Slashdot Mirror
DoJ Says Apple's Posture on iPhone Unlocking Is Just Marketing (reuters.com)
New submitter kruug writes: The U.S. Department of Justice filed a motion seeking to compel Apple Inc to comply with a judge's order for the company to unlock the iPhone belonging to one of the San Bernardino shooters, portraying the tech giant's refusal as a 'marketing strategy.' The filing escalated a showdown between the Obama administration and Silicon Valley over security and privacy that ignited earlier this week. The Federal Bureau of Investigation is seeking the tech giant's help to access the shooter's phone, which is encrypted. The company so far has pushed back, and on Thursday won three extra days to respond to the order. Reader Lauren Weinstein writes of this tack: "The level of DOJ disingenuousness in play is simply staggering."
In the United States the same as it has manufacturing. It is doing everything possible to do so.
All the Gov need to do is threaten Apples tax arrangements, watch that phone get unlocked in a day.
Assume that every other hardware manufacturer that is NOT getting threatened by the Federal Government has already rolled over.
Tim Cook: thank you. All you other bitches: FOAD.
On the one hand, Apple tried to make a deal and keep the whole thing secret. So that makes it seem like Apple was willing to go along (for at least this one case) as long as it was kept quiet.
On the other hand, it doesn't really matter. If Apple is doing it as a publicity stunt, then it's doing it because the customers want it. Frankly that's better than a corporation trying to "do the right thing" that people don't want.
"First they came for the slanderers and i said nothing."
I also hear there's a bridge between Manhattan and Brooklyn for sale.
The DoJ is just trying to make the devices secure.
Kudo's to them for making Apple fix the vulnerabilities in their products.
It doesn't matter.
Obama has had meetings with Z and C and quite a few others.
The DOJ is under his control.
So - did FB, Apple, Google not do something he wanted, and this is the result?
Or something he did not want?
Or is it Kismet?
Stochastic coincidence?
Time to dump all tech until the businesses and government both scream?
You're a good troll.
Apple did nothing to keep this secret. It's already known they have assisted the FBI before.
Instead what happened is no-one cared, not even Apple, until the FBI demanded essentially that Apple break hardware security. That is where Apple drew the line; that is what brought all of the attention to bear.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Apple will have NO WAY to comply with the judge's order to help decrypt the iPhone. The judge (and the DoJ) can say whatever they want, but backdoors into encryption are one of the worst ideas in the world. I will re-iterate: If the security on the iPhone was done correctly, there will be NO WAY to decrypt it without knowing the encryption key.
Give me a break. Who would be naive enough to think Apple would refuse to cooperate with the U.S. government in such a case? Yes, they'll "refuse" on public, get some headlines for "standing up for privacy" and then quietly do what they were told one way or another.
The FBI has the hardware. At the software level it should be game-over. So what is stopping them from copying the phone's memory, putting it in an emulator or another phone, and brute forcing the 5-digit PIN. Every time it self destructs, they load up another copy and continue until the correct PIN is found. What am I missing here?
And I think sometimes the OP works for "the women" (that's how "the men" is called, in the marketing world)
from TFA: " iPhone belonging to one of the San Bernardino shooters"
wrong - it belongs to San Bernardino County.
Apple knows that complying with this order will essentially destroy most, if not all of their overseas business. If they comply with this order, they will lose anyone who is even remotely suspicious of US govt motives; this includes literally billions of non-Americans around the world. The net result would simply be people moving to phones that are perceived as more secure, there's an easy market opportunity for a non US based company to put out 'secured' phones (for example, a phone that rejects all firmware updates in addition to the secure area tech) and gain all the business that Apple would lose.
The question is, of course, if the government knows this, and I'm pretty sure the law enforcement/'intelligence' personnel here are so scoped into their mindset that they're totally unaware of this, and would reflexively brush it off as hyperbole (hint it isnt).
What the discussion may be about is the fact that the normal iOS keys are weak (4-6 digits), so what the government may be asking for is an operating system update that removes a limit on the number of unlock attempts before the phone erases itself. However, again, Apple should not be able to push such an update to an existing phone without having the user unlock the phone first.
So, while the government position is generally bad, it also seems that, in addition, there is something fishy about Apple's use of encryption on iOS.
Seems likely, anyway. On the other hand, the FBI's posture is just a constitutional overreach and attempt to institutionalize the ignoring of due process, so they're about even.
It seems to me that they blew it by saying "no" instead of "we can't". The marketing is that even Apple can't break the encryption, but now they seem to be saying they don't want to. This of course begs the question, can they? If they can, even if they choose not to, then their marketing has always been BS.
A) bring iPhone into Apple facility.
B) OOPS! Destroyed phone in freak Ives latte spill.
C) LOSS
How much could the government fine Apple? A million dollars? 100 million? A billion? Whatever!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The keys on the new phones are only five digits. They should be able to find the key in a matter of seconds.
Except you have only ten attempts to enter the correct five digits before the data is automatically wiped. A security feature that prevents a brute force attack to unlock the iPhone.
And very good marketing. If they want to keep their customers, they won't weaken the protections. I still don't trust them, I'll wager they already broke into the phone and got what they needed. This story is marketing by the government to sell the fascism.
“He’s not deformed, he’s just drunk!”
DOJ knows nothing about justice then. Let a backdoor get put into encryption, then all hackers should target all politicians, judges, law enforcement officers and attorneys and see what it means to have a backdoor in encryption.
Might as well just hand over the keys to your house, cars, combos to your safes, SSN, etc. What a bunch of fucking idiots. They have no clue at all what this means. A backdoor in something like this means someone else can crack it too. They need to get over this, it's a shift in the way things have been. They can get into your house because a burglar can too. They can get into your safe, again, because a burglar can too. But can they get into a safe that is buried 10 feet underground and you're the only person who knows where it's at? Not likely. What if all messages were delivered via paper, in person and then burned after being committed to memory and everyone killed themselves after committing the act they were planning? Then there would be no trail for cops to follow either. Sure it's more difficult to do that, but it's doable. \
We as a free people, deserve to have some privacy and our government is trying to erode every last bit of that away.
If Apple refuses then the tanks roll in so to speak, and if they comply then they will lose potentially a lot of business because the rumors will be valid about 'back-doors'. I assume there is some other crap at play since this smells like a rat.
Dave Ross, commentator on CBS Radio, proposed: Our vaunted security agencies state, loudly and publicly, that they are incapable of reading an iPhone. Apple refuses, loudly and publicly, to do anything to help, and points to our own constitution for protection. One can easily imagine a rush of bad guys to get iPhones so they can harm us with our own technology. And in the meantime . . . . are the security agencies REALLY incapable of reading it, and is Apple REALLY unwilling to help them, or is it all a honeypot meant to steer those bad guys towards a particular product?
I'm confused by Apple's (and slashdotters') response to this whole thing. I can't see that Apple is in the right here. This case has nothing to do with the actual encryption. There's no back door we're talking about here. Turning off the device wiping safety feature is something Apple can do without affecting anyone else. If the worry is that the government would keep this firmware and use it on anyone's phone, well, they apparently have the power to compel this anyway. And Apple has always had the power to do that. I don't see this as a privacy and security issue above and beyond the status quo. If the question was either, can you crack this encryption for us, or can you add a backdoor to the encryption, then the answer is clearly and legitimately no and a court could have to accept the first and be convinced of the second: it's not physically possible to crack good encryption, and it's a bad idea for everyone add a back door.
But as to the question, "can Apple disable the bad passcode wiping function?" yes they absolutely can. Hence the court order. Apple cannot say this is impossible for them to do. Hence by refusing to comply they are clearly in contempt of court. Will be interesting to hear how they plan to battle this out in the courts (and why they would want to).
I am clearly missing something here.
After all is said and done I doubt the FBI will find much of value on the phone. I'll be the first to admit good, old fashioned detective work is still the key these days, though law enforcement apparently wants things to be quicker and easier electronically.
It's not true, you can have the 4 digit pass code or you can have a 256 character alphanumeric password if you so decide. That and the fact that a brute force will lock it out entirely. I know this for a fact too, my son tried to break the 4 digit passcode on my iPad, I have nothing important on it so I don't need to lock it down that tightly, the password is simply to keep my kids off of it except for when I allow them to be on it. My son tried to unlock it, and I ended up having to factory wipe the iPad to be able to access it again.
If that were the case then I don't think the FBI would have such a problem unlocking the phone.
I know, there are political reasons for why the FBI could be pushing this angle so hard even, if they do have the ability to unlock it. But the fact that they would push at all implies that it is not a trivial process and, perhaps, a non-zero chance of failing and wiping the device by accident.
My eyes reflect the stars and a smile lights up my face.
It's pretty simple.
Get A Warrant.
A court order.
Stop trying to end run and slurp up all the info.
As all of us who are aware of the actual capabilities know, it's not like there aren't other illegal means for them to get the info anyway.
They just want to not have to do their jobs as prescribed by the US Constitution and get all our stuff for free.
No. Follow the legal prescribed procedures and stop acting like the Stasi.
-- Tigger warning: This post may contain tiggers! --
The FBI already got a court order, nitwit.
Apple has to protect it's reputation for providing secure phones all across the world.
They can't have it get out that they hand over the keys at the drop of a hat.
All those criminals and crazies would buy android phones, lost sales.
If the iPhone has separate memory chips (as opposed to being a single SOC):
1) power down the phone completely, battery out, PS caps shorted
2) physically remove the flash memory
3) copy flash memory off in custom jig
4) brute force without iOS or Apple hardware even being involved.
OTOH, if it's an SOC, then the chip's surround (epoxy or whatever) has to be removed and the chip itself attacked to separate the flash from the rest of the hardware. Much tougher (but still doable, if there's good enough reason and the required budget and gear.) Then, step 4 as above.
Nothing is inherently truly secure if you can get the storage device physically free of the encompassing controller(s.)
But someone up higher probably had it close to right: It's not that people that smart won't work for the FBI, it's that the FBI is institutionally unable to hire people with those skillsets. If ever there was a federal agency with a stick so far up its ass you could build a treehouse on it, the FBI is that agency.
You should beat your son until he learns to respect your property. No need for passcodes if your children are properly raised.
Tell the no Go find a Republican they now so much more about technology even more than the people who make it perhaps even more that the pope.
I wont buy an American product any more I will get one from North Korea I bet they can be compelled to open my data to the world.
I bet Chinese citizens no longer want one.
How can anyone not see the bigger picture.
They HAVE a court order. Apple is arguing that the court order is like a military draft, forcing Apple to become an agent of the security agencies, and incidentally costing them something at the same time. I'm betting this will go all the way up to the Supreme Court, by which time some kind of "secure facility" compromise (and remuneration agreement) will have been prepared in the background.
So what if Apple's position is not unlocking the phone is a marketing issue. The are a company expected to take the side of shareholders. Anyway, Apple should just right a disclamer "Using this breaking tool will likely wipe the phone. Us at your own risk." and give the justice department something.
'nuff said.
https://www.youtube.com/c/BrendaEM
But the fact that they would push at all implies that it is not a trivial process and, perhaps, a non-zero chance of failing and wiping the device by accident.
A defense attorney could challenge the data recovery admission as evidence in public court, forcing the FBI to reveal exactly how they were able to unlock the phone to recover the data. The government does not like reveal sensitive information in public courts, which often withdraws the evidence and/or let the case collapse. The workaround is to set a legal precedent that would force companies like Apple to do the data recovery for them.
It is not a crime to do nothing. If Apple already has a key, they can be compelled under discovery to turn it over. But they can't be compelled to create one if it does not exist. You can't require someone to act against their will. That is called slavery.
"He took a duck in the face at 250 knots." -- William Gibson, Pattern Recognition
Because it's a 'give us everything we might feel like' court judiciary order, not a panel of federal judges limiting the search appropriately.
Let me put this simply for you. The Constitution allows me to only search your home. Or your car. Or your phone. Or your kid's backpack. But I have to specifically limit what I ask for, and for each thing, I need a legal reason to search and I can't just EMPTY YOUR HOUSE, YOUR CAR, YOUR PHONE, AND YOUR KIDS BACKPACKS and use all of it to find anything I feel like. I have LIMITS.
The problem is Apple is saying "where is the limited court order" and the Stasi is saying "we want to take everything and not tell you what it's for and why we need it" and then they burn your house and your car down and sell your kids' backpack contents on eBay in Japan.
Do you get it NOW?
-- Tigger warning: This post may contain tiggers! --
if the phone had the details of where a bomb was placed on the apple campus and it was set to go off april 1st. Would they let their campus go boom or would they decrypt it? I already know this post is going to get downvoted into oblivion...
For which San Bernadino is then looking stupid for not placing the phone under some kind of enterprise mobile device control allowing the true owners the ability to unlock the phone and read the contents.... This is why none of the news and 3 letter agencies are stating the real fact of ownership, because then they look inept for not doing basic device control.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
And the ones who use a terror tragedy to push their agenda is not practicing MARKETING? Why didn't they file the same lawsuit trying to break the encryption of an iPhone owned by a drug seller on the street?
I think Apple should (and likely can be forced through court order to) comply with any requests to help the government decrypt data on their phones, provided they have a search warrant.
That said, Apple should have provided a way to encrypt the data in such a way that they can't be of much help if compelled to provide help to the government.
I don't have a problem with Apple helping the government crack weak passwords on the phones of terrorists. The only problem I would have is if the government prohibited Apple (or anyone) from putting good encryption into it's software. If you use a weak password, that's your own fault, and I hope the government + Apple succeeds in cracking your password if you are a terrorist.
In a 'proper world' of politicians who actually believe in the Constitution (not just the word but the spirit) the FBI, DOJ etc wouldn't try this BUT they are using 'legally prescribed procedures' in a proper manner up & until the point the Supreme Court says the use of the All Writs act in this case was unconstitutional & Apple doesn't have to comply...
You don't have to like it, you don't have to agree that it IS Constitutional & a proper 'legal procedure' but you & I don't get to decide that, that's for the courts. In the mean time vote for politicians who will respect the Constitution beyond 'if they protect my guns I'll vote for them' (*).
(*) Literally what I just heard the other day...I didn't want to get in to an argument with such a guy about how the government can restrict your freedoms in far more insidious ways beyond trying to take away your gun & the same politicians protecting your guns have NO qualms about taking away your other freedoms. To be clear I support the 2nd amendment, but people that think this will protect them against 'government incursion' in to their other rights are brain dead as the ONLY time the use of your guns against the government to protect your rights will be 'generally supported' is if ALL HELL IS BREAKING LOOSE (e.g. the government has already so severely limited & abused your other rights that even 'liberals' when all want guns & will happily take them up against the government.). Trump for instance will 'protect yer guns' & will also happily 'take away your right to encrypt your data' (and other insidious incursions on your other rights).
From the article linked below
The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn’t happened, Apple said, a backup of the information the government was seeking may have been accessible.
http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust?utm_term=.dm72bE8Gy#.vvrwnW6X1
The FBI claims this was done by someone at the San Bernardino Health Department
In other news, the DOJ/FBIs' insistence that Apple can, but won't, unlock the phone or do some magic that allows them to access the phone's content is also marketing. They're trying to make us sheep believe they need access to all our secrets to keep us safe. I'm not buying their pitch that OMG terrorists, mass shooters, criminals or other element can or will destroy our country if the Feds can't access everyone's devices and accounts.
The pin is 10 digits long, yet there are only 9999 possible combinations? Or is the pin a 4 digit decimal (base 10) number?
Tha AES 256 key is burned into the HARDWARE, yet it can be wiped? Let me try that on the MAC address of this computer and I will get back to you.
The key can't be queried, but it will mix with the pin being entered? Doesn't that provide a limited set of output? Are we really banging on the discrete logarithm problem?
Given:
1) The kernel is BSD
2) The source code of IOS can be opened up to the NSA
3) Knowing the vast resources of the NSA and it's capability to break AES 256, clone encrypted drives, examine hardware with a scanning tunneling microscope
The only explanation that I can come up with is that this case presents a great opportunity for the FBI to push Apple into full compliance.
1) The person in possession of the phone was a terrorist by any measure
2) The person is dead, so their 4th amendment right can't be violated
3) The owner of the phone was the person's employer
What are you talking about? Handing over an existing key would still be doing something against their will. If people were willing there would never be any need for a court order of any kind.
It was only a few years ago that SFPD officers and Apple employees were busting down doors together to recover (lost, not stolen) iPhone prototypes. Did Apple Impersonate Police To Recover the Lost iPhone 5?
Supposedly they want a special OS build that will not wipe the key after 10 failed attempts. Apple claims that if they made such a thing, it could get out and others could use it. This argument falls flat on its face since they manage to keep the master signing key secure, and if it got out someone else could make the backdoor'd OS build, sign it, and load it. If they can keep one secure, they can keep the other secure too.
But really, the request does not even make sense since the OS doesn't just update itself without the user unlocking the phone and accepting the update. Apple should know this and simply say so and they would be off the hook as they can not possibly help. In that case, they are stupid.
Disassemble the phone, try none times, no work, disconnect battery, repeat...
The FBI made this issue public.
Trying to make Apple look like the bad guy, to generate public sympathy.
Yes, I got it the first time, and I wrote that some kind of "secure facility" . . . oh, wait, sorry, I wrote a lot more in another posting separately. Yes, a search warrant has limits (though police are frequently known to go beyond them). OTOH it's not quite as specific as one would like to think, especially if written properly (like any sneaky contract). If they get a warrant to search your home for evidence of a particular crime, say a particular kind of weapon, they CAN go through every room and every item because you might have hidden it anywhere. There was an interesting article in the NY Times pointing out that Apple changed policy about a year ago; they used to work with law enforcement more easily, and then started insisting on specific paperwork at around the same time that they started emphasizing security. They're right. You and I are in violent agreement. Next time, don't be a jerk by assuming that the other person is a jerk.
Right on brother....
Tell it like it is !
U da fucker, fucker.
Now, DOJ can incarcerate all Apple Inc. employees by the train car load baby!
Gone 2 B Hell On Earth at Apple Cupertino Town cum Monday!
Ha ha
The DoJ says that Apple's stand on not unlocking the terrorist's iPhone is "just marketing". JUST marketing? This is GENIUS-level marketing. I'm a PC and Android guy, but I'm tempted to buy a 128GB iPad just to show some solidarity with Apple. Most of us Libertarians don't have much use for the big-government stance that Apple has always shown, but if this is the case that it takes to put some daylight between Apple and the Socialists, then I guess I can't complain.
The entire thing is a Trojan horse. The FBI and federal law enforcement agencies in general have spent the last three years trying to find the perfect case; a terrible person with an iPhone and some plausible excuse as to why the feds have to demand that Apple break their own encryption schemes. And here comes Syed Farook, the poster child for terrible, with a locked iPhone that's actually owned by the San Bernardino Department of Health. If there weren't 12 bodies, I'd suspect that it was staged by the feds.
Because if you fail to enter the appropriate key too many times it locks down the device.
BeauHD. Worst editor since kdawson.
> just marketing
Yes, much like your instructions to create a 1984-like warrantless panopticon is just political marketing by politicians preening in front of voters.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
From what I know from experience of bypassing a dongle in software, if the data is only stored encrypted and the key is not stored on the same device then the larger the key the longer time to decrypt for someone without the key or unable to reverse time travel. Maybe the DOJ are asking for data to be stored unencrypted or for the copying of the data for the purpose of sending the copy to them before encryption. For encrypted data sent over a network with only two keys not on the network, if both keys are destroyed, the same time issues exist.
I don't believe it wipes the key after 10 failed attempts. The failed passcode limit is six attempts and it only makes you want an hour before you can try again.
The DOJ's position of the matter is marketing. Giving hyperbole speculative statements about what they MIGHT find to justify setting a precedence that the government can limit how much encryption its citizens can actually own.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
The US federal government has been acting like a barely trained 800 pound orangutan with a moderately educated owner at the leash. When the government sees an obstacle you get the orangutan owner saying "Right turn, Clyde." (Is that too obscure of a reference?)
The government has had success with having their trained ape beating results out of the public and the public has responded. We created something that their trained ape can't just beat out of people. Had the government not been so willing to break into our records then we would not have developed such encryption so quickly and used so widely.
Basically the government made this bed and now they have to sleep in it. Forgive me if I have little sympathy for their problem.
I am armed because I am free. I am free because I am armed.
Brilliant! You should call the FBI immediately and let them know!
Last post!
Who is going to pay the bill.
Because, i doubt that Apple has the means to do it, so they will need to invest time and resources to do it (i've no doubt that it will be possible to do it).
So, who is going to pay for that time and resources used to make this possible?
This explanation of what the FBI is asking from Apple is the best that I have seen so far. It is from an authority on iOS forensics.
http://www.zdziarski.com/blog/?p=5645
Even with MDM solutions you can't unlock the phone. You can *wipe* it, and if you control the email for the iCloud account you can even restore it to factory default and reuse the hardware. But you can't just open it and see what's inside.
Wow, at least click on the link I provided
I read through everything there which is more than you did, moron.
The FBI then made its tailored request, which Apple asked to be placed under seal
So Apple didn't hide anything THEY did, they asked the FBI request to be sealed. Moron.
Did I mention you are a moron?
"There is more worth loving than we have strength to love." - Brian Jay Stanley