Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Iphone Privacy Security The Courts United States Apple

Apple Court Testimony Reveals Why It Refuses To Unlock iPhones For Police (dailydot.com) 231

blottsie writes: Newly unsealed court transcripts from the U.S. District Court for the Eastern District of New York show that Apple now refuses to unlock iPhones for law enforcement, saying "In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform." “Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now,” Apple lawyer Marc Zwillinger said at the hearing. “A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”
This discussion has been archived. No new comments can be posted.

Apple Court Testimony Reveals Why It Refuses To Unlock iPhones For Police

Comments Filter:
  • Say what you will (Score:4, Insightful)

    by Anonymous Coward on Monday January 25, 2016 @01:56PM (#51367707)

    It takes guts to stand up to government, especially the U.S government.

    • Or failing that, lawyers and money.

    • by penguinoid ( 724646 ) on Monday January 25, 2016 @02:05PM (#51367789) Homepage Journal

      People and companies will stand up to the government all the time, if there is profit in doing so.

    • The 200+ billion in their bank doesn't help at all. No sir.

      • Why doesn't Apple just buy a sunny island in the Mediterranean and declare themselves a sovereign nation?

        That would shut the US government up!

        e.g. Formentera in the Balearic Islands. Population 11,000. Spain are broke and anyway have that pesky problem with Catalan independence. (yes I know the Balearics are separate from Catalonia but still)

    • It takes guts to stand up to government, especially the U.S government.

      I think you're mistaken about who usually needs more courage to stand up to whom in the Huge Corporation/US Government relationship. This time it was the corporation whose interests aligned with the average Joe.

    • Standing up to the Government, and Telling people you are standing up to the Government are two very different things. From a business point of view they must be seen to be defending their customers, else their customers will switch to using jailbroken Android phones that have been locked down (can't do that with an Iphone, no source code). Apple is (therefore) the most vulnerable phone maker, they must be seen to take a leadership role or they will die.
      • by tlhIngan ( 30335 ) <slashdot&worf,net> on Monday January 25, 2016 @03:55PM (#51368843)

        Standing up to the Government, and Telling people you are standing up to the Government are two very different things. From a business point of view they must be seen to be defending their customers, else their customers will switch to using jailbroken Android phones that have been locked down (can't do that with an Iphone, no source code). Apple is (therefore) the most vulnerable phone maker, they must be seen to take a leadership role or they will die.

        The other reason is that it's the only stance Apple can take that genuinely Google cannot.

        That's why Apple is committed to privacy and moving a lot of former cloud based services to on-device services. Because they can go and say they don't sell or transmit your information or need to violate your privacy, while Google can't (because Google needs the information for ad purposes). Sure, you can hack an Android phone to be more privacy aware, but out of the box is a lot better than having to do a million steps to secure it.

        It's the one thing that Apple can say iOS is better than Android, and one that can stick until Google changes their business plan.

        • by brunes69 ( 86786 )

          I think you are making leaps here for several reasons

          - As of 5.0, All android devices have full disk encryption as an option that is just a checkbox away. If you check that box, Google can't unlock your phone any more than Apple can

          - The metadata Google uses for delivering advertising is mostly anonymous. The few parts that are not anonymous are the types of things the police would know about you anyway, things like your gender, race, and interests.

          - The live metadata Google uses for delivering advertising

    • It takes guts to stand up to government, especially the U.S government.

      As long as they don't say one thing publicly and a different thing privately.

      During the Democrat primary debate, when asked specifically about that, Hillary Clinton implied that the Tech companies were on board (despite them being publicly against it). If she were lying, I wouldn't be surprised. But then again, there could some truth to what she is saying.

      • Hillary implies a lot of things. She said her email server wasn't used for classified info. When Hillary says things, you have to consider them in light of available facts. It's hardly surprising that she would represent Apple's position in a way that is sympathetic to her own, but that doesn't mean I'll just take her word for it.
  • Uh, doi? (Score:5, Insightful)

    by Anonymous Coward on Monday January 25, 2016 @01:57PM (#51367715)

    One U.S. attorney argued that it was "more concerned with public perception" than helping catch criminals.

    Duh? No shit? That's not Apple's job, dipshit. They're not here to make your job easier, stop being a bunch of lazy jackasses.

  • by swschrad ( 312009 ) on Monday January 25, 2016 @01:58PM (#51367727) Homepage Journal

    get a warrant, use a snooper, spend a week cracking the data.

    haven't the Big Feds said all the terrorist activity is headed into the Dark Web anyway, and Google says best advice is block them from the indexed web?

    lazy ass bastards don't have phone books to read and laugh at silly names any more, so they want to randomly hack phones for fun and profit.

    • by argumentsockpuppet ( 4374943 ) on Monday January 25, 2016 @02:18PM (#51367929)

      spend a week cracking the data

      How do you propose to do that?

      If you assume:

              Every person on the planet owns 10 computers.
              There are 7 billion people on the planet.
              Each of these computers can test 1 billion key combinations per second.
              On average, you can crack the key after testing 50% of the possibilities.

      Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years

      http://www.eetimes.com/documen... [eetimes.com]

      Anyone who thinks AES 256 (what iPhones are encrypted with) can be cracked by any computer doesn't understand the math.

      That's not to say there aren't potential successful ways to get the information besides brute forcing. I just get a little chuckle out of every time somebody suggests governments have magic computers. Yes, I'm aware of quantum computing and exactly how far along the tech has come and no, it isn't something that anybody has yet. The magic quantum encryption cracking system is still *at least* a decade away. (It may never happen, and if I were guessing, I'd put it at closer to a couple centuries away, but even assuming impossible breakthroughs have already been made, a decade is unreasonably optimistic.)

      • The baseband in your phone has access to the memory and microphone, and the NSA can serve a secret order to the chip maker to include a backdoor in the baseband. Why would they need to break the encryption?
      • by AmiMoJo ( 196126 )

        If there is a vulnerability, it is probably in the random number generator... Second most likely place is the secure storage used to protect the key.

      • Hell even if quantum computers do exist the speed up isn't meaningful (yes it is a substantial reduction in effort but still unfeasible) for modern encryption algorithms. Using AES256 as an example if broken using a quantum computer is as difficult as breaking AES128 on a conventional computer. Or to put things in more perspective to break AES256 would take energy close to the total mass energy of the entire universe running on an ideal conventional computer. Similarly AES256 cracked on an ideal quantum com
  • Love - hate affair (Score:5, Insightful)

    by Anonymous Coward on Monday January 25, 2016 @01:59PM (#51367745)

    For one, I love the fact that Apple is saying "fuck you" to the cops.

    On the other hand, it shows the power of multinational corps - they're above the law. Meaning one day, they may do me or others some serious harm and get away free - like Wall Street did.

    And as far as my personal privacy is concerned, neither can be trusted.

    • by frnic ( 98517 ) on Monday January 25, 2016 @02:28PM (#51368015)

      Uh, I hate to break the news to you, but that day is already here. The oligarchs can do as they wish to you or anyone else.

    • It's OK, Alec Sandler will invent time travel and send Kiera Cameron and Liber8 back in time to set those evil corporations [imdb.com] straight!
    • by rhazz ( 2853871 )

      On the other hand, it shows the power of multinational corps - they're above the law.

      If they were really above the law, they probably wouldn't already servicing these police requests (which they are), and they probably wouldn't be in court fighting against having to do it in the future.

    • In what way are they above the law? Apple doesn't comply with requests to decrypt phones because it's not physically possible for them to do so. If law enforcement told me to walk on water, being unable to do that doesn't put me above the law.
    • by fred911 ( 83970 )

      " it shows the power of multinational corps - they're above the law."

      No it doesn't. It shows they are following the law. Just because a cop makes a request, doesn't make it a law. The law doesn't lie or distort fact to obtain results. The law is set by courts and enforced by courts, cops are just minions who are currently out of control.

  • Comment removed based on user account deletion
  • by wonkey_monkey ( 2592601 ) on Monday January 25, 2016 @02:02PM (#51367765) Homepage

    the government’s requested order would be substantially burdensome, as it would be impossible to perform

    That, to me, would seem to be the end of it. It's impossible. Can't be done. Don't even bother asking.

    But then the lawyer goes on to image a hypothetical customer asking:

    "why is [Apple] continuing to comply with orders that don’t have a clear lawful basis in doing so?"

    How is it complying if it's supposed to be impossible to do so?

    • by phantomfive ( 622387 ) on Monday January 25, 2016 @02:28PM (#51368019) Journal

      But then the lawyer goes on to image a hypothetical customer asking:.......How is it complying if it's supposed to be impossible to do so?

      You are implying that the lawyers are making an illogical argument (of course, lawyers are always perfectly logical, right? um.....)

      Imagine if the court case escalated and went to the supreme court, where the supreme court decided, "you must change your software to make this possible." That is the scenario the lawyers are trying to avoid.

      The trick to understanding legal arguments is to remember they happen in context of the law, and are only vaguely related to reality.

      • The trick is to RTFA. Those two sentences are from different contexts but the summary shoved them together. One is talking about the latest iOS, the other is talking about older versions that aren't end-to-end encrypted.
    • by luiss ( 217284 ) on Monday January 25, 2016 @02:31PM (#51368063)
      I think the statement reads oddly out of context because the case is about an iOS7 phone, where it's not 'impossible' (only burdensome) yet warning them that it will be impossible in the future. They're afraid that un-encrypting it now, just because it's not 'impossible' will mean that in the future they might be forced (by law) to make it possible, so they're arguing that they shouldn't have to do it, even now that it's only 'burdensome'.
    • By publishing deliberately malicious software on the App store to circumvent their own device security in select cases. Because the data is encrypted in storage doesn't mean it's encrypted while in RAM. This something which has been attempted before, although I doubt Apple themselves were responsible in that case.
    • by Anubis IV ( 1279820 ) on Monday January 25, 2016 @04:24PM (#51369079)

      How is it complying if it's supposed to be impossible to do so?

      The short answer to your question is that the phone in this court case is an iPhone 5s that's still running iOS 7, and thus it predates the safeguards in iOS 8 and 9 that prevent Apple from decrypting it. The lawyer is arguing that even though Apple is technologically capable of decrypting it, law enforcement cannot compel Apple's assistance, since doing so would put an onerous burden on Apple by forcing them to undermine their own business.

      To go into a bit more detail, Apple markets itself as being incapable of decrypting their own devices. Which is true...for everything sold in the last two years. But that's a distinction that is lost on most customers, so the lawyer is arguing that if Apple is compelled to assist law enforcement in this case, it would cause direct harm to its business by resulting in exactly the sort of confusion you're having. After all, how would a typical customer reconcile the conflicting information? If Apple is seen decrypting this guy's iPhone while advertising that it's outright incapable of doing so, customers won't buy their products because customers won't believe what's being advertised.

      The long and short of it is that Apple is telling law enforcement that if they want the phone decrypted they should do it themselves, since Apple is under no obligation to assist, nor can it be compelled to assist, any more than, say, a bottled water company could be compelled by law enforcement to tarnish their own product by putting a pollutant in the water.

  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Monday January 25, 2016 @02:16PM (#51367903) Journal

    ... that it be illegal for phone manufacturers, such as Apple, to *NOT* be able to decrypt customer data upon request by law-enforcement.

    The problem with this of course, is that it will not really stop the really bad guys from using strong security, since they are going ahead and breaking the law anyways, and while it might stop the otherwise too incompetent person who wouldn't know how to use such facilities from getting away with something they might have otherwise, in general, all this does is mean that most of the stuff that law enforcement is able to access is stuff that is entirely benign and wouldn't be of interest to them.

    But of course, no matter how well intentioned the government and law enforcement may claim to be, and even if they *COULD* be fully trusted to not abuse such access to the general public's highly confidential and private data (leaving aside the whole matter that they may not be as trustworthy as they claim aside, and suggesting that even *IF* they could be trusted so completely), if they can decrypt it, then so can the bad guys, who will abuse it and invariably cause harm to completely innocent people. And suddenly, law enforcement actually has a harder job than they had before, because while their job may have become slightly easier with respect to catching otherwise incompetent criminals that don't know how to use strong encryption that isn't legally available, and that they might have been able to catch in other ways anyhow, now they *ALSO* have to work harder to protect the public from the new potential attack vector on completely innocent parties that such regulations would give the bad guys.

    • Ding. Ding. Ding. We have a winner. That is exactly what this court case is about.
  • What even is the point in designing security where this is possible? If Apple can just circumvent the security and hand over any data, then who else can? Isn't that just admitting that their security/privacy is flawed?
  • The Government's argument to force Apple is because Congress has yet to specifically pass a law saying "don't do this" it's all legal and fine.

    THE COURT: So short of Congress passing a law prohibiting what you want here, it's fair game? Anything else that Congress may have done in terms of considering legislation one way or the other, because it doesn't result in a statutory prohibition, wouldn't be enough to say, it's off limits for the All Writs Act?

    MS. KOMATIREDDY: Yes. Short -- essentially yes
  • by ErichTheRed ( 39327 ) on Monday January 25, 2016 @02:28PM (#51368017)

    I've worked in a few corporate environments where they were extremely paranoid about e-discovery (back when this was a new thing.) Almost always, the answer was to set the retention policy to 30 days, as in, no email backups older than 30 days, no (sanctioned) way to archive email, and everything older than 30 days was purged from mailboxes. This allowed the company to say with a straight face, "I'd love to give you the messages relevant to such-and-such business deal gone bad 5 years ago, but I simply cannot."

    It sounds a lot like what Apple's doing -- they purposely built the encryption system with no way to bypass it so they can push it right back on the police and courts -- "Sorry, can't help you!" That gets them tons of great customer PR, as opposed to Google/Android, so it makes sense.

  • by yodleboy ( 982200 ) on Monday January 25, 2016 @02:32PM (#51368069)
    Seriously folks. Is there a way to encrypt my non-rooted phone that does not rely on anything the manufacturer provided and won't kill performance? If we can't trust the manufacturer to leave out backdoors, what's the alternative?
    • The only way you can trust your phone is if there are no security flaws in the code, the software has been security audited by someone with the source code and tools to do the job properly, the hardware has been security audited by someone with the full hardware design and the tools to verify it, and you trust both people not to lie to you.
    • VoIP over wireless. Which essentially is what VoLTE is. So the choice is to either provide customers with the privacy they need, or watch your billion dollar investment in packet voice go up in smoke because everyone is using an open source alternative.
  • by mveloso ( 325617 ) on Monday January 25, 2016 @02:36PM (#51368097)

    One of the reasons Apple can do this is that its dependency on government contracts is very, very low. Cell carriers are pretty dependent on the Feds and have a lot of revenue/relationships at risk.

    That's not saying what Apple is doing isn't great, it's that it's easier for Apple to do that because the cost of doing it is relatively low.

  • some contempt of court / accessory changes will change there tune or maybe some GITMO time.

  • There is just too much magical thinking.

    Apple has built a device and market that gathers money in large
    and small chunks from millions heck billions of people to the
    tune of billions.
    Cash into iTunes must be secure enough.
    Cash to pay for that phone swiped coffee in the morning must be secure enough.
    Connection to HealthCare.Gov must be secure enough.
    Connections to Amazon commerce must be secure enough. ...... all must be secure enough.

    These collectively mandate a secure design foundation.

    If Apple installed a s

  • Great Judge (Score:5, Insightful)

    by mjperson ( 160131 ) <mjperson@mit.edu> on Monday January 25, 2016 @02:51PM (#51368241)

    It's long, but that transcript is really worth a read. First the judge thoughtfully skewers every argument the government presents, and tries to get to the fundamental principles involved. Then he thoughtfully skewers every argument Apple presents and tries to get them to throw away all of the marketing nonsense and just say what they think the actual issues are. Then he takes it all into consideration and says he'll go try to find the proper balance in his ruling.

    No matter how that case comes out, that's one judge who is doing his job.

  • by garote ( 682822 ) on Monday January 25, 2016 @06:25PM (#51369933) Homepage

    "The last company that makes lethal injection drugs, decides to stop doing it. In fact Justice Alito referred to this in recent cases - guerrilla warfare by these companies. Right. So the last company that has been providing drugs for execution, says to the Government, we are no longer going to help you out when it is time to execute somebody in Terre Haute. Can -- are they thwarting a lawful death sentence by doing that, and can they therefore be compelled under the All Writs Act to re-import something that is held abroad or release something from existing stock or actually manufacture the drug anew?"

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...