Barr Asks Apple To Unlock iPhones of Pensacola Gunman (nytimes.com) 195
Attorney General William P. Barr declared on Monday that a deadly shooting last month at a naval air station in Pensacola, Fla., was an act of terrorism, and he asked Apple in an unusually high-profile request to provide access to two phones used by the gunman. From a report: Mr. Barr's appeal was an escalation of an ongoing fight between the Justice Department and Apple pitting personal privacy against public safety. "This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence," Mr. Barr said, calling on Apple and other technology companies to find a solution and complaining that Apple has provided no "substantive assistance."
Apple has given investigators materials from the iCloud account of the gunman, Second Lt. Mohammed Saeed Alshamrani, a member of the Saudi air force training with the American military, who killed three sailors and wounded eight others on Dec. 6. But the company has refused to help the F.B.I. open the phones themselves, which would undermine its claims that its phones are secure.
Apple has given investigators materials from the iCloud account of the gunman, Second Lt. Mohammed Saeed Alshamrani, a member of the Saudi air force training with the American military, who killed three sailors and wounded eight others on Dec. 6. But the company has refused to help the F.B.I. open the phones themselves, which would undermine its claims that its phones are secure.
if joined can they force an backup / send me an re (Score:2)
if joined can they force an backup / send me an reset code?
Re: if joined can they force an backup / send me a (Score:5, Informative)
Re: if joined can they force an backup / send me a (Score:5, Insightful)
That's how it should be.
Just so. The correct answer from a tech company in response to such a request is not: "We won't" but "We can't".
Re: (Score:2)
We won't is also legitimate given no subpoena or other legitimate judicial order is in place.
Re: if joined can they force an backup / send me a (Score:5, Insightful)
We won't is also legitimate given no subpoena or other legitimate judicial order is in place.
Which is what makes "we can't" the correct answer.
If they make their system so they have no access to the data then there is no worry about a moral issue when presented with a legal but unjust subpoena. I also expect that being unable to decrypt phones/backups also provides them some legal protections too.
but Barr and his ilk (Score:3)
Re: (Score:3, Insightful)
That's how it should be.
Just so. The correct answer from a tech company in response to such a request is not: "We won't" but "We can't".
The trouble is that now Barr will accuse apple of not careing about the safety of the USA and will use it an an excuse for laws that mandate backdoors.
Re: (Score:3)
That's how it should be.
Just so. The correct answer from a tech company in response to such a request is not: "We won't" but "We can't".
The trouble is that now Barr will accuse apple of not careing about the safety of the USA and will use it an an excuse for laws that mandate backdoors.
Except that Apple already gave them the same answer a few years ago regarding the San Bernandino shooting. There was bi-partisan condemnation of Apple at the time, but no new laws have come to pass since then. It even goes back farther than that (Clinton pushed the Clipper chip which was funded and developed by Bush Sr), yet in all the time they have been trying to legislate back doors they have had little success.
I agree that the anti-Tech crowd will try to use this as a stick, but even the average non-tec
Re: (Score:2)
Re: if joined can they force an backup / send me a (Score:4, Insightful)
Re: (Score:3)
Technically that would be a lie of expertise because yeah they can because of who they are, a major tech enterprise but how much effort would it take is the question and once they figure out a way to do it, back door the security in their device by conducting an extended research program to hack the encryption, they immediately then have to close the back door they discover else they can not claim privacy and security.
All Apple has to do is provide the complete technical specifications of the device and th
Re: (Score:2)
Breaking encryption isn't like on TV where you let the computer work at it for a day or so (maybe a week for the really hard ones) and the plain text pops out.
"Major tech enterprise" or not, if Apple has done a competent job of security, and they seem to have, then they *cannot* provide access.
Re: (Score:2)
That's what Apple has insisted all along. US law enforcement seems to be engaging in magical thinking. *Obviously* if you have the data you can provide it to us....
Re: (Score:3)
"I wonder if Apple can put a software load on the phone that allows unlimited tries at the PIN?"
Sure, if the have the password to begin with, which they don't.
That's kind of the point.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Any security with a backdoor is effectively the same as no security.
Also, the article didn't quote Apple as to why they will not do as Barr requests.
It very well can be that they specifically told that toady they are incapable of doing what he wants.
Re: if joined can they force an backup / send me a (Score:4, Informative)
And you expect that mouth-piece Barr to understand such an explanation. He doesn't have the mental capacity.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
The backups are secured by an encryption key that can be only unlocked with the users password. The users password creates a hash that Apple doesn't store, the hash encrypts the backup on the device before Apple receive it. Apple only receive the encrypted data. So unless they had the users actual password (which would be used to open said device anyway) they can't access the data on the device. Everything is encrypted with hashes from the password and / or pin code. That's how it should be.
It has to be better than that, because what you describe would be trivial for Apple to crack... or for the feds to crack if Apple handed over the encrypted data.
I'm sure it's done in some way that's more like what we do on Android, which is to use the password and some data that exists only on the device to derive the encryption key. Or, more precisely, to use the password and some data that exists only in secure hardware on the device to derive a key that is use to encrypt the randomly-generated encrypt
Re: (Score:2)
You can back up an iPhone to iCloud, then use that backup to initialize another device. The key can't be tied to the original device.
Re: (Score:2)
Let Me Think (Score:2)
Reviewing the answers to the previous requests for a backdoor doesn't look good.
Maybe Tim had a change of heart today?
Anyhow, it isn't as if they didn't pull his complete internet and search history as well as bring up all his previous telephone conversations.
This is so obviously a set up by Barr (Score:5, Insightful)
Re: (Score:3, Funny)
If Barr had any credibility at all after his shennanigans elsewhere, I'd tell him to eat a bag of dicks.
But given his already established lack of credibility, I'd just tell them it's under executive privilege and then ignore him vigorously. Sure sure, he'll eventually get it to court, assuming he doesn't get fired by then for some other rando reason.
Re:This is so obviously a set up by Barr (Score:5, Insightful)
He doesn't want to go to court, he might lose. What he wants is Congress to write a law requiring backdoors, whether it's legal or not he doesn't care. They almost got congress to act with the california islamic shooter. The FBI knows that to get this law they need an Islamic terrorist with an encrypted phone to get the public to mistakenly back this.
I'm sympathetic to law enforcement's desire to go back and look at this data. But law enforcement is getting lazy, they didn't have this kind of access 20 years ago, and it's availability was nothing more than the lax security in the sector until hacking forced the companies to take security seriously. Barr and the FBI want to roll this back to the lax security because they had complete access. But the simple fact here is the manufacturers and OEMs need tight security or there won't be any security and they'll be destroyed by lawsuits.
Re: (Score:2)
It never fails to amaze me that they don't appear to have heard of the phrase "be careful what you wish for". Can they really not have contemplated the almighty shit storm that will descend on them once a bad actor uses a backdoor they insisted on, to do something terrible to lots of people?
Re: (Score:2)
He won't get fired, he's too much of Trump man...well, Trump Weasel to get fired. Trump loves anyone telling him he's the greatest.
Re: (Score:2)
Did you just assume xir gender?
Re: (Score:3)
Gender means something (Score:3)
Gender is a artificially concept born of personal and or social definition and therefore only aa important as an individual believes it to be.
Gender is a linguistic construct to communicate a biological necessity. If people could not communicate easily if a person was male or female then we would fail to be a species for long.
As soon as you graduate from trying to fit in or debasing yourself to meet an external social standard, the concept of gender becomes irrelevant.
We have social norms of behavior based on gender because men and women have some very basic and inherent physical differences. These differences will dictate how people act whether you like it or not. Calling gender "irrelevant" is debasing what it means to be a man, woman, or even a human being.
Part of learning to be a fully functional adult, is learning to leave behind social definitions, and so become free to explore all the undiscovered directions and ways to think that are denied by subscribing to mob mentality.
Part of being an adult is
Re: (Score:2)
Re: (Score:2)
you should eat a bag of dicks and then contemplate your absurdity.
Re: (Score:2)
Nonsense. I have witnessed "eat a bag of dicks" used to insult all sorts of recipients: cis-male-hetero, cis-male-homo, cis-female-hetero, cis-female-homo. I regret I cannot provide any other combinations such as tg-m2f-homo because I just don't know any such people (that have confided in me, at least).
Re: (Score:2)
Perhaps someday you'll figure out how sarcasm works. For the meantime, I suggest you stop trying.
Re: (Score:2)
Re: (Score:2)
I imagine he gets plenty of gifts [shipabagofdicks.com] on his doorstep every day for his twitter and youtube trolling.
Re: (Score:2)
That gets so old. It's not a matter of left or right. It's a matter of right or wrong (referring to Barr, not a bag of dicks).
Re: (Score:2)
Re: (Score:2)
Congress, unlike Barr, has much more to lose if they start forcing Big Tech to do their bidding.
It would be a shame to see all those campaign donations dry up now wouldn't it Senator ? .
Especially those big juicy ones from companies who have more wealth than some entire countries do . . .
Apple and the rest know if they put in a backdoor and it becomes public knowledge, ( and it eventually will ) the
stock price dive alone would cost them dearly. The reputation hit they would suffer would all but destroy th
Re: (Score:3)
Re: (Score:2)
Security. If you arenâ(TM)t paying for it you (Score:5, Insightful)
Shit on Apple all you want, but they are the only major consumer company going out of their way to protect user data.
Re: (Score:3)
Better than most. I think I learned from this that iCloud data is not sufficiently encrypted though.
Re: (Score:2)
Well, you DON'T HAVE to use iCloud, so....
Re:Security. If you arenâ(TM)t paying for it (Score:4, Insightful)
Shit on Apple all you want, but they are the only major consumer company going out of their way to protect user data.
Definitely not true. If Barr demanded that Google retrieve data from a Pixel, we couldn't do it. Unless Samsung, et al, have changed data encryption security in Android enough to break it, none of them could either.
In fact, I'm pretty sure iOS doesn't support Insider Attack Resistance [googleblog.com], unlike Pixel and a few other Android devices. AFAICT, Apple could create a compromised firmware that could allow the FBI to brute force the PIN. The Google Pixel team could not, by design.
Re: (Score:2)
I hope so. I still don't trust Apple.
Re: (Score:2)
Romex? Yeah I could use a bit of that actually.
No backdoor, no unlock (Score:2)
What about adding an TAP mode to live phones with (Score:2)
What about adding an TAP mode to live phones with court order.
Re: (Score:2)
Re: (Score:2)
I dont support adding a backdoor to encryption, I think the government isn't necessarily entitled to know everything a person wants to keep secret.
But, when we get these discussions, one of the common topics is around "how do you stop the bad guys from abusing it" - which is a fair question. However, theres a corresponding question which remains unanswered right now which is equally relevant - how does Apple stop the bad guys from abusing its software update system?
The two questions are essentially analogo
Re: (Score:2)
The two questions are essentially analogous, especially as so many Apple products are designed to update automatically - Apple already have a back door to most devices, so how are they preventing the bad guys access to that?
Okay so let's talk about that then. So the idea is that Apple can securely update an iPhone automatically. Thus, they could slip in an update that allows unlimited guesses on the PIN with no delay. This is the idea that the FBI has tried to float. So why doesn't Apple just do that?! Because it is open a door that cannot be closed ever again.
The FBI has the power to investigate and with that, has only a few limitations outlined in law as to how far they can go with those investigations. You needn't loo
Re: (Score:2)
Okay so let's talk about that then. So the idea is that Apple can securely update an iPhone automatically. Thus, they could slip in an update that allows unlimited guesses on the PIN with no delay.
I have never seen or heard of an iPhone or any other Apple device updating itself while the user was logged off - which is what would be required in this case. Usually it won't even update itself "automatically" even if you are logged on, you have to request the update or give the OS permission to update in the background. Some provision for this would need to have been done in advance, and we have no reason to believe that Apple has done so.
Re: (Score:2)
What do you mean "usually?"
You *always* have to give the device permission to update.
Re: (Score:2)
Not always, Apples pushed updates out without permission before (see the silent update done for Zooms vulnerability on OSX - can you guarantee Apple doesn't have an equivalent for iOS?), and on several occasions I have woken up to my iPhone or iPad having updated (always minor versions of iOS) without me giving permission beforehand. This may have changed recently.
Re: (Score:2)
That's pretty disingenuous. We're talking about iOS devices, you claim Apple has pushed out forced updates before, and give an example for OS X.
Re: (Score:2)
Yeah, you miss my point entirely - it has nothing at all to do with whether Apple should or should not do as requested, its why "a backdoor could be discovered, hacked and abused by a malicious third party" differs from "we have a channel where we can push any update we want out right now, but its secure".
Re: (Score:2)
we have a channel where we can push any update we want out right now, but its secure
No you've missed the point entirely. If the FBI has a backdoor in their sole control, it's no longer secure. Every single, "super secret" tool that the FBI has ever laid hands on has slipped to our enemies. The FBI couldn't keep a fucking burrito secure in a locked fridge. So if the FBI ever lays hands on the backdoor and rips it from Apple's hands, then the devices are pawned at that point. As sure as the sun rises in the east, the FBI will fumble the fuck out of keeping something under wraps.
Re: (Score:2)
They can already get a court order to "wiretap" your conversations as they move through the phone company....conversations are not encrypted between phone units unless you are using some special software not provided by Apple.
Re: (Score:2)
Also libertarians are vehemently against knife and gun restrictions too.
Re:The court order can't be easily enforced these (Score:5, Insightful)
And the rest of the world can fuck right off when it comes to US rights within our country.
That's actually one of the points of HAVING a separate, independent, sovereign country.
I love the fact that I can carry concealed weapons, both guns and knives.....and I want to have my privacy rights protected too.
In the US, the gov. does NOT grant rights to the people.
The people are BORN with their rights.
We GIVE the government its limited roles, responsibilities and power via the limited, enumerated ones in the Constitution (speaking Federal here, but States are pretty much the same).
If the rest of the world wants to mandate whatever on their people....fine, but not in the US.
If the government grants your rights, you are a subject.
If the government gets its power from and is answerable to the people, then you are a citizen.
While the latter has been scarily eroding in the US, let's not help decrease the coefficient of friction of the slippery slope actively.
Clarity (Score:2)
If that's not put clearly enough, they just aren't listening. Thanks.
#fakenews "Refused to help" (Score:5, Insightful)
Heeeeello,
They didn't refuse they simply stated that they are unable to comply.
That is beauty of end to end encryption. No secret backdoors with which bad guys can take advantage.
Apple couldn't provide access if they wanted.
The sign of all good encryption.
Undermining this would undermine privacy for the American public.
Steps to comply (Score:2)
Apple: Try passcode 000000 ...
Feds: Didn't work.
Apple: Try passcode 000008
Feds: OK but this sure is taking a long time. Didn't work.
Apple: Try passcode 000010
Feds: Didn't work and it says it's erased itself.
refused ? (Score:2)
But the company has refused to help the F.B.I. open the phones themselves
Have they refused as in "we could, but we won't" or have the stated that even if they wanted to, they couldn't open the phones?
Because if their security is worth anything, that's the case.
Re: (Score:2)
Refused as in - if you give us a signed judicial order, then we'll tell some people in our company to get back to you on the things you can do, until then, the government can't force us to do anything.
Re: (Score:2)
Have they refused as in "we could, but we won't" or have the stated that even if they wanted to, they couldn't open the phones?
Because if their security is worth anything, that's the case.
The last time the FBI requested help from Apple, they eventually gave up because another company did it for them.
Now, it's not because Apple security sucks, it's because the weak point in most such systems is the password.
People keep framing this as the FBI asking for a backdoor, and Barr has indeed said he wants companies to avoid strong encryption or include backdoors. We should absolutely, 100% fight that. However, asking for help unlocking a phone that has a search warrant issued to it is perfectly reas
Re: (Score:2)
I have a couple of questions about that approach.
First, is that bit of security able to be updated? If it's handled through the secure enclave, you might need to unlock the phone in order to upload a new signed firmware to the enclave, for example.
Second, once Apple makes that iOS build, who else has access to it?
Re: (Score:2)
If it's handled through the secure enclave, you might need to unlock the phone in order to upload a new signed firmware to the enclave, for example.
You can perform a firmware update from the phone's recovery mode [apple.com]. From the last step on that page, "When you see the option to Restore or Update, choose Update. Your computer will try to reinstall the software without erasing your data." It makes sense from a device design perspective that you'd design such that a botched upgrade won't erase your data, and give you the chance to use recovery mode to fix it even if you don't have the ability to log back in.
Second, once Apple makes that iOS build, who else has access to it?
That is a very good point, I agree with you. It's wh
What's impossible is impossible (Score:2)
Flight is an evidence of guilt. (Score:2)
Similarly it will start arguing not providing passwords to social media accounts, not unlocking phones etc as evidence of guilt. They might even pass laws saying passwords are subjected to subpoena provisions.
Pins and passwords (Score:2)
Prosecutors and investigators have been making this argument for years. Last time I looked, the law was not super-well settled, but the 5th Amendment protection against self incrimination seems to be winning.
Courts have kind of generally defaulted to saying you must surrender WHAT YOU HAVE (like a physical key) or WHAT YOU ARE (like biometrics, fingerprints, etc.) when presented with a valid court order. Property and identification seem to be readily susceptible to exposure.
They have generally stopped sho
Re: (Score:2)
I demand we unlock Barr's phone. (Score:3, Insightful)
There's gotta be legions of skeletons in this guy's closet. I wonder if he's really even the actual William Barr anymore.
crypto may enable surveillance of encrypted data (Score:2)
However, using a blockchain to mediate the requests for data might provide a middle path. I believe it could provide three dynamics that would facilitate legitimate investigations while also preventing abuse.
1 - Each request for data would be paid for individually. This would prevent a PRISM-like ap
Re: (Score:2)
Well done, I almost thought you were serious.
plaintext (Score:2)
Apple already has plaintext access to photos and more by default for all their products.
This special request is getting media attention. But the default-on, plaintext iCloud products, which already scans photos to cooperate with law enforcement (search "child exploitation" news articles) is a much bigger security issue.
Breaking security HELPS terrorists. (Score:5, Informative)
Security through obscurity doesn't work and government tools inevitably leak because they exist. When they do, they can be weaponized against their creator society.
Karma Away!! (Score:2)
who killed three sailors and wounded eight others on Dec. 6.
If I was related (married, kid, parent) of one of those 3 sailors I'd damn well want "those awful authorities" to be able to access ABSOLUTELY EVERYTHING the shooter had.
Maybe it's relevant, most likely it's not.
(Todo Tue: Dog to vet for checkup.
Todo Wed: Pick up new underwear
Todo Thu: Pick up more ammunition.
Todo Fri: Pick up pizza.)
Your parent was just doing their job / walking by / defending themselves / whatever and here comes a guy that kills them. I'd want ANSWERS. Why did this guy do th
Re: (Score:3)
That's the triumph of modern justice systems. We recognize that victims and their families are unlikely to take rational positions and instead rely on the rule of law, i.e. prewritten procedures.
Binary choice only (Score:2)
Mr. Barr's appeal was an escalation of an ongoing fight between the Justice Department and Apple pitting personal privacy against public safety. "This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence," Mr. Barr said, calling on Apple and other technology companies to find a solution and complaining that Apple has provided no "substantive assistance."
Fine. Then OUTLAW ALL ENCRYPTION IN THE UNITED STATES. You can't have it both ways.
There were no Phones. (Score:2)
no carved out exceptions (Score:2)
Even if Apple could, without a court order the answer is no. There can't be any exceptions to this, not because Barr thinks "well in this case he was so evil...". Court order or GTFO. As soon as one exception is made then the flood gates will be open.
Would an embedded unique physical key work? (Score:2)
I'm thinking each phone has a unique master key which would be embedded in the hardware and only exposed through the destructive disassembly of the phone, like embedded in some part that needs to be milled to expose it.
You'd need a backup copy of the flash or some way to preserve the flash chips before extracting the physical key.
This would make the phone less secure, but with the key as only a physical entity and only retrievable through pretty extreme measures that otherwise destroy the phone it seems lik
For once, a legitimate use of AI (Score:2)
Off-topic: Is facial recognition a vulnerability? (Score:3, Interesting)
Re:What could there possibly be of value? (Score:5, Insightful)
It's all part of a longstanding attempt to get "government only" backdoors into encryption. This way, the government can read anything sent securely which it would only use to protect us from evildoers and definitely wouldn't abuse in any way. And those backdoors absolutely would never leak to foreign governments or hacker groups. (Please watch your step due to dripping sarcasm.)
Re:What could there possibly be of value? (Score:5, Funny)
What is really telling is that absolutely everybody who would advocate this has no fucking clue how to make a backdoor that would somehow *only* let government or law enforcement in, instead leaving that up to the technically minded people, who realize that building this sort of door is quite literally impossible, in the same way that it is impossible take some number of integers and add them in a different order and expect to be able to get a different total that is still correct.
Re:What could there possibly be of value? (Score:5, Funny)
in the same way that it is impossible take some number of integers and add them in a different order and expect to be able to get a different total that is still correct.
Intel solved that problem [wikipedia.org] in the 90s. Catch up with the times!
Re: (Score:2)
That was a floating point bug, related to division.
So wrong on two counts.
Also, Intel's answer wasn't correct, so wrong on three counts.
Re:What could there possibly be of value? (Score:5, Interesting)
...in the same way that it is impossible take some number of integers and add them in a different order and expect to be able to get a different total that is still correct.
Drifting way off topic here, I just saw a video demonstrating that by rearranging the terms of the infinite series 1 - 1/2 + 1/3 - 1/4 + 1/5..., you can make it add up to anything you want. Anything at all. It's one of those proofs where your first reaction is "no, that can't be, you made a mistake."
The gist of the proof is you pick your desired answer. Now add up positive terms until you exceed the answer. The series 1 + 1/3 + 1/5 doesn't converge so you can make the sum arbitrarily large. Then add negative terms until you're below your target. Then add more positive terms to go over. Lather, rinse, repeat. Since the amount you're over and undershooting decreases over time, you will get arbitrarily close to the number you picked, so the limit of the sum is the number you picked.
OK, back to flaming about Apple and/or the FBI.
Re: (Score:2)
The maker of that video perhaps didn't understand the subtleties of infinite series.
You can't add up the terms of an infinite series, so it has no sum. You can only say that it "converges on" or "approaches" some value. For absolutely convergent series, they converge on the same value no matter how you reorder the terms. Conditionally convergent series can be made to converge on different values.
If an actual sum was affected by the order of terms, that would violate the commutative property of addition.
Re: (Score:2)
I'm missing the joke. Or are the unfunny mods another attempt at hiding or obfuscating the truth?
It's really hard to rank Slashdot's problems, but abuse of moderation has to be near the top of the list.
Re:What could there possibly be of value? (Score:5, Insightful)
It's not about the investigation.
It's a thinly-veiled attempt to say "look at the valuable evidence!" and push legislation undermining all public encryption with a government-held backdoor. That, in turn, undermines the privacy-supporting modern interpretations of the first and fourth amendments, which are often distasteful to authoritarians.
For those who've never faced oppression, it's certainly appealing: The government is full of good people with America's best interests at heart, and they'll be the only ones to see the private thoughts of individuals, so they can ensure that only good and legal things are being discussed.
For those of us who've seen humanity's uglier side, the picture's a lot darker: Even good people abuse power with the best of intentions, but enabling catastrophic consequences. The only way to avoid that is to require strict adherence to a fair process.
Since the universal nature of an encryption backdoor is not conducive to that process adherence (as anyone who acquires the backdoor key becomes unfairly powerful without needing to follow the process), an encryption backdoor is as unacceptable as oppression itself.
Re:What could there possibly be of value? (Score:4, Funny)
What could there really be of value to the investigation?
You saw the quote. Privacy vs *safety*
The value is that if a person kills a bunch of other people, a prerequisite for having their phone unlocked to search for evidence, then unlocking the phone now will cause a time machine effect that will go back and stop the shooter from killing people.
Also it is clear they have no idea who the shooter is or was, and unlocking the phone they took off an unknown persons body will reveal their identity.
It's all for safety! To keep us safe and unshot and stuff.
Re: What could there possibly be of value? (Score:3)
Re: (Score:2)
Re: (Score:2)