Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Android Encryption Google Government IOS Iphone Security United States Apple Your Rights Online Politics

ACLU Shows How the Apple-FBI Fight Was About Much More Than One Phone (theverge.com) 155

Russell Brandom reports for The Verge: Apple's San Bernardino fight may be over, but the government is still seeking both Apple and Google's help in unlocking phones. New research from the American Civil Liberties Union shows 63 different cases in which the government compelled help from Apple or Google in unlocking a handset. It's unclear how many of the orders were filled, although companies often complied with such orders where possible before last year. The bulk of the cases target Apple, but nine of the orders also look to compel Google's help, typically to reset the password on a given device. The devices include phones from Alcatel, Kyocera, and Samsung, many of which shipped without the default device encryption that blocked the use of traditional forensic tools in the San Bernardino case.
This discussion has been archived. No new comments can be posted.

ACLU Shows How the Apple-FBI Fight Was About Much More Than One Phone

Comments Filter:
  • Is it ever in, your opinion, acceptable for the law enforcement to demand (through courts) other parties' cooperation in accessing encrypted data?

    If yes, please, list the circumstances, which would make it acceptable and explain, why the "San Bernardino" case was different. Thank you!

    • by Anonymous Coward

      Yes, if a warrant has been issued given probable cause, then assuming the third party is fairly compensated for their efforts, then assistance in accessing the one device is acceptable. The problem is in the San Bernadino case, that's not what was asked for. They asked for a tool which could then be effectively used for all devices, and in the past have asked for legislation to require access that would allow them to access anybodies device, regardless of warrants. And this technology would always be the

      • What the FBI asked for was a crack specialized to that one phone, and specified that the actual cracking could by done at an Apple facility, provided the FBI got access to the information. If the order had stood, it would have (a) been a precedent, and (b) forced Apple to create such a tool, which means they could be forced to apply it whenever the court ordered (the All Writs act has been held to compel a third party to use a tool they already had). While the actual court order was for one phone, the ef

    • by Dutch Gun ( 899105 ) on Wednesday March 30, 2016 @03:12PM (#51810055)

      The "San Bernardino" case was different because the FBI was trying to compel Apple to write new software to assist them in breaking their own phone. Apple had been cooperating with the FBI up until that point, including providing them with a copy of the phone's backed up data from several weeks prior. I don't believe the government should be able to compel someone to write code against their will.

      Generally speaking, I have no problems with law enforcing requesting assistance in accessing encrypted data, but keep in mind this whole push for encryption on consumer devices and on the web in general partly came about because the government was caught spying on its citizens. As such, I take a pretty dim view of this same government and their rumblings about wanting to require a back door (and they just *hate* that term) in all encrypted products, because they've demonstrated they can't be trusted with that sort of responsibility. Not only have they demonstrated an absolute willingness to snoop on absolutely everyone, they also have a pretty poor track record in keeping secret data secure. How many breaches shall I cite? How long before foreign governments *cough China* has access to those universal keys as well?

      • by mi ( 197448 )

        The "San Bernardino" case was different because [...]

        Different from what?.. You are answering the second part of the question without answering the first: is ever Ok for the police to demand other parties' cooperation?

        they also have a pretty poor track record in keeping secret data secure. How many breaches shall I cite?

        Cite two, please.

        How long before foreign governments *cough China* has access to those universal keys as well?

        Please, China already gets Apple's cooperation [slashdot.org] — the company only plays "f

        • by Anonymous Coward

          Ok, here you go.

          The IRS [slashdot.org] was hacked, multiple times [google.com].

          But that's only one agency. I'm sure the rest of the Government agencies are secure, right?

          Oh wait [google.com]

          It seems that anyone who filled out a background check, or was used as a reference, or who's name came up in the course of the investigation, had their information compromised [slashdot.org].

          You were asking for two cites. Just use google to search for slashdot references, and they spill out. You don't even need to search the wider web.

        • I already stated: "I have no problems with law enforcing requesting assistance in accessing encrypted data". In particular, is it acceptable to demand cooperation through the courts? Sure: that's at the heart of the All Writs Act. But I feel that in this case Apple was within its right to argue with the court that this was too far a stretch for existing legal precedent, for reasons I already stated.

          I don't believe for a minute that Apple is some saint (I don't even own an iPhone), but that doesn't mean t

    • by eam ( 192101 ) on Wednesday March 30, 2016 @03:18PM (#51810111)

      It is, in my opinion, acceptable for law enforcement to demand cooperation from third parties when that cooperation is limited to turning over data which the third parties have in their possession. So, for example, if Joe Smith backed up his criminal plans to Apple's servers, and Apple has access to those backups, then it would be reasonable for Apple to turn them over to law enforcement when law enforcement presents a court-issued warrant for the backups.

      The San Bernardino case was different because Apple didn't actually have the data in its possession. What the FBI wanted was not the data, but instead they wanted Apple to crack the security on the phone. One reason that is different is because it harms Apple to even admit that the cracking is possible. Apple was not a conspirator. The government should not have the ability to harm a private company to solve a case that the company is not involved in.

      Put another way, if someone used a motel room to plan a terrorist attack, it would be reasonable for law enforcement to demand, again through a warrant, that the motel manager unlock the room. However, it would not be reasonable for them to go to the company who made the locks the motel uses and insist that they provide a master key. Even if the FBI accidentally dropped the only key to the room down a sewer grate, it would still be unreasonable to have the lock manufacturer reduce the security of their product.

      Of course, all of that is just my opinion (which is what you asked for).

      • Re: (Score:1, Insightful)

        by mi ( 197448 )

        The San Bernardino case was different because Apple didn't actually have the data in its possession.

        Could you elaborate, why this makes a difference?

        However, it would not be reasonable for them to go to the company who made the locks the motel uses and insist that they provide a master key.

        I do not think, this is what happened... More like the FBI asked the lock-maker to pick a particular lock...

        Even if the FBI accidentally dropped the only key to the room down a sewer grate, it would still be unreasonable

        • by eam ( 192101 )

          > Could you elaborate, why this makes a difference?

          I have to admit that the difference I mentioned was more of a feeling I have, but let me try to figure out why I feel that way.

          If Apple had the data, they could hand it over without suggesting any vulnerability that wasn't already known to exist. In this case, they no longer had access to the data. They had to create access to the data. For me, that active creation of a vulnerability where none existed before is the core of the distinction.

          I'd also li

    • by Qzukk ( 229616 ) on Wednesday March 30, 2016 @03:24PM (#51810169) Journal

      Yes, when the party in question has the key to the encryption, it is acceptable for the FBI to subpoena the party in question to provide the key. As part of due process the party in question can then attempt to quash the subpoena if it has grounds to do so.

      This is different than "write a new operating system and install it on this phone so that we can access the data without having the key" (or, if you consider the lavabit case: "rewrite your application to collect the user's key so that we can subpoena it from you" or from the traditional safe perspective "invent a new drill that can drill into your drill-proof safe"). What I want to know is whether the FBI was even planning on paying Apple for their work in developing a new operating system or were they just expecting Apple to slave away for them for free?

      • by mi ( 197448 )

        "write a new operating system and install it on this phone"

        You seem to overstate the complexity of the task required here... Just a bit, no?

        • by Qzukk ( 229616 )

          You seem to overstate the complexity of the task required here

          I don't believe so. There are two steps here:

          1: Build an OS that allows access to the data without knowing the key. For this particular phone this isn't that hard, since it doesn't have the secure enclave. The only thing that has to be done is to remove the timeout/lock after failing to enter the PIN so the FBI can enter all 10000 combinations from 0-0-0-0 to 9-9-9-9 and hope that the guy didn't use a longer PIN.

          2: Install this OS onto a locked

          • Build an OS that allows access

            Phlease... Claiming, they had to "build on OS" implies an amount of work comparable with, you know, creating an OS, when in fact all they had to do was slightly modify their existing OS to disable (comment-out) the data-destruction functionality, which would've kicked-in upon too many invalid PIN-entries.

            This would've been less work, than hackers were/are doing to disable various license-checking parts of binary files.

            And certainly far less work than, for example, Ubuntu did,

            • by Qzukk ( 229616 )

              Setting aside the fact that you are completely ignoring step 2 (I assume since it is not as easy as you wished it was), what exactly does the amount of effort required have to do with it? Whether the level of effort required to create it is high or low, the government is demanding that Apple produce a thing it does not have.

            • IIRC, the demand was an OS that would eliminate the lockout delay, eliminate the wipe-after-ten-tries, and which would allow the PIN to be entered electronically. That last was probably the biggest task, although without access to the source code neither you nor I know for sure.

    • by Sloppy ( 14984 )

      Is it ever in, your opinion, acceptable for the law enforcement to demand (through courts) other parties' cooperation in accessing encrypted data?

      Mu.

      It's not ever acceptable for other parties to have the capacity to help (except maybe to lend their supercomputers). If a cryptosystem can be modified to reveal (without the attacker knowing the key) something that is already encrypted, then that cryptosystem is hopelessly defective to a comical degree. (Why isn't this bloody-fucking-obvious to everyone?) If Gn

  • WTF (Score:4, Insightful)

    by Hentes ( 2461350 ) on Wednesday March 30, 2016 @02:35PM (#51809795)

    So Apple complied with the requests in drug cases but started a big fight over a terrorist? Did they change their policy or is there a technical difference between the cases?

    • The funniest part of the whole case was that it was a government owned phone. The FBI should have been able to gain access without any issue, but Apple decided that they wouldn't help in this specific case...

      Though all the conspiracy theories going around do come very close for second place.

      • by Gr8Apes ( 679165 )

        The funniest part of the whole case was that it was a government owned phone. The FBI should have been able to gain access without any issue, but

        Incorrect, Apple was still happy to have the government access the phone, as that's a simple factory reset. What the government wanted was the data, which was still possible until the FBI purposefully removed the only avenue by having the iCloud account password reset. All of a sudden, the only way in was through the locks. I'm pretty sure those locks will be even harder to circumvent come the iphone7. Android manufacturers will likely follow shortly thereafter, as they all seem to be taking a following rol

        • The FBI and city of San Bernadino both have a legal right to access the data, so why is it Apple's choice about if they will help them? Also, why the big fight over this one, when they are more than happy to open up iPhones in other cases?

          Simple side note here - if the government had been properly managing its devices and maintaining their own backups, none of this would have mattered.

          As someone who does this job for a government agency, I totally agree. It is not Apples prerogative however to deny a city, state, fed, or even company's access to their data.

          • Re:WTF (Score:5, Insightful)

            by Frosty Piss ( 770223 ) * on Wednesday March 30, 2016 @03:42PM (#51810301)

            The FBI and city of San Bernadino both have a legal right to access the data, so why is it Apple's choice about if they will help them?

            Sure, at the very least, San Bernardino has a "right" to the data on the phone. That is separate and different from saying that Apple is obligated to crack the phone for them.

          • > The FBI and city of San Bernadino both have a legal right to access the data, so why is it Apple's choice about if they will help them?

            I have a legal right to shit in a cup, smear it all over my balls, then rub my shit-covered balls against the wall, so why is it your choice whether you will help me do so?

          • by Gr8Apes ( 679165 )

            The FBI and city of San Bernadino both have a legal right to access the data, so why is it Apple's choice about if they will help them? Also, why the big fight over this one, when they are more than happy to open up iPhones in other cases?... It is not Apples prerogative however to deny a city, state, fed, or even company's access to their data.

            So I have a government bought business card and I write a note on it and then burn it. Is Hallmark obligated to help recover my note? That's analogous to what the government wanted from Apple.

            • So, Apple helps out in other cases, but this one, this one is just not going to happen!

              Seems like an odd stance to take when they have no problem doing it in many other cases.

              http://www.thedailybeast.com/a... [thedailybeast.com]

              • by Gr8Apes ( 679165 )
                It's one thing to open something that can be opened, it is another to build a completely new toolset (gratis) to open a locked box. Take a lock box at a bank. They cannot be opened by the manufacturer. Someone has to be paid to come out and drill it out properly, which is analogous to what happened with the San Bernardino phone.
                • No one asked Apple to make a free patch. It was to be paid for.

                  Many times the police will contract with safe manufacturers to break into a safe they need access to. Also, the banks will open a safety deposit box for the police with a warrant, so I am not sure why they would have someone drill it out. You could even have a locksmith pick the lock, it isn't like those locks are especially secure.

                  • by Gr8Apes ( 679165 )

                    No one asked Apple to make a free patch. It was to be paid for.

                    Many times the police will contract with safe manufacturers to break into a safe they need access to. Also, the banks will open a safety deposit box for the police with a warrant, so I am not sure why they would have someone drill it out. You could even have a locksmith pick the lock, it isn't like those locks are especially secure.

                    I don't recall seeing anything in the order about a contract being negotiated or a payment to be determined. It was just "you will assist".

                    The bank I use has to hire a contractor to drill out the safety deposit box if the keys are lost. There are no other options. I'm sure if picking the lock would be easily done, then that option would be used.

          • The FBI and city of San Bernadino both have a legal right to access the data, so why is it Apple's choice about if they will help them?

            First, because the court order didn't ask for Apple to help access only that data, it asked Apple to provide a tool for the government to access all data, including on any other iPhone (of the same model, at least) owned by other people. Second, because the court order compelled speech: it required Apple to write new code, and code is speech. The First Amendment guarantees r

            • You know, I'm having trouble finding where they asked Apple to "it asked Apple to provide a tool for the government to access all data", can you point to it in the order?

              https://www.documentcloud.org/... [documentcloud.org]

              I see where it says they want a tool that is keyed to this specific phone, so it would be rather inconsistent to also ask for a tool to unlock any phone they like. After all, that isn't how the legal system works, they have to get permission from a judge to unlock every single phone.

              • You know, I'm having trouble finding where they asked Apple to "it asked Apple to provide a tool for the government to access all data", can you point to it in the order?

                https://www.documentcloud.org/... [documentcloud.org]

                I see where it says they want a tool that is keyed to this specific phone, so it would be rather inconsistent to also ask for a tool to unlock any phone they like. After all, that isn't how the legal system works, they have to get permission from a judge to unlock every single phone.

                You obviously do not understand how the software update process works. What they requested Apple to do would have worked on every single iPhone 5c in the world. It may have worked on other model phones, as well. They were asking for a master key for all iPhone 5Cs. And why should the FBI get it? If the NSA is doing its job, they have already illegally captured all the meta data for communications going into and out of the phone. San Bernadino County could have configured the device properly. The FBI

                • Page 10 of the linked document (retyped due to no copy paste)

                  Importantly, the SIF would be created with a unique identifier of the SUBJECT DEVICE so that the SIF would [underlined]only[underlined in text] load and execute on the SUBJECT DEVICE

                  So, no, I don't think I am misunderstanding anything. It sounds like you might be falling for the propaganda that Apple is putting out there though. The order is right there in black and white, you can read the thing for yourself.

                  • Look, maybe I should get the Easter Bunny to explain it to you. You do believe in the Easter Bunny, don't you? You do seem to implicitly trust the FBI.

                    Since I don't...the FBI wrote it as a request to break one phone, and then used it in a context where it would both create a precedent and force Apple to create a tool. After the FBI got the useless information from the phone, they had a batch of phones lined up for the exact same treatment.

                    The phone almost certainly didn't have useful information on

                    • Your conspiracy theories of what the FBI may be up to have nothing to do with the entirely wrong things that were said. Your belief in the Easter Bunny notwithstanding.

                    • Let's look at the situation. The San Bernardino shooters destroyed their own phones, presumably to stop the FBI from getting useful information from them. One shooter had a work phone, which the FBI had access to, which might have had something useful on it. The FBI ordered the country government to change the password on it, rendering it inaccessible. About a couple of months later, the FBI decided it needed to get the information off that phone, and got an ex parte court order for Apple to do certain

          • The FBI and city of San Bernadino both have a legal right to access the data, so why is it Apple's choice about if they will help them?

            You locked yourself out of your car, why am I obligated to help you get into it?

            It is not Apples prerogative however to deny a city, state, fed, or even company's access to their data.

            By refusing to assist you in unlocking your car I am not denying you access, I am simply not assisting you.

          • The FBI and city of San Bernadino both have a legal right to access the data, so why is it Apple's choice about if they will help them?

            The city should have backups and recovery keys if they intend to recover data from an encrypted device. Yes, they own the data, and that means they are responsible for ensuring the availability and integrity of their data.

            On iPhone 5 and older, there is no secure enclave and Apple can push iOS updates without the device being unlocked. During development, Apple chose to create versions of iOS that always wiped crypto keys on repeated PIN failures. They have never created a product that can recover or unlock

    • by AHuxley ( 892839 )
      Think back to PRISM. That worked well for both the brand and gov but could not be mentioned in court or to the press.
      An entire generation of older cell phones had older tech that could be recovered per device so that covers the past legal "help" question.

      The next step was for the US gov to ask for a master key that the gov could use on any phone for any reason and that the brand would have to make.
      The US gov would have conscripted a computer system that they could use for generations of phones without
  • I'll start giving a damn about the ACLU when they start treating all our rights as fundamental - not just the ones they like.

    • The ACLU believes we should all have freedom from ever seeing any religious practice. I don't even know how you could say they believe in any freedoms.

      • The ACLU believes no such thing. However, they do believe that no religious practice should in any way have anything to do with the government. Sorry if you don't get the distinction.
    • by Holi ( 250190 )
      The ACLU has been quite clear on their interpretation of the 2nd Amendment (a collective right not an individual right). An opinion that was shared by TPTB up until Heller.
    • Why? They stand up for a lot of rights, some of them highly unpopular. Do they have to stand up equally for each and every one, or can they use their limited resources more strategically?

      For example, there are already large and powerful organizations defending Second Amendment rights. Why would the ACLU need to add to that effort with money that could go to another First Amendment case (there being no comparable organizations for the First)?

  • How is unlocking a phone any different than cracking a safe full of documents?

    • by mark-t ( 151149 )
      To put it plainly, you can always potentially force a safe open without using the actual key or combination to the safe by physically compromising its structure. Subjecting the safe to physical forces or energies beyond its tolerance limit and the safe will invariably open. If you do that to a phone, however, you won't have anything left to retrieve. So in a sense, the only way to access a locked phone is with a key that the phone recognizes as being correct. This means that the process of unlocking a
  • By the way... (Score:5, Interesting)

    by Frosty Piss ( 770223 ) * on Wednesday March 30, 2016 @03:59PM (#51810481)

    Simply because the FBI says they "cracked an iPhone 5c does not mean they actually did. More likely is they did not but knew that they would lose the case and didn't want to set a precedence. They knew very well that in all likelihood, the iPhone contained nothing. The terrorists used burner phone which they destroyed, why would they use a work issued phone at all for anything but work?

    • Simply because the FBI says they "cracked an iPhone 5c does not mean they actually did. More likely is they did not but knew that they would lose the case and didn't want to set a precedence.

      Or more likely the iPhone 5c lacking the security features of other phones was actually cracked by any of the many methods suggested in these articles including the known power cycling bug that prevents the phone wipe after 10 attempts.

      We're not talking about the latest and greatest here.

  • it is that "Legal warrant described search" is NOT the normal use for spying on citizens as undertaken by the NSA
    What we all need to remember is, the NSA wants an open look at all records of every call, every link, every note, such that the 4th Amendment will simply disappear for law enforcement
    3/4 of all prosecutions using FISA warrant search are used for DOMESTIC DRUG ENFORCEMENT, a situation which begs us to remember that every Congressman has a file to be used anytime debates about how much money to giv
  • Even if Google wanted to be part of the solution (and since they view the user's privacy as their product that's a big assumption) their inability to control OEMs makes me want to abandon them for Apple. That's saying something since I absolutely deplore the manufacturing standards that Apple upholds w.r.t. their contract factories like Foxconn, but I think that it's something that we are going to have to start thinking about in the future!

    Will

"Never face facts; if you do, you'll never get up in the morning." -- Marlo Thomas

Working...