DOJ Threatens To Seize iOS Source Code (idownloadblog.com) 596
An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter's iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state." Footnote Nine of DoJ's filing reads:
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
offer/refuse (Score:2)
Re: (Score:3)
right - this isn't just police tactics; its mafia tactics.
how nice - the fbi is now at the same level as tony soprano.
home of the free, land of the brave. yeah, maybe a long time ago, but not anymore ;(
Doubling Down On Dumb (Score:4, Insightful)
Re:Doubling Down On Dumb (Score:5, Insightful)
I don't think stupid is the right word to describe the situation. Scary seems more fitting in this case.
The decisions made in this case could have immense negative effects in many other areas as well. First they're after Apple's source code repository and signature key and next they'll be serving backdoors or start decrypting computers using Windows Update. That is unarguably a real possibility now.
Scary is a good word (Score:5, Interesting)
I keep hearing people claim that there is a debate, but that is complete bullshit. The Feds are making demands, and people keep providing the same reasons over and over on why the Feds demands are wrong. There is no debate because the authoritarians in power don't care about right and wrong, or rights beyond their own. (They have them, you don't.)
I personally have no trust that if this went to the Supreme Court there would be a favorable outcome. Remember, Corporations are people, and the Feds can re-distribute _YOUR_ wealth however they see fit.
Re:Scary is a good word (Score:5, Insightful)
The only good thing that could come out of this is research and developing of encryption for consumers that's always on, and that is unbreakable even if the Feds seize all the company's assets.
police state (Score:4, Insightful)
DOJ's response to Apple's claim that the DOJ is trying to make a police state? You guessed it: create a police state.
Note to everyone: burn your backdoors. Do it now. Apple wouldn't be in this mess if the phone was secure against updates while locked.
Re: (Score:3)
Most crypto is already open source having access to the source code should not give you an advantage in breaking the encryption itself unless the encryption was flawed in implementation.
Why should you even be able to update the os without providing the key? it should be easy enough for apple to allow you to enter your ios passcode on the computer in the event that ios becomes corrupted for some reason.
Even if the gov't had apples signing keys afaik they can't force an update without physical access.
A bad as this is... (Score:5, Interesting)
What's to stop Apple immediately releasing an update which 1. installs new keys, and 2. revokes the keys in possession of the FBI? i.e. before the FBI has enough time to modify and release their own version?
"Install this update NOW before law enforcement gets access to your phone?"
Or am I missing something?
If that's a feasible option, they're probably working on it right now.
DDoS and spoofing (Score:2)
The government could launch a massiv DDoS against Apple's update servers and spoof their IP addresses to update all the devices in the wild to their custom firmware...
Re:A bad as this is... (Score:5, Interesting)
What's to stop Apple immediately releasing an update which 1. installs new keys, and 2. revokes the keys in possession of the FBI? i.e. before the FBI has enough time to modify and release their own version?
"Install this update NOW before law enforcement gets access to your phone?"
Or am I missing something?
Obstruction of justice charges. Not writing new software just because FBI tells you to is one thing, but wilfully and actively interfering with FBI's collection of evidence is something that no judge will allow.
Re: (Score:3)
Re: (Score:3)
Re:A bad as this is... (Score:5, Insightful)
If they can get the courts to give them the keys and the source code, what good would it do apple to release a new version of IOS with new signing keys? The government would just compel them to release it again... and the 2nd iteration, they'd have a precedent.
Which is really what the FBI wants - precedent. It's already been stated that the NSA could (probably) crack the phone, but the FBI isn't interested because they want a legal precedent - presumably to decrypt any phone any time for any reason...
From http://www.newsweek.com/former... [newsweek.com]
Richard Clarke (former U.S. counterterrorism official and security adviser to the president) said Monday in an interview on NPR's Morning Edition that he believes that if the FBI asked, the National Security Agency “would have solved this problem” of opening the encrypted iPhone of the San Bernardino, California, shooter.
When asked by NPR anchor David Greene what he would have done if he was still in government, Clarke said he would taken the San Bernardino shooter's iPhone, which is at the center of a national debate over encryption, to NSA headquarters in Fort Meade, Maryland. Clarke believes the FBI is holding out in an attempt to set a legal precedent to facilitate decrypting smartphones in the future.
Re:A bad as this is... (Score:5, Insightful)
The problem is the keys CAN'T be updated. They're burned into real ROM (as opposed to OTP), the reason being the boot ROM will verify a signature using the key it has. If the key was stored in alterable (e.g., flash) memory, then it would be possible to erase the key, program your own and jailbreak your device that way.
Of course, that also means third parties like the government can do so as well to have it run custom bootloaders and OS and not have to go through the process to get Apple's key which is the only way to create code that will run on the SoC.
Of course, I'm not entirely sure if the source code would have the key in it - it's possible after having the final IPSW file, Apple takes it on a USB key to a special Mac and has that Mac sign the IPSW. That Mac is airgapped and everything so to create an OS update requires physically going to the Mac and doing the signing there. For development, Apple most certainly has dev boards that don't require a signed image (it won't help the FBI to have these boards).
I suppose the bigger question is - don't the FBI realize what kind of stink they're making? So they acquire the iOS source code. But that immediately casts a huge shadow over the US's prime industry - IP. Because sooner or later, that iOS source code WILL leak from a hack of the FBI, which means any IP industry in the US (i.e., the only sectors making money - movies, music, books, TV, software, etc) is suddenly threatened - the government can seize your content and while they promise to keep it secure, it won't be (see IRS and other hacks) and it'll be a field day - get your Hollywood new theatrical releases the day of, courtesy of the FBI.
It seems like the FBI wants to win the battle, but lose the war. We used to mock China for their poor IP protection policies and state-sanctioned piracy, but it appears the US is going to do worse. At least the Chinese government protects Chinese IP while disregarding foreign IP.
Anyone who deals with IP should pay a lot of attention to this case - if you can be forced to give up your IP, and you know the entity forcing you can't protect it, well, all the copyrights of the world won't protect you.
Seriously - the level of silliness is getting absurd. Forcing Apple to give up their source code means the content industry and IP industry have a shot across the bow - the government will take what they want. And then hackers will have it too. Way to destroy one of the biggest industries in the US.
Re: (Score:3)
Re:A bad as this is... (Score:5, Interesting)
> The problem is the keys CAN'T be updated. They're > burned into real ROM (as opposed to OTP), the
> reason being the boot ROM will verify a signature
> using the key it has. If the key was stored in
> alterable (e.g., flash) memory, then it would be
> possible to erase the key, program your own and
> jailbreak your device that way.
Well, if the FBI tries this tack, can there be any doubt the Apple will darken the skies with so many lawyers the FBI will think it's the 11th plague? Remember IBM's antitrust case? IBM made it last more than a decade... that's longer than there's even been such a thing as an iPhone... and ground the DoJ down to the point that they eventually just gave up. Apple is richer (can afford more and better lawyers) now than IBM was then. By the time they're able to seize the iOS source code, Apple could easily have more than enough time to write an entirely new OS and iterate many generations of iPhone, to the point that all of the phones with the old key burned-in are in landfills and what the FBI gets would be useless.
And that's aside from the value of iOS, for which Apple would have to be compensated. Can you begin to imagine what that would be? Or the additional court cases to determine said value? Does the FBI want to have a budget to do *anything* else for the next couple of decades?
Re:A bad as this is... (Score:4, Insightful)
I don't think the FBI or DOJ are playing a legal short game, I think they're playing a political long game where they're looking for a legislative solution that would bypass the courts and survive some kind of constitutional challenge. Congress has historically been given wide latitude to regulate interstate commerce and it's not hard to see a law enacted that regulates commercial encryption products that requires their makers to assist lawful law enforcement requests for assistance in decrypting their products.
I don't really buy the bad for business argument that much, though. Even if Apple were to provide some way of granting the government "assistance" I would wager the technology would still be good enough for all but the most high risk situations, and less vulnerable than similar technology made anywhere else. There are few nations on Earth that don't already have fairly draconian public security and censorship as it is -- whose security technology are you going to trust -- Indian? Chinese? Russian?
It'd be nice if Norway, Sweden, Switzerland or the Netherlands produced a secure communications device backed by their own country's strong constitutional protections against invasion of privacy. But they would also be subject to diplomatic pressure to cooperate with law enforcement and intelligence services, something which a US based company can more easily fend off. Even the Swiss caved on a lot of bank secrecy under pressure from the US to go after tax evaders.
Overall, I hope the FBI loses on this issue. I think they're looking for the ability to conduct anytime, anywhere surveillance that has no limits and it's scary.
Re:A bad as this is... (Score:5, Funny)
And that's aside from the value of iOS, for which Apple would have to be compensated. Can you begin to imagine what that would be? Or the additional court cases to determine said value?
No problem -- President Trump will build that backdoor and make Apple pay for it.
Re:A bad as this is... (Score:5, Insightful)
They can ask but the precedent wouldn't have anything in common with such a thing, so there wouldn't be any judicial power behind the request. Whose phone (exactly) are you talking about? Because when the FBI goes crawling on their hands and knees to a judge, they're going to need some names, probable cause, and a particular crime.
I'm not saying they don't want this power. (We already gave it to them (in a certain form) 22 years ago with CALEA!) But this campaign doesn't give them any advantage on that one. If anything, it gives advantage to We The People, since this case is helping us to wake up to the obvious fact that it's pretty fucking stupid to have a third party (e.g. Apple, Samsung, Sony, whatever) be in charge of your PC's keys. And once we know that and stop pretending that it's too hard or doesn't matter who is in charge of our PCs, we'll take care of things.
People are worried that the FBI might be empowered to take over your phone?!? You should be worried that YOU AREN'T empowered take over your own phone. You will always be vulnerable to a third party being coerced (and possibly without your knowledge!) until you fix that.
Re: (Score:3)
armed takeover of Apple's corporate offices...
I'm not sure that is very likely. The massively wealthy corporations that fund and control the US Government are run by people just like Tim Cook, and I don't think they would be keen on seeing one of their own in jail, or the assets stripped.
After all, the assets of Apple are largely owned by the same wealthy elites that own everything else.
Re: (Score:3)
They shouldn't tell anybody where the security keys are. Might be in Ireland, might be in Cambodia...good luck proving where they physically reside when no-one known to be in the reach of the court system even knows (or can be proven to know) where it is.
If Apple was really clever (and maybe they are), they'd keep the key in a dozen or so multiple pieces, with each piece residing in a different country. In order to sign a new iOS release they'd have to forward the binary to each country in turn to get the next part of the signing done.
A bit of a pain in the ass for the release manager, but on the plus side it would make legal strong-arming much more difficult since to acquire the whole key would require the cooperation of a dozen different governments.
Persuasion is outside of their role (Score:5, Insightful)
It shouldn't be the FBI's job to lobby for or against policies with such wide political implications. It's conflict of interest, and outside of their role as part of the Executive Branch. They are to carry out of the orders of the other branches and formal political process, NOT to make or pressure policy.
They can state their preference on political issues as they relate to crime fighting and prevention, but to aggressively push for a stance or policy is another thing.
Re: (Score:3)
You are apparently unaware of how the FBI was founded and who ran it for his entire lifetime and why that happened. The ghost that roams the halls of the FBI is Hoover and the organization still suffers from the overreach and law breaking that marked not only his creation of the FBI but his running of the organization and picking of all the agents that still run the department. The ghost of Hoover and the abuses he perpetrated will haunt the halls of Quantico until the FBI is disbanded. Even today the FBI o
I saw this coming some time ago.. (Score:2)
With exactly this reasoning cited in the article.
Re: (Score:3)
It is not hard to predict. One thing is that Apple is wrong about this reading to a police-state. The US already is one, just in the earlier stages: The police gets most of the laws and equipment they want, without any real balancing with civil rights. When policemen rape or murder someone, they have an excellent chance to get away with it, while penalties for citizens are grossly inflated. And if you listen to Trump, you can already hear the first indicators of the fascism that invariably follows a police-
If they just take it without Apples permission... (Score:5, Interesting)
Re: (Score:3)
Re: (Score:3)
You seem to misunderstand the idea of "sovereign immunity". The government can only be sued if the government allows itself to be sued. The government is unlikely to allow itself to be sued for copyright infringement in such a case. IANAL, but I'd be surprised if the government allowed itself to be sued for such things - in particular, stuff that the government doesn't actually do (the damage in case of a leak is from a lot of individual criminals, even if it was only made possible by government malfeas
If it must be done Apple morally obliged to do it (Score:3)
If we end up in the horrible situation where this is going to happen then morally Apple must do it. If Apple makes the changes they can also include code that restricts this version of iOS to the single phone in question. A new court order will then be needed for any other phone. However if the FBI is left to make the changes there will be no such restriction, this version would run on any phone and a court order may not be necessary for its use.
Its a classic negative / negative decision. Both options suck but one sucks significantly worse. Apple is morally obliged to help protect its customers as best it can and that means the FBI can't be the one making the changes.
Re:If it must be done Apple morally obliged to do (Score:4, Insightful)
Government overreach! Ain't it FUN! (Score:5, Insightful)
You know that "oppressive government" people are always talking about?
Here's the baby pictures kids!
"We won't abuse it, trust us", Round 74 (Score:5, Insightful)
In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state."
Of course it could lead to a police state. That's what this is all about, abuse of spying capabilities.
We just found out this week that your giant US-to-foreign email conversations database the NSA shares with you allows warrantless reading of the to: and other fields, not only without a warrant, but without even any tracking and logging .
This is the core of the Constitutional issues the Constitution is supposed to prevent -- people in power having the ability to spy on political opponents, using government powers.
What is to stop, or even notice, a rogue agent working for a politician spying on opponents on their behalf? Nothing, and not even a secret court nor the elected congressmen who are on a national security committee, and are nominally supposed to make sure it isn't abused, can even detect the abuse.
How are we to know this software won't be copied and abused to crack some stolen politician's phone? Of course this assumes you are stuffed looking at who they call, anyway, to feel out their political support networks, the meta info, that itself could be abused, and is warrantless.
What's to stop... (Score:3)
What's to stop Apple from creating a new corporation overseas and have them hold the IOS source code there? Apple USA no longer has access to the source code, and the new company tells the US Government to go suck an egg.
Contempt of court (Score:2)
I'm an Apple hater (Score:2)
but there is right and wrong and I think they should pack up and leave the US. I think that would be big bump for others to follow. As a Apple hater and a Canadian I for one would welcome the Apple job creating Overlords into Canada with open arms.
Private property was killed in the USA long ago (Score:2, Interesting)
Private property rights (that would have defended Apple in this case) were were killed in the USA the moment government was able to apply the Sherman's Act to dismantle Rockefeller's Standard Oil. This is not new, the only people who think this threat by the government Mafia is anything new are the ones who want to discriminate against some (for example discriminating against Rockefeller's right to private property is cheered by a large number of people).
Apple is the modern day Standard Oil. This case aga
Re:Private property was killed in the USA long ago (Score:4, Interesting)
Well, the Sherman Anti-Trust Act was 100 years before many of us were born. So you can hopefully forgive us if we think this is all new. Kids are coming out of public school after being told some ideal of how America works, and suddenly discover a very different reality in adulthood.
I think it is more telling that after breaking up Bell System in the 80's, the Baby Bells and independents of that era reform over the years under AT&T(SBC, BellSouth, Ameritech, PacBell, etc), Verizon (Bell Atlanic, GTE), and CenturyLink(Qwest/US West/Northwestern Bell). I can imagine AT&T or Verizon scooping up CenturyLink or Frontier Communication in the near future. In a way we're worse off because the monopolies of that era had some independent competition, but now even those independents are gone.
Apple could take the Microsoft approach... (Score:2)
Sadly not viable. (Score:2)
Re:Sadly not viable. (Score:5, Interesting)
That would constitute contempt of court - which is a bad idea.
That didn't stop Microsoft. When the court told Microsoft to remove Internet Explorer from Windows, they did so by leaving Windows in a broken state. The judge was astonished by this response. Microsoft was arguing that Windows and IE were one and the same, and presented the logical conclusion of removing IE. Many years of court litigation later, Microsoft eventually complied. By then, it was a moot decision as the marketplace had moved on to leave Microsoft in the dust.
Waste of time, won't stop uncrackable messaging (Score:2)
All this will accomplish is allow the gov. to peek into lazy and stupid criminals communiques. Apparently the FBI thinks the majority of the bad guys fall into this category. They may be right, as it stands now, but if they win, tha
Re:Waste of time, won't stop uncrackable messaging (Score:5, Informative)
All that is needed for unbreakable communications is a lengthy sequence of random bytes and an XOR operator. Otherwise known as a one-time-pad.
That comes up a lot. and it's usually wrong. [schneier.com] Basically, the weak part of encryption isn't the algorithm, it's the chain of trust. If you can successfully exchange one-time-pads, then you can successfully exchange keys and get good encryption. In fact, exchanging keys is easier.
. If the parties are at least marginally smart in picking and using the pad
Nah, there are a number of mistakes you can make with a one-time-pad, and schneier pointed out a few in that link from before.
Re: (Score:3)
Apparently the FBI thinks the majority of the bad guys fall into this category.
You are assuming that the FBI/... is after the ''bad guys'' that they claim that they are. Once the feds are able to break into communications they can snoop on all sorts of people: have you pissed off a powerful politician or hampered his business interests recently ? The USA is relatively benign - but when the keys become known (as they will) to 'law enforcement' in places like Egypt, Pakistan or Burma (Myanmar) then people will start to die or disappear -- or maybe I am just naive in assuming that the US
Re: (Score:3)
If that code fragment is detected then other methods will be used to try and find the plain text data if a computer like device was used.
Or a sneak and peek visit to add a set of cameras on site hoping the code is created by hand at the same location every time.
Bespoke gov created malware gets pushed down onto the cell phone or computer just for that user and then digital one-time-pad anonymity and privacy are gone.
Re "may be the even
First Amendment (Score:5, Insightful)
Can the government compel someone to say something they do not wish to?
As long as code is free speech (Bernstein v. the U.S. Department of State; Brown v. Entertainment Merchants Ass'n). And as long as the ruling of Citizens United v. FEC stands, it seems to me that Apple has a First Amendment right to STFU.
I hope this results in Apple stuffing the EFF war chest to keep that organization going. And the ACLU has made strong statements in support of Apple, but I predict the ACLU won't become involved in the case.
Re: (Score:3)
Well the Supreme Court has decided that the government can compel you to purchase something. Why can't they compel you to provide something?
Time to create a new version (Score:3)
"Please present your papers" (Score:5, Informative)
I remember seeing movies about life in Germany under Hitler. Whether accurate or not, random people were walking on the street and officers would mutter that command to people, and if they didn't have what was wanted - bang! You might disappear. It strikes me that where we're going in the US (land of the free!) is this direction. The government HAS to be able to see ALL of your papers - only they are now electronic records. And there CANNOT be anywhere that you can put things that the government shouldn't be able to get in. I wonder how we justify being able to take a walk of two people in the woods, without the government being able to "know", upon warrant, what was said? Should we also have microphones recording at all times so that *everything* is discoverable? And what about the government that starts bending the rules of court-issued warrants, to Hoovering up of ALL records on the phone, or the internet? "It's all for your protection, and for the children....".
Re:"Please present your papers" (Score:4)
"deine papiere, bitte"
Nazi Germany had a major advantage over the current state of the USA: There were no 1st, 4th or 5th amendments, but most importantly, no 2nd. The former cannot survive without the latter, if the Third Reich is any indicator of how badly that situation will devolve. Please keep this in mind if you ever think it's wise to pick and choose the rights that you agree with, and attack those that you do not. This is quickly turning into an all-or-nothing affair.
Re: (Score:3, Informative)
Um, the Nazis actually deregulated the gun control laws that were in place. See http://www.law.uchicago.edu/files/files/harcourt_fordham.pdf - p.20-21:
"[..] With regard to gun possession, the 1938 Nazi gun laws represented a further liberalization of gun control regulations.[..] [T]he 1938 revisions completely deregulated the acquisition and transfer of rifles and shotguns, as well as ammunition."
Granted, they did take steps to disarm the jewish people. But if you read up on the history of the Weimar Republ
sub-contrat signing offshore? (Score:3)
how the keys work (Score:5, Informative)
Just for your reference, the reason the encryption keys are so important / secret is that:
-- All recent (>4 year) Apple hardware has built-in encryption-dedicated processing hardware
-- This hardware has firmware burned-in with Apple public encryption keys that validate that any code has come directly from Apple without modification, on startup
-- This key validation structure is designed to ensure that only code signed by Apple's private key can run on the phone
-- Every iPhone has the same public keys burned on it, because that's how public keys work.
So if Apple is forced to give its private keys to the FBI (assuming the remote likelihood they even knew what to do with it), the FBI would have the ability to encrypt and sign software for any of these iPhones. The idea (legal argument-wise or technically) that "this is about one phone" is laughable.
Forcing someone to disclose encryption keys would be a huge violation of the First Amendment. If there is anything that qualifies as speech and knowledge, it is an encryption key / secret. Then on top of this, there is the question of whether the people at Apple who are in charge of the encryption keys (yes, individuals) would even voluntarily turn it over if given such a blatantly unconstitutional order.
I'm sure that even people within the FBI laugh at the notion that they could develop such code without fucking it up, deploy it, and maintain the secrecy of the keys and source code from outsiders.
And final note by the way, this legal filing was written so poorly as to be a joke. It reads like a summer intern wrote the brief after being dictated it by the paralegal to the Assistant US Attorney dashing out of a meeting.
5th Amendment? (Score:4, Interesting)
See John Oliver's take on this... (Score:5, Informative)
What surprises me from John Oliver's [youtube.com] take on this is that Lindsay Graham said we need to step back. Even he now knows that it's not a workable strategy for the government to get access to the phones.
How about this process? (Score:3)
Would this work?
http://getthemonourside.blogsp... [blogspot.com]
Obama's Brownshirt "Justice" Department (Score:3)
Are they trying to sink the only good thing going? (Score:3)
The US only has one good thing going right now for them: the IT and Technology sector. It has no manufacturing (that's all down in China now), and besides Google, Apple is the only big one in the game.
If the FBI forces Apple to give out their source code, this is how is see it playing out:
- Not only the US but the rest of the world loses confidence in Apple products.
- Apple stock drops like a sack of potatoes.
- Apple is forced to downsize: massive layoffs
- Poor sales of Apple products make having the source for iOS irrelevant (no one is using them) and the FBI ends up with its finger up its ass anyway.
Re:Are they trying to sink the only good thing goi (Score:5, Funny)
the FBI ends up with its finger up its ass anyway.
The FBI has had their finger up their ass since the day they were created. Hoover had a bit of a secret life.
Snowden is probably right (Score:3)
Remeber one of the major rules of security: If you have physical access to the machine, you have access to the data. If the machine can decrypt the data, then whomever has the machine can decrypt the data.
If the FBI is even remotely intelligent, the first thing they did upon seizing the phone was crack that sucker open and disconnect the battery to prevent any data self-destruct or remote wipe mechanisms from functioning. To consider the case where the FBI wants to brute force it like they have been claiming, there are probably a few different ways of getting at the data. The first thing you would want to do is get a byte-for-byte copy of the flash contents. This can probably be done via JTAG, but if it can't or it is considered too risky to try, the flash chips can be unsoldered from the board and sent read commands directly via a dev board. It is not like such hardware is hard to get or restricted in any way. Once the data from the flash chips is backed up, you can brute force without risk of losing something useful. Does anyone know of any reason this wouldn't work?
This means that all the instructions required to boot and decrypt the data are now available to be dissected offline, since the phone couldn't decrypt the data without those instructions. All that is missing is whatever the secret is that is used to encrypt the user data.
One exception to the "immediately unplug the battery" rule might involve putting the phone in some sort of ICE mode via JTAG without rebooting it so as to get a RAM dump of the running system. If Apple were sloppy, they might have left a copy of the secret in plantext somewhere in memory. I don't know if it is possible to inject instructions into an iPhone via JTAG that would allow this without rebooting the phone, but I'm sure that could be figured out on a test device first. Maybe "immediately remove the battery" should be replaced by "immediately put the phone in a Faraday cage with a charger."
In any case, what is most distressing about all of this is that both Apple and the FBI are clearly using this situation and the courts to get press that is favorable to their agendas. Apple wants everyone to think they are super pro-security, anti-government power, and the FBI wants everyone to think that they can't decrypt an iPhone without a backdoor. This is all just theater.
Re: (Score:2)
Constitutional rights (Score:5, Insightful)
Funny, all those rights didn't stop the government from rounding up the American citizens of Japanese ancestry into concentration camps.
Rights is what government lets you have when it's convenient. They all go into the trash the moment they become a hindrance.
Before you start talking about how the citizen soldiers or the police force will not stand for such things, most heinous acts in history are easily justify by a singular excuse of "just following orders."
Re:Constitutional rights (Score:5, Interesting)
In the end, our leaders are politicians - they do the things that their constituency will put up with. If this includes being KKK grand wizards and rounding up persons of foreign descent into concentration camps, it only does so because the majority of people put up with it and continued electing the officials that did that.
Re: (Score:2)
Re:Goverrnment (Score:4, Insightful)
Here is the thing.
As a fellow Oregonian, those Federal Lands are already shared lands. I have access to them, because they're Federally owned. The idea of taking those lands and giving them to "the county" to sell off to private parties, well guess what? I would no longer have access to those lands.
The only reason Oregonians didn't take up arms and join militias and go take back our shared lands, is that the FBI wanted to get them out their own (very slow) way.
We may be liberal, we may oppose many wars, but don't think Oregonians are unwilling to take up arms and defend the United States of America.
I just checked the political news, and I wouldn't be at all surprised if there is a Civil War II in my lifetime. We're here, we're ready, and we support the Constitution. The real one with words, not the imaginary one that says "no hippies, mmmmmkay"
Re: (Score:3)
The only argument you could make would be that the price the government paid was below market value. If that was true, those ranchers could sue for the difference. They don't file that suit, because it isn't true, and there is no Constitutional problem at all.
These are not lands that were recently taken, either, BTW. Or even lands that were ever taken. Most of Oregon is public land, and most of it was Federal land before Oregon became a State. These wannabe cowpokes don't even know the history of the land t
Re:Goverrnment (Score:4, Funny)
That guy has threatened to arrest "rascal" Apple CEO, if it comes up.
So, would sheriff Judd hesitate to arrest Cook himself?
Re: (Score:3, Funny)
Wait, I'm white. Does this affect me yet?
Comment removed (Score:4, Funny)
Re: (Score:3)
isn't DOJ law enforcement? or are you saying wait for shit to hit the fan first.
Re: (Score:2)
I know you're just trying to be funny, but when the shit hits the fan the military and law enforcement will be on our side, not the government's.
Duh-lease, don't make me laugh. What's the FBI? Time to move the source code and the signing key to Germany.Germany has a special hate for domestic spying. Heck, even set up a head office there and move the staff in charge of security there.
Re: (Score:3)
>>>move the source code and the signing key to Germany
Not to Germany. Rather putting the source into encrypted file system spread across multiple independent countries. (RAIJ, Redundant Array of Independent Jurisdictions). You can have the file system fragments here in the United States, the German, Irish, Chinese, Brazilian, . . . are of course not covered and need to be addressed in each country.
Re: (Score:3)
Much of the military will be on the citizen's side, but law enforcement has been operating in full-on "us vs them" mode against the citizenry for decades now. They're completely comfortable kicking in their fellow Americans' doors and shooting them in the street.
Re: (Score:3)
Maybe we could build a government for the people and by the people? Nah! Never happen.
Re: (Score:3)
Another lifelong Republican here, and what I'm hoping is that in burning down the old house we will get some new parties out of this. Can we hope for a Science And Technology Party being one of them?
express elevator down (Score:2)
Do you honestly think that Google won't voluntarily comply if Apple caves?
Re:Where are the gun nuts when you need them? (Score:5, Funny)
Yeah, we really need an amendment for the right to bear iPhones...
Re: (Score:3)
"We do. It's the amendment two over [wikipedia.org] from the right to bear arms"
In addition, forcing Apple to do work for the government against its will is a Thirteenth Amendment violation. We haven't had one of those for some time.
Re: (Score:3)
This argument has been suggested, but it presupposes an expansion of eminent domain to human labor. This has not happened yet, even with the current SCOTUS.
Re: (Score:3)
So the government really is trying to take our guns.... :-D
Re: (Score:2)
Re: (Score:3)
Interesting. We have something you don't like coming from a sitting democrat administration and you somehow are insistent that it is the republican's fault.
Re: (Score:2)
IT'er my ass.
Re: (Score:2)
iTear? is that a new fbi app
Re:After reading this, i started wondering... (Score:4, Interesting)
You really should read up on American history... start with Watergate. The reality is that fully encrypted communication channels are the lesser of two evils here... and fully encrypted communication is no different than "taking a walk in the woods" 200 years ago. The underlying idea is that thought is not a crime, speech is not a crime, and full access to my device only gives you my thought and speech. This has nothing to do with guns, you are mistaken about that. Gun control is about individual protection... encryption is about national protection.
Re: (Score:2)
And seriously, who the hell is gonna hack your mobile phone?
Russian hackers looking for banking information and passwords on stolen phones, comes immediately to mind.
Re:After reading this, i started wondering... (Score:5, Funny)
> And seriously, who the hell is gonna hack your mobile phone?
I really hope you're never put in charge of anything important.
Re:After reading this, i started wondering... (Score:5, Informative)
You know those TSA approved luggage locks? The Washington Post did a story on them, and included pictures of the master keys.
Someone saw this and used the photos to make a functional 3D-printed set of keys. All of those TSA approved locks are useless now.
It is impossible to make a backdoor that only the "good guys" can use. It *will* get leaked, stolen, or cracked.
Re: (Score:3)
Re:After reading this, i started wondering... (Score:4, Insightful)
Those TSA-approved locks were already useless against someone with a $40 set of linesman's pliers, but your point still stands.
I'm very curious how, like a key, using nothing but your linemans pliers you can remove the lock, rummage through and replace items in the luggage, and then put the lock back on leaving no trace of break-in what so ever.
Specifically that last part. It never worked for me with bolt cutters or torches.
Could you detail your methods for me please?
Re: (Score:3)
How did the police even do their work back in the days before smart phones? Talk about a complex of entitlement vs doing hard work.
I as a citizen at this point I could care less if that phone contained codes to disarm a nuclear bomb. I choose civil rights over government entitlement.
I so want the government to storm into apple like they say. Let's make this a presidential issue. This has totally blown up in the democrats faces. They better switch sides or there is no way Hillery is going to get elected whic
Re: (Score:2)
The argument against backdoors is not against law enforcements' ability to gather evidence. Most of us would like to give law enforcement every ability to legally obtain all the evidence they need.
The argument is against the very concept of backdoors and the fact that have been proven time and time again that a backdoors means no security at all, not just no security against governments, but no security against foreign governments, scammers, hackers or anybody at all.
Backdoor == no security.
Re: (Score:2)
Perhaps the hard line stance isn't too important where you liove, but here we have law enforcement that routinely breaks the law (including blackmailing the president). We absolutely do need absolute protections to back up our often ignored Constitutional rights.
Re: (Score:2)
Re: (Score:3)
Look, you compare gun control and encryption control again and I'm going to shoot you right in the heart with the AES-256 algorithm. Then I'm going to hide the evidence in a gun. The perfect crime.
Re: (Score:3)
Wait 4 years till the import restriction legislation gets passed and kicks in.
Contempt of court is a bastard (Score:2)
Re: (Score:2)
Wrong... you can't sue a government agency into oblivion... only it's people.
Re: (Score:2)
Yea, China feels strongly about people's civil rights.
FFS.
Re:Apple still has the nuclear launch codes (Score:4, Interesting)