Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Court Testimony Reveals Why It Refuses To Unlock iPhones For Police (dailydot.com)

Posted by samzenpus on from the we-won't-do-it dept.

blottsie writes: Newly unsealed court transcripts from the U.S. District Court for the Eastern District of New York show that Apple now refuses to unlock iPhones for law enforcement, saying "In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform." “Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now,” Apple lawyer Marc Zwillinger said at the hearing. “A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”

19 of 231 comments (clear)

  1. Say what you will by Anonymous Coward · · Score: 4, Insightful

    It takes guts to stand up to government, especially the U.S government.

    1. Re:Say what you will by penguinoid · · Score: 5, Insightful

      People and companies will stand up to the government all the time, if there is profit in doing so.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    2. Re:Say what you will by Anonymous Coward · · Score: 4, Insightful

      IF the government told you to turn over a copy of the key to your house, just in case they need to search it. Would you?

      If so, you are obviously the type of citizen the government loves, willing to roll over for your belly rub.

      If not, they why would you submit the keys to your entire personal life.

      Do you actually trust them to keep their word?

    3. Re:Say what you will by tlhIngan · · Score: 3, Insightful

      Standing up to the Government, and Telling people you are standing up to the Government are two very different things. From a business point of view they must be seen to be defending their customers, else their customers will switch to using jailbroken Android phones that have been locked down (can't do that with an Iphone, no source code). Apple is (therefore) the most vulnerable phone maker, they must be seen to take a leadership role or they will die.

      The other reason is that it's the only stance Apple can take that genuinely Google cannot.

      That's why Apple is committed to privacy and moving a lot of former cloud based services to on-device services. Because they can go and say they don't sell or transmit your information or need to violate your privacy, while Google can't (because Google needs the information for ad purposes). Sure, you can hack an Android phone to be more privacy aware, but out of the box is a lot better than having to do a million steps to secure it.

      It's the one thing that Apple can say iOS is better than Android, and one that can stick until Google changes their business plan.

  2. Uh, doi? by Anonymous Coward · · Score: 5, Insightful

    One U.S. attorney argued that it was "more concerned with public perception" than helping catch criminals.

    Duh? No shit? That's not Apple's job, dipshit. They're not here to make your job easier, stop being a bunch of lazy jackasses.

  3. Love - hate affair by Anonymous Coward · · Score: 5, Insightful

    For one, I love the fact that Apple is saying "fuck you" to the cops.

    On the other hand, it shows the power of multinational corps - they're above the law. Meaning one day, they may do me or others some serious harm and get away free - like Wall Street did.

    And as far as my personal privacy is concerned, neither can be trusted.

    1. Re:Love - hate affair by frnic · · Score: 5, Insightful

      Uh, I hate to break the news to you, but that day is already here. The oligarchs can do as they wish to you or anyone else.

  4. When you say "impossible," do you *mean* impossibl by wonkey_monkey · · Score: 3, Insightful

    the government’s requested order would be substantially burdensome, as it would be impossible to perform

    That, to me, would seem to be the end of it. It's impossible. Can't be done. Don't even bother asking.

    But then the lawyer goes on to image a hypothetical customer asking:

    "why is [Apple] continuing to comply with orders that don’t have a clear lawful basis in doing so?"

    How is it complying if it's supposed to be impossible to do so?

    --
    systemd is Roko's Basilisk.
  5. Of course, that's why they want to propose... by mark-t · · Score: 4, Insightful

    ... that it be illegal for phone manufacturers, such as Apple, to *NOT* be able to decrypt customer data upon request by law-enforcement.

    The problem with this of course, is that it will not really stop the really bad guys from using strong security, since they are going ahead and breaking the law anyways, and while it might stop the otherwise too incompetent person who wouldn't know how to use such facilities from getting away with something they might have otherwise, in general, all this does is mean that most of the stuff that law enforcement is able to access is stuff that is entirely benign and wouldn't be of interest to them.

    But of course, no matter how well intentioned the government and law enforcement may claim to be, and even if they *COULD* be fully trusted to not abuse such access to the general public's highly confidential and private data (leaving aside the whole matter that they may not be as trustworthy as they claim aside, and suggesting that even *IF* they could be trusted so completely), if they can decrypt it, then so can the bad guys, who will abuse it and invariably cause harm to completely innocent people. And suddenly, law enforcement actually has a harder job than they had before, because while their job may have become slightly easier with respect to catching otherwise incompetent criminals that don't know how to use strong encryption that isn't legally available, and that they might have been able to catch in other ways anyhow, now they *ALSO* have to work harder to protect the public from the new potential attack vector on completely innocent parties that such regulations would give the bad guys.

    --
    File under 'M' for 'Manic ranting'
    1. Re:Of course, that's why they want to propose... by Lab+Rat+Jason · · Score: 4, Insightful

      Two things: First, US law doesn't extend to other nations... so making encryption illegal here won't stop it from happening anywhere else. Bank fraud and ransom are already illegal in the US... does that stop Russian hackers? Nope. Chinese hackers? Nope.

      Second, go read up on Watergate, and tell me you want the government to have the capability to look at the contents of any person's phone. I'm not concerned at all about someone reading my emails. They're pretty boring. I'm worried about the incumbent political party (Dems or Reps... doesn't matter which) ensuring that they STAY the incumbent party... once the democratic process has been subverted, we will never be able to return to it. People keep saying "but warrants" and I keep saying... warrants must be read and obeyed by people... there isn't some technical interlock that ACTUALLY prevents a law enforcement tech from using the back door... just look to newly coined terms like "loveint" to better understand the fallacy of trusting regular people with such power.

      It's CRAZY to me to see how many people append "gate" to the end of their meaningless little scandals, because it cheapens the actual nefariousness of the actual Watergate scandal. Imagine where we would be today if they hadn't been caught?

      --
      Which has more power: the hammer, or the anvil?
  6. Re:catch it in the middle, then, coppers by argumentsockpuppet · · Score: 5, Insightful

    spend a week cracking the data

    How do you propose to do that?

    If you assume:

            Every person on the planet owns 10 computers.
            There are 7 billion people on the planet.
            Each of these computers can test 1 billion key combinations per second.
            On average, you can crack the key after testing 50% of the possibilities.

    Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years

    http://www.eetimes.com/documen...

    Anyone who thinks AES 256 (what iPhones are encrypted with) can be cracked by any computer doesn't understand the math.

    That's not to say there aren't potential successful ways to get the information besides brute forcing. I just get a little chuckle out of every time somebody suggests governments have magic computers. Yes, I'm aware of quantum computing and exactly how far along the tech has come and no, it isn't something that anybody has yet. The magic quantum encryption cracking system is still *at least* a decade away. (It may never happen, and if I were guessing, I'd put it at closer to a couple centuries away, but even assuming impossible breakthroughs have already been made, a decade is unreasonably optimistic.)

  7. This sounds a lot like e-discovery rules by ErichTheRed · · Score: 5, Insightful

    I've worked in a few corporate environments where they were extremely paranoid about e-discovery (back when this was a new thing.) Almost always, the answer was to set the retention policy to 30 days, as in, no email backups older than 30 days, no (sanctioned) way to archive email, and everything older than 30 days was purged from mailboxes. This allowed the company to say with a straight face, "I'd love to give you the messages relevant to such-and-such business deal gone bad 5 years ago, but I simply cannot."

    It sounds a lot like what Apple's doing -- they purposely built the encryption system with no way to bypass it so they can push it right back on the police and courts -- "Sorry, can't help you!" That gets them tons of great customer PR, as opposed to Google/Android, so it makes sense.

    1. Re:This sounds a lot like e-discovery rules by Aighearach · · Score: 5, Insightful

      That kinda sounds like a decent analysis, if you don't know what encryption is. If they can give out somebody else's data, it isn't actually encrypted; it is merely obfuscated.

  8. Re:its just more selective than allowing every LEA by Anonymous Coward · · Score: 1, Insightful

    So much this. I don't know much about how iPhones work, but how complex is the average person's password? Surely they must use a key derivation function during authentication. I doubt it has something even as sophisticated as a chip that holds the private key or a symmetric key and only performs encryption operations without sharing that key.

    Back when I used to hang out with the local uni computer club, we used to crack passwords for fun using John the Ripper on a cluster of various old hard like 386s and 486s. I started watching Mr. Robot recently and had a laugh at the sad but true nature of passwords people pick.

    This is simply law enforcement being unnecessarily intrusive into everybody's lives. Power-tripping authoritarian assholes. If they had an iPhone that had data of life or death importance, I refuse to believe that the sucker wouldn't be decrypted in under 24 hours.

    As an official from the Department of Homeland Security had previously testified, law enforcement had a device to easily run through every possible passcode to unlock an iPhone. But Feng’s phone was configured to erase all its data if someone unsuccessfully tried 10 times in a row to unlock it.

    I think I see the problem. Law enforcement views iPhones as magical palantirs powered by waldos and doesn't know how to back up the raw contents of the filesystem before running a distributed brute force. Incompetence.

    And the public is so fucking ignorant we're debating whether government should have a back door into magical palantirs powered by waldos instead of debating why cops and elected officials are so fucking stupid when it comes to technology and what we need to do to send them all to the unemployment line.

    There may be some actual technical brilliance here on Apple's part like the crypto chip I mentioned above. Even then it should be possible to hook that chip up to some other device and feed it the ciphertext along with a decode command. But we'll never know for sure because computers are sufficiently advanced technology and therefore indistinguishable from magic.

    (Also interesting trying to separate out the Apple reality distortion field from the normal reality distortion that makes computers magical palantirs powered by waldos.)

    Captcha: tyranny

  9. Great Judge by mjperson · · Score: 5, Insightful

    It's long, but that transcript is really worth a read. First the judge thoughtfully skewers every argument the government presents, and tries to get to the fundamental principles involved. Then he thoughtfully skewers every argument Apple presents and tries to get them to throw away all of the marketing nonsense and just say what they think the actual issues are. Then he takes it all into consideration and says he'll go try to find the proper balance in his ruling.

    No matter how that case comes out, that's one judge who is doing his job.

  10. Re: its just more selective than allowing every LE by Rosyna · · Score: 5, Insightful

    Correct, you do not know much about how iPhones work but it didn't seem to stop you from speculating.

    If you want to learn how the encryption works, see this explanation.

    Yes, it does use dedicated cryptography hardware. Yes, the key is protected from the rest of the OS.

  11. Re:Devil's Advocate by thoromyr · · Score: 5, Insightful

    ah, putting words into Apple's mouth is so much fun. Of course, they never said any such thing. Instead, as you could read from the quotes above, they say that they believe in the customer's privacy. You aren't playing devil's advocate, you are willfully misrepresenting Apple's position.

    Nice strawman, btw

  12. Re:When you say "impossible," do you *mean* imposs by Anubis+IV · · Score: 3, Insightful

    How is it complying if it's supposed to be impossible to do so?

    The short answer to your question is that the phone in this court case is an iPhone 5s that's still running iOS 7, and thus it predates the safeguards in iOS 8 and 9 that prevent Apple from decrypting it. The lawyer is arguing that even though Apple is technologically capable of decrypting it, law enforcement cannot compel Apple's assistance, since doing so would put an onerous burden on Apple by forcing them to undermine their own business.

    To go into a bit more detail, Apple markets itself as being incapable of decrypting their own devices. Which is true...for everything sold in the last two years. But that's a distinction that is lost on most customers, so the lawyer is arguing that if Apple is compelled to assist law enforcement in this case, it would cause direct harm to its business by resulting in exactly the sort of confusion you're having. After all, how would a typical customer reconcile the conflicting information? If Apple is seen decrypting this guy's iPhone while advertising that it's outright incapable of doing so, customers won't buy their products because customers won't believe what's being advertised.

    The long and short of it is that Apple is telling law enforcement that if they want the phone decrypted they should do it themselves, since Apple is under no obligation to assist, nor can it be compelled to assist, any more than, say, a bottled water company could be compelled by law enforcement to tarnish their own product by putting a pollutant in the water.

  13. Re:The obvious solution by kwbauer · · Score: 5, Insightful

    Maybe, just maybe, because that backdoor provides a vulnerability that can be hacked. One less complication in the system means at least one less vulnerability to be exploited.