gunner1954

nasserae said:

frac said:

"...noting that auto-backups for "Mail," "Photos" and "Notes" were "turned off." "
Well if the FBI saw those options, it pretty much means they had the phone unlocked since where they are, in Settings. 
This is giving dumb a bad name.

Apple already gave them the iCloud backup of the iPhone they want to unlock. So they have restored the iCloud backup to another iPhone it seems. The FBI claim the backup is not enough since it is from weeks before the attacks. I am surprised about the FBI statement "auto-backups for "Mail," "Photos" and "Notes" were "turned off" since there is no such option. He is probably looking at the iCloud Setting page and if those are off it means he never enabled them in the first place.

Plus, the iCloud Settings page is for iCloud 'SYNC', not backup. The FBI needs to learn the proper terminology.

radarthekat said:

For those new to the FBI versus Apple battle...

Here is what's going on.  

The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture.  This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE.  So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.

To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key.  Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.

So you need to enter each password guess into the iPhone you are trying to unlock.  And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts.  This feature is what makes a simple four digit passcode such a strong security measure.  Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations.  The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone.  But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.

The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password.  10,000 tries, even if done manually, wouldn't take very long.  Of course, they are also asking for two additional weaknesses.  One is to allow passwords to be sent to the phone electronically (wirelessly).  That would save time over manually sitting there trying one after another passcode.  And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip.  You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over.  So that puts the lie to the FBI's stance that they want this only for this one time.

Apple is not being asked to use any method they want to just get the data.  Apple is being demanded to build a forensic tool for law enforcement's repeated use.  Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available.  This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system.  Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.

Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.

Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.

Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.

A couple more points:

1. Passcode being sent electronically does not necessarily mean wirelessly. Could be a wired keypad or wired device acting as a keypad. Apple currently only allows passcode entry via the on-screen keypad, thus they would have to further modify the iOS software to allow passcode entry via a wired or wireless device.

2. To make the changes to the chipsets inside an iPhone Apple has to 'flash the ROMs' by sending a 'signed' update using Apple's secret electronic signature. Normally this occurs via 'Software Update' where the user has to manually enter their passcode to authorize the download and install process. Apple Store Genius Bar employees USED TO be able to do this for a customer without entering the passcode by putting the iPhone into a 'factory mode' and updating the software while wired to a Mac/Mac Server. What people forget is that doing this erases the iPhone (on purpose) after which the customer must now set up the phone and download their saved data via iCloud or from their own computer via iTunes. The FBI wants a version of iOS that will install the modified iOS and NOT erase the data. THIS IS THE BIG BUGABOO! If Apple does this (which I'm sure they could because they have excellent engineers and coders) AND if this revised, less secure software gets into the wild, which it will under our current court system, then criminals and other nefarious entities will have a means to 'break' any iPhone, causing an immediate increase in stolen iPhones, AGAIN. We already went through this with  high thefts rates in NYC, San Francisco and L.A. With the mayors of those cities threatening to sue Apple and others for NOT having their phones more secure! Now NYC wants Apple to make their phones less secure, reverting back to a time when thefts (and muggings and deaths) were rampant!

3. If Apple does build this forensic tool and does perform the work for law enforcement, they become a de facto 'agent of the state' for which other countries can now use as an excuse to ban Apple products, particularly iPhones, from their countries. Basically, the ruination of Apple as their products can no longer be trusted to be secure. Already there are proposals in the U.S. to ban any phone without a 'back door' for law enforcement (and spy agencies), and France is proposing heavy fines for not assisting their security agencies, and other are proposing to ban phone without heavy encryption. So what is a company to do? Make the same phone with different iOS software for different countries? If they do that, then the one's wanting 'secure' phones will purchase their phones from countries demanding security and not purchase phone sold in the USA. Like I said, the end of iPhone sales and the decline of Apple as an entity.

I'm sure others can add other very plausible scenarios to what I wrote above.

AppleInsider said:

"When asked if Apple should cooperate with the FBI's request…"


Should read: "when asked if Apple should cooperate MORE THAN THEY HAVE with the FBI request...

ireland said:

What a superb letter. The FBI are shameful to use this incident for their gain. You can even see from the emails uncovered by the Washington Post a while back that the federal branch were awaiting an attack of this kind to try to gain more power over our communications. Utter disgust. No wonder when 95% of the people at that hearing seemed to be challenging the FBI. Even if you forget about all the facts of the whole situation instinct alone tells all. Just look at the kinds of things Cook and Sewell have been saying and how they've handle themselves and compare it to how the FBI have been carrying. They've even been lying already. And those are the lies we know about.

I find it interesting that in every case related mention from the FBI that they will leave 'no stone unturned' and 'everything in out power' but never, 'everything LEGALLY in our power' or 'use every LEGAL course of action to…(fill in the blank). Aren't all our Law Enforcement Agencies supposed to follow the law, not skirt it, to do their job. IF not, then we have already become a police state where any LEO can get an All Writs Order from any sympathetic judge to do whatever they so please.

chris2044 said:

If the US government forces Apple and other US companies to weaken their encryption or provide backdoors, then companies based in other countries, or individual citizens will create stronger encryption disregarding the US government. This only stands to put US law abiding citizens at a disadvantage. Any such law would be a grave mistake.

More than the encryption aspect. This is about the US government (through the courts) COMPELLING a private citizen/company to CREATE a system/product that COMPROMISES the safety, security, and/or integrity of a product they produce.

It would be equivalent of the gov't ordering car manufacture's to create a system where the tires on their vehicle can be blown out or made flat via remote control on gov't order (All Writs Warrant) instead of using spike strips. Doing so places the burden on the manufacturer of the vehicle for anything that might go wrong instead of on the gov't, where it belongs.