Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Iphone Privacy United States Apple

DoJ Says Apple's Posture on iPhone Unlocking Is Just Marketing (reuters.com) 339

New submitter kruug writes: The U.S. Department of Justice filed a motion seeking to compel Apple Inc to comply with a judge's order for the company to unlock the iPhone belonging to one of the San Bernardino shooters, portraying the tech giant's refusal as a 'marketing strategy.' The filing escalated a showdown between the Obama administration and Silicon Valley over security and privacy that ignited earlier this week. The Federal Bureau of Investigation is seeking the tech giant's help to access the shooter's phone, which is encrypted. The company so far has pushed back, and on Thursday won three extra days to respond to the order. Reader Lauren Weinstein writes of this tack: "The level of DOJ disingenuousness in play is simply staggering."
This discussion has been archived. No new comments can be posted.

DoJ Says Apple's Posture on iPhone Unlocking Is Just Marketing

Comments Filter:
  • by Swampash ( 1131503 ) on Friday February 19, 2016 @05:39PM (#51544877)

    Assume that every other hardware manufacturer that is NOT getting threatened by the Federal Government has already rolled over.

    Tim Cook: thank you. All you other bitches: FOAD.

  • it's sort of true (Score:5, Interesting)

    by phantomfive ( 622387 ) on Friday February 19, 2016 @05:41PM (#51544891) Journal
    On the one hand, Apple tried to make a deal and keep the whole thing secret [recode.net]. So that makes it seem like Apple was willing to go along (for at least this one case) as long as it was kept quiet.

    On the other hand, it doesn't really matter. If Apple is doing it as a publicity stunt, then it's doing it because the customers want it. Frankly that's better than a corporation trying to "do the right thing" that people don't want.
    • by SuperKendall ( 25149 ) on Friday February 19, 2016 @05:44PM (#51544921)

      Apple did nothing to keep this secret. It's already known they have assisted the FBI before.

      Instead what happened is no-one cared, not even Apple, until the FBI demanded essentially that Apple break hardware security. That is where Apple drew the line; that is what brought all of the attention to bear.

      • Apple did nothing to keep this secret.

        Wow, at least click on the link I provided. Again, here is the quote that directly contradicts what you said:

        The FBI then made its tailored request, which Apple asked to be placed under seal, according to the New York Times.

        Maybe you forgot what it means to place it under a seal?

        • by dbIII ( 701233 )
          That turns it into a comedy - the FBI going public and then accusing Apple of doing it for publicity.
          Did they employ some clowns thrown out of the NSA after Snowden or something? It sounds like something the Star Trek Set guy would do.
          • That turns it into a comedy

            Enjoy the circus,
            The bread is coming.
            Feel the bern.
            Burmashave.

          • by j-turkey ( 187775 ) on Friday February 19, 2016 @06:32PM (#51545335) Homepage

            That turns it into a comedy - the FBI going public and then accusing Apple of doing it for publicity. Did they employ some clowns thrown out of the NSA after Snowden or something? It sounds like something the Star Trek Set guy would do.

            Sort of...the FBI didn't do it for publicity. They did it to set precedent, and this case was chosen very carefully by the DoJ in order to achieve this (by tugging at heart strings and a sense of panic in the wake of terrorism). There are plenty of other investigations that they could have made similar demands under. If Apple cooperated with the FBI and it was done under seal, then it could not be used as precedent to use the courts to force Apple to do the same in future cases.

    • That's not really what any of the links you provided say.

    • Apple did the wrong thing by talking about it publicly, now every despot and dictator in the world knows that forcing them to open up phones is an option, if they can control if Apple can do business in a given region. They can block the MAC addresses of Apple products selectively so that even a smuggled Apple phone will not be able to connect to the phone towers that said despot controls.

      And the phone will end up cracked open one way or another, in the end, but just at a far greater cost thus consuming
  • stating the obvious (Score:4, Interesting)

    by xfizik ( 3491039 ) on Friday February 19, 2016 @05:44PM (#51544927)
    Give me a break. Who would be naive enough to think Apple would refuse to cooperate with the U.S. government in such a case? Yes, they'll "refuse" on public, get some headlines for "standing up for privacy" and then quietly do what they were told one way or another.
    • yep, for sure.

      Once the public eye has been jerked away by the next shiny thing, Apple will unlock the phone quietly and the feds will mysteriously drop the case.

  • The FBI has the hardware. At the software level it should be game-over. So what is stopping them from copying the phone's memory, putting it in an emulator or another phone, and brute forcing the 5-digit PIN. Every time it self destructs, they load up another copy and continue until the correct PIN is found. What am I missing here?

    • Excuse the reply to my own comment...

      After further thought I think I have my answer, barring some more plausible answer from the community: They don't want an Apple tool so they can crack this guy's phone, he's just politically convenient leverage to get the tool made.

      • Right, because nobody's going to stand up for the rights of the shooter, but once they get a win it will set a precedent for the rest of us.
    • by Anonymous Coward on Friday February 19, 2016 @05:55PM (#51545031)

      The data is encrypted using a key fused into the hardware processor. The key is in hardware and not readable. The key is not the 10 digit pin. The 10 digit pin and the encrypted contents are sent to the hardware chip and a decryption attempt is made. The results of that are sent back. If the user fails to decrypt the data within 10 attempts the encryption key in HARDWARE is wiped out making the user brute force AES 256 on the data instead of the 9999 possible pin combinations.

      The hardware encryption chip would need to be copied as well as the data. Copying the data alone gives you nothing but random bits of AES 256 encrypted data. Putting that on a phone emulator or another phone will never work unless the unique key in hardware is known and that cannot be read.

      • That is a reasonable answer - Thanks!

      • OK, so after 10 failed attempts, the Operating System (software) wipes the key, right? This in fact is what the DOJ wants Apple to do, push an updated O/S that doesn't wipe the key after 10 attempts. So it follows that the key wiping part must be controlled by software.

        So why can't they image the phone, try 9 attempts, and then restore the image? Wouldn't that reset the "failed attempts" counter to 0?

    • by nawcom ( 941663 )
      running it in some kind of emulator wouldn't be possible due to its full disk encryption, which uses the UID key [theiphonewiki.com] making it impossible to clone.

      If you're interested in how the hardware-driven encryption works in current versions of iOS: Why can't Apple decrypt your iPhone? [cryptograp...eering.com]

    • by suutar ( 1860506 )

      Part of the process of going from PIN to decryption key is in hardware, and they only have one of that chip.

    • The FBI has the hardware. At the software level it should be game-over. So what is stopping them from copying the phone's memory, putting it in an emulator or another phone, and brute forcing the 5-digit PIN. Every time it self destructs, they load up another copy and continue until the correct PIN is found. What am I missing here?

      Apple has stated that anything with an A7 or newer CPU has a unique code embedded in the hardware that is combined with the PIN to serve as the encryption key. Apple doesn't record the hardware key, and they are the only ones that possess the keys for the software used by the secured enclave in which it resides. So without Apple's help, the DOJ would have to first break into the secure enclave, which I presume is so difficult as to be impractical, and only then could they try the brute-force method you desc

    • Re: (Score:2, Interesting)

      FBI and NSA can break the code, but it will not be acceptable as a proof before the court. That is why they ask and request Apple to perform it. In this particular case, they want the data admissible as a proof before the court. They are not trying to break it in order to organize an operation against a secret target or whatever. So, the conditions under which the data will be made accessible and decrypted matter.
    • The FBI has the hardware. At the software level it should be game-over. So what is stopping them from copying the phone's memory, putting it in an emulator or another phone, and brute forcing the 5-digit PIN. Every time it self destructs, they load up another copy and continue until the correct PIN is found. What am I missing here?

      What you're missing is that Apple engineers aren't idiots, and spent more than the 5 seconds you did thinking of their security. Specifically, half the key is embedded in the hardware and would require some super expensive reverse-engineering to extract.

      Meanwhile, the government is making a big fuss about this because what they really want is the ability to crack iPhones in general, preferably remotely, automatically, and without a warrant. They already know who the guy was talking to. But there likely won'

  • by FireballX301 ( 766274 ) on Friday February 19, 2016 @05:48PM (#51544969) Journal
    Apple knows that complying with this order will essentially destroy most, if not all of their overseas business. If they comply with this order, they will lose anyone who is even remotely suspicious of US govt motives; this includes literally billions of non-Americans around the world. The net result would simply be people moving to phones that are perceived as more secure, there's an easy market opportunity for a non US based company to put out 'secured' phones (for example, a phone that rejects all firmware updates in addition to the secure area tech) and gain all the business that Apple would lose.

    The question is, of course, if the government knows this, and I'm pretty sure the law enforcement/'intelligence' personnel here are so scoped into their mindset that they're totally unaware of this, and would reflexively brush it off as hyperbole (hint it isnt).
    • by DutchUncle ( 826473 ) on Friday February 19, 2016 @06:21PM (#51545239)
      I suggest that the law enforcement personnel ARE aware of the issue. Even as NYC police had a press conference pointing out how many cases were blocked because of inaccessible information on smartphones, and the commissioner was blasting Apple's current policy, a subsequent speaker (a prosecutor?) was careful to point out that Apple had formerly cooperated in such cases, and that a narrow set of conditions including a properly-executed court order to work on a single phone at a time for a single case is VERY DIFFERENT from a generic backdoor. I'm betting that something along these lines will become the court-ordered compromise: isolated workspace, isolated cases, some kind of open oversight (like normal search warrants and court orders, not the NSA secret rubberstamp court). Practical side: DoJ doesn't want to be blamed for killing the biggest tech company or crashing the stock market.
    • by dmbrun ( 907271 )
      If they do this for the FBI (US Government) then any overseas government will ask for the same privilege/device. And No, they won't be sending the devices to the USA, the unlocking device will be in the country concerned.

      Of course, Apple don't have to agree. Unless they want to keep doing business in that country.
  • It's one thing for the government to talk to Apple about mandating encryption backdoors in future iOS updates. But this spat between the government and Apple is not about that, it is about data on a phone running current iOS software. Apple is essentially saying that they could access data on encrypted iPhones by pushing a software update. That is not how a cryptographic system ought to work. A correctly implemented cryptographic system should allow access to the data only with the key. When a cryptographic
    • by imgod2u ( 812837 )

      The second scenario is what's happening here. Whether or not an OS update to a locked device can be done is up for grabs. What's in the letter Tim Cook posted is that they're refusing to even *develop* such a tool if it were possible. It could very well be that it's not possible, but no system is really perfect.

      With Secure Enclave in the newer models (the iPhone in question is a 5C), the time limit and retry limit is hardware enforced. So such a hack wouldn't work on newer phones, only iPhone 5C and 5 (and

    • by AchilleTalon ( 540925 ) on Friday February 19, 2016 @06:17PM (#51545211) Homepage
      We are talking about a iPhone 5c. You should read this [washingtonpost.com] for more about the actual reason FBI is asking Apple to perform the decryption of the iPhone.
      • Yes, Schneier's article is essentially correct as far as it goes. He believes that the problem with the iPhone is a lack of code signing. But there is a more fundamental problem. Normally, Apple seems to require a password for updating the phone software. But it appears that Apple has ways of altering the phone software of a locked, encrypted phone even without unlocking it first, otherwise the FBI demand would make no sense in regards to the San Bernadino phone. That means that there must be an existing, g
    • by dbIII ( 701233 )

      Apple should not be able to push such an update to an existing phone without having the user unlock the phone first.

      I don't have an Apple phone but with others being able to reinstall or patch the system via USB is a useful feature. Some have an option where they only boot as far as a program to do updates.

    • No, Apple isn't saying they could get access to the encrypted data.

      The FBI is asking for apple to give them a version of the software that doesn't have the delay between password attempts and doesn't wipe the device after a certain number of tries.

      Neither of these things mean it 'isn't encrypted properly', they in fact are an example of it working as it should.

      To go further into your comments:

      The FBI request won't work however for one glaring reason: You can't update a locked device without unlocking it be

      • The FBI request won't work however for one glaring reason: You can't update a locked device without unlocking it because THE DEVICE REJECTS THE UPDATE REQUEST. Apple designed it that way, intentionally.

        You are missing the point. That is what a properly designed system ought to do. But if this were true, there would be no dispute between Apple and the FBI: in response to the FBI's demand to unlock the San Bernadino phone, Apple could simply say "it is impossible to do that" and that would be the end of it.

  • by taustin ( 171655 ) on Friday February 19, 2016 @05:49PM (#51544981) Homepage Journal

    Seems likely, anyway. On the other hand, the FBI's posture is just a constitutional overreach and attempt to institutionalize the ignoring of due process, so they're about even.

  • A) bring iPhone into Apple facility.
    B) OOPS! Destroyed phone in freak Ives latte spill.
    C) LOSS

    How much could the government fine Apple? A million dollars? 100 million? A billion? Whatever!

    • DOJ is smart enough to clone the phone first.

      • by Anonymous Coward

        You can't clone the hardware chip with the encryption key. Isn't this supposed to be a tech site?

      • by suutar ( 1860506 )

        which does them no good whatsoever without the particular key storage chip from that phone. Otherwise they'd just clone it a hundred times and throw 10 attempts at each clone.

      • It wouldn't work, or otherwise the DOJ would have set up an automated cloning of the phone and trying 10 password attempts at a time. What I've gathered from reading the various articles is that each IPhone has it's decryption key stored in hardware, with no way to copy it. Easily, that is, I suppose they could break open the chip and try and chart the pathways using a scanning tunneling microscope, but that would take a great deal of effort, and it would be easy to accidentally destroy the key doing so.

        So

  • If Apple refuses then the tanks roll in so to speak, and if they comply then they will lose potentially a lot of business because the rumors will be valid about 'back-doors'. I assume there is some other crap at play since this smells like a rat.
  • Dave Ross, commentator on CBS Radio, proposed: Our vaunted security agencies state, loudly and publicly, that they are incapable of reading an iPhone. Apple refuses, loudly and publicly, to do anything to help, and points to our own constitution for protection. One can easily imagine a rush of bad guys to get iPhones so they can harm us with our own technology. And in the meantime . . . . are the security agencies REALLY incapable of reading it, and is Apple REALLY unwilling to help them, or is it all a
  • if the phone had the details of where a bomb was placed on the apple campus and it was set to go off april 1st. Would they let their campus go boom or would they decrypt it? I already know this post is going to get downvoted into oblivion...

    • by mark-t ( 151149 )
      That wholly would depend on whether they actually had the ability to decrypt it in that amount of time. If not, they would simply try to find the bomb before the deadline, and not bother trying to decrypt it at all, because that is more likely to produce the desired results than doing something that they already know they could not offer any guarantee of success before their time was up.
  • It was only a few years ago that SFPD officers and Apple employees were busting down doors together to recover (lost, not stolen) iPhone prototypes. Did Apple Impersonate Police To Recover the Lost iPhone 5? [slashdot.org]
  • by blavallee ( 729704 ) on Friday February 19, 2016 @09:23PM (#51546291) Journal
    The FBI made this issue public. [bgr.com]
    Trying to make Apple look like the bad guy, to generate public sympathy.
  • by Impy the Impiuos Imp ( 442658 ) on Saturday February 20, 2016 @02:51AM (#51547363) Journal

    > just marketing

    Yes, much like your instructions to create a 1984-like warrantless panopticon is just political marketing by politicians preening in front of voters.

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Working...