Apple To FBI: Encryption Rules Out Handing Over iMessage Data In Real Time 306
Mark Wilson writes that Apple has balked at a court order to provide the FBI with the contents of text messages among users of its iMessage service, claiming that the encryption it uses to protect these messages makes handing over the messages themselves impossible. From the article: The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs. Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing — or possibly able — to back down.
Why not ... (Score:5, Insightful)
Re:Why not ... (Score:5, Insightful)
Re: Why not ... (Score:5, Insightful)
More like a cop asks you to open someone else's locked car because it's parked in your parking lot. They can tow it and break into it but you can't unlock it because you don't have the keys.
Re: (Score:2)
It's a car analogy, genius...
Re: (Score:3)
Re:Why not ... (Score:5, Interesting)
Because the FBI will argue that's not the contents of the messages - it is something else. So Apple would be resisting the court order anyway.
In fact, Apple may well be doing that, and this is how it's being reported.
Re:Why not ... (Score:5, Interesting)
They will never, ever, ever argue that in court. Because if the judge agrees, that would be precedent that would pave the way for a solid Fifth Amendment defense against surrendering encryption keys. As much as the FBI would like a ruling on that -- it's currently a legal grey area, as there's not been a good test case -- they *really* don't want to set precedent that key surrender would be testifying against one's self... which, if they argue that encrypted data is fundamentally different from the desired decrypted data, they will have done. (If encrypted data is fundamentally different (and is not simply a "locked" version of the data, as the FBI would prefer people to mis-understand it...), then forcing people to decrypt their data is forcing them to create evidence against themselves.)
Re:Why not ... (Score:4, Insightful)
why would Apple have the keys anyway? This is what they're basically trying to say, they might have the algorithm but without the salt (key) which only the USERS will have, and to each one totally unique, it's fucking useless.
Re: (Score:3, Insightful)
It wasn't designed for criminals. It was designed for - and is mostly used for - legitimate purposes. They cannot control what every single user of their platform uses it for. Otherwise the phone system would be liable every time a criminal makes a phone call, the post office would be liable every time a criminal sends a letter, etc. If they'd intended it to be used by criminals, that would be something else.
Re:Why not ... (Score:5, Insightful)
Apple will end up doing that I imagine, but they also want the publicity of "not handing over iMessage data to the FBI" before they do it.
Re:Why not ... (Score:4, Insightful)
Apple will end up doing that I imagine, but they also want the publicity of "not handing over iMessage data to the FBI" before they do it.
Or, maybe, just maybe, they don't want to force the Court into finding Apple in Contempt, with possible sanctions of who-knows-how-much per day until they "comply" with an Order with which they really can't comply (because they really don't have a "master key").
Or even worse, the DoJ gets some fascist Judge to Order Apple to install a backdoor, and it turns into a REALLY ugly (and expensive) fight.
BTW, this really should shut up all the slashtards that say that Apple secretly colludes with the Gummint; but it won't.
Re:Why not ... (Score:4, Insightful)
BTW, this really should shut up all the slashtards that say that Apple secretly colludes with the Gummint; but it won't.
I think your faith in a human's ability to logically think past their biases is overblown. They will just claim it is a PR stunt to fool people into believing Apple can't read the messages while they secretly handing over all the data. Never try to argue with a conspiracist since, no matter how sound your evidence, you will never win them over. As the saying goes, never argue with a fool, lest you are brought down to his level.
Re: (Score:3)
Or even worse, the DoJ gets some fascist Judge to Order Apple to install a backdoor, and it turns into a REALLY ugly (and expensive) fight.
This fight has already happened. The Clipper Chip [wikipedia.org] fiasco of the 1990s clearly showed that the American public is not willing to tolerate either the loss of privacy or the loss of tens of thousands of jobs that would result. The government would have no greater ability to monitor us, because we would switch to equipment manufactured outside America.
Re: (Score:3, Insightful)
Re:Why not ... (Score:5, Insightful)
As always, the question is not "are you paranoid", it's "are you paranoid enough"
Re:Why not ... (Score:5, Informative)
Well, at the very least, if it has happened before or at least been planned and suggested before [wikipedia.org] ...then it should be considered that they might suggest something might could indeed happen.
It always pays to ask questions and be vigilant.
Re: (Score:3)
Given National Security Letters, I think we can be rather certain that there are shared secrets. Calling that a conspiracy (on Apple's part) requires an unvalidated assumption.
P.S.: I'm not saying that such shared secrets are guaranteed to exist, I'm saying that's the most reasonable default assumption.
Re: (Score:3, Insightful)
Re: (Score:2)
Safe makers will open safes for the police, with a court order. Assuming the owner is not present to do so. This is different from a safe though, there's no master key, there's no mechanical vulnerability. There's just brute force decryption. Apple could just say "Sure, we'll provide you with the contents. We'll require X number of days per message at $Y/day to operate a dedicated server farm for the task"
Re: (Score:2)
Safe makers will open safes for the police, with a court order. Assuming the owner is not present to do so. This is different from a safe though, there's no master key, there's no mechanical vulnerability. There's just brute force decryption. Apple could just say "Sure, we'll provide you with the contents. We'll require X number of days per message at $Y/day to operate a dedicated server farm for the task"
Yes, and safe makers (or more realistic, locksmiths) will open safes using brute force... for a fee...
The problem with the latter suggestion is there is no way to decrypt heavily encrypted information, short of a flaw in the encryption system...
No amount of servers or days would ever matter, it is not possible in the remaining life of the universe to try even half the encryption keys in a 256-bit encrypted message.
Re: (Score:2)
So X = . As long as the government keeps paying Y, Apple shouldn't care ;)
Re: (Score:2)
That was the infinity symbol to the right of the =... apparently Slashdot doesn't like geeky symbols.
Re: (Score:2)
This exactly, if there is a warrant hand over the information you have. I don't believe safe makers have to open safes subject to a warrant. So why is this any different? (The FBI could always contract Apple to attempt to crack the message, similar to a safe company being hired to attempt to break into a safe, but that's different than the "real time" access asked for)
They don't have to, but for a fee, they will.
This is the problem with encryption, unlike safes, which can all be broken into, encryption cannot.
Re: (Score:2)
Because ultimately they'd still end up in court fighting over how to do something that technically (and hopefully) isn't possible. Might as well do that from the beginning instead of going through the hassles and expense of setting up some type of monitoring infrastructure to receive useless data in the end anyways.
Re: (Score:2)
Because unless the users generated their own encryption certificates, Apple can easily keep a copy of the private key and not tell you.
Re: (Score:2)
If the encryption uses Perfect Forward Secrecy (eg an ECDHE or DHE cipher suite) then even having the private key to the certificate will not enable anyone to discover the ephemeral session key needed to decrypt the message.
Re: (Score:2)
I don't think anyone but Apple can verify what effective type of encryption is used. It might be flawed or insecure, who knows? The end-to-end is controlled by Apple and closed-source.
Re: (Score:2)
It might be because knowing the plaintext and other data Apple might have as the originator in this case might be a crucial step towards figuring out their cypher scheme.
Re: (Score:2)
Just because the FBI says they cannot crack it . . . doesn't mean that our feathered friends in the NSA can't crack it. Or, maybe the FBI *can* crack it . . . but don't want it generally know, that they can crack it.
When you crack an enemy's code . . . you don't want to let it known. Otherwise, they will switch to a stronger code.
Other "Wet Work" methods could be used in this case: the FBI could bribe or blackmail the right Apple sysadmin.
Re: (Score:2)
"the FBI could bribe or blackmail the right Apple sysadmin.", sure and hand Apple all the ammo they'd need to beat the snot out of the FBI in court. Stop watching TV.
Re: (Score:3)
Just because the FBI says they cannot crack it . . . doesn't mean that our feathered friends in the NSA can't crack it.
They can crack it, if Apple has a master backdoor key. But Apple would be pretty stupid to do that, if it exists, someone will find it sooner or later.
Private things tend not to stay private forever and Apple is a business that needs a product to sell.
Re: (Score:2)
Apple have stated in the past that one of the features of iMessage is that they can't decrypt them and the fact that this court case exists seems to suggest they weren't just saying that (also, if they're caught in that lie, assuming it is one, the PR fallout would be enormous).
I'm not sure how they can't decrypt them, since iMessages are synced quickly and easily across all devices that share the same Apple ID (if you want them to), so you'd just assume that since Apple knows your ID it would be able to de
Re: (Score:2)
I'm not sure how they can't decrypt them, since iMessages are synced quickly and easily across all devices that share the same Apple ID (if you want them to), so you'd just assume that since Apple knows your ID it would be able to decrypt the messages themselves that clearly pass through their servers.
Since you can sync PGP-encrypted emails across devices, they didn't need to invent anything new.
Even PFS has been around for a while, so each message could be encrypted with a different session key if they implemented that.
Encrypting text messages is no different than emails---you're just sending the message to a phone# or Apple ID instead of an email address.
Re: (Score:2)
Apple have stated in the past that one of the features of iMessage is that they can't decrypt them and the fact that this court case exists seems to suggest they weren't just saying that (also, if they're caught in that lie, assuming it is one, the PR fallout would be enormous).
Right, so at the end of the day, the only thing you have to go on is how much you trust Apple.
That being said, I actually didn't know that is how it worked on the iPhone (bloody too many things to keep up with these days), so this was all news to me.
But then I don't care that much, nothing I'm sending via message on my phone is actually private, if the FBI or NSA was reading them, they'd be bored.
If I cared, I'd learn more about it and probably not trust Apple anyway, finding something else.
Re: (Score:2)
doesn't mean that our feathered friends in the NSA can't crack it.
Last I checked, people who work there don't have feathers. You may be thinking of the spokesbirds for the Bay Bridge though.
Re: (Score:2)
Because Apple has a team of lawyers that will inform that stupid stunts like that will get an obstruction charge. A polite response may get them a new request for the encrypted data, or not.
See also, Lavabit, which tried to be clever.
Also, compare to that polite letter about how it's a TOR exit node recently posted on slashdot..
FBI agents are people. They're going to demand that their requests are either given the replies they expect from th
not imposible (Score:2)
Well, they COULD also encrypt for the FBI... (Score:5, Interesting)
As I understand the iMessage, Apple hides some of the key selection process from end users. (This is considered a good thing - without it, fewer people would use it because it would be like using PGP.) If Apple was compelled, they could also encrypt outgoing messages with one of the FBI's public keys and either send the same message across the wire (where the FBI could pick it up) or send a second message encrypted just for the FBI to the FBI. Either method would be discoverable, but Apple could paper over that issue in its interface because it controls the software. (Apple could also limit the discoverability of such a "feature" by using its phone home key request to request the FBI's key for and encrypt only certain monitored people's communications - that way most security experts WOULDN'T see a change.)
Long story short, Apple COULD provide real-time access to encrypted messages, but it would take a little work to sneak that in, and eventually someone would find it.
Re: (Score:3, Insightful)
Re: (Score:2, Informative)
He is serious, and stop calling him Shirley
Re: (Score:3, Insightful)
Long story short, Apple COULD provide real-time access to encrypted messages, but it would take a little work to sneak that in, and eventually someone would find it.
Or maybe, just maybe, Apple really doesn't like what the Gummint is doing, and is doing everything in its power to passively-resist.
Did you ever ONCE stop to consider that possibility?
Re: (Score:3)
Long story short, Apple COULD provide real-time access to encrypted messages, but it would take a little work to sneak that in, and eventually someone would find it.
Or maybe, just maybe, Apple really doesn't like what the Gummint is doing, and is doing everything in its power to passively-resist. Did you ever ONCE stop to consider that possibility?
Or maybe, just maybe, Apple really doesn't like the Gummint trying to force it to do something that could hurt profits.
Re: (Score:2)
Yes, I know it is hard for you to fathom, companies are generally in the business of making money.
Re: (Score:2)
Or maybe, just maybe, Apple really doesn't like the Gummint trying to force it to do something that could hurt profits.
Which is the absolute best possible reason for a company to want to support its users. "Don't Be Evil" is only good until it starts costing shareholder value, and then investors revolt. You want it to be in a corporation's best financial interests to act in your best personal interests.
Re: (Score:2)
What you don't want is the FBI slurping up everything the
Re: (Score:2)
Exactly. iMessages are encrypted on the sending device for each receiving device. If I'm sending an iMessage from my iPhone to my friend who has an iPad, a Mac, and an iPhone, all of which are registered to receive iMessages, my iPhone (if my memory serves; glossing over some details):
1) Asks Apple's iCloud for each of the public keys associated with my friend's Apple account
2) Gets back public keys, one each for the iPad, Mac, and iPhone
3) Encrypts the message for each device (symmetric key locked behind t
Re: (Score:2)
Apple could also push out software updates that record all activity on all Apple devices, and forward all of that data to the FBI. It would probably be detected, but they COULD do that.
But that would just be blatantly unethical. And they're not Microsoft, so I don't expect them to do that anytime soon.
So, the FBI doesn't need to ask for Android? (Score:3)
Pretty well defines what is good.
Once the industrialized countries outlaw encryption, I don't know how the banking system can survive.
But, of course, the US govt. will continue using encryption for their docs.
Re:So, the FBI doesn't need to ask for Android? (Score:5, Insightful)
There's an easy solution for this. You simply apply to your government to use encryption. And of course deposit the master key with them. Then you may encrypt as you please.
You do trust your government, don't you?
Re: (Score:2)
Re:So, the FBI doesn't need to ask for Android? (Score:4, Insightful)
What difference do you think guns make? Do you honestly think you would still be allowed to have them if if made a difference?
And please, don't come with "but, but, but the 2nd". Bullshit. They steamrolled over 1st, 4th, 5th, 6th, 8th, 9th... without even blinking. What makes your 2nd on-so-special that you honestly think they wouldn't simply circumvent that one, too, if it somehow bothered them?
Re: (Score:2)
I can say with some certainty that, no matter how WW2 had ended, I would most certainly not speak Japanese today.
But what does one have to do with the other?
Re: (Score:2)
Pretty well defines what is good.
Once the industrialized countries outlaw encryption, I don't know how the banking system can survive.
But, of course, the US govt. will continue using encryption for their docs.
The Gummint doesn't have to ask for Android messages, because they have already embedded keyloggers into thousands of Android Apps.
Hey, if slashtards can engage in wild speculation about Apple colluding with the Gummint, why would they not believe it about Android Apps?
Re: (Score:3)
thousands of Android Apps.
Apps cannot (CANNOT) keylog without you having rooted your OS intentionally (its not something that can be sneakily done as it generally involves wiping your phone).
Lets not let ignorance cloud the discussion.
Re: (Score:2)
thousands of Android Apps.
Apps cannot (CANNOT) keylog without you having rooted your OS intentionally (its not something that can be sneakily done as it generally involves wiping your phone).
Lets not let ignorance cloud the discussion.
Oh yes, let's not let ignorance cloud the discussion. After all, it's impossible to find any app available online that natively contains data gathering capabilities or remote logging.
Yes, you heard me right. That cannot (CANNOT) ever happen.
It's as inconceivable as the concept of sarcasm.
Re: (Score:2)
umm just so you know.
ANY keyboard app. can key log with root. All you have to do is install it. It even pops a warning telling you that could exactly happen.
Re: (Score:2)
Lets not let ignorance cloud the discussion.
You do realise this is slashdot, right?
Re: (Score:2)
Re:So, the FBI doesn't need to ask for Android? (Score:5, Informative)
Apple runs the iPhone texts over their own iMessage service, which has a gateway to SMS for messages sent to non-iPhone users. (Which is also a problem since if you used to have an iPhone but switched to any other phone, Apple keeps iMessage texts sent to you within iMessage and blackholes them to a non-existant iPhone, instead of forwarding them over the SMS gateway to your new phone. Part of their user lock-in strategy. They're actually fighting in court for the right to keep doing this, instead of not being dicks and fixing it.)
Re: (Score:2)
Part of their user lock-in strategy.
It's a piss-poor strategy, considering they host a webpage for deregistering your iMessage account [apple.com].
They're actually fighting in court for the right to keep doing this, instead of not being dicks and fixing it.
Citation needed: that's an extraordinary claim, and one that's utterly failed to make headlines.
Re: (Score:3)
Android uses regular SMS for texts, which was never encrypted on any OS. The FBI would be asking the carriers for copies of those, unless it's over the Google Hangouts app using a Google Voice number, in which case they'd have to ask Google.
Apple runs the iPhone texts over their own iMessage service, which has a gateway to SMS for messages sent to non-iPhone users. (Which is also a problem since if you used to have an iPhone but switched to any other phone, Apple keeps iMessage texts sent to you within iMessage and blackholes them to a non-existant iPhone, instead of forwarding them over the SMS gateway to your new phone. Part of their user lock-in strategy. They're actually fighting in court for the right to keep doing this, instead of not being dicks and fixing it.)
No they're not - they have a website you can go to that will de-register your number and fix the problem of vanishing SMS messages if you move to a non-iOS phone if you don't switch off the iMessage system on that number before changing phone.
It takes about 5 minutes and you receive a text message when it completes.
The official method to shut off iMessage is to do it before you stop using the iPhone, and that used to be the only way (leaving people stuck, since it's easy to forget to do it), but the website
Re: (Score:2)
Any attempt to ban encryption would be met with huge pushback from many sectors, and there's a very good case to be made that encryption == speech anyway, so a ban likely wouldn't stand up to a Constitutional test.
I think we'll finally get to learn it. (Score:2)
We'll finally get to see what "impossible" really means if said by a software company. As in "It is impossible to unbundle IE from Windows".
Anyone holding a bet that this impossible mission will be made possible?
Re: (Score:2)
Well, they can reset your Apple ID password to something they know and then get the data, so it's not "impossible", but if they do that then you'll know it has happened.
Bar that, however, I think they set it up so that they couldn't decrypt the data any other way, even when pressed with a court order.
A bit of posturing, maybe ... (Score:2)
... from Apple ? Making all Android-based vendors look like bad guys, while making themselves look like good guys. Maybe it will help sales as well.
Re: (Score:2)
No, that isn't it, Apple coerced the government into making these demands so they could make all the Android-based vendors look bad. Anything is possible if you use your imagination.
You could also swap out receiver's key... (Score:5, Informative)
Also, "Black-box" testing uncovers several ways the NSA could tap iMessage (from 2013)
http://arstechnica.com/securit... [arstechnica.com]
What will be interesting... (Score:2)
Just saying...
What case is compelling Apple to do this? (Score:2)
According to the article:
Despite a court order instructing the company to hand over text conversations between iMessage accounts to the FBI,
How was the court order to do this obtained? Is the FBI investigating someone? Is there some other case in progress?
Re: (Score:2)
Re: (Score:2)
I am dumb. I even quoted TFA. Somehow I missed it. Thank you! (sheepishly hides)
I think (Score:2)
The FBI needs to start hiring smarter people who understand how technology works.
Is this all just a false flag? (Score:5, Interesting)
If the FBI really wants access, they could get an NSL issued, forcing apple to comply by compromising their own system..and they couldn't tell their customers about it.
Until this is fixed, there's no way in hell I will believe any grandstanding on the part of any vendor.
Re: (Score:2)
Re: (Score:3)
I'm fairly sure an NSL can compel them to break future updates of hardware and software so that a wiretap is workable, and the gag order will prevent them from telling anyone about the new compromise.
Re: (Score:2)
I'm fairly sure an NSL can compel them to break future updates of hardware and software so that a wiretap is workable, and the gag order will prevent them from telling anyone about the new compromise.
Well, the people doing the biggest attacks against NSLs, the EFF,has this to say:
"While NSLs are unconstitutional, even the government admits that they can only be used to obtain limited information, which does not include forcing anyone to backdoor a product."
Do you believe the EFF doesn't know what it is talking about?
Re:Is this all just a false flag? (Score:4, Insightful)
Well, the EFF is only reporting what the government official 'said' was true.
Do you have a creditable source that says otherwise, or just statements by people speculating to fit their theories?
Re: (Score:2)
I've seen an NSL, it is a piece of paper... nothing more or less.
First response is to nicely tell the FBI agent that I'm happy to comply once I speak to my lawyer and he shows up with a warrant from a judge.
Said, "very nicely" since you never want to piss off a government agent. But at the end of the day, it is just paper.
Re: (Score:2)
A piece of paper with the authority to throw you in jail.
True, but they would have to go to court to accomplish that.
My understanding is that all NSLs come with a gag order. If you go to a lawyer you violate the secrecy gag.
Not true. The EFF says: [eff.org] "Can I talk to a lawyer if I receive an NSL? Yes, you can talk to an attorney for legal advice if you receive an NSL, but the lawyer is then bound by the gag order just as you are."
Also, not all NSLs come with a gag order, just most.
Disinformation? (Score:3, Interesting)
I wonder if these fights are just disinformation to try to convince criminals/terrorists that they can use iMessage. The government lets a criminal get away with it in a case they don't really care about or can convict them without it anyways and makes a lot of press, and then has access to it in all the cases they do care about.
iMessage is designed with warrants in mind if you read over the protocol documentation. Each device has its own key and is tied to your Apple Id. If you have a iPhone, a Macbook, and an iPad each device has its own encryption key. When someone sends you an iMessage, Apples sends them the public key for each of the 3 devices and then the encrypted message is sent to each device which uses its private key to decrypt the message.
When a warrant is issued, all Apple has to do is add a 4th, "FBI device" to your Apple Id and anyone sending you an iMessage also gets encrypted with that key.
As Apple controls the user interface and they provide no way to view how many keys an iMessage is being encrypted with, there is no easy way to see if an extra key for ease-dropping is being used. There may be ways if one monitored the size of the traffic, but I am not aware of that work being done. Anyone who had the need to make sure they weren't being spied on by the government, wouldn't use iMessage.
Re: (Score:3)
But then you would be able to 'see' that device on your list of devices or at least see the extra traffic. Additionally you can't just add an extra device to your list without entering a pin number or password which acts as access to your private key.
There is no way of hiding the extra device with such public key exchanges (your device needs to encrypt an extra message) and even when Apple can do that, someone will find out the functionality and then nobody will trust anything Apple ever says again.
You can'
What if... (Score:2)
This is paranoid, but is there any way to disprove this theory ?
Re: (Score:2)
Apple *is* able to hand over the messages, but is legally obliged to maintain appearances toward the public that it can't though a theatrical court process ? This is paranoid, but is there any way to disprove this theory ?
Or they believe it's in their best interest to support their customer's right to privacy. One nice thing about Apple is that they make their money selling devices and taking a cut of App sales rather than selling Ads and data about their customers.
Re: (Score:2)
Re: (Score:2)
Is the change official? Over here it's still "or else the terrorists win".
Re: (Score:2)
In the end, government will get its way. Sadly. This is the world we live in. It's going to end up "for the children".
Stop being a defeatist. Apple has smarter lawyers than the Gummint, and just wait until the Amicus Briefs start flying. Since this has already been elevated into the public attention, expect some "strange bedfellows" to come to Apple's defense.
Rationalization (Score:3)
Actually, I'm surprised they still feel somewhat obliged to justify anything. We're past the stage they should actually say "shut up and comply or we'll kill you and your family".
Human beings rationalize. It's not like the intelligence agencies take away your privacy rights because they're trying to be the bad guys--they're trying to be the good guys and save everyone and go after the big bad criminals, it's just that their profession gives them a really warped view of what privacy should look like and the consequences of losing it. Basically they trust themselves with your information so most of them don't seriously believe or really understand how much of a threat it is to democ
Re: (Score:3)
Just send the encrypted messages. That way you're complying with the order.
Apple knows good and well that the DoJ could easily fool some ignorant/fascist Judge to conclude that Apple was being "unresponsive" to the Request, or even worse, was deliberately "Obstructing Justice".
Isn't this wonderful? From the Fourth Amendment, we now have a situation where Privacy == Obstruction.
How in the FUCK did THAT happen?!?
Re:send it anyway (Score:4, Insightful)
How in the FUCK did THAT happen?!?
The voters keep reelecting corrupt politicians. How could it NOT happen??!
Re:send it anyway (Score:4, Insightful)
How in the FUCK did THAT happen?!?
The voters have no choices BUT corrupt politicians. How could it NOT happen??!
FTFY!
Re: (Score:3)
Bullshit. They have primaries, and a process for putting anybody on the ballot they want. Voters are just lazy and submissive, and antipathic towards each other.
Yes, the primaries, where we get to choose between a small group of pre-vetted candidates, thus giving us the illusion of choice.
Re:send it anyway (Score:5, Insightful)
Isn't this wonderful? From the Fourth Amendment, we now have a situation where Privacy == Obstruction. How in the FUCK did THAT happen?!?
Because the Fourth Amendment doesn't guarantee you absolute privacy, it grants "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures", meaning until a court has issued an order to grant such access "upon probable cause". In this case the court issues such an order. The question is, given the circumstances, what Apple is legally required to do. Hint: they are not required to change their software to create the ability for the government to get access, only to give the government what they already have access to.
Re: (Score:2)
Re: (Score:3)
No way would the FBI want to do this, since it would set the precedent that surrendering the encryption key to that data would be self incrimination.
They have a vested interest in the encrypted data being treated as legally the same as the unencrypted data, since they don't want legal precedent for a fifth amendment defence on encryption keys being ruled on by a court. There's no solid case law on that one way or the other right now.
Re: (Score:2)
Re: (Score:2)
This is iMessage not your iTunes account. The 'keys' are generated per-device and the private key remains there, if you lose your device or access to it you have to generate new ones. Also if your device has the Apple 'secure enclave' TPM, good luck anyone getting access to it without your unlock password.
Re: (Score:2)
They know the hash of your password and can reset it, but they otherwise don't know what your password is.
They could reset it to something they know, but you'd know they had done this, and they could also add a device controlled by them (or the FBI) to your send list, but this would also be evident to the end user (at least, to a security researcher).
They set up iMessage like that deliberately so that they could promote the fact that they can't decrypt the messages themselves as a feature of the system.
Obvi
Re: (Score:2)
Re: (Score:2)
If I had said "it's not impossible because you can guess the 256-bit decryption key and be lucky" you'd have a point, but P=NP is not a pragmatic impossibility, it is very possible. Wikipedia reports a poll of 151 researchers in 2012 [wikipedia.org] placing the probability somewhere between 9% and 17%.
No one today has publicly shown a way to decode the encryption method used by Apple, so pragmatically (meaning what is reasonable to expect or demand), it is considered impossible for Apple to comply with giving the FBI "real time access to text messages sent" by iMessage. Whether P=NP or not, until the encryption method is broken, the FBI demand can be considered "impossible" since Apple has no way today to comply.
Re: (Score:3, Insightful)
My father and his friends all worked for Big Blue during their golden years selling/installing mainframes and I've had a PC in the house my entire life. Never once have I ever considering paying for over-hyped over-priced Apple "toys" until now. I simply cannot ignore the facts anymore that Apple makes the best phones on the market with sound security while Android and Windows erode away, and articles like this go a long way towards making me feel confident about my purchase. I'm very impressed with my 5s.
So, stick your other foot in the water and buy a MacBook Pro and run OS X on it. You'll wonder why you ever waited this long. Trust me.