Apple Responds To AG Barr Over Unlocking Pensacola Shooter's Phone: 'No.' (inputmag.com) 234
On Monday, Attorney General William Barr called on Apple to unlock the alleged phone of the Pensacola shooter -- a man who murdered three people and injured eight others on a Naval base in Florida in December. Apple has responded by essentially saying: "no." From a report: "We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said. "It was not until January 8th that we received a subpoena for information related to the second iPhone, which we responded to within hours," Apple added, countering Barr's characterization of the company being slow in its approach to the FBI's needs. However, it ends the statement in no uncertain terms: "We have always maintained there is no such thing as a backdoor just for the good guys." Despite pressure from the government, Apple has long held that giving anyone the keys to users' data or a backdoor to their phones -- even in cases where terrorism or violence was involved -- would compromise every user. The company is clearly standing by those principles.
Well... (Score:5, Insightful)
as much as I don't like Apple, I'll give them HUGE credit on this. More companies need to stand up to government's worldwide on topics like this.
AS long as they do the same in China (Score:5, Insightful)
AS long as they do the same in China
Re:AS long as they do the same in China (Score:5, Interesting)
AS long as they do the same in China
+1
Although, if they don't do the same in China, and build back doors for the Chinese government, then that would invariably mean that US intelligence service would get access to the phones of Chinese citizens. So the US government shouldn't be making that argument.
This isn't just about privacy from our own US government, this is about security from bad actors including foreign intelligence services. It should be noted that the US government and their contractors use plenty of iPhones. If Apple built in back doors to iPhones for the US government, then it would mean foreign intelligence would ultimately get access too.
On balance that is a very bad deal for US government interests to better and more easily monitor a few bad actors (in this case after the fact and they are already in jail) in exchange for giving our adversaries the capability to hack and undermine our free society.
And I would think that China would eventually learn to be wary of having its citizens being made more vulnerable to US (and other) hacking too. Weakening privacy is a small win, but big loss kind of deal.
Re: (Score:3)
On balance that is a very bad deal for US government interests to better and more easily monitor a few bad actors (in this case after the fact and they are already in jail) in exchange for giving our adversaries the capability to hack and undermine our free society.
Actually in this case the perpetrator is already dead. Obviously they don't want the data for any kind of a trial, but to see if he was in contact with anyone else who might also be a danger.
You are quite right about the threats from foreign intelligence services getting hold of backdoor keys; the US Government has a very poor record of managing to keep- things secret from our adversaries.
Re:AS long as they do the same in China (Score:5, Insightful)
Actually in this case the perpetrator is already dead. Obviously they don't want the data for any kind of a trial, but to see if he was in contact with anyone else who might also be a danger.
And that can be easily figured by his call history and IP connections. All data his ISP/phone company already has.
No damn need to put a backdoor into the phone or "crack" the phone.
Re: (Score:3)
And that can be easily figured by his call history and IP connections. All data his ISP/phone company already has. No damn need to put a backdoor into the phone or "crack" the phone.
No, it can't. His call history and IP connections can certainly be extremely helpful, but they won't tell you if he had a phone number for a co-conspirator whom he never happened to call, or the name (or at least the nom de guerre) of a co-conspirator for whom he had the phone number of a burner phone. And while it can tell you that he accessed some social media site, it doesn't tell you to whom he might have sent any emails on that site, since the connection was almost certainly encrypted (as most are nowa
Re: (Score:2)
but they won't tell you if he had a phone number for a co-conspirator whom he never happened to call, or the name (or at least the nom de guerre)
With some good luck they are stored on the SIM card.
Re: (Score:2)
Re:AS long as they do the same in China (Score:5, Insightful)
I might be suffering from RDF poisoning but I believe that under current (and previous) leadership, Apple legitimately views protecting individual privacy as their responsibility. And I think they'll do that as best they can while remaining competitive. They recognize that if they don't remain competitive there won't be any Apple to stand up for privacy.
So given the business they are in there has to be some amount of data collected so their devices and software can be good enough to compete. I believe that they are actively seeking ways to do that while minimizing impact on individual privacy and comply with the law wherever they do business so that they can continue to actually do business there and provide people a choice in the matter. If Apple gets kicked out of the market in China, what will people do then?
Re:AS long as they do the same in China (Score:5, Insightful)
Which, in my opinion, is perhaps the most salient argument in this case. It *may* be possible for Apple to load a special firmware that only they control, decrypt the iphones, forward that data to the FBI, then nuke that special firmware for all time. Maybe.
But the moment they do that for the FBI, even just-this-once-pretty-please, then the next day Apple will start getting such requests from China, Russia, and any number of other nation states. Do we want Apple to be in the position of doing this for them, too?
Re: (Score:3)
Especially that we can be all but certain such requests won't be limited to citizens of these respective countries. Would Barr be OK if China requested to decrypt his phone? After all, according to Chinese, they are the good guys and he is not.
Re: (Score:2)
Re: (Score:2, Insightful)
as much as I don't like Apple, I'll give them HUGE credit on this. More companies need to stand up to government's worldwide on topics like this.
You're misreading this. There's already an Israeli security company that offers cracking of iPhones to the government for a fee. They're compromised already, all of their tech, but by pretending to hold a moral highground and having a pissing argument over high profile cases they get to keep idiots using it and thinking it's secure.
Re:Well... (Score:5, Interesting)
Actually, Apple's response matters more than you make it sound. First, even if the company can do what it claims it can, the fact that it won't reveal its methods to Apple suggests they've found a patchable vulnerability. Even if the government *could* hire an outside firm to crack the phone, it's preferable *to the government* to establish the expectation that tech firms will cooperate.
On the other hand, Apples' motivation matters less. If AG Barr had a legal justification to force Apple to cooperate, he could get a court order. Absent that, Apple has no obligation to help him do anything. Forget "it would be wrong"; "I don't want to" is legally sufficient.
This is not some kind of act of brave civil disobedience. It doesn't have to be.
Re: (Score:2)
This is not some kind of act of brave civil disobedience. It doesn't have to be.
It certainly can, because there are always consequences, even if the action you are taking is legal. It doesn't matter if Apple's refusal is totally legal, if you get on the bad side of the law enforcement, they can make sure there are consequences.
Re: (Score:2)
Re: Well... (Score:3)
Re: (Score:3, Insightful)
There's already an Israeli security company that offers cracking of iPhones to the government for a fee.
Only for certain versions that lack particular updates. Which is exactly the name of the game, it's cat and mouse. Even if the US government had a developed backdoor for iPhone, it would still be cat and mouse for criminals that will install their own layer of encryption. The only people who are hurt by backdoors are the ones not committing any crime.
by pretending to hold a moral highground and having a pissing argument over high profile cases they get to keep idiots using it and thinking it's secure
No, by pretending to hold the moral high ground here they're avoiding having to develop software for the government. Developing a backdoor costs money. Ha
Re: (Score:2)
No, by pretending to hold the moral high ground here they're avoiding having to develop software for the government.
They already hand over iCloud data without a peep, I agree that this is much more about profitability than any imaginary concerns about their customers' privacy.
Re:Well... (Score:5, Interesting)
Re: (Score:2)
Your bias is showing. The Pixel 3 range has the Titan M chip, which is the same thing as the TrustZone of more typical ARM processors and the Secure Enclave.
The vast majority of Android devices are not Pixel Phones. The top three manufacturers of Android phones by usage are: Samsung has 43.5% market share Huawei has 12.4% market share Xiaomi has 7.7% market share source: https://www.appbrain.com/stats... [appbrain.com] If you could demonstrate that Samsung gets this right, you would have a solid point: Almost half of Android phones would be secure. Someone who cares about this could choose to buy a Samsung device. Does Samsung do security correctly?
Re: (Score:2)
Bullshit. This is a moving target. Some Apple devices may be compromised at this time (the Israelis are known to vastly overstate what they can do when it comes to IT security...) but Apple is both committed to not unlock anything themselves _and_ to fix any vulnerabilities they find out about.
Re: (Score:3)
Y'all aren't 4D chessing this enough. Go watch The Imitation Game, then go read Necronomicon.
The less the US government has to rely on various cracking and hacking, the less they have to rely on "some other means" as an explanation to the way they got it open, with some "parallel construction" lie. They did this once already with one high profile terrorist case where the guy was dead.
"Ah, we don't care or need Apple's help" screams all Apple's protections came to naught, which the government absolutely do
Re: (Score:2)
So, you're implying that those movies are factual? Yes, I know, they're based upon true stories, but that's it. FWIW though, I went to Bletchley Park a couple years ago...well worth the tour!
Re: (Score:3)
Go watch The Imitation Game, then go read Necronomicon.
I think you mean Cryptonomicon? (unless you're going to say "Klaatu Barada Nickto" before opening the book...)
Re: (Score:2)
Go watch The Imitation Game, then go read Necronomicon.
I think you mean Cryptonomicon? (unless you're going to say "Klaatu Barada Nickto" before opening the book...)
You try working within the system to get what you want, and if that doesn't work, then you summon sadistic demons from hell to mutilate and torment your enemies. That's how it's always worked.
Re:Well... (Score:5, Funny)
so i read the necronomicon like you asked. and now there's a shoggoth in my living room. thanks a lot, jerk.
Re:Well... (Score:5, Insightful)
Re: (Score:2)
the entire argument that junglefucking encryption with 'built-in backdoors' won't make anyone safer or prevent any crime from happening, the entire argument for it is utter and complete bullshit and just gun-toting jackbooted thugs with
Re: (Score:2)
You're misreading this. There's already an Israeli security company that offers cracking of iPhones to the government for a fee.
This is true, kind of (having had several conversations on the subject with my father, who is a certified data forensics professional.) That said, they lag behind the newest versions of hardware and firmware by at least several months on average. The more up-to-date the phone is kept, the more secure it is, and the harder/less likely that said Israeli company (I can 't remember their name,) will be able to crack it on short notice.
Re:Well... (Score:5, Insightful)
This isn't about the ability to brute force a phone you already have physical access to, though (or any other cracking method). You can be damned sure this is about setting the ability to remotely access any phone they damn well please anywhere they damn well please.
This is way more important than just being able to pull data off the phone of a dead "bad guy".
Re: (Score:2)
You're misreading this. There's already an Israeli security company that offers cracking of iPhones to the government for a fee. They're compromised already, all of their tech, but by pretending to hold a moral highground and having a pissing argument over high profile cases they get to keep idiots using it and thinking it's secure.
Sure. A security company might be able to crack it. Nothing is perfect, and any complex systems will have bugs. And Apple will try to patch whatever hole is being exploited. It's a constant game of each side trying to stay ahead of the other. That doesn't mean Apple is complicit because someone managed to root a device. They only way in which they could be is if the details of the exploit are known to them, and they take no action on that.
Re:Well... (Score:5, Insightful)
Agreed.
Their hardware is overpriced and usually far too locked down, and their software anemic and inflexible. But they are the only tech company I can think of that actually seems to care about their customer's privacy.
Re: Well... (Score:4, Insightful)
Itâ(TM)s not overpriced when you factor in service and reliability. When I use an underpriced laptop itâ(TM)s unusable junk.
Re: (Score:2, Interesting)
Re: Well... (Score:4, Insightful)
If I cannot run MacOS on it, forget it. I'm not running winders and linux isn't there yet.
Re: (Score:3)
My $1000 i7/1060-class laptop absolutely smashes any apple laptop in perf, period.
In performance? No idea. (What do you actually mean with performance? GB transfer rates of SSD discs? Or GFLOPS?)
Do they run Mac Os X/macOS? Most likely not. So: what is your idiotic point?
Re: (Score:2)
Re: Well... (Score:3)
How long will it last? My Macbook still performs fine 10 years along. In contrast Iâ(TM)ve had to replace my Win notebook 3 times in the same period - so maybe a fair comparison should take longevity into account.
Re: (Score:2)
Maybe they are just incompetent for request
Re: (Score:2)
and their software anemic and inflexible.
On an iPhone, iPad or iWatch perhaps.
However all their devices run Unix, and you basically can install what ever you want.
So:no idea what you mean with "inflexible".
Overpriced? Did you actually ever look at high end devices of competitors? Likely not ... most companies have phones that are more expensive than the highest priced iPhone.
Re: (Score:3)
Insofar as MacOS and iOS are Unix - they're not Apple's software.
Insofar as they are their software (the UI, lots of libraries, etc), they're not Unix. And not particularly flexible.
The move to Unix was a great thing - puts a solid foundation under the hood, and adds the capability to run most command-line Unix software, and with a bit of effort quite a bit of x-server based GUI software (though quite often with various cosmetic and functional issues requiring a platform-specific port to resolve). But it
Re: (Score:2)
Agreed, too.
Still, I hope that the judge in this case has the guts to order Tim Cook to jail for contempt - and not stay the order pending appeal.
Sorry, Tim. You are currently the best choice among the ultra wealthy for the judicial system to demonstrate it has the guts to treat the ultra wealthy the same as ordinary people.
Re: (Score:2)
A judge would have to order such a thing first. The Attorney General is (basically) just the U.S. government's head lawyer. The job has expanded a bit since its inception, but I don't think he has any legal authority to order anyone to do anything (aside from the employees of his office)
Re: (Score:2)
seems to care about their customer's privacy.
They don't seem to care much about their customers' data that is in their iCloud service, and happily hand that over on request. They can't unlock the thing because it's a frack of a lot more work and money to create and maintain a secure backdoor, not because they actually give a crap about their fanbois' privacy.
Re: (Score:2)
Apple is in a condition where it can stand up to the government.
But more to the point, Apple cannot afford to build back doors into its product. Because their products are too popular, so that means there will be millions of people trying to break into their devices, as good remote hack into an iPhone would be worth millions/billions of dollars in the black market, and to governments.
There isn't a technology that can be given to the good guys which cannot be exploited by the bad guys. Nuclear Secretes were
Re: Well... (Score:4, Informative)
encrypt a copy of the key with their signing key
The signing key is the private key of a public/private key pair. The devices authenticate the signature using a copy of the public key. So, this idea won't work.
In theory, each device could have its own, Apple assigned private key, with Apple keeping the corresponding public keys, but this would make the devices less secure. A key derived from the user's password is more secure because the device only has that key in volatile memory only as long as it's needed. Currently, the only persistent key in the device's trusted computing module (TCM) is the private key for Apple's signing key, which is not the high value target the signing key is. If Apple starts storing persistent, device specific signing keys in the devices' TCMs, it will only be a matter of time before someone figures out how to extract that key. Once that happens, all iOS/iPadOS devices will be vulnerable.
Re: (Score:2)
Agreed. I'm not a fan of modern Apple either, but this is a stance I can support.
(I say modern because I still like playing around with my Apple //e.)
Re: (Score:2)
I also don't like Apple, but I agree 100% with giving them credit for sticking to their principles on protecting their customer's data.
If we don't stand up for our rights, we lose our rights.
“Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” - Benjamin Franklin
Re: (Score:2)
"You have zero privacy anyway. Get over it." - Scott McNealy, CEO of Sun Microsystems in 1999.
I've seen little in the years since to indicate that he was wrong.
Re: (Score:2)
The standing-up is not the only thing they did right here. They also understand what the problem with backdoors is because Apple leadership actually managed to listen to experts.
Re: (Score:2)
Re: (Score:2)
Fails plausibility. They could just charge for the unlocking and it would not be a problem from business-side.
Re: (Score:2)
Fails plausibility. They could just charge for the unlocking and it would not be a problem from business-side.
But you’re talking about money, and I never said anything about money. I said they didn’t want to do it for many reasons like the hassle. Logistics has to be put into place to handle all these requests including vetting the legality. Apple doesn’t want Officer Smith walking into an Apple store to request a phone to be unlocked. Now. Someone has to vet the officer’s request has a court order. Preferably someone with legal training. Second how would Officer Smith pay your fee? Personal
Re: (Score:2)
Re: (Score:2)
Indeed. These people are a massive problem. And they have been throughout history.
Fun fact: Most Jews killed by the Nazis were identified and arrested by regular police, not by the GeStaPo.
Re: (Score:3)
as much as I don't like Apple, I'll give them HUGE credit on this. More companies need to stand up to government's worldwide on topics like this.
I do think Apple deserves more credit on this than some here are willing to give them. HOWEVER I think it's also obvious that they're only doing as much as they feel they can defend legally - which is the difference between taking this sort of stand in the US versus taking a similar stand in China or another authoritarian country.
If the US government ever passes a law requiring a back door, I expect Apple will challenge it in court... but, if they lose, they will comply.
ya know (Score:5, Insightful)
This is why (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
Is that good enough post for you?
Re: (Score:2)
Re: (Score:2)
There was another scammer who sold all kinds of equipment to the government claiming to decode the messages hidden in the static of the taliban videos. However google is failing me on that one.
Re: (Score:2)
Oh yes companies would never lie https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:3)
Bullshit. (Score:4, Interesting)
They didn't say no - they can't. They said "We have provided all we have, there is no back door". Apple isn't really standing on any principle here beyond maybe refusing to put in back doors for future incidents like this, but as they say this is common sense - a back door is a back door and hurts their business.
Now - if there is a back door and the government finds out about it, someone's going to Federal PMITA prison.
So Apple still sucks ass, as much as you nerds hate MS I hate Apple and that still stands.
Re:Bullshit. (Score:4, Insightful)
Of course they can. They have the signing keys that lets them update the phone's software - the software that has full access to the on-phone encryption keys, as well as providing the sign-in passcode, etc. security. Even just a quick little update that removes the defenses against brute forcing and the phone would be unlocked in short order.
And while one would hope that it's common sense that a back door is a bad idea - Apple remains the only major manufacturer that has taken any significant stand on the issue - hell, most of the others jumped in bed with the spooks at the first opportunity.
Re:Bullshit. (Score:5, Informative)
Sure you can update the phone, but the phone won't keep user data unless it's been unlocked.
The only avenue of updating and keeping the user data is to unlock the phone then update. Apple has purposely made it so that there isn't a backdoor.
Re: (Score:2)
Obviously. This is not even hard to design.
Re: (Score:3)
Sure you can update the phone, but the phone won't keep user data unless it's been unlocked.
I didn't realize Apple had actually done this. They hadn't done it at the time of the investigation of the San Bernardino shooting.
It is pretty obvious, though. Android has also done this, calling it "Insider Attack Resistance", or IAR. It's not about preventing law enforcement access, it's just generally bad if there's any way to sign firmware that can compromise device security. It exposes employees who have access to the signing key to coercion and exposes the company to legal risks and its users t
Re: (Score:2)
Did Apple finally actually do that? Good on them! Assuming you're correct, I withdraw that part of my comment.
Re: (Score:2)
Unless they are terminally incompetent, the phone will not accept any such updates unless unlocked by the user and the user giving consent. Hence, no, they likely cannot. Incidentally, again unless Apple is terminally incompetent, the software in the phone does not have access to any encryption keys unless the user is logged in, and will not have access to any pass-codes, unless it captures them while the user is logging in. This is not even anything special, this is just a well-established state-of-the art
Re: (Score:2)
Of course they can. They have the signing keys that lets them update the phone's software - the software that has full access to the on-phone encryption keys
And how do you enter the relevant keys on a phone that you can not unlock because the owner set a lock key?
Oh, there is a secret plug inside were you can put on your "unlocking device"? I don't think so.
Re: (Score:2)
Oh, there is a secret plug inside were you can put on your "unlocking device"? I don't think so.
My guess is this is more or less exactly what the FBI wants. The phone has the decryption key somewhere in some internal storage. It must or the encryption was a write-only operation. The FBI wants to know how to get to that storage and read the decryption key, bypassing all Apple software if necessary. If they have to use Dremels and microscopes, I'm sure that's fine.
You know how we always say physical security is a necessary first step to information security? I think the FBI is taking us at our words. Th
Re: (Score:3)
Of course they think this is good for their business. Things that are good for customers usually are.
Re: (Score:3, Insightful)
Indeed. And that is pretty important and basically distinguishes them from the competition. Whether there are some real ethical arguments behind this on their side or whether they are just trying to do what is best for their customers as a business strategy is entirely immaterial. It is the effect this has that counts and that is that there is one product where the manufacturer tries hard to make it not stab you in the back.
Re: (Score:3)
Re: (Score:2)
They didn't say no - they can't. They said "We have provided all we have, there is no back door".
Actually, in the statement as quoted in TFA, the claim that there IS no back door is conspicuous by its absence.
Yay for Apple on this issue. But I do hope that there actually IS no back door AND that they SAID so and that got edited out in the coverage.
Re: (Score:2)
Actually, Apple is standing on the principle that they will not add a backdoor. That is pretty significant IMO.
Re:Bullshit. (you're delusional) (Score:5, Insightful)
They didn't say no - they can't. They said "We have provided all we have, there is no back door". Apple isn't really standing on any principle here beyond maybe refusing to put in back doors for future incidents like this, but as they say this is common sense - a back door is a back door and hurts their business.
Now - if there is a back door and the government finds out about it, someone's going to Federal PMITA prison.
So Apple still sucks ass, as much as you nerds hate MS I hate Apple and that still stands.
The principle is HUGE. If they build back doors, then they could either theoretically be compelled to share them, or more likely they will be figured out. Then EVERY iPhone would be vulnerable. By refusing to even build them, they are standing fast on that very critical principle. It protects them, their brand, and their customers at the same time. If they did build a backdoor, there would be huge incentive for people to figure out how to break in.
I don't like Apple either, but I can't ignore they are doing the right thing here.
Lust is fleeting (Score:2)
Who would have thought... (Score:2)
Need More Evidence (Score:2)
Isn't this guy already dead? I think the prosecution's case is kind of closed on this one.
Re: (Score:2)
House Keys (Bad Analogy) (Score:2)
Re: (Score:2)
I'm sure if the government felt like they could get away with it, they'd try to require that all physical locks were accessible to a "government only" master key.
Re: (Score:2)
The can unlock an existing iPhone? Got any facts or details?
Re: (Score:2)
Re: (Score:3)
Re: fabricated issue (Score:2)
Re: (Score:2)
So how could you realistically brute force it? remove the flash chips and dump their contents to an emulator of sorts. Try a passcode and if it doesn't work then reset the emulated image and then try again? Seems like it could work if you have deep enough pockets. Uncle Sam sure does.
Re: (Score:2)
Well, probably not. Some specific (probably older) ones may be crackable if the user did not install the latest updates.
On the front of _really_ wanting it, there are ways to get into secure microcontrollers and read their memory. That is however exceptionally expensive and you just have one shot and it takes a while. Say a double-digit million budget and a year or two of time would probably do it, if you can get some of the experts that can do this to cooperate as well.
Re: (Score:3)
I remember the good old days when right wingers valued privacy and totally distrusted the government. Now we find out they were right all along.
Re: (Score:2, Insightful)
The world would be improved by the application of a rusty spike to your brain. Please comply at your earliest opportunity.
Re: (Score:3)
Re: (Score:2)
Last we heard, DoD and the rest of the gov. is filthy with iPhones, Android phones are worse for security. Adding a back door opens up the government to Putin and his lads...and the Iranians, the Chinese, my cats, etc.
Re: (Score:2)
Also, IMHO, general public is NOT obsessed w/ privacy, quite unlike what self-appointed "privacy advocates" always claim/pretend!!!
You're correct, people are obsessed with security. The commonly used phrase is cybersecurity, not cyberprivacy, for that reason.
& of course, the truth can be easily/actually tested by asking referendum question(s) to general public!!! For example, imagine a referendum question such as:
Government law enforcement should/must have full access (ability) to all kinds of mass communication data (including all kinds of phone & internet communication data & data stored in all kinds of smart phones & computers), or not?
(ANSWER: YES/NO)
Fine, but word it accurately: "The same people who can't fix a pothole in 5 years want to add a security flaw/backdoor to all of you devices, which they pinky-swear that only they will be able to use but in reality any malicious hacker could use, or maybe certain government employees if they're bored one day. (ANSWER: YES/NO)"
Re: (Score:2)
Re: All I can say is... (Score:3)