Slashdot Asks: Should FBI Reveal to Apple How to Unlock Terrorist's iPhone? (latimes.com) 286
After reports that the FBI managed to unlock an iPhone 5c belonging to one of the San Bernardino shooters without the help of Apple, Apple is now the one that needs the FBI's assistance. "The responsible thing for the government to do is privately disclose the vulnerability to Apple so they can continue hardening security on their devices," said Justin Olsson, product counsel at security software maker AVG Technologies. However, many experts in the field believe that the government isn't legally obligated to provide the information to Apple. As mentioned in Los Angeles Times, this creates a new ethical dilemma: Should tech companies be made aware of flaws in their products, or should law enforcement be able to deploy those bugs as crime-fighting tools?
Didn't (Score:3, Insightful)
They didn't hack the phone - they're just trying to save face by saying they don't need Apple's help anymore.
Re:Didn't (Score:4, Insightful)
And convince terrorists worldwide to use other - less secure - phones. It's not the best outcome for them, but it's better than getting handed their ass in the PR battle, like they were.
Re: (Score:2, Flamebait)
Apple has said from the start that the security on the phone in question was hackable, and that further generations include things like secure enclave that make the only possible means for hacking this particular phone obsolete.
That's why the case was bullshit from the beginning. The FBI could give a fuck about this particular phone, they wanted a precedent on record that Apple had to write custom big brother software (and digitally sign it so it could be installed without wiping the phone, potentially even
Re:Didn't (Score:5, Insightful)
Logically, especially since it is well known that Apple has plenty of cash on-hand to buy things, Apple should buy the vulnerabililty, instead of expecting to get it for free from the Feds. How greedy do you think ordinary folks are willing to let Apple be, in such circumstances?
Re: (Score:3)
Well, you know how much iOS vulnerabilities go for? Bug bounties that are offered by Google, Microsoft and everyone else pale. $10K? peanuts. An iOS vulnerability sells for $1M. Yes, a million dollars. Hell, Android vulnerabilities
Oy vey (Score:2)
Overheard at the synagogue: "... and I said why sell it once when you can sell it twice? Do these goyim take me for a schlemiel already?"
Re: (Score:3)
Re: (Score:3)
Both the EU and US have first-to-file patent systems now. They don't have to create it first - they only have to patent it first.
This is actually an interesting legal strategy. If someone were to patent a general method for, say, sql injection or a buffer overflow, they could theoretically sue anyone who used it. I wonder how that might play out.
Re: (Score:2)
The "bug" was that the key was not stored in a TPM like device. It was already corrected in the newer iPhone 6 phones.
a bootloader hack that unbelieviable? (Score:3)
is it really that far fetched for the israeli company to have a bootloader hack or code injection-after-boot-but-before-unlock hack?
because that's all that was needed for hacking the pin protection system on iphone 5C. if you have that, then you can prevent the system from wiping the encryption key after 10 attempts and can attempt the right pin code infinitely.
and apple 99.99999% probably already knows how they did it, so whats there to tell.
and has usa gov been telling such things? no.
fbi is just pissed t
Re:Didn't (Score:5, Interesting)
Of course they hacked the phone.
There is a very easy, very reasonable trick that is guaranteed to work to get the data out of that phone with minimal risk (assuming it has a 4-digit PIN). It's not a mistake, it's not a bug, it's not something anyone has to "discover". It's simply an attack outside the threat model that Apple used when designing that particular iPhone (and, with minor differences, all currently released iPhones). I have no doubt Apple knows full well it will work and knew it would work when they designed the phone (it's blatantly obvious, and Apple's security engineers aren't idiots) - protecting against it is just not trivial (it cannot be solved by software, it requires support hardware) so, to this date, they've chosen not to. In fact, they added a minor roadblock against it on newer phones (but only a minor one that can also be bypassed - because doing better is Hard(TM) and costs money), which demonstrates they are fully aware of it. I explained how it works here [marcan.st] (search for "replay attack"). I'm not the first one to mention this approach.
Making iPhone secure against all physical attacks is impossible. If your PIN is bruteforceable (as is the case here), then security relies on the PIN attempt counter. An attacker with physical possession of the phone can always find a way in. Apple just has to decide how much effort (and money) they want to put into making that harder. The current bar is at approximately the "a couple experienced hardware/software hackers and a couple thousand dollars in R&D costs" level. With some more money/effort they could raise it to the "a crazy dude like Chris Tarnovsky and a medium-budget silicon hacking lab" level. It's not going to get to the "noone will practically be able to do it" level without making the iPhone into a tamper-resistant hardware security module with physical defenses (i.e. not something likely to fit in your pocket).
It still baffles me why everyone is so concerned about how the FBI got in, when we know an easy way in already.
Re: (Score:2)
Quick question...if the San Bernadino shooter had locked his own phone (by intentionally password failing 10 times) before he left, could anyone get into it?
Re: (Score:2)
Assuming the "Erase data after 10 failed passcode attempts" option was enabled, no.
Re: (Score:2)
RAM-resident firmware is still firmware. Ever used a Linux machine? Ever looked in /lib/firmware? All of those are firmware files to be loaded into RAM on various devices that require RAM-resident firmware to run.
Originally I actually used the words software and firmware interchangeably in the article, because the distinction is pretty much moot with devices like the iPhone which blur the line between embedded devices and general purpose computers, but I changed them all to "firmware" for consistency, to av
Re: (Score:3)
Re: (Score:2)
You are Joe_Dragon AICMFP.
Obviously the FBI should keep quiet. (Score:2)
Obviously the FBI should keep quiet.
That way they can hack the phones of government officials with impunity.
Re: (Score:2)
Actually I believe that they had a court order so this did follow all legal requirements for a search.
Yea the FBI will not say a word.
Re: (Score:3)
Not true the FBI did not ever have a warrant for the data.
The FBI had permission.
Example, a police officer knocks on your door. You invite him inside. The officer sees your heroin needle. The officer can arrest you, because you gave him permission to search your home.
Or
A police officer knocks on your door. You kerp him outside, you tell the officer to come back with a warrant. The officer suspects from the conversation you have drugs, he gets a court order to search your home.
I really wish everyone u
Re: (Score:2)
Example, a police officer knocks on your door. You invite him inside. The officer sees your heroin needle. The officer can arrest you, because you gave him permission to search your home.
OK, so is it possible now that Apple will file a lawsuit against San Bernadino county for soliciting and giving the FBI permission to conduct activities such as reverse-engineering or disassembly which are prohibited by the software EULA?
What happens if you're at a neighbor's house, and you let the officer in (with
Re: (Score:2)
I was not aware of that permission was given.
Seems even worse for Apple then. The owner of the device gave permission and Apple still refused to help. There was zero privacy issue in that case.
Re: (Score:3)
Sure, if said government officials will hand over the phone to be disassembled. Recall that this particular hack is likely NAND mirroring. That requires removing the CPU. Not something you would tend to do in bulk.
Re: (Score:2)
The US gov had that hidden win with PRISM and ICREACH https://en.wikipedia.org/wiki/... [wikipedia.org]
The cost of parallel construction was not great but the risk of a court of expert teams finally asking questions about the origins of a case was not always risk free.
Hidden cell phone tracking, voice prints and decryption get decades of easy access to start to build a public case.
The press, lawyers, tech experts in the US could slowly see that not all cases got built on informants, ex convicts,
Re: (Score:2)
I don't think it matters. Apple must know that the phone can be broken into - and now have a large hint it is possible.
But I don't believe it is the gov't who needs to tell Apple this - Apple could hire the same company and ask them how they did it.
From an ethical hacking point of view - maybe the gov't does have a responsibility to report a vulnerability to the vendor if the attack is "simple" and poses a clear danger to the security of Americans. I believe it is a balancing act with two possibilities.
I
i thought every one already knew (Score:2)
0000
sure they should... (Score:2)
Apple adds a condition to its contract (Score:2)
Re: (Score:2)
Real world contracts don't work that way. Such clauses would simply be considered invalid.
DMCA? (Score:5, Insightful)
Shouldn't Apple be chasing after them for circumventing the encryption and digital rights management system on the phone? Its what they do to people coming up with jailbreaks... why would this be diffrent?
Re:DMCA? (Score:5, Funny)
because its not illegal when the president does it.
Re: (Score:2)
the courts, citing sovereign immunity
Nixon must be rolling in his grave.
Re: (Score:3)
Re: (Score:2)
Re:DMCA? (Score:5, Informative)
Re: (Score:2)
That would essentially make them their agents. I don't mean it like an actual FBI agent but someone representing their interest which technically makes them the same.
http://legal-dictionary.thefre... [thefreedictionary.com]
Re: (Score:2)
Re: (Score:2)
Shouldn't Apple be chasing after them for circumventing the encryption and digital rights management system on the phone? Its what they do to people coming up with jailbreaks... why would this be diffrent?
I was thinking about that federal law about "Unauthorized Access to a computer" and/or the "circumventing security measures" law. Both the FBI and/or the supposed "hackers" are guilty of these felonies, period.
And before you say "Court Order", I believe it was just a PROPOSED Order; I don't think it ever became a real Order. And besides, even a Court can't enter an Order to Break the Law...
Re: (Score:2)
I was thinking about that federal law about "Unauthorized Access to a computer" and/or the "circumventing security measures" law. Both the FBI and/or the supposed "hackers" are guilty of these felonies, period.
Be specific.
Laws often have exceptions for law enforcement, and even when they don't, prosecutors have a massive amount of discretion in who they prosecute.
It turns out the FBI is allowed to do a lot of things we would not want private citizens to do. Like running their own heavily armed hostage rescue team.
Realistically, this is a balancing question--needs of the state vs. privacy, for a relatively old phone that will be out of circulation in a few years anyway. So it's not terribly important whether the
Re: (Score:2)
It turns out the FBI is allowed to do a lot of things we would not want private citizens to do. Like running their own heavily armed hostage rescue team.
I think you could make a case for a private armed hostage rescue team, and I would guess that such an entity has existed for a long time, whether it was the Pinkertons or something like Blackwater.
Arguably it would be preferable to have the police handle a kidnapping rescue, but you can probably invent circumstances where involving the police didn't work somehow -- expediency, corruption of local law enforcement, some kind of overseas situation.
There's obviously a huge legal minefield here when you get into
Re: (Score:2)
"period" belongs to spoken language. In written language there is a symbol for it.
You have a weak grasp on the English language, period.
Re: (Score:3)
Re: (Score:3)
I doubt they could succeed in this manner. Regardless of what the DMCA says, there's the principle of rex non potest paccare, translated roughly to the King can do no wrong. It's not codified in US law anywhere, but this is the legal doctrine of sovereign immunity. I don't see any exception to sovereign immunity that would allow Apple to succeed in bringing such a suit against the US government. The only way this would work is for Congress to specifically allow such a lawsuit, which seems highly unlikely.
Fine. But what about the NON governmental agency that allegedly did the hacking? I'm not at all sure they inherit that bogus Sovereign Immunity, especially since there was never actually a Court Order, only a Proposed Order.
The "bad guys" want to know too (Score:3)
If the FBI does not reveal the hack so they can hack other phones, well that means the bad guys can also continue using that hack. After all we know that there are now at least 3 organizations who can access a locked iPhone 5c without the owner's password.
Re: (Score:2)
They're probably living in a fantasy world where the Good Guys(tm) have secure encryptions, but anyone else can be cracked.
How that's quite supposed to work, I cannot guess.
Re: (Score:2)
Nope, Due Process. (Score:4, Informative)
...or should law enforcement be able to deploy those bugs as crime-fighting tools?
Um, no, law enforcement doesn't get to skirt around due-process just because it's inconvenient.
Re: (Score:2)
Hah yep. This case in particular irks me because if I were to take an agent's phone and use an exploit to get into their personal info (not even official bidness data, I'm talking just pulling out a photo of his cat or something) I'd end up in a PMITA prison.
What makes you think they don't already know? (Score:2)
We Should Just Bend Over And Take It. (Score:5, Insightful)
How's that shilling indifference going for you? (Score:2)
Re: (Score:2)
this is not unknown (Score:5, Informative)
https://www.whitehouse.gov/blo... [whitehouse.gov]>href=https://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities
The considerations described here (in whether to reveal or keep secret a vulnerability) cover:
-- How much is the vulnerable system used in the core internet infrastructure, in other critical infrastructure systems, in the U.S. economy, and/or in national security systems?
-- Does the vulnerability, if left unpatched, impose significant risk?
-- How much harm could an adversary nation or criminal group do with knowledge of this vulnerability?
-- How likely is it that we would know if someone else was exploiting it?
-- How badly do we need the intelligence we think we can get from exploiting the vulnerability?
-- Are there other ways we can get it?
-- Could we utilize the vulnerability for a short period of time before we disclose it?
-- How likely is it that someone else will discover the vulnerability?
-- Can the vulnerability be patched or otherwise mitigated?
In this case, I might argue that this is becoming so well known (though the technical specifics have not been revealed), that the FBI/US had better tell Apple to make sure that other users of the affected phones can be secured -- while the intelligence value of the exploit is rapidly decreasing due to its publicity.
Conflict of interest (Score:2)
there is an actual process described as "equities review" which the Executive Branch is responsible for
Since the FBI is a part of the Executive Branch that is pretty much textbook conflict of interest in this instance. The FBI obviously prefers to keep the ability to circumvent encryption without respect to whether this is either a good idea.
It's not a "new ethical dilemma" (Score:2)
Good intelligence officers have never revealed sources or methods, and never will.
What would be new is if this principle weren't applied to the method used to crack the iPhone that San Bernardino County issued to the terrorist.
Re: (Score:2)
Well, actually, we don't need to leave it to a bunch of internet commenters to decide this issue -- there is an actual process described as "equities review" which the Executive Branch is responsible for, when a cyber vulnerability is known, but not yet disclosed to the public:
https://www.whitehouse.gov/blo... [whitehouse.gov]>href=https://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities
The considerations described here (in whether to reveal or keep secret a vulnerability) cover:
-- How much is the vulnerable system used in the core internet infrastructure, in other critical infrastructure systems, in the U.S. economy, and/or in national security systems?
--
Does the vulnerability, if left unpatched, impose significant risk?
--
How much harm could an adversary nation or criminal group do with knowledge of this vulnerability?
--
How likely is it that we would know if someone else was exploiting it?
--
How badly do we need the intelligence we think we can get from exploiting the vulnerability?
--
Are there other ways we can get it?
--
Could we utilize the vulnerability for a short period of time before we disclose it?
--
How likely is it that someone else will discover the vulnerability?
--
Can the vulnerability be patched or otherwise mitigated?
In this case, I might argue that this is becoming so well known (though the technical specifics have not been revealed), that the FBI/US had better tell Apple to make sure that other users of the affected phones can be secured -- while the intelligence value of the exploit is rapidly decreasing due to its publicity.
In bureaucratic speak all that means that as long as you can write a well worded memo of justification then you can do whatever you want.
It's a 5C (Score:5, Informative)
Apple already knows it's hackable, that's why the 5S and newer have Secure Enclave.
Still, they should make the FBI rue the day they tried to destroy Apple's market, however they can. Revealing the San Bernadito phone as a ploy is the minimum they should pursue.
Yet, ultimately I hope Apple loses an inquiry about this break because it's better for all of us if they see the unconstitutional law enforcement agencies as adversaries.
There, now I've disagreed with both camps.
Re: (Score:2)
that's why the 5S and newer have Secure Enclave.
And Apple also knows the Secure Enclave can be by-passed too, by anybody who has the firmware signing key. If you have it, you just upload new firmware bypassing the checks. Currently only Apple has it of course. But that is where this all started.
Still, they should make the FBI rue the day they tried to destroy Apple's market,
Which is real simple to do. Put the Secure Enclave firmware in ROM, so it can't be upgraded. Then it becomes truly uncrackable from software, so the LEA's would be reduced to attacking the silicon. It's their worst nightmare.
This is possible because the Secu
Re: (Score:2)
It is also vulnerable to exactly the same external memory replay attack that non-Secure-Enclave-equipped phones are vulnerable to (i.e. the Secure Enclave is completely irrelevant to what is currently the easiest, most likely way the FBI got into the phone). I explained how all the pieces fit together in this [marcan.st] blog post.
Re: (Score:2)
That's not the solution - Apple needs to be able to update the Secure Enclave firmware too, it's too complex to be reasonable to bake into a ROM forever.
TPM's are more complex, simply because the solve a more general version of the same problem. Billions have been sold, and most of them have got along just fine without a firmware upgrade. We do know how to get bugs below 1 per 100k LOC, and I have no doubt Apple is capable of it. It's not cheap, but I doubt the expense concerns them overly.
Re: (Score:2)
You can't update the security enclave as it is flashed once and then it burns a circuit that makes it impossible to update again.
Source? It would be nice if it was true, but if it's true I'd expect to hear Apple trumpeting it from the roof tops. As far a I know, Apple have never said anything publicly. The reference document they publish on security [apple.com] says nothing about firmware upgrades for the Secure Enclave.
Re: (Score:2)
Your source is an ex-Apple engineer who worked on iPhone security: https://twitter.com/JohnHedge/... [twitter.com]
The Secure Enclave doesn't have "firmware updates" because it doesn't have nonvolatile firmware memory. Its firmware is loaded on every boot, and is part of the overall firmware of the phone. The Secure Enclave has no control over what firmware runs on it other than ensuring that it is signed by Apple, and it has no persistence of its own - it's a completely state-less CPU that depends on external EEPROM and
The ethical choice (Score:4, Insightful)
The choice is between helping Apple secure the phones of millions of Americans against phone-thieves, identity-thieves, virus, mal-ware and ransom-ware writers or continuing to leave their citizens vulnerable to the above so that the government can spy on it's own people.
I know what choice I think they should make.
Re: (Score:2, Insightful)
so that the government can spy on it's own people.
....aren't you going a little too far?
Re: (Score:2)
Because Apple is big enough to actually fight back.
3rd party hack (Score:2)
It depends on perspective (Score:3)
Does the FBI care more about fighting crime or reducing crime? There is a common tendency to for people and organizations to try to increase their own importance. So maybe the FBI could help to prevent X amount of crime (in the form of hacking, fraud, etc) from ever happening by helping Apple fix some security flaws. But maybe they will get more credit for allowing this vulnerability to remain and exploiting the vulnerability to catch a few more criminals. It's harder to appreciate crime prevention than punishment of criminals after the fact.
If someone invented a magic security system for houses that eliminated home invasions, this might actually be bad for the prestige of law enforcement. While it will probably reduce crime (one of the purposes of law enforcement), it reduces the reliance of the population on law enforcement and therefore decreases their importance. A flaw in the security system would create the opportunity for more people to be criminals and more opportunity for law enforcement to come to the rescue. If law enforcement can in addition actually exploit this weakness to catch a few more criminals then even better.
If the damage done by leaving the hole open exceeds the damage prevented by leaving the hole open, then it is better for society to have the hole closed, but it is not necessarily better for the FBI to have the hole closed. They won't get the blame for damage caused by an security hole unknown to the public, and they won't get any credit for the damage prevented by closing it.
It would be nice if everyone (especially public officials) did what was best for society rather than what was best for themselves, but this is a rather hard standard to hold human beings to.
I suspect it would be better for society to have the hole closed, but I wouldn't expect the FBI to have the kind of deep dedication to the improvement of society necessary to see that. Maybe it will be easier for them to see if they somehow become the victim (e.g. a scandal resulting from the FBI director's iphone getting hacked, etc).
Take for example Nancy Pelosi. She was all for government surveillance. It was only until she became one of the targets of government surveillance, that she was able to be outraged.
Re: (Score:2)
But the head of the FBI overall approved these actions against Apple publicly. Sure some parts of the FBI are full of very fine people, I have a friend in the FBI. But there is rot setting in at the higher levels of FBI management. They think that there is no step too far in their quest to find the bad guys, even if those steps are on top of people. Conviction counts are the goal, they make the budgets bigger and get people promotions and bonuses, and it's a flaw in most law enforcement bodies.
Knock off the bullshit (Score:3)
Stop pretending the FBI didn't already have the crack before they brought Apple to court. They were just looking for a legal precedent.
Second, stop pretending that Apple doesn't know how to crack your phone. This entire story was nothing but theater.
Re: (Score:2)
Do you believe they didn't have the ability "on hand"? Of course they did.
Emergency Call mode hack? (Score:2)
Now can some like the fbi have a fake cell tower and use Emergency Call mode to bypass some security? Use it to reset a timeout on password guesses
No device is secure and they may never be so. (Score:2)
Re: (Score:2)
You got the "magical black box" part right, but you got the rest wrong.
All you have to do is use a passphrase (not a PIN) long enough to not be bruteforceable. Building a 100% secure device that limits the number of attempts at guessing an insecure PIN is impossible. Building a 100% secure device that protects your data using a secure passphrase is trivial: just use good encryption at rest.
Putting data in the cloud, at best, does nothing for you security-wise, and at worst, makes it that much easier to get
No hacking required... (Score:2)
I'm sure all they're doing is taking the plastic off of the NV memory part, attaching a probe, and reading out what's there. Those dies are tested that way at the factory: there will be lands on there for a probe. The government can buy a few phones of the same model for experimentation to get it right, then read out the contents of the NV memory of the phone they care about.
Once they have those contents, it's just a matter of brute-force decrypting whatever is in the personal/confidential files. Remember i
Re: (Score:2)
The NV memory part is also encrypted with a key derived from a unique key fused into the CPU SoC (that is too long to be bruteforceable). To do the attack as you describe, they'd have to take the plastic off of the SoC (not the NV part, you can just pull that off the board and read it), and then use a FIB workstation to modify the metal routing and read off the fused UID key to be able to decrypt the external memory and attempt a PIN bruteforce. I explained this and other attacks here [marcan.st]. That attack is techni
Re: (Score:2)
Interesting...
Those unique keys are probably recorded at the time of manufacture and saved to a DB (against the serial number of the phone or board). Apple complained about modifying their firmware to put in a backdoor bypassing the PIN entry procedure. I don't think they complained about handing over that CPU key when subpoenaed, or perhaps merely upon a request by the FBI. If the attacker knows the encryption function used by the NV memory controller, then they should be able to emulate that too.
For an at
Re: (Score:2)
According to Apple, they UID key is generated during manufacturing and not recorded anywhere except on the device itself.
Chinese PIN cracking devices for older versions of iOS (exploiting pin attempt counter flaws no longer available) did it via USB. I think it accepts USB HID input or something dumb like
Re: (Score:2)
Your article is well-thought out. I would wonder, though, if the UID could be read with a simple optical microscope. Presumably the UID is written to a memory cell on the SoC using links that open (like a fuse) when a high current is passed through (like the old PROM memories used to). Those links wouldn't be embedded in layers of silicon: the opening of the link would heat up and perhaps emit material that would need to be dissipated. (The link would look like this ===-=== or this === === if open.) If such
Re: (Score:2)
Ah, this is where it gets fun. There are actually quite a few OTP storage technologies. Fuses, like what you mention, are one. They're not necessarily on top (indeed, they'd usually be on lower, finer pitch layers, since the whole point of a fuse is that it has to be thin), though, so to read them you'd still need to strip off metallization
Re: (Score:2)
Seriously? (Score:2)
Apple spits in the eye of the FBI and then people expect them to disclose the vulnerability (if that is what it was) to Apple?
Yeah... right.
I think it would be better if Apple spent some of its money on finding the vulnerability themselves.
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
From an external view point the Federal Bureau of Investigation is the only real US police force. County mounties, the law en-FORCE-rs are all too often out of control, trigger happy, lard arse morons. Seriously, all local law enforcement should be disbanded in favour of state based policing overseen by Federal investigators to ensure more uniform policing across a state and equal access to investigatory powers and police oversight across the state. Sure the FBI fucks up on occasion and most of that is caus
Re: (Score:2)
The FBI should be disbanded.
Considering the anti-democratic and privacy violating practices the FBI has been involved throughout its history, I can easily concur.
Re: (Score:2)
Re: (Score:2)
Like most modern libertarian ideas, that one was tried in the late 19th century, and went terribly. You just end up with an army of private contractors who have even less oversight.
https://en.wikipedia.org/wiki/Pinkerton_(detective_agency)
Re: (Score:3)
So, you think the national speed limit should be 35 mph?
That would save lots of lives.
Or making cigarettes and alcohol completely illegal.
Again, life is precious, gotta save every last one of them.
"Every sperm is sacred ... "
Re: (Score:2)
So, you think the national speed limit should be 35 mph?
That would save lots of lives.
Or making cigarettes and alcohol completely illegal.
Again, life is precious, gotta save every last one of them.
"Every sperm is sacred ... "
I don't see how you could make this comparaison.
In all of your exemple, it's mostly about adult willingly deciding to take those risk. Nobody is stopping you from not smoking, drinking alcohol, driving safely to extent your life expectancy. The way you say it, why should we have a speed limit at all? Your exemples are basically a critic of all safety laws.
In this exemple, we're talking about potentially stopping terrorist attack (And I'm talking in general, from what I heard from this specific case, the iPh
No different (Score:4, Insightful)
In all of your exemple, it's mostly about adult willingly deciding to take those risk.
No different here. I'm well aware I could be killed by a drunk driver tomorrow (FAR more likely than a terrorist incidentally) and yet I think it would be inappropriate of us to ban alchohol. In fact we tried that and it didn't go well...
In this exemple, we're talking about potentially stopping terrorist attack
I'm an adult willing to take the risk of a terrorist attack in order to protect my civil rights. I value my civil rights more than I fear any terrorist or terrorist group. If that makes the FBI have to work harder to convict a criminal then so be it.
Re: (Score:2)
In all of your exemple, it's mostly about adult willingly deciding to take those risk.
No different here. I'm well aware I could be killed by a drunk driver tomorrow (FAR more likely than a terrorist incidentally) and yet I think it would be inappropriate of us to ban alchohol. In fact we tried that and it didn't go well...
In this exemple, we're talking about potentially stopping terrorist attack
I'm an adult willing to take the risk of a terrorist attack in order to protect my civil rights. I value my civil rights more than I fear any terrorist or terrorist group. If that makes the FBI have to work harder to convict a criminal then so be it.
I'm still not convinced. Drunk driving is illegal after all.
And I agree about protecting your civil rights (After all, it took wars to have them), but saving the civil rights of an actual terrorist....
Unless of course you're insinuating that allowing the FBI to force Apple for a terrorism will mean that tomorrow they'll hack every single cellphone in the USA. But if it take a warren for the FBI to crack a phone each time, I think the justice system could handle it (I think I'll regret writing this...).
No vulnerability only the FBI can use exists (Score:2)
I'm still not convinced. Drunk driving is illegal after all.
So is terrorism. What's your point? Something being illegal doesn't keep it from happening.
And I agree about protecting your civil rights (After all, it took wars to have them), but saving the civil rights of an actual terrorist....
That's what having rule of law [wikipedia.org] means. It means EVERYBODY gets treated fairly under the law, including terrorists. The Constitution enumerates several rights [wikipedia.org] which are there to protect from the government abusing its power. Frankly for most of us the government is FAR more likely to be a threat to our life and liberty than any terrorist could ever hope to be. Ask any black citizen and they'll tell you that they a
Re: (Score:2)
First, in answer to the actual question, I don't think the FBI should be required to tell Apple how they're doing it--mostly because they're not doing it. Some other company is doing it. So, as another poster put it, if the FBI can be forced, the answer is, "We hired XYZ company to do it. Talk to them and leave us out of it."
I value human lives a lot and each preventable death is a death too many.
Which is not a bad way to feel. The problem is with that word: "preventable."
"Preventable" is usually assessed in hindsight. "Oh, if only we'd known, we could have prevented this."
Re: (Score:2)
An interesting argument. Just one little thing.
Imagine that the police suspect I am the culprit in a string of bank robberies. If that is true, then my phone/computer/tablet may have information that would lead to my arrest and conviction. Of course, my phone/computer/tablet may not have that information and I may still be guilty. Or it may not have that information and I may be still be innocent. Is giving up your privacy worth catching a possible bank robber?
Here's where I find there's a major difference.
AFAIK, "One of the most sacred principles in the American criminal justice system, holding that a defendant is innocent until proven guilty!"
So, until proven guilty, I don't think we should hack into your phone. But, if you are proven guilty, I think the police should have the right to build a case to get a warren from a judge to hack into your phone if there's solid evidence that the said phone could hold informat
Re: (Score:2)
Meanwhile, the cynical half of my brain is waiting for the FBI to tell us how many thousands of lives this saved.
Well, that's the heart of the question isn't?
Here on /. we seem to focus a lot on the negative from the FBI, the NSA and the likes (unsurprising considering the only tech news about them are, most of the time, about privacy void on their part). But I actually wonder how much good they do. How many lives they directly and indirectly saved. And I guess keeping their accomplishment secret is part of their work.
It's in my nature, but I want to think those people too take their job to heart.
DMCA the FBI can get around that (Score:2)
DMCA the FBI can get around that and all it will take is patriot act 2 to fix it.
Re: (Score:2)
Even if it didn't the FBI didn't do the cracking - they hired an Israeli company to do the cracking and Israel never signed on for DMCA.
Re: (Score:2)
The FBI is not standing up for anyone's freedom either.
Re: (Score:2)
The FBI is not standing up for anyone's freedom either.
I don't think it's their job to protect the population's freedom. No more than it's the job of a dentist.
Re: (Score:2)
FBI is not legally obliged to share the details, but ethically and morally they should. If the FBI actually cared about the citizens and residents of its country then it would naturally want to cooperate in order to provide a more secure phone that could not be easily hacked by enemies of its country. If the FBI actually cared about the rule of law and the rights and limits granted to the people and government, then it would voluntarily limit itself instead of continually overreaching its power.
Re: (Score:2)
Because if someone says "X, then Y, then Z will not unlock an iPhone 5c" then it casts doubt on the whole case.
Law enforcement must learn to be like Caesar's wife and be above suspicion and avoid anything with even an appearance of impropriety. Except that law enforcement has a long history of bending, breaking, and ignoring the rules. When people say "trust me!" at the same time their hands are down our underwear looking for evidence then that's a good sign that they can't be trusted. It's so incredibly
Re: (Score:2)
The FBI is the government. Technically the people are the FBI's boss and not vice versa.
Apple owed the FBI nothing, it was not obligated by any law to support the FBI and there was no final appeal to create an obligation. On the other hand, the government of which the FBI is a part have an obligation to defend and support Apple and uphold its rights. Apple was never charged with any crime or even any rumors of criminal activity and yet the government treated it with disdain and hostility.