, and their keys never make it to the FBI.
1. They have no legal right to what they want. 2. That would remove 99% of the barrier between them just setting up a front company, getting a new key signed, and then just injecting whatever code they want in the future. Or hacking the code to set up fake update servers, like the fake cell towers designed solely for copying out data and voice communication.
I have a question: why not let the FBI create the software they want, and then apple signs it software with the key? That way Apple doesn't get involved with making something they don't want to, and their keys never make it to the FBI.
No. It is never going to happen. The Apple source code is intellectual property the Government is not entitled to have. Plus Apple would voluntarily cease operations rather than turning over any intellectual property to the US gov. This is worse than letting Apple develop GovOS.
- Can a government compel a pharmaceutical company and its researchers, who took Hippocrates oath to save lives of all, to create or facilitate the creation of a poison necessary to execute a death penalty?
- Can a government compel an innocent woman to engage in unwanted romance and sex with a suspected terrorist to extract critical info from him?
- Can a government trick an innocent activist into getting married with an undercover cop and have a baby with him just for investigation purposes? www.bbc.com/news/magazine-29743857
According to a report published Thursday, a number of high-level Apple employees would rather quit their jobs than comply with a court order compelling the creation of an intentionally flawed version of iOS, currently being sought by the FBI in its investigation into the San Bernardino shootings.
Or, lest we forget ... the employees could do what they are told -- then each could justify the act by claiming: "I was only following orders".
Ignorant in what way? If I've said anything factually inaccurate, point it out and I'll be happy to retract it when shown the error. Many, many statements on this forum about the technical details of this issue are simply and provably wrong.
As for the philosophical argument we all have a different view of the 'bigger picture'. Mine (and my 'agenda') is that we are a nation of laws, protected by a constitution, a system of checks and balances and a system of judicial review. Nowhere in that system does a private corporation get to dictate matters of law. Ceding the rule of law to a corporation is far more dangerous than the contents of a phone.
Would you be as happy if it were IBM or Samsung hiding behind a privacy argument to defend their business model? Or General Motors? How about GE? Or Citibank? Just because we all like Apple products doesn't mean that they get to determine the law. Bernie Sanders entire political movement is based on the idea that private companies have usurped democratic powers. And that, I agree with.
Just to be clear, the previous two paragraphs are opinions, not facts. Feel free to disparage them. But if you bring up technical issues make sure you do enough research to get them right. If you don't understand the technology, don't make stuff up or just repeat what you read elsewhere. The signal to noise ratio on this forum is poor enough as it is.
---
You clearly haven't read the Apple response where they point out the exact opposite of what you contend; that it is the government who is attempting to hijack the law to their ends, in instance after instance that Apple's lawyers clearly and precisely point out. You are uninformed on the legal aspects of this case, and that casts serious doubt on your further contentions that you are an able judge of whether or not those here speaking to the technical aspects know of what they speak. You clearly do not.
I've read it, I just don't agree with it. But I don't claim to be a lawyer.
I do know more than a little about computers. Nothing I've said is factually incorrect, to the best of my knowledge. If I've made a technical error, point it out.
It is not a matter of being just a nation of law: we are citizens of this world together with other nations. So the perspective does not necessarily end within "this nation". This is particularly relevant because of one of Apple's main arguments in this case: if the US court wins this case, then the Chinese and Russian courts will easily win their forthcoming mirror cases too. And that will threat the security and survival of innocent citizens around the world, including the many US citizens abroad. Therefore this main issue cannot be dealt just with the argument of being "a nation of law".
Comments
I do know more than a little about computers. Nothing I've said is factually incorrect, to the best of my knowledge. If I've made a technical error, point it out.
To support a prosecution the current scheme would be unworkable. So, while Cyrus Vance Jr. has a roomful of phones he wants unlocked, I very much doubt that the kerfuffle over the Farook's is going to help him out. Unless he too just wants data to help point an investigation in the right direction and plans to submit independently gathered evidence in court. Now that could conceivably work.
But the source code is already on every phone running the iOS already. The feebs, in going this route silently admit they are not as sophisticated as they should be since they don't already have hackers hacked in to the code.
Technologically speaking, the County of San Bernardino is seriously at fault here. There should be no court case over this particular phone because if the County was using the built in administration features properly, or the software they purchased a license for this phone for, the County sysadmin could deactivate the wipe feature remotely and could prevent the user from changing that setting (and I know this to be true because I wrote the policy for my own company and know how those features work on iOS and Android and work closely with our technology distribution and management teams...when his story broke we confirmed that we had control of our own devices through our security policies and proved it on live devices...and BYOD was promptly ended.)
Huh? There is no iOS source code on an iPhone. And the FBI could probably hack the code anyway. They just can't sign it.
Disabling the auto-wipe to allow unlimited attempts isn't the issue at all. It's the precedent that it would set - that the government can force Apple to compromise their own product at the whim of the government that we're fighting against. If the government gets this precedent, there will be a non-stop flow of demands from the government that invade our privacy further and further until one day in the not so distant future people will think of privacy as a myth or a legend and not be able to comprehend that it ever existed.
Well an 8-digit numeric code would take only a few weeks. Your right for a 8 character mixed-case alphanumeric code though.
Even for evidence gathering for a legal proceeding, there are other technical options according to iPhone security specialists.
I don't think that a PIN during DFU can be done - or that any mechanism can be created that would render it impossible for Apple to replace the boot firmware. The code that boots up the phone, displays your wallpaper, prompts you for your passcode, keeps track of the number of failed attempts and the software that actually wipes your phone all has to be unencrypted in order for it to run. Sure - all of your data is safely encrypted and can't be unlocked until the correct passcode is entered - but all of that pre-login stuff I just listed HAS to run PRIOR to the user logging in and therefore cannot be made secure. It's protected by Apple signing the code - so it can't be replaced by just any old hacker - but I think that Apple will always have the capability to replace or update that code - if they had physical access to the device. What I don't quite understand though is - *IF* Apple created the modified code that disables the auto-wipe - and codes it in such a way that it ONLY will execute on the phone with this exact UUID - and signs it (because they have to sign it for the phone to execute it)..,, Why wouldn't they just be able to invalidate the signature after a couple of days pass rendering that code useless forever after - even on that one phone it was written for?
I think that both sides are lying and exaggerating. The pro-FBI side is claiming that it's only one phone - which we all know is bullshit.... But the pro-Apple side is exaggerating the risk of this code escaping into the wild. It may not be possible to keep it from escaping - but it is possible to make it completely useless to anyone that does manage to steal a copy of it.
I'm definitely pro-Apple in this argument - but not because I'm scared of this one little piece of code. I'm scared about the precedent it sets and all the future little bits of code the FBI demands be written with ever increasing scopes and durations of validity!
2. That would remove 99% of the barrier between them just setting up a front company, getting a new key signed, and then just injecting whatever code they want in the future. Or hacking the code to set up fake update servers, like the fake cell towers designed solely for copying out data and voice communication.
They get NOTHING. They LOSE. Good DAY, sirs!
Or, lest we forget ... the employees could do what they are told -- then each could justify the act by claiming: "I was only following orders".
https://en.wikipedia.org/wiki/Superior_orders