Slashdot Mirror
Bill Gates Sides With FBI In Apple Spat (ft.com)
Fudge Factor 3000 writes: Bill Gates has now publicly stated that Apple should cooperate with the FBI in the San Bernadino terrorist's phone unlocking case. He states that it is for this specific case, but seems to miss the point that there are other law enforcement officials waiting on the wings with their requests should this precedent be set. The war against privacy escalates. Setting aside the actual practicality of unlocking the San Bernadino phone, the teams that are emerging on this issue include some pretty strange bedfellows: John McAfee and Bill Gates on the pro-unlocking side, and Woz, Edward Snowden and even some of the victim's families on the con.
the same Bill Gates who's companies latest offering backs up everly last secret it can find on your computer to server in the US?
Bend over more Bill, it's not quite far enough yet.
See, the billionaire class wants to make sure that we little people can be monitored and tracked.
The man is the founder of a company with a terrible privacy record and you are surprised? I am more surprised that he does not realize you cannot create a specific solution for this that is not also a general solution for all phones.
When you cant win, ad hominem.
.
It comes as no surprise that Bill Gates gives privacy so little weight, with less privacy users have less choice and control.
Not that his opinion matters nearly as much as the others(he's still loaded; but he's more busy playing the Hunter S. Thompson of tech than being a tech leader these days); but I thought that McAfee's position wasn't so much 'pro unlock' as "Me and my hacker posse will hack the shit out of it!"; which is a vote in favor of getting the contents of the phone(not that anyone is really against that, if there were some non-problematic way to do it); but not obviously a vote in favor of the feds having the right to force Apple to make it so.
Microsoft has the resources to reverse engineer Apple's protections and come up with a version of Windows that would run on iHardware. If Billy G wants to suck Uncle Sam's dick so badly, he should pony up and get on his knees!
Main street is viewing it differently than tech world. People fear security more than privacy.
Yeah we all know that once law enforcement gets access to something they NEVER ask again. The disengenuousness of people claiming this is only about one phone is astounding.
This argument is a sham and a shameless power grab by the powers that be. We are talking about someone who had the forethought to destroy his personal phone and computer hard drive to avoid the collection of incriminating evidence, yet he did nothing to obscure the $0.99 iPhone 5c that was issued to him from the local government. Does anyone really think he left any evidence at all on that device? Highly unlikely. He knew this device had no expectation of privacy (issued/controlled by government) and he made no attempt to destroy it (not like he fear the consequences of destruction of gov't property), so why would he have used it for any purpose related to illegal/questionable activities?
No, they can't.
So it seems the Captains of (tech) Industry fall prey to the same partisan squabbles that keep the legislative branch impotent much of the time.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
I am sure that China will wait till they have a clear terrorism/criminal case, ask Apple to give them the same software they give the FBI, then make a copy of it and use it on every single dissident.
The San Bernidino phone SHOULD be cracked - by the government, not a private company. Apple should have nothing to do with the cracking.
excitingthingstodo.blogspot.com
law enforcement officials waiting on the wings
Is this some alternative phrase to "waiting in the wings"?
Because it's a security mechanism built into the OS. The unlock process requires identifiers unique to the hardware.
All Writs Act.
Personal privacy is at a historic low do to security reasons.
It's old vs. young. The youth in America trust for-profit companies more than the government and the young have some fantastic association of themselves with the devices they bought from a store.
Apple's main argument is one of conspiracy and conjecture - if we do it this one time (with a Judge's order) then we'll have to do it whenever the police ask, and the keys will fall into the wrong hands and anyone can break into an iPhone.
It's an iPhone. It's not your soul. It's not even your DNA or your fingerprints. Breaking open one phone does not cause the end of civilization because you know what?
The iPhone 7 is coming out soon.
Perhaps Apple doesn't want to divert their resources off of the products and product lines that are important to them as a company.
Perhaps Apple doesn't want the liability if they mistakenly delete all the data the FBI wants.
Perhaps Apple doesn't want to set a legal precedent that companies will result in ever increasing demands to break their products in the way the government desires.
Perhaps Apple is taking a principled stand.
I sure it is a coincidence that Microsoft is forcing Win 7/8 users to upgrade to Windows 10, which touts its higher security. Don't worry, if you have private information you can use the Microsoft recommended product BitLocker, made in the USA and subject to US laws. I'm certain there aren't any backdoors. I'm glad that Microsoft will share Office 365 users info with government agencies to protect us. After all, the FBI would never be abuse its power, like sharing accessing info on political opponents to discredit them. Pay no attention that Microsoft was somehow vulnerable to 'FREAK' encryption flaw (http://www.cnet.com/news/windows-vulnerable-to-freak-encryption-flaw-too/#!) - nothing to worry about here. I'm sure glad Microsoft is providing free email services like Hotmail. I'm sure Microsoft has the highest standards in protecting Hotmail users info and the times it has shared private information has been completely justified besides "you agreed to the service agreement".
What makes you think Apple cannot crack their own hardware/software?
I'm no Apple zealot, but it's obvious to me they *could* do what the FBI wants, write a version of iOS that allows the FBI to brute force the phone quickly. This is NOT an issue of security and doesn't really require that Apple find a vulnerability to exploit. What the FBI wants is an iOS version with a set of vulnerabilities purposely built in so they can more easily brute force the phone in question.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
He disputes so in a video in Bloomberg..
Bill Gates, co-founder at Microsoft and co-chair at Bill and Melinda Gates Foundation, addresses his view of Apple's battle against an FBI court order to unlock an iPhone belonging to a shooter involved in the San Bernardino, California terror attack and the need for a balance between privacy and government access.
Clippy: Hey! It looks like you are trying to violate U.S. citizen's Constitutionally-protected rights! Would you like help?
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
Also, in this case, they even said point blank the government would have been welcome to the data if it had been backed up to iCloud. It's not like Apple's a saint of privacy here.
XML is like violence. If it doesn't solve the problem, use more.
I completely understand Apple not wanting to do this, because there are far more ways it can end badly for them than positively, but I ultimately suspect that the only way they will ever see the end of this is if they try.
File under 'M' for 'Manic ranting'
Does Bill Gates understand the case (and encryption technology) or not? This is not about Apple having the data and refusing to give it to FBI. Apple has no data and no key. It's about Apple refusing to create a software facilitating guessing weak passwords that can the be used on old iPhones.
You may have a point, but given that Apple isn't objecting on these grounds I'm driven to believe that their corporate lawyers don't consider that a strong argument. Not to mention that "It would cost us money!" wouldn't play well in the press. This is Apple, they have money to burn...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Of course Windows has a long tradition to cooperate with spying agencies.
There's plenty of commentary talking about this. The key is in a place that is not trivially gotten at (in other variations of such a scheme long ago, getting at the similar key amounted to dissolving parts of the chip package to get at the relevant bits, lot's of advancement has been made since then).
If you clone to the best of your ability, you'll still not get the key. If there is a way to retrieve the key, it would require more engineering effort than a theoretical software change, and likely be running high risk of destroying the key rather than recovering.
Hence the request to force update software to a) not have an unlock limit and b) accept input over a simulated USB keyboard. Apple doesn't want to produce an image that Apple's update process would in theory accept as valid, since the existence of such a thing would open the door for use elsewhere.
Meanwhile, Apple offered up iCloud access, but the data was too old, and an overly aggressive password change made the device incapable of being forced to sync after the fact. Apple would give FBI full access, except not this particular way.
XML is like violence. If it doesn't solve the problem, use more.
It appears to me that Microsoft is selling itself to secret U.S. government agencies. Who tried to kill the excellent TrueCrypt? The old original TrueCrypt web site pushes people toward a Microsoft product.
Can Microsoft be trusted? Here are some articles:
Windows 8: NSA Backdoor Exploit in Windows 8 Uncovered (Aug. 22, 2013)
Windows: NSA "backdoor" mandates lead to a computer-security FREAK show Quote: "Microsoft Windows OS vulnerable to hackers, thanks to National Security Agency requirements." (March 6, 2015)
Windows: NSA Built Back Door In All Windows Software by 1999 (June 7, 2013)
Windows 10, Microsoft hiding what it is doing: Microsoft has no plans to tell us what's in Windows patches. Quote: "Each update is a black box, and it's going to stay that way." (Aug 21, 2015)
Windows 10, Microsoft takes even more control: Windows 10 is spying on almost everything you do -- here's how to opt out But, of course, Microsoft can change the spyware to avoid blocking. (July 31, 2015)
Microsoft can't be trusted: How Can Any Company Ever Trust Microsoft Again? (June 17, 2013)
Microsoft releases EXTREMELY buggy software: Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert It is likely that there are many bugs Microsoft hasn't yet found. Are Microsoft products intentionally made insecure? (December 9, 2015)
And they can't read/copy these IDs and write them on another iPhone?
I don't think the entire concept being fought over is some brand new idea, it's a classic idea with the obligatory "with a computer".
So how has this been handled in the past? If you buy a brand new top of the line "uncrackable" vault say for a bank or casino in Vegas... and refuse to open it for police, they just... make do on their own right? Spend a few days or weeks with hammers, chisels and drills until it's open?
Nobody makes the vault company drop by and show you the secret access trick, am I right?
Cwm, fjord-bank glyphs vext quiz
Nice argument, but that's not what happened. Apple already made the contents of the iCloud account available to investigators, as they were ordered to. This is entirely different. They're being asked to build software that doesn't exist to subvert a security feature in iOS.
It's more like going to a safe company and asking them to build you a key that unlocks every safe. It's more complex than that, really, but it's less wrong than your analogy.
Because part of the key comes from a UID that is burned into the CPU, and not recorded anywhere else. This makes it so that you can't unlock the image without being on the hardware itself, unless you have some kind of magical crack for AES-256, or several hundred thousand years to brute force the key.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
I can't speak to the internals of the iPhone in particular, but there absolutely exists cheap, tamper resistant hardware that allows you to import a key, but not export it. The hardware simply doesn't have offer a function to do it.
To get this to work, however, they'd also have to make it so that the phone in question can apply this as a required update. What stops them from repeatedly using such a tool where they might have main-in-the-middle systems already widespread and quietly in use (stingray)?
What seems to be missing in all of this media-fueled discussion on this topic is that the iPhone doesn't operating in a vacuum. Assuming that the couple got their marching orders on this phone (which is unlikely since it was a work phone not a personal one), someone had to send those marching orders. That means that the Feds have totally failed to identify the source. Either that or the fact that our international surveillance capabilities have been totally borked in the last few years that they no longer have the capability to find the source or can't legally find the source. And then there's the other possibility that the Feds are hoping to make the case that no marching orders were given and the couple had no connection to terrorist groups and this was some sort of spontaneous attack thus justifying further erosion of civilian rights.
False. FAR is for executive agencies. This order came from the judiciary, which is not a executive agency at all.
From Apple's Open Letter:
"Second, the order would set a legal precedent that would expand the powers of the government and we simply don’t know where that would lead us. Should the government be allowed to order us to create other capabilities for surveillance purposes, such as recording conversations or location tracking? "
That's what I'm referring to - breaking into an iPhone leads us to recording conversations. No judge in the US would ever use this case as precedence to tracking locations.
Of course Apple can deliver what the FBI wants in this case - this phone doesn't employ the much more hardened security of the 5S and above. They could comment out a couple of functions in the code (wipe after 10 attempts, increase time delay between incorrect attempts), build it, sign it, put the phone into DFU mode and upload it. It would take one engineer less than a day.
They are fighting the legal precedent of allowing a Federal Court Judge to compel a company to compromise their product on a whim. This doesn't even stop at phones - are you telling me that some assistant District Attorney out there wouldn't try to use this precedent to compel a company who makes a secure USB stick to give law enforcement a peek? How about safe manufacturers? Manufacturers of bank deposit boxes?
This is how our legal system works. A prosecutor takes past legal precedent and tries to expand it to include whatever it is that they are trying to do. Thus, the use of the All Writs Act from 1789 to try to unencrypt a phone.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
"What makes you think Apple cannot crack their own hardware/software?"
I'm taking them at their word that they have purposely designed the security of the iPhone so that even they can't break them. If that's not true, then screw Apple and force them to perform whatever capabilities they have reserved to themselves. Why should they have superior capabilities to crack our phones than the government, especially when national security or warrants are in play?
"What the FBI wants is an iOS version with a set of vulnerabilities purposely built in so they can more easily brute force the phone in question."
That may be what they want in the long run, but that is certainly not what the court has ordered nor what US law currently mandates. It also shouldn't help them in this particular case at all.
On this particular phone, it is possible. Thus, they are not taking that legal strategy.
If it was a 5S or a 6, that is exactly what they would have done, because it probably is impossible without having an untold amount of computing power for an untold amount of time.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
You don't need the fucking key! The FBI can brute force it. The problem is thy are limited to 10 attempts before the phone wipes itself. Thus, if they can clone/copy the the phone, then can do as many attempts as possible. So the original questions stands.
You're right, now that I think about it I remember seeing something about this for some Atmel microcontrollers.
"Perhaps Apple doesn't want to divert their resources off of the products and product lines that are important to them as a company." Yeah, the iPhone is such an ancillary product for Apple. I agree! /s
"Perhaps Apple doesn't want the liability if they mistakenly delete all the data the FBI wants." Oh, I'm sure that's a real concern for a multi-billion dollar company ...
"Perhaps Apple doesn't want to set a legal precedent that companies will result in ever increasing demands to break their products in the way the government desires." AFAIK, the govt. has not mandated any particular kind of exploit. They just want the info off of this phone. Great! Work to crack it on the govt's dime and if they are successful, then they've identified security holes to be patched in future versions. It's win-win all around.
"Perhaps Apple is taking a principled stand." Highly unlikely. They are just trying to protect their brand.
"...some pretty strange bedfellows: John McAfee and Bill Gates on the pro-unlocking side..."
Actually, John McAfee is not on the side of forcing Apple to unlock the phone-- he's against that. He is on the side of don't force them to do it because he and his elite crew of hax0rz will do it for free with no need to bother Apple or use that all-writs thing.
And this solves the problem, doesn't it? Give it McAfee, he will screw up and erase all the data on the phone, problem solved.
http://www.geoffreylandis.com
Follow the case would you. There isn't newer law that OVER-TURNS the old law.
The only real protection against such government intrusions is technological, not some wimpy legal precedent. Since the iPhone 5c apparently can be unlocked after the fact with the help of Apple, it is not secure. That problem isn't going to get fixed by legal posturing, it's only going to get fixed by fixing the phone hardware and software.
Apple should investigate whether or not they can restore the password (the hash of the password) for just this one user. This assumes they have backups that cover the relevant time period. I'm sure it's not completely trivial, but it's probably a lot less work than rolling out a one-off OS. If so, then the FBI could then take the phone to a trusted Wifi, plug it in and let it back up to iCloud. Apple has already turned over the 6 week old backup that's in iCloud and could easily turn over the new data too.
is why I don't have any Microsoft products in my home. And that I must begrudgingly use them at work.
Select from tblFriends where interesting >= 4;
The FBI isn't asking Apple to decrypt the phone. It's not encrypted, it's protected by a four digit PIN. Naturally it's trivial to defeat a four digit PIN if you have unlimited retries, which is why iOS limits you to, I think, ten successive attempts before the phone is wiped.
It all boils down to the old security/convenience tradeoff. Yes, you'd like the security of a phone where all the data was encrypted with a high entropy key, but you prefer a phone that you can unlock in a few seconds then use in an unrestricted manner. What the FBI is asking for is a version of iOS in which they can rapidly try an unlimited number of PIN guesses. You could get into any phone in a matter of hours that way. Heck you could built a robot with a capacitive stylus that tries ten PINs/minute and go through all the possible PINs in 16 hours; what's more if you permuted the sequence to prioritize the PINs mostly likely to be chosen by humans it'd probably finish in a fraction of that.
The notion that your iPhone data is somehow safe from the US Government is somewhat ludicrous. All the feds would have to do if the data on this phone were really critical to national security would be to take the phone apart, desolder the flash chips and dump the memory on them. Even if that data were encrypted, they could break the weak PIN trivially. A team of MIT course 6 juniors could probably do it.
So what does the FBI get by making this demand? Two things. A legal precedent they can use to force vendors to build back doors into their products, and an insecure version of iOS they could potentially load on anyone's iPhone that was out of their possession for a few hours. That has a number of advantages if you're the FBI and you want to do things that are outside or legal oversight.
What I'd propose is a compromise: we give the data to the FBI without giving them the sneaky side effects they want. After all, Apple has already handed over the backup, so we're talking about a marginal difference as far as customer privacy is concerned. Apple should create the compromised iOS version, and break into the iPhone, hand the data over to the FBI along with the totally wiped phone. That way the FBI is never in possession of a compromised version of iOS, and there is no legal precedent saying that vendors have to provide such a thing to them.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
He's refuting he said that he supports the FBI.
He has very slightly backed off, claims that people have misinterpreted his position:
(see the "update:" in this gizmodo article: http://gizmodo.com/bill-gates-... )
But here is Gates' actual quote from the Financial times article; what do you think-- was he misinterpreted?
http://www.ft.com/cms/s/2/3559...
http://www.geoffreylandis.com
Dependency on UIDs provided by hardware.
There's a fresh article on Ars about how they could, in theory, decap the chip and read the UID data, then spin up clones for brute forcing, yes. But you have to know where the data is physically located, and you're likely to just destroy stuff and make it completely unrecoverable.
http://arstechnica.com/securit...
I am SO shocked that the man behind the worst privacy environment in the history of modern computing would come down on the side of the FBI.
Shocked, stunned, and completely amazed.
Not.
The same Bill Gates of _NSAKEY fame?
Are you REALLY still feeling warm and fuzzy about putting everything into Microsofts cloud, and believing Windows 10 isn't really spying on you, and that Microsoft aren't fundamentally aligned to sell out your private data at the first opportunity?
The biggest problem is that people are reacting to the headline - not the back story.
1) This was the terrorist's WORK phone. He tried (and failed) to destroy his personal phone - and the FBI have all of the data from that. If he didn't destroy the work phone, there probably wasn't anything important on it.
Close, but no.
He tried, and succeeded, in destroying his personal phones:
http://www.foxnews.com/us/2016...
The couple took pains to physically destroy two personally owned cellphones, crushing them beyond the FBI's ability to recover information from them. They also removed a hard drive from their computer; it has not been found despite investigators diving for days for potential electronic evidence in a nearby lake.
Farook was not carrying his work iPhone during the attack. It was discovered after a subsequent search.
So, the question is: given that they went to great lengths to destroy the phones and hard drives that they used in planning the attack, why in the world would anybody think that this phone they didn't think were worth bothering to destroy would have anything on it?
http://www.geoffreylandis.com
Doesn't DFU mode wipe the data?
Spat - a petty quarrel. This legal battle may set precedent that determines the course of security for the foreseeable future. It is hardly a "spat".
Apple isn't objecting on these grounds
You don't play that card on the first round.
You don't need "that" phone. You need to get any iPhone and you can debug it and get whatever access to it in general way that will apply to similar hardware/software, most likely just by changing single byte in machine code instructions. It would cost time/money though. Apple already has access to it though through their own personal backdoor,
No. The whole point is that "their own personal backdoor" does not exist.
so why should they be immune to court orders? No business or person is immune to it. They can only (try to) refuse to provide general access software, but every time they will get court order to provide data from specific phone, they should be legally required to comply with court order.
Again. Apple is not being asked to "provide data from the phone"; they're not even being asked to decrypt the phone. They are being commanded to write new software to the FBI's specification.
http://www.geoffreylandis.com
Just ask U2 how they did it
I'm not making a determination on if Apple should or shouldn't do what the FBI wants and what the judge has ordered. I'm just trying to explain what they've been asked to do.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
No, a good lawyer plays ALL his cards UPFRONT. This Matlock style last second cropping up of evidence to get your client off you see on TV is not how these things work.
If you are making a motion or responding to something you put ALL of your arguments into your filings because each of these arguments must be individually dealt with by the court and you won't have the chance to go back and amend your response without a good reason. Your best chance at prevailing is at the first strike, going back later and trying to add additional arguments when your previous ones have failed is usually not allowed.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I can see Gate's lack of concern about privacy rights and the notion that a customer 'owns' the software or computer he just bought. But if he had any working brain cells he'd have to see the long-term damage to U.S. tech companies... if back doors become the new normal, nobody's going to want to buy our crap anymore, if the competition does not have back doors.
Going a step further, if the tech sector suffers losses, that's a big impact to the tax base, and the Feds lose big time.
Oh please. Apple can easily produce an iOS version that doesn't erase the phone's content after a specific number of tries to enter a pin and take away the mandatory wait times required between failed tries. They likely can do this in about an hour, including flashing the new iOS version into the phone.
As I understand this, that is all the FBI is really asking that they do.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
"In an interview with Bloomberg, Bill Gates says he was 'disappointed' by reports that he supported the FBI in its legal battle with Apple, saying "that doesn't state my view on this.' "
http://www.theverge.com/2016/2...
I'm not arguing one way or the other on the question what Apple SHOULD do. I'm arguing that they clearly have the technical ability to do what's being suggested.
Personally, I'm not taking sides here. I'm worried about the precedent, but I'm also loathed to up and ignore a judge's order. My guess is that Apple will be forced to do this, but I'm not sure this is a good idea. The legal process will decide and it's going to be interesting to watch.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Yes, the government can compel Apple to write code. The government can compel Ford to make a truck that gets 30MPG, compel a mining company to dig another shaft to let air into a mine, and make me pay for health insurance I do not want. If you think the direction the country is going in is to have more freedom than the past, you are sorely wrong.
Case in point - the government's suit against Microsoft and their inclusion of Internet Explorer bundled tightly with Windows. The terms of the settlement included Microsoft having to divulge all internal APIs and allow 3 people to have access to all their code. Microsoft wrote a ton of software to isolate IE from the OS in order to minimize exposed APIs.
In many other cases, companies have had to write scripts, etc. in order to search their systems for data.
What is the extent of the government's power? Well, we have three branches of government that figure all of that out for us. Currently, all three agree with the FBI. When the abuse is too much, we have the right to petition and make changes. But Apple, in this case, is on the wrong side of history.
Bill, retire already. Go play golf.
Doesn't he have have like a 160-180 IQ and pretty good poker skills? I doubt he missed something so obvious unless his mind has deteriorated over the years. Maybe he is saying you have to pick your battles on these things sometimes, which seems reasonable enough. Apple and Google and MS can make a stand against the FBI, but making it against a terrorism case might not have been the most tactful approach. Either way the law seems to say if Apple can get that data, they have to try or prove it's just too darn hard. The alternative is Apple ensures it designs systems that it honestly can't get into (without perhaps an active wiretap and login) if it really wants that level of data security for it's users. The precedent that technology overrides law is more dangerous than the idea that courts have the right to make corporations "un-hide" data. Apple, like an US business has a legal obligation to abide to court ordered data requests. I don't see how, if they have the capacity, they can argue they have any right to decline. Honestly, corporations that can decline to hand over data to the courts is the more dangerous precedent. It's a core principle of the justice system to be able to demand data as evidence for due process to work right. Encryption is little more than a fancy term for hiding your data. Apple has a secret file cabinet that it doesn't read, like a bank with a lock box. When asked to 'un-hide' the contents of that container, if they have the capacity to do so, they must. Why would there be any different interpretation. Will Apple plead the 5th instead? I don't know how hard it would be for Apple to do this, I don't know their systems at all. If they can do it, they really have to by law. It's a precedent that was set long before computers ever existed. If you have record you need to do your BEST to legally abide by the court order and provide them. That means providing them in readable format, not purposely printing them in very fine font, not purposely damaging the data or 'losing' it. These are all concepts that apply to physical documents too. You can't obstruct an investigation by dragging your feet in compliance because you don't like the law. You change the law with votes, not by breaking it unless you're ok with being charged with the crime you're committing and ideally when you know you can garner mass public support. So again I ask, why did Apple pick a terrorism case to make this stand against?
In the customer letter that Apple released http://www.apple.com/customer-... they said
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation."
If the phone is locked how can Apple install a new operating system on it?
""Perhaps Apple doesn't want to divert their resources off of the products and product lines that are important to them as a company." Yeah, the iPhone is such an ancillary product for Apple. I agree! /s"
I didn't claim the iPhone was an ancillary product for them. I presume that building the software the FBI wants is not on Apple's current product plan. What products should Apple put on hold in order to fulfill the FBI's request?
"the govt. has not mandated any particular kind of exploit. They just want the info off of this phone. Great! Work to crack it on the govt's dime and if they are successful, then they've identified security holes to be patched in future versions. It's win-win all around."
How is it win-win if Apple has to divert resources off of Apple's desired work-plan in order to work on the government's wish list? The government is seeking to re-prioritize Apple's product road map and development resources to favor the government. Doing it on the "government's dime" doesn't change the fact that the government is dictating to Apple how they allocate their internal resources. Perhaps if the government thought you could be helpful they could divert you from your plans and get you to solve one of their problems. As long as it's on their dime why would you care whether or not you wanted to participate.
Perhaps you believe that Apple has unlimited resources and can continue with their current product plans un-interrupted and still satisfy the government's request.
"They are just trying to protect their brand." - Is it not Apple's right to protect their brand?. Is that not a liability that Apple should protect? The very same type of liability you dismiss because they're a "multi-billion dollar company."
The commentary about it being pro-unlocking vs. anti-unlocking is inaccurate.
It's really pro-FBI Compliance vs. anti-FBI Compliance (or if you want to use stronger language, pro-Backdoor vs. anti-Backdoor).
When it comes to allowing the FBI access to the data, note that almost *all* parties involved (including Apple) *does* agree that the FBI should have access to the data. In fact, Apple has done quite a lot to try and get FBI access to the data, including providing any available iTunes Cloud backups to Farook's phone.
The problem is the *how* -- meaning, *how* should the FBI get access to that data, and to what extent can the FBI compel Apple to provide the data by having Apple compromise the security of the iPhone itself.
Furthermore, in terms of the "two sides", the summary provides a very inaccurate portrayal of the two sides of this argument. If you read thru John McAfee's quotes, he actually *agrees* with Apple, and states that Apple should *not* be compelled to comply with the FBI / court order. (What he then stated is that he could get access to Farook's data *without* requiring Apple to create the backdoor, which is what he was arguing.)
Also, to say that "even some of the victim's families on the con" is also inaccurate. In fact, there has only been *one* victim's family (specifically Carol Adams -- http://nypost.com/2016/02/18/m...) that has been on the record stating that they think Apple should not be compelled to comply with the FBI, not "some".
EDIT: Gates actually says that his quote was misinterpreted, and he does *not* necessarily side with the FBI -- http://www.bloomberg.com/news/...
The password/passcode used to unlock the phone is not the encryption key that is used to decrypt the phone. The phone uses the password/passcode in conjunction with a hardware identifier to derive an AES256 key that cannot be read directly.
If you clone/copy the phone, you lose the hardware identifier, and cannot do as many attempts as possible.
Yup. I saw an update video here which interestingly enough also details that the FBI *ISN'T* just looking for access to one phone as they currently claim, but that they have court-orders in-progress for twelve other iPhones (unrelated to San-Bernardino).
Gates doesn't seem to think he said what people are saying he said. He was quoted today saying "I was disappointed because that doesn’t state my view on this."
Nuanced? Or freaking out about the blow-back?
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
That is wildly optimistic. It's more on the order of several hundred quindecillion years (i.e., ~10^50 years).
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Go back to curing polio.
Assuming FBI head James Comey is telling the truth when he says he's not trying to set a precedent, I side with the FBI and Bill Gates on this case.
Any lawyers out there? Is there a way for Apple to comply with this particular request from the FBI, and in a later case, hold the FBI to their statement that they're not trying to set a precedent?
So this is as good a place as any in this thread to remind some of the difference between espionage and surveillance. The simplest way I've heard it explained is that surveillance tracks who you call and when you call them. Espionage, on the other hand, listens in on your conversations.
Whenever people say things to the effect of, "it's just meta-data," please explain this comparison to them and point out that meta-data is surveillance. It doesn't have to be full-on espionage to qualify as an invasion of privacy.
It's sad to see Microsoft has tied themselves so closely to the income stream they must be generating from the meta-data (aka metrics) Windows 10 collects. Whether it's from advertisers or surveillance agencies, I can't say, but to stick to their guns so intransigently in the face of such withering public criticism is an indication how much that income must mean to them... They're figuratively hoisting themselves with their own petard.
Sir Gates' latest comment simply confirms to me what I already believed.
and close the loophole that lets them load a new OS image on the phone without the user's key.
Then they couldn't even comply with this request.
I do realize that I'm contributing to the noise associated with Gates.
Gates has never demonstrated that he's skilled or knowledgeable about anything unrelated to accumulating money, so why would anyone care what he thinks? Report what Bruce Schneier, an independent and recognized expert in security and technology, thinks instead.
The security of the iPhone *should* be one of their top priorities and they *should* already have whole teams of people working on this internally. If the govt. wants to fund further security audits, then that is a 100% win-win. They will get directly paid for things they should have already been doing anyway. Literally, the govt. will be funding future security improvements to the iPhone.
If the courts are forcing them to labor without just compensation, then that is a different matter.
If it is that easy to externally modify the OS on the phone without user authorization to basically bypass the security of the data on the phone, then their claims about security are shite in the first place.
I'm not sure about the device they are talking about here, but for the I-Phone 5c you can flash a new iOS version without knowing the owner's pin or password. There is a process to "recover" the phone and flash a new operating system without disrupting the user's data. I actually did this on my daughter's phone just yesterday.
However, if you have physical access to the device, chances are you can recover any data on board if you are careful and try hard enough. Some devices are build to erase data when physically disassembled, but an I-Phone is not one of those things.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
It is not a win-win when Apple, or any other company, or you or I are forced to work on things we don't want to work on even if we're compensated.
Apple doesn't have unlimited resources. The FBI isn't asking Apple to perform more security audits. They are attempting to force Apple to write software that will allow the FBI to break into the iPhone.
Take that single phrase, "force Apple to write software." Perhaps you believe that Apple should write that software anyway to enhance the security of their products.
Do you not think that Apple may disagree with your conclusion.
Your argument is that as long as the government compensates them it shouldn't matter that Apple disagrees.
Here's a simple question for you, from where do the resources to write that software come?
If those resources are working on other projects that Apple more highly values then Apple loses the opportunity to deliver those other projects. If multiple products depend on those projects then Apple has multiple products that are delayed. Is that not a loss for Apple? Is it not a loss for Apple when the government dictates to them how to use their resources? What difference does it make if the government compensates them for their labor?
I assume that Apple does have as one of their top priorities the security of the iPhone and already have whole teams of people working on it internally.
I'm stumped by your position, though. How do you not see the problem when the government can dictate how a private entity deploys their resources, in effect, reaching into a company and setting their development priorities?
Apple did nothing wrong, they do not own the phone, the government screwed up when they took possession of the phone and now the government believes it can set Apple's development priorities and you think it's O.K. as long as the government pays them for their labor.
Look at the latest story where the U.S. Department of Justice now has 12 additional iPhones they want unlocked. What if they all require different methods in order to be unlocked? You seem to be saying, "Well, that's too bad for Apple's product and development plans but, after all, the government is compensating them for their labor."
Then again, as you've previously stated, "Screw Apple."
Maybe so, but they aren't the only one holding back information.
Sanders, does not believe in Utopia. I may not agree with all his ideas but he is right that the US political system is systemically corrupt, and the only way to solve any of the other problems is to solve that first. He may not succeed in fixing the system (probably not, it is a big job, with lots of corrupt people against him), but it needs be fixed, and it is better that the US elect someone who will at least try to fix the broken system, than someone who will continue to ignore it.
The reason that he says he will fix system as opposed to saying I'll give it my best gosh darn try, is it not politically expedient. No politician says they will try there best, they say this is what they will do.
The key is 256 bit AES key. I don't know the Apple implementation, but generally such a key is stored itself encrypted by a key derived from the PIN. When it wants to make it irrecoverable, it forgets all versionns of a key, meaning one must attack a 256 bit random key instead of a key derived from some human piece of knowledge.
XML is like violence. If it doesn't solve the problem, use more.
If Apple can simply write some software to get around the iPhone's security mechanisms in this case or any of the others, then THEIR SECURITY MECHANISMS ARE BROKEN.
The govt. is paying them to test their own security, which they have claimed they purposely designed so even they can't break it. Either they lied about that, which wouldn't surprise me at all, or they will get paid to test their own security. How is getting paid for something you should already be doing anyway a horrible intrusion onto your liberty?
And, yes, if Apple *LIED* about designing their security so that even they couldn't break it, then definitely *SCREW* Apple.
If FT's claims are based on the interview material they show in the posted video, they're making a very liberal interpretation. As far as I can see, Gates only made a few specific points:
Overall, he seemed to take a lot of care to avoid taking a clear stance with Apple or with the FBI and framed the whole situation as though it was an important legal question that should be settled by due process. The claim that he said "technology companies should be forced to co-operate with law enforcement" is misleading.
It sounds like what you are driving at is that the data itself it not well secured really at all. If you can get a copy of the data and successfully brute force attack it, then that's user error for not having a long enough random-ish password to encrypt the data. For the data to be truly secure, Apple, the govt. whomever should be able to fully access the entire contents of the phone, know what algorithms are being used and still not be able to decrypt the data without knowing the encryption password and brute forcing it should be prohibitively expensive.
Apple said they're designing their systems so even they can't break them. That doesn't mean every iPhone generation out there can't be broken. Recognizing that older model iPhones like the 5c have limited physical capabilities (no secure enclave), they built certain capabilities into the O/S.
We all know, those of us paying attention anyway, that an O/S written and signed by Apple can be installed on this particular model of iPhone that can bypass erasure of the data when too many wrong passcode entries are attempted.
Apple is not getting paid to test their own security. Apple is being forced, via this court order, to write and sign a new version of the O/S that will bypass erasure of the data and allow passcode entries via a connected peripheral device rather than the touchscreen.
Even someone as thick as I can see that writing and signing a new O/S with undesirable features isn't part of "testing their security." Surely you can see this as well.
"How is getting paid for something you should already be doing anyway a horrible intrusion onto your liberty?"
How is building a new O/S that bypasses their security capabilities "something [they] should already be doing?"
It's an intrusion onto [my/Apple's/your] liberty when the government forces [me/Apple/you] to do something [I/Apple/you] don't want to do regardless of whether or not compensation is involved.
You seem to be stuck on the fact that Apple is simply being asked to test their security, they're not, they're being told to bypass their security by building a new O/S. Here is the wording from the court order:
Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.
If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
Even if all they were doing was attempting to break the security of the installed O/S it's up to Apple to decide how best to do that, not government orders.
If you can't see the difference then, frankly, there's no hope you'll understand the liberty implications either.
The principle everybody needs to understand is that all encryption techniques in common use today, except for one, are subject to being broken by brute force, the only question is how long will it take. (Only the single use pad cipher being the exception). If you have access to the device, it can be disassembled and the data retrieved and subject to the brute force attack.
EVENTUALLY all encrypted data can be viewed by the people you where hiding it from by encrypting it. Encryption just hides the information from your adversaries for a period of time. The trick is to make it take longer to find the key and decrypt than the information you are protecting is going to be useful.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I know how encryption works on these devices. Once you've got the passcode you've got the keys to the kingdom.
Yes, they've got an AES chip, but it mainly facilitates a fast "wipe" of data on the phone. Storage is encrypted with a random key, which in turn is encrypted using the UID of the device. The encrypted key is stored in flash. When an emergency wipe is called for, the random key is erased and the data in storage, while still there, becomes inaccessible.
It's a clever compromise between security and convenience, but it's not really all that secure if you're worried about national security agencies. If they can bypass the OS entirely and go straight to memory they can brute force the PIN, and everything is laid bare, provided they reassemble the device or spoof the UID. Or they can simply read the encryption key from flash then decrypt the data they've extracted.
The scheme is plenty secure from ordinary thieves but not a three letter agency; probably not even organized crime. That doesn't make it bad; the lock on your back door isn't bad because it can't stop the CIA from doing a black bag job on you; you just have to be aware if that's a possibility.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Confused about the issues? Don't be! Here's my easy one-step guide to taking sides on this issue.
Ask yourself one question: are you a douchebag?
Y: FBI
N: Apple
It just goes to show that privacy is a personal thing and everyone has different levels of personal privacy. No single law suits all people.
So, Apple has a unique ability to subvert older generations of their iPhone through software signed by them. Then, yeah, the govt. absolutely does have the right to invoke Apple's special capabilities to conduct a lawful search warrant. All of this points to the wisdom of designing such systems so that even Apple can't break them. Then in the future they can claim they have no special capabilities not available to the govt already. This case is a legacy cost for doing half-assed security in the past. Oh well, lesson learned.
dear tfa - did you do that deliberately?
we (mostly) all know and understand the old latinate legalese in re pro and con, but we all also know that the meanings of the word "con" has changed, in current use, and are no longer "polite".
therefore, dear author, pray tell - was that a deliberate con there?
The keyspace for several common symmetric encryption schemes (e.g. - AES-256) is on the order of 2^256. So, brute force attacks aren't even possible on them because there isn't enough energy in the universe to try all combinations before the heat death of the universe. You need to find some kind of flaw to drastically reduce the search space first.
http://www.eetimes.com/documen...
And, yes, passwords typically don't have 256 or even 128 bits of entropy in them, but, again, that's the user's problem.
Also, in this case, they even said point blank the government would have been welcome to the data if it had been backed up to iCloud.
...as they should have. Apple should comply with any reasonable legal court order to turn over any information that they have which is relevant to a criminal case. Say, any personal information about a mass-murder suspect that they may have in their possession.
In this case, the FBI is not demanding that Apple turn over information. They are demanding that Apple engineer something new and dangerous.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Perhaps, they do not want to answer this question from the Chinese or Russian governmenmt "We want the same access to your product as the US govenment."
The purpose of writing is to inflate weak ideas, obscure poor reasoning, and inhibit clarity....Calvin
You don't need "that" phone. You need to get any iPhone and you can debug it and get whatever access to it in general way that will apply to similar hardware/software, most likely just by changing single byte in machine code instructions. It would cost time/money though. Apple already has access to it though through their own personal backdoor,
No. The whole point is that "their own personal backdoor" does not exist.
Of course it exists. Changing software remotely without device owner permission is backdoor.
They are not changing anything remotely. The whole point is that the FBI physically has the phone.
This has nothing whatsoever to do with changing software by remote access. This is about breaking into a phone that they have in front of them and have opened up to directly get to via the physical access ports.
...
Again. Apple is not being asked to "provide data from the phone"; they're not even being asked to decrypt the phone. They are being commanded to write new software to the FBI's specification.
...Maybe, but public perception is different...
Exactly. That's the point I've been shouting about. Public perception is not in line with the actual facts.
http://www.geoffreylandis.com
Bill Gates opinion ceased to be relevant years ago. Why is this even a debate?
Apple isn't ignoring a court order. Apple is actively challenging it. That's one of the safety measures in the court system: it puts limits on the power of one bad judge. Challenging the order is perfectly legal and unobjectionable.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The AES-256 key is not specified by the user, but is the combination of a PIN and a 256-bit random number. Assuming the random number is really random, that's 256 bits of entropy.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
No, that is not what this is about.
Really.
Apple may or may not be able to remotely change this or that software, or alter this or that firmware, and reflash this or that ROM remotely-- but that is not what this specific issue is about. This specific issue is not about remote access.
Look, the FBI wrote a clear and specific statement of what they want Apple to do. It does not involve remote software updates. Period. Some other issue may be about remote software updates, but not this one.
There seem to be so many people say "well, what the FBI specifically, clearly, and directly asked for is that, but that's not how I would do it, I would do it this other way, and that would be really easy; so that must what the FBI actually wants even if it isn't what they said, and Apple must be lying, and I know that because if they did it my way it would be really really simple."
http://www.geoffreylandis.com
Apparently, in the case of the 5C, the lockout delay and wipe are in the OS, and so if Apple can change the OS they can bypass those measures. From the 5S on, that functionality is in secure hardware, and so this particular trick won't work.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The government can bypass the OS entirely and clone the memory, at which point they have a lot of stuff encrypted in AES-256 with not a clue about the password. The data to create the key is on a secure chip, and reading data from that chip will be difficult and risk destroying it forever. That chip has the ability to wipe its part of the key, rendering the contents of storage permanently unreadable. As long as the key isn't wiped, the only thing the key management unit will do is accept the PIN and use it to create the AES key that will allow access to the data. Without cracking AES-256 or figuring out how to get the random number from the chip, the only thing possible is to enter PINs into that chip and record the keys coming out.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Installing the replacement OS requires Apple's signing key, so the 5C is pretty secure against any attack that doesn't have that. The later iPhones are more secure.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Fair enough, but their attempts to play this in the court of public opinion isn't going to play well for their case. Eventually the judge can/will invoke sanctions in order to force compliance.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Perhaps Apple doesn't want to divert their resources off of the products and product lines that are important to them as a company.
So out of 100,000+ employees, they can't spare a couple for one week to comment out the number_of_retries=10 code?
Perhaps Apple doesn't want the liability if they mistakenly delete all the data the FBI wants.
Er what? Unless they plan on giving this to the intern, how would that even happen?
Perhaps Apple doesn't want to set a legal precedent that companies will result in ever increasing demands to break their products in the way the government desires.
Tough titty, the Justice system takes precedence
Perhaps Apple is taking a principled stand.
Hahahahahahaha.... yeah good one....
They're being asked to build software that doesn't exist to subvert a security feature in iOS.
"Build" might be an exaggeration. The FBI only need the OS to have the max_number_of_retries=10 line commented out and sign the new version to this device. The right person could probably knock it over in an hour.
Let's not pretend this is more complicated than it is.
And Bill turns back to the dark side yet again..
Below the speed of light Special Relativity is one of the most accurate theories in physics - above the speed of light..
Clearly, the people on Slashdot are on the side of privacy over all else.
But how does illogical, hyperbolic reasoning like this (and other similar alarmist posts) keep getting modded up?
Tim Cook is now protecting the gays? And somehow if you're for the FBI being able to access a phone, with the owner's permission and under a warrant and followed up by a court order, then why would you want a PIN anyway?
As Tim Cook said recently, "You probably have as much private information on your phone as you do in your house." Maybe - and the police have full, legal, and acceptable procedures for going into someone's house and looking for evidence.
The idea that something that's been created in the past 1 or 2 years is now the one and only thing that is protecting civilization is an argument only the very young can make. It's a phone. If being caught being gay is a threat to your life, don't put it on instagram.
No, it's like going to a safe company and saying "hey - disable that mechanism for this safe that causes it to self destruct."
"That's just like what we make other safe manufacturers do, and what we have safe deposit boxes do, and what we have for all telecom equipment. I know you're the best safe company in the world and we just have this little old court order and it's part of your responsibility for being an American company (and by the way, can you onshore some of those profits you've been squirreling away in China and perhaps think about hiring some Americans to build the safes)"
Or, I suppose for the members of the Slashdot community, it's like saying "hey, Apple sucks and you're all a bunch of losers and we want to control your lives by screening every pixel on your monitor and we want to kick your dog while we go through your desk which will cause the end of civilization"
The government can bypass the OS entirely and clone the memory, at which point they have a lot of stuff encrypted in AES-256 with not a clue about the password.
That is simply not true. Apple's own documentation states the password is stored in flash.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.