Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IOS Iphone Privacy Security Software Apple Your Rights Online Hardware Technology

Apple Might Be Forced to Hand Over iOS Source Code to the FBI (theguardian.com) 273

Bruce66423 writes: In its latest filing, the FBI implies that, if the burden on Apple programmers of their alternative approach is too great, then Apple should release the whole source code to the FBI to allow them to do the work, quoting the precedent of the Lavabit confrontation. Clearly it is time for Apple to move offshore!? To recall, Lavabit abruptly shut down in 2013 when the FBI attempted to get the company to hand over the encryption keys for its secure email service. While the current situation seems to put Apple in the same ballpark as Lavabit, what gives the Cupertino-giant company an advantage is the immense support it is receiving from other Silicon Valley companies and personnel. Many believe that the FBI doesn't really need Apple's help in unlocking the iPhone. Reports claim that the iPhone in question already has a "backdoor" which could allow the government-backed institution to access the data on the smartphone. Other widely reported theories include cracking the iPhone and manipulating the innards to trick the system into spilling out all the information. One proposed method, which requires the phone's NAND flash chip to be taken out, may not work, though. Daniel Kahn Gillmor, a technology fellow with the ACLU's Speech, Privacy and Technology Project, pointed out the risks in playing with flash memory. He said that an error in removing the memory could make the data unreadable forever.
This discussion has been archived. No new comments can be posted.

Apple Might Be Forced to Hand Over iOS Source Code to the FBI

Comments Filter:
  • It's simple. (Score:5, Insightful)

    by Anonymous Coward on Friday March 11, 2016 @02:48PM (#51680123)

    The FBI doesn't want anybody to be able to keep any secrets from it ever, with no regard to what impact this might have on commerce. They are attempting to use this case to ensure that they get complete authority and ability to decrypt everything at their whim. If they can offload the work to other companies for free, all the better, but the real win is that nothing anywhere can ever be kept secret from them for any reason.

    That's all this is. Everything else is just politico/legalease/bullshit.

    • Re:It's simple. (Score:5, Interesting)

      by Bartles ( 1198017 ) on Friday March 11, 2016 @03:00PM (#51680235)

      If only there was someone in charge that could tell the FBI to stop this.

      • Re:It's simple. (Score:5, Insightful)

        by s.petry ( 762400 ) on Friday March 11, 2016 @03:20PM (#51680397)

        Are you signed up for the revolt? That is the only way you are going to get someone in charge who is not an authoritarian, wanting the FBI to get their way. Not a single candidate in either the Democratic or Republican party has mentioned the Constitutional protection which should exist. They have all said that the FBI should be able to do what they want, when they want, to whom they want.

        In fact they have all said Safety is more important than Freedom and Government intrusion. (a couple have intentionally used double speak to try and hide it, but..)

        Tyranny is frighteningly close.

        • According to the Washington Post, Rubio, Clinton, and Sanders are sitting on the fence on this issue.
          • by halivar ( 535827 )

            IIRC, Rubio is the only candidate to say (at least, int he debates) Apple should not acquiesce. The only other candidate to even acknowledge that there were privacy implications was Cruz, but even he hedged as said that even considering, Apple should give in. Everyone else is on the side of security theater.

          • According to the Washington Post, Rubio, Clinton, and Sanders are sitting on the fence on this issue.

            Translated, they're waiting until after they get their votes before letting everyone know they're going to side with the idea of the FBI having absolute authority over business.

          • by s.petry ( 762400 )

            According to the Washington Post? Really, you can't look at their records and form your own opinion based on facts?

            I don't have time to list everything you have not been told by the Washington Post about those same people.

          • by epyT-R ( 613989 )

            Duh. Because they support it but don't want to get burned for it until after they've won the election.. If they lose then they can claim the winner is. Passive aggressive political strategy. I'll bet clinton is pro fbi. she's a statist. So are the neocons.

        • Just several years ago, a million people were marching in DC in protest of warrantless wiretapping. Where are those people now? Or were they not really marching in protest of wiretapping but really just against the R in front of the President's name?

          • Re:It's simple. (Score:4, Insightful)

            by Jason Levine ( 196982 ) on Friday March 11, 2016 @04:03PM (#51680781) Homepage

            Don't worry. The FBI/NSA/etc. know where all those people are now, what they are doing, and who they have been talking with. Soon, the FBI might also be able to see what's on all of their phones as well. You know, just in case any of them even thinks of doing "wrong." (Where "wrong" is defined by the FBI/NSA/etc.)

          • by s.petry ( 762400 )
            Behold the power of MASS MEDIA! Stop thinking of R vs. D and think of "Tyrants" vs. "Society". The former is a small subset of people who own the land, the banks, the utilities, and the media.
        • Comment removed based on user account deletion
        • by rsborg ( 111459 )

          Are you signed up for the revolt? That is the only way you are going to get someone in charge who is not an authoritarian, wanting the FBI to get their way. Not a single candidate in either the Democratic or Republican party has mentioned the Constitutional protection which should exist. They have all said that the FBI should be able to do what they want, when they want, to whom they want.

          In fact they have all said Safety is more important than Freedom and Government intrusion. (a couple have intentionally used double speak to try and hide it, but..)

          Tyranny is frighteningly close.

          You need to google it more... Here's the list of who's against and who's on the fence:
          https://www.washingtonpost.com... [washingtonpost.com]

          You'll note there isn't a single Democrat who's all-in for the FBI. I'm not happy that no Presidential candidate has completely supported Apple's position (because it's the constitutional position), but if either Trump or Cruz is the candidate for Republicans (90% likelihood), then I'll venture that either Sanders or Clinton will lean to the liberty side of this argument.

          One other thing

      • by sjames ( 1099 )

        It's not as if the FBI has never blackmailed a president.

        • Or Congress. This agency started its life with a leader that used blackmail as a standard law enforcement technique. The FBI should have been dismantled from the ground up when Hoover died as his ghost still haunts the agency in all it's actions.

          • Or Congress. This agency started its life with a leader that used blackmail as a standard law enforcement technique. The FBI should have been dismantled from the ground up when Hoover died as his ghost still haunts the agency in all it's actions.

            John Kennedy threatened to do that with the CIA, and you see where that got him...

      • If only there was someone in charge that could tell the FBI to stop this.

        Like who, this guy? [engadget.com] This doesn't sound very promising:

        As a practiced politician, Obama avoided coming down too hard on any one side, and he said he wasn't able to discuss the ongoing FBI vs. Apple case at all. But by and large his message was that sacrificing some degree of privacy for the sake of our safety has served the country well for hundreds of years, and he expects we'll figure out a way to do so digitally as well.

        Here he is pondering:

        "The question we now have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there's no key or no door at all," Obama pondered, "how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?"

        I'm going to answer his question with another question: why does he think that people feel like strong encryption is necessary? If he doesn't know the answer to that, he should ask Edward Snowden. If the government only ever used its authority responsibly then we wouldn't be having this argument. Here's another gem:

        As to how to balance these things Obama said we'll have to figure out "how do we have encryption as strong as possible, the key as secure as possible and accessible by the smallest pool of people possible, for a subset of issues that we agree is important."

        The "smallest pool of people possible" is 1, the person who owns the data. No one else needs that key. As far as "

    • If *commerce* is your first concern over privacy, you're doing it very, very wrong.

    • If you could go back in time and expose J. Edgar Hoover as a cross-dressing sadomasochist BEFORE he managed to seize control of the FBI, would it still be the same kind of power-mad agency?

      I often wonder if it would be a milder government law enforcement agency with narrower authority if Hoover had been sidelined for some other bureaucrat, or if what the FBI has become is essentially an inevitability -- a byproduct of the bank robberies of the 1930s, the security panics of the 1940s, the Red Scare and antic

      • If you could go back in time and expose J. Edgar Hoover as a cross-dressing sadomasochist BEFORE he managed to seize control of the FBI, would it still be the same kind of power-mad agency?

        Actually, yes. The Progressive Movement is by its very nature prone to totalitarianism over time. Now if we were also able to hold off or eliminate the Cold War, and then go back to FDR's time and cut back the overreaches of the federal government that he pulled off, and then go back further to the whole Elliott Ness thing...

        But you mention this yourself:

        I often wonder if it would be a milder government law enforcement agency with narrower authority if Hoover had been sidelined for some other bureaucrat, or if what the FBI has become is essentially an inevitability -- a byproduct of the bank robberies of the 1930s, the security panics of the 1940s, the Red Scare and anticommunism, the cold war and the 1960s civil unrest.

        Perhaps it would still be what it is, but somehow with a different tone had it not been one man's personal kingdom for 40 years, a man who scared most Presidents into leaving him alone.

        It was a byproduct of the things you mention, *plus* the progressive tendency towards centralizing government. It all sort of meshes together. Even if Hoov

  • Dear FBI, (Score:3, Informative)

    by psergiu ( 67614 ) on Friday March 11, 2016 @02:51PM (#51680147)

    Dear FBI,

    You can ALREADY start downloading OS X & iOS source code from here:

    http://opensource.apple.com/ [apple.com]

  • by Anonymous Coward on Friday March 11, 2016 @02:53PM (#51680159)

    Let's be honest, the FBI's goal isn't to access one iPhone. They want access to all encrypted communications. This should be obvious. Handing over the source code to iOS will probably allow the FBI the opportunity to look for other vulnerabilities that could be exploited to read private communications. This isn't acceptable. Furthermore, wouldn't Apple still need to cryptographically sign any build of iOS that would be loaded onto the San Bernardino shooter's phone? The FBI has carefully picked the fight in a case where there's no defending the deceased shooter to maximize public opinion being on their side. They're being disingenuous and it's obvious to anyone who's willing to look carefully at their claims. What is it that makes elected officials almost unanimously support reducing the privacy of the people when there's no such consensus among the people? And why isn't there an effort to impeach the leaders of these three letter agencies for their activities? Impeachment isn't limited to the President, and those who violate the Constitution as they do should be accountable through impeachment.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      From TFA:

      “The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.

      “The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”

      • Yes, that's they point of TFA.

        The FBI threatened, in federal court, to take the source code from Apple by force.

        If it were the mafia, they would be threatening knee caps. But really, potato/potahto.

        • or gestapo/Gestapo

        • Hey, the FBI is just giving Apple a simple offer of protection (from having their programmers forced to do a lot of work for the government for free). If Apple doesn't want to take the FBI up on their offer, then the FBI can't be held responsible if Apple's business were to suffer some sort of "accidental setback." *cracks knuckles threateningly*

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        This: The FBI could give a shit about the source code. The FBI (and intel groups) want the code-signing keys so that they can sign their own malware.

  • by PolygamousRanchKid ( 1290638 ) on Friday March 11, 2016 @02:59PM (#51680227)

    . . . but it's difficult and there is a danger of data loss.

    So what they want, is a master key, so they can unlock any iPhone whenever and wherever they want, without a big hassle. Or a warrant. So they're claiming they can't access it, simply because they want easier access.

    Well played.

    • by pla ( 258480 ) on Friday March 11, 2016 @03:15PM (#51680357) Journal
      Well played.

      Not really - They've backed Apple into a corner. In response, Apple has only two logical next moves - Send all their platform-level development overseas ("You can thank the FBI for the loss of those 1500 highly paid American jobs"), and make the encryption truly unbreakable (absent some unknown weakness in the algorithms themselves), both at rest and in-transit.

      Apple may well lose this round - But they can salt that field so deeply as to make Uncle Sam wish he'd never asked. "Gee, sorry, did we just make all your expensive Stingrays almost completely useless, boys? Oops, our bad, wink wink nudge nudge!"
      • by Comboman ( 895500 ) on Friday March 11, 2016 @03:25PM (#51680433)

        Send all their platform-level development overseas

        May I suggest Canada? It's nice and close, we speak English, and I bet you could buy all those empty Blackberry buildings [financialpost.com] pretty cheap.

      • Re: (Score:3, Insightful)

        by OhPlz ( 168413 )

        Where would they send those jobs? I doubt there's a foreign country with enough skilled workers whose government wouldn't make the same demands or worse. This type of BS is not unique to the US federal government.

        • by Immerial ( 1093103 ) on Friday March 11, 2016 @04:24PM (#51680943) Homepage
          They didn't build a spaceship campus for nothing... Wait until that fucker takes off into space... so long and thank you for the fish! =D
        • I would personally take a job in the Philippines and continue to take my California Salary. Live like a king, fraction of the cost of living, and better quality of life with the given income level.
          It wouldn't be hard to convince most of the single, male, developers to relocate overseas.

        • They don't really need to send the development team overseas, just the signing key. It would suffice to require all upgrades to be signed with not only their own key but also a distinct key held by an independent and neutral third-party (or group of third-parties) outside of U.S. jurisdiction, with instructions to refuse any image-signing requests made under duress.

          Of course, they should also ensure that no image other than the one already installed on the device can execute until after the device has been

    • So what they want, is a master key, so they can unlock any iPhone whenever and wherever they want, without a big hassle.

      No, no, no, no. All they want is a key to this one phone. Honest. That such a key would also work to unlock every other similar phone is pure coincidence. That wasn't their intention. Really. Though now that you mention it ... when we are done here, we have this stack of seized iPhones we want to talk about.

  • by xxxJonBoyxxx ( 565205 ) on Friday March 11, 2016 @03:00PM (#51680241)
    Maybe Apple would want to pack up and completely move to Ireland then...would it have more to offer than massive tax breaks? (http://qz.com/273631/how-apple-got-its-2-tax-rate-in-ireland/)
  • Clash of the titans (Score:5, Interesting)

    by Okian Warrior ( 537106 ) on Friday March 11, 2016 @03:01PM (#51680247) Homepage Journal

    Thinking about the Apple situation, I noted that for years people have predicted that we would live in a corporatocracy.

    And here we are, huddling in fear while giant organizations battle for our rights.

    It is now too expensive for anyone except the upper 1% to go to court, so we are forced to hope and pray that some organization will take up the cause, leaving us on the sidelines rooting like sports fans.

    Of course, those giant entities will only battle for our rights if it aligns with their other goals - Apple isn't opposing this out of their good nature, it's because doing it would cost the money and hurt their bottom line with future sales.

    What a world we live in!

    • by alvinrod ( 889928 ) on Friday March 11, 2016 @03:27PM (#51680467)
      It's even worse than that. Many of the individuals who have tried to sue the government have had their cases dismissed because they can't actually prove that the government spy programs that we've become aware of were actually spying on them even though they've been collecting data on almost everyone. Basically a giant catch-22 where you can't actually bring a case to court until you have the information you could only get from successfully bringing a case to court.

      We need another Snowden who'll dump enough data to clearly give at least a few individuals legal standing. Or just release it all so we can have a massive class action suit involving the entire country against its own government.
    • by Jason Levine ( 196982 ) on Friday March 11, 2016 @04:14PM (#51680863) Homepage

      In many cases, we live at the whims of giant corporations and our only hope is that a government agency can help us. For example, if your local cable ISP - likely your one source for wired, high speed Internet - decided to drastically cap your data rates to prevent streaming while pushing their TV services. Complaints to the ISP would go unheeded and there would be no competition to jump ship to or to help keep them honest. Only a government agency would have the power to keep them in check.

      Here, though, it's reversed. A government agency has decided that they should have access to all phones all the time. (Let's be honest, that's the FBI's end game. They've all but admitted it.) What can the average person do? We can vote for other candidates, but that will only have so much of an effect. The powerful tend to know how to stay in power - even if it means subverting the voting process or corrupting new politicians. A big company (Apple) standing up to the government agency is our best hope at keeping the government agency at bay.

      In either case, it's a story of two giant monsters fighting in a big city and the little people getting crushed. It's just a matter of which giant monster is on our side this time. (Next fight, it might the other way around.)

      • It's almost as if whether an organization is "good" or "evil" depends on their actions instead of merely on whether they're part of the government or a private entity.
    • You can trivially build computer storage that the FBI can't crack. If you have $300 (remember to spend some of that on a real keyboard rather than a numeric keypad, which you get tired of using after 4 keypresses) then you have more cryptographic resources than the FBI has cryptanalysic resources. Anyone can be a titan, next to the FBI's ant-like stature. If you did that, the FBI would have no choice but to resort to the $5 wrench (and if we maintain the context of this particular case, the $5 wrench wouldn

  • by guises ( 2423402 ) on Friday March 11, 2016 @03:07PM (#51680315)
    Oh for gods' sake. I wrote a whole comment saying basically, "I don't see the problem here," based on the worthless summary, and then looked at the article. It's not about source code, it's about the signing key. It acknowledges that right in the article title, but whoever submitted this got their head on backwards.

    My fault, I suppose, for being lazy.
    • Oh for gods' sake. I wrote a whole comment saying basically, "I don't see the problem here," based on the worthless summary, and then looked at the article. It's not about source code, it's about the signing key. It acknowledges that right in the article title, but whoever submitted this got their head on backwards.

      Well the LavaBit reference makes a lot more sense now too.

    • The article title is incomplete. The article itself says it's about both the source code and the signing key:

      The department wrote in a footnote to its filing: “The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.

      “The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”

  • by evolutionary ( 933064 ) on Friday March 11, 2016 @03:18PM (#51680389)
    This is what governments do when they start leaning towars totalitarianism. And then they say "it's for your own good". Historically, this never goes pretty or well. This isn't about a phone, it's about getting all companies to acknowledge "whose boss". We jump, you say "how high" or else...you have no rights except those we allow you to have, and they can be revoked at any time it's convenient for us,,,hmm...America, home of the not so brave, not so free.
  • by hawguy ( 1600213 ) on Friday March 11, 2016 @03:23PM (#51680425)

    It's this pretty much seizing the source "for the public good", so they'd need to pay fair market value under Eminent Domain laws?

    • Yes, but given that if Apple's source code was to be placed into the hands of the US government, the value of that code would plummet -- and therefore the "fair market value" (which would be determined *by* the government) would likely be far less than it is now. Remember.. the US government has shown that even its top agencies (IRS for instance) don't have a clue when it comes to securing important information so once the FBI gets this code, it'll be in the underground "public domain" within a very short

      • by hawguy ( 1600213 )

        Yes, but given that if Apple's source code was to be placed into the hands of the US government, the value of that code would plummet -- and therefore the "fair market value" (which would be determined *by* the government) would likely be far less than it is now.

        I don't think valuations work that way, or every house taken to build a freeway would be valued at $0 since once the government takes over the house and bulldozes it to build the freeway, the house would be worthless. The valuation has to be based on the market value at the time of the seizure of the property.

      • Best case scenario, Apple sets up a clean room where FBI is allowed to come in and examine, build, experiment, whatever with the source, but not take it with them. But even that best case takes about 5 years of fighting in the courts to arrive at a resolution, so what's the point? A decade from now the FBI will be able to prove there was no useful intelligence on the phone, and any leaked Apple trade secrets will be obsolete by then anyway. The iPhone 13 will be completely different!
    • Good idea. I figure about $120 billion, half of Apple's annual revenue. Cost to average citizen, $400, so not such a good idea.
  • by Bruce Perens ( 3872 ) <bruce@perens.com> on Friday March 11, 2016 @03:26PM (#51680455) Homepage Journal

    Apple is attempting to be socially responsible. The cell phone is a worse instrument for oppression than Orwell ever imagined. I can make your phone record every moment that you are carrying it. I can compress your voice so well that the existing storage is just fine for that. How long do you think it will be before that's happening for governments, if we embark upon this slope?

    The problem is that if you attempt to be socially responsible, the government will do its best to damage your business. Or other companies will. So, corporations have to be cowards to survive.

    Ultimately, we can't rely on a corporation for hardware that we can trust. It needs to be independently verifiable. Verifying software is possible. Verifying what is in an IC, less so at present time.

    • I thought some of the Israelis were fairly adept at reverse-engineering ICs, shaving off the protective case and analyzing them. It's just fairly tedious and time consuming to do so, so usually not worth it.
      • Yes, ways of taking the encapsulation off are known, and the chip can sometimes be analyzed once you do that. But that only analyzes a sample,

        and it does it destructively. To verify a chip, you need to be able to verify the working one in your own device.

  • by Nutria ( 679911 ) on Friday March 11, 2016 @03:28PM (#51680473)

    Which country, exactly, can it go to where the government can't force the issue if it really wants to?

    Ooh, ooh, I know!! They can follow Edward Snowden into the safe, comforting arms of Putunist Russia!!!

    Yay!!!

    • In Soviet Russion, encryption break you!
    • Then the new Apple Campus would be totally written off as a waste!
    • by HiThere ( 15173 )

      Any country cheap enough that they could buy the entire thing, government included. Apple could probably afford any of several countries, but Luxemborg would have the advantage of being a member of the EU, and thus hard to act against.

      • by Nutria ( 679911 )

        You'd need to move all the developers there. Otherwise, one developer faced with a court order, men with guns and black fatigues and threats of instant jail for refusal could check out all the source code and hand it over to anyone with a large-enough thumb drive.

  • by Overzeetop ( 214511 ) on Friday March 11, 2016 @03:43PM (#51680629) Journal

    "He said that an error in removing the memory could make the data unreadable forever."

    Well, considering that's the current state of the data, they really have nothing to lose.

  • by Locke2005 ( 849178 ) on Friday March 11, 2016 @03:46PM (#51680679)
    Forcing Apple to turn over trade secrets so that the FBI can hack it themselves actually bothers me a lot less than the FBI forcing Apple to do their job for them, with no compensation, which would be an even worse precedent. Couldn't any secrets in the source code be ferreted out eventually by disassembling the executable image? I don't think Apple encrypts the executable, do they? Give 'em the source code, and then change in the next release any trade secret that creates a security hole if leaked to wrong the people. Still makes work for Apple, but still not the worst case.
  • by fibonacci8 ( 260615 ) on Friday March 11, 2016 @03:53PM (#51680719)
    The burden is ethical, not financial. Finding people who could sleep at night after doing this is the trouble.
    • Finding people who could sleep at night after doing this is the trouble.

      I so wish that were true. There are *hordes* of people who are well intentioned idiots and would do whatever people in authority tell them. Very few people have a true backbone as shown here: https://en.wikipedia.org/wiki/... [wikipedia.org]

  • by tekrat ( 242117 ) on Friday March 11, 2016 @04:13PM (#51680847) Homepage Journal

    The government is trying to regulate a PHONE because "terrorism" -- but of course, won't lift a finger to impose any regulation on the other, more important device used in terrorism -- the GUN itself.

    So, lemme get this straight: you want to impose all these restrictions on my phone, listen to my every phone call, read every email and text message, look at pictures of my GF, and basically peer into my personal life and the personal lives of every American, all because you won't even regulate keeping an eye on someone when they buy 50000 rounds of ammo and large capacity magazines?

    Dude, I have to show my driver's license to buy cold medication, but you won't even perform simple background checks when someone buys a gun?

    This country is truly fucked up.

    • Dude, I have to show my driver's license to buy cold medication, but you won't even perform simple background checks when someone buys a gun?

      Dude, you've never bought a gun before, have you?

  • Does anyone believe that the FBI has programmers who could even *build* iOS with the source code, but no active assistance from Apple? Much less then get their patched OS right enough to actually not destroy the contents of the iPhone in question. Apple should definitely take them up on this offer: no assistance but enjoy the source code.
  • Seriously, if this is about terrorists, why not NSA? They are the ones that are supposed to listen in, as well as protect western tech. In fact, this was a terrorists, and it is NSA that is supposed to crack the iphone, not FBI.

    While I support tech companies working with NSA (quietly), allowing the FBI to have access to source/phones/network/etc is akin to giving it to chinese gov. it will be massively abused and misused.
  • Even if they could ever figure out how to build it, by that point it's unlikely there would be enough people still running that generation of hardware for it to matter much.

To be is to program.

Working...