Slashdot Mirror
DoJ Wants Apple To Decrypt 12 More iPhones (macrumors.com)
tlhIngan writes: The Wall Street Journal (paywalled) is reporting that the Department of Justice is seeking Apple's help in decrypting 12 other iPhones that may contain crime-related evidence. The cases are not identified, though a list of the 12 phones in question has come out, but it is not known what level of Apple assistance is required (i.e., how many of those cases are waiting on the FBI request for special firmware to be developed and to be used on "one more phone"). It appears Tim Cook's assertion that hundreds of requests are waiting on this software may not be a fabrication, and the goal is not about just one phone, but to set a precedent to unlock more phones.
As TechDirt (which also lists those 12 cases, a list which certainly does not encompass all the phones the Feds would like to peer into) puts it, "[O]nce again, Director Comey was flat out lying when he claimed the FBI has no interest in setting a precedent."
Tim was right: gov't wants to open Pandora's box.
Table-ized A.I.
The San Bernadino phone was just the start, pretty soon, it will be "DOJ wants the backdoor keys for all your iPhones"
Have you ever fallen asleep at the keybhanusdiog?
It's always about stripping away another level of your rights. Fight now, later it will take a lot more blood, sweat, and tears.
Apple dun goofed - this is exactly the position that they were trying to avoid being in - iOS backdoor v2 coming to an iphone near you!!
"This is my surprised face."
Meanwhile: "...New York City police commissioner, William J. Bratton, and the Manhattan district attorney, Cyrus R. Vance Jr., criticized Apple after it refused to comply with the court order and said that they currently possessed 175 iPhones that they could not unlock."
So that's 188 on the list so far...
My go-to person for security issues is Bruce Schneier. Here's what he says about the issue:
The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court's demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.
He elaborates on this in another section:
This is an existing vulnerability in iPhone security that could be exploited by anyone.
There's nothing preventing the FBI from writing that hacked software itself, aside from budget and manpower issues. There's every reason to believe, in fact, that such hacked software has been written by intelligence organizations around the world. Have the Chinese, for instance, written a hacked Apple operating system that records conversations and automatically forwards them to police? They would need to have stolen Apple's code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.
The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked. IOW, the user is presented with an alert, and the user must type in the passcode before the update is applied.
This would seem to solve the problem for future releases, Apple could legitimately say that there's no way to unlock the phone.
1. Build a LLC that owns all IP rights to the tools that forensics tools.
2. Have the LLC sign a contract with Apple that states that Apple will never release trade secrets to other vendors to comply with the production of forensics tools.
3. Have Apple refer them to the LLC.
4. Let the LLC charge the government $100,000/job as a firm fixed price contract.
You'll see the FBI getting pretty libertarian in how it prioritizes searches and seizures if that's the only way Apple will work with them.
I am still waiting to see how any of this will affect the elections. Chances are not much will come of it. Just a lot of noise.
“He’s not deformed, he’s just drunk!”
This will open the floodgates of making all of these companies be responsible for developing tools for law enforcement to demand access. And then law enforcement will demand they simply be given those tools to avoid the whole pesky court system and due process.
Welcome to the future, where law enforcement wants it to be illegal for you to have information they cannot access, and failure to allow yourself to be spied on is a criminal act. You can't have any freedom and security because they need to remove it to protect your freedom and security.
You have nothing to fear if you have nothing to hide, citizen.
In Soviet America, phone unlocks you.
But keep telling yourselves you don't live in a surveillance society, one day you'll believe you have always been at war with Eurasia. Failure to comply is now a thoughtcrime.
What happened to those oaths to defend and uphold the Constitution, instead of wiping your ass on it?
Lost at C:>. Found at C.
Was it too difficult to wait until the precedent had been set, before demonstrating that those who warned us that it wouldn't end there they were exactly right?
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
DOJ is requesting remote backdoor capabilities to all phones so that they can browse for hot nudes at any time anywhere. They originally wanted it to stop terrorism, but then realized that every other thing they've done to try to stop terrorism seems to have failed miserably. The DOJ is happy to announce that this time their plans will be used 100% as expected, and will for sure have great success.
Pitch and feathers!
>>"The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked." The flash memory on the iPhone can be flashed from an external computer connected to the flash chip via an interface (http://www.mouser.com/Semiconductors/Memory/Flash-Memory/_/N-488w1), so software solutions probably won't work. Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that... I think the most dangerous thing is what Tim Cook said: the All Writs Act. When has the gov't forced companies to affirmatively make them something for their investigation? I can't think of an example from the physical-world.
Comment removed based on user account deletion
Well - options:
Learn some math and develop some encryption of your own. And don't forget the monkey wrench ingredient.... OR
Learn Navajo ( precedent is WWII...)..... then convince family and friends to do the same...
Learn Mandarin, Tagalog, and a localized slang Urdu from India... then convince family and friends to do the same...
Learn Tamarian..... then convince family and friends to do the same...
Go full tard in speaking, writing, communicating...... then convince family and friends to do the same....
Send LOTS of diversionary texts, emails, call everyone every day....... then convince family and friends to do the same....
Order a collection of clothing, flags, lamps from 'other' countries...... then convince family and friends to do the same....
We in the deep south can mix it up a little, ghetto - Errr- Ebonics can also, Canuck and Nawrleens can, some...
Just to be a smidge difficult...
Integrity
DoJ, FBI, NSA... They all want Apple to decrypt ALL the iPhones.
If Apple properly did what they advertised - encrypting the phone - it should be impossible, at least for the near future, to decrypt the iPhone.
Yea, good one. Like we can trust the FBI and CIA with a one off. We all knew this was the goal. If you say yes to one you have to say say to all. Now...when is the public going to stand up and say "NO"? Or do we want cases like the the one just posted today: http://yro.slashdot.org/story/... This is when the data was unprotected. Which in essence will be the effect if the FBI has it's way. (some in the FBI has said we should ban encryption so the government has full unfettered access).
Or another case that came to light today as well: https://www.washingtonpost.com...
Where the government OPM database was breached in 2014 and 2015, partially by foreign (the Chinese..of course...).
If you create a key, everyone will want to use it. And everybody will...especially private/foreign hackers. And when it come to hacking, the international hacking community will find any backdoor created. (rumor has it Apple already has one may be patching it before they strong armed into disclosing it). Put the word out (as this case will if Apple complies) that there is such a key, and watch the effort redouble to find/exploit. The public needs to say, "enough is enough" before everything becomes the data "wild, wild west". Benjamin Franklin was so insightful: We truly deserve neither. and that is what we appear to be getting.
"Imagination is more important than knowledge" - Einstein
if encryption is outlawed only outlaws will have encryption.
The next iPhones should have the timer between password attempts and the "wipe after 10 tries" options moved from software to the security chips in silicon.
"Sure we can put in a hacked iOS version, but the counters and timers are all in chip and iOS cannot touch those."
Trolling is a art,
You have missed the point entirely.
Of course the DOJ wants to decrypt more phones. but i don't understand why they would say so publicly now. Apple is already fighting this why not wait until the court case is over while pushing the narrative its just this one phone. Its not like apple is going to decrypt there other 12 while the case is still ongoing. If and when apple or ordered to decrypt this one phone the DOJ can then use that as ammo to make them decrypt more. but by saying they want to decrypt more now they give credence to apples argument that its will be used over and over again possibly being an issue in the current court case.
BIG F'N SURPRISE, RIGHT? I support Apple on this. The story of Pandora's Box has stayed in our culture for a reason.
Once the precedent is set, the feds are only a national security letter away from telling Apple (and all other phone an IoT manufacturers) that "your next routine iOS (or whatever) update will have remote access to everything that we can activate without your involvement, and if anyone finds out it exists, you go to prison." That's not a hack, that's a built in back door, as part of the OS, and no security can possibly protect you from the manufacturer's deliberate intent.
The precedent is the only thing that matters here.
Yes you can keep trying to guess the pin, but there is a exponentially increasing time delay between allowed attempts after 5 or so. Getting into something like 10+ hours the closer you get to 10 tries.
So, no, you can't casually wipe people's phone at the coffee shop.
(I don't actually own a recent iphone, just know this from general discussion about this case - someone with first hand knowledge can chime in)
I mean, those guys with hearts as pure as driven snow really just want to make sure we've explored those scary terrorists' phones and everything to the extent possible. It can't possibly be that they want to set a precedent that they'll use repeatedly to go after low-level drug users instead.
Look here and you can see that those "sneak & peak warrants" that they got to fight terrorism have actually been used a couple of times to fight terrorism:
http://www.motherjones.com/kev...
See, in 2013 they only used sneak & peaks against terrorists 51 times. Think about that. And forget about the 11,078 times they were used against druggies. Just think about those 51!
Do you have ESP?
edit - re-reading, you must mean set the wipe-after-10-tries settings setting in hardware somewhere so that the OS can't change it, which I don't think iPhones do now, and is a good idea.
They will never learn that the people are tired of being lied to. They will keep going and trying to exploit technology to spy on all of us unless we send a clear message that it will not be tolerated.
It doesn't protect dead people. Common knowledge, seemingly intentionally excluded from the general narrative.
I would suggest that the FBI should have access to the contents of the dead terrorists based on this alone. Legally they do not have to ask for access to this data, so really what this is is a plea for help. Apple is in no way that I know of legally required to help.
As for the privacy of the living, I don't think the government will ever be right in the position that Company, Inc. should be responsible for executing the hack, weakening security, or even providing assistance. I don't think the government should have anything remotely close to the capability of invading my individual privacy on this scale.
This incident is unfortunate for the government (particularly since they fiddled with the evidence), however serves as further proof that the 'just the metadata' argument is complete rubbish.
Where and when do we construct the gallows? Even in light of the terrorist attack, I'm beginning to feel in favor of some hanging politicians and domestic spies.
Like $1 billion per device. Granted, DoJ could just pass that expense along to taxpayers...
What kind of sensitive data apple users can provide, other than hardcore gay porn?
for(;;) assert(Director Comey was flat out lying)
And of course it's a busy wait.
Move the code/ os function of your company somewhere out of reach of the US government, say Iceland. And start building HERF devices. Someone in my city is using them on traffic cameras to great effect. Park one of those outside the Hoover building and set it off.
Even after Apple engineers deliberately on order by Cook to brick the iPhone, DoJ has "Trust" in Cook and Apple?
Cook is more concerned that his Banks in China and Ireland activities to fund ISIS personnel in murder and
terrorism will lead to him!
Cook is just a Goat Fucker.
Ha ha
(and Bill's not much better either)
In the customer letter that Apple releasedhttp://www.apple.com/customer-letter/ they said
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation."
If the phone is locked how can Apple install a new operating system on it?
Is to reveal yourself a fool.
The big progress here..... remember how it used to take years or even decades for DOJ lies to be exposed? Now all manner of government lies are just blasted to all hell within DAYS. It really is wonderful progress.
"I opened my eyes, and everything went dark again"
who is 'you' in this case?
Apple? The programmers? Tim Cook?
I don't think you thought this idea all the way through.
Isn't the FBI supposed to protect americans?
So why the hell do they subvert our security by opposing encryption? The only reasonable explanation is of course that the FBI itself has been subverted by comunists!
Seriously, did anybody think they wanted just the one phone? That belonged to somebody that is now dead (so it is effectively a closed case)? And I'm unsure of how the government thinks that software designed for one phone could not be used on basically every other phone out there? If the government wants us to trust them, they either need to actually be honest, or not be so bad at lying...
The precedent was set a long time ago. Why is the press reporting it this way? Other outlets have already reported that Apple has quietly been doing this for hundreds of phones in the past! Apple has unlocked at least 80 phones for US law enforcement since September, and they've probably done the same for many other governments. If it's such a big deal, why start complaining now? Why not start complaining when it first started happening... which was probably a week after the very first iPhone was sold.
APPLE HAS BEEN DOING THIS FOR YEARS!!! The precedent was set a long time ago. The only thing different about this case is that Apple finally made a stink about it.
There are consequences for refusing to follow a court order and Apple should be receiving them. Special snowflake indeed.
The NSL, while a nefarious beast, doesn't work quite like that. That doesn't mean they won't do it. It just means that won't be the mechanism.
"So long and thanks for all the fish."
I don't think Director Comey was lying at all. he is an honorable man who only has the public interest at heart. Only malcontents and other assorted ne'er do wells would even think otherwise.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
There's no reason for it to be possible for anyone other than someone in possession of the passcode to be able to unlock it.
It should NOT be possible to force a firmware update without entering the passcode. Otherwise a malfactor could force an update on a phone that sent the passcode via SMS the next time the user entered it. Think Stingray on a private network spoofing the vendor. There's nothing really exotic about a Stingray. It's just a piece of repurposed communication test gear. It will be interesting to see if it is possible for Apple to comply at all. If they designed it properly a court order to unlock the phone would have as much effect as a court order requiring a person to become 10 years younger.
Any attempt by any government to force a backdoor into Android phones can be easily countered by modifying the Android source to lock it. I expect people are already working on it. The government might succeed in making it tedious to code, but it's hard to see a way to prevent disabling such things.
After getting on his high-horse the other day to condemn Apple's reluctance to grant this one simple request, I'd be interested to know if his views have been radically altered in light that this is clearly an attempt to set a precedence against encryption and privacy protections beyond that of a terrorist attack.
It's plausible that Apple could have made the custom firmware only work for the one phone.
But you need to be the sort of person who sends money to Nigerian princes to have thought that the DoJ would only ask for the one phone rather than say: every one they ever end up in possession of once they got the courts to uphold their claim that they can do so.
who is 'you' in this case? Apple? The programmers? Tim Cook?
You could always ask Qwest's former CEO his opinion.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
We'll decrypt this phone if you give us the number and location of Stingrays in the US and how often they are used.
Spit in the face of the judge and all judges that request Apple's labour in the decryption of such devices. Who are they going to arrest? Everyone that works at apple?
fuck off.
As tempting as that sounds, you have to understand how cynical and treacherous these people are. They don't want to stop attacks. Terrorists use fear to get the societal and government changes that they want, and "terrorist attacks" are the fear they use to get it.
The only reason this could ever be the solution to an imminent attack is because they know it's coming, they know how to stop it, and they *will not do so* unless we give them the back door that they want. It will not stop any imminent attack except that one time, either; such methods are never used to actually fight terrorism anyway afterwards, as we've consistently seen with TSA, Scanners, groping children searches and so on.
And even if it could and did stop an attack, is a single bombing or shooting worth being chained and dragged down to the level of freedom-less, rights-less peasantry those extremists are attempting to scare us into becoming? What does it *say* about our leaders and "security" apparatus when their solution to religious extremists demanding we do everything they say is to turn us into a society that is exactly just like theirs?
The only things they want are to take away our freedom, because you cannot consider yourself in heaven without putting everyone "less" than you in hell.
Ok, just reading the writing on the wall, smart phones of the near future will be forced to have back doors. They will find a way to manufacture consent sooner or later. How vulnerable are dumb phones to such issues? Is there is simple enough phone still being manufactured so that it would be secure?
Naive people think the FBI are the "good guys". They are not.
And the more you know about the FBI, the more frightening it gets.
Here's a tidbit for you : The FBI uses a form called a "Form 302"
which allows FBI agents to create written testimony in their own words, and allows
for what can be charitably called a "liberal interpretation" of the facts. In plain language
the Form 302 enables the process in which the FBI agent lies to bolster the FBI's case.
If you don't see anything wrong with this you're either an FBI employee or a damned fool or
a fascist bootlicker.
The FBI is about power, not about justice or doing what's right. As long as you understand this,
you can view the FBI in a realistic light rather than pretending the agency is some sort of friend of the
common man.
For a view of the coming future in the US, I recommend the excellent film : "Das Leben des Anderen"
( "The Lives of Others" ). All you need to do is substitute the FBI for the STASI in the film and you'll
get the picture.
War crimes and atrocities perpetrated by the executive branch of the government. (US Military is the federal executive branch, which is under the office of the President of the United States):
* Tuskegee syphilis experiment
* Guatemala study to infect prison inmates, mental patients and orphan children with various sexually transmitted diseases
* Operation Sea-Spray (Serratia marcescens and Bacillus globigii bacteria)
* Avon Park whooping cough experiment
* Operation Big Itch and Operation Big Buzz (no injuries, but unethical human testing)
* Rape during the liberation of France (mainly only African-American troops were punished, by execution)
* Rape during the occupation of Germany
* No Gun Ri Massacre
* multiple atrocities documented in the Vietnam War Crimes Working Group Files
* My Lai Massacre
* torture of Mohammed al-Qahtani
* Civilian casualties from US drone strikes on Pakistan and Yemen
* Kunduz hospital airstrike
NOTE: Military Commissions Act of 2006 makes it so prosecution can no longer move forward for most of war crimes committed by the US
Human testing that was funded by non-military government organizations through grants, or local government programs:
* intentional infection of orphans with tuberculin, Molluscum contagiosum at multiple orphanages.
* research experiments to forcefully infect mental patients with influenza virus
* Chester M. Southam's experiments on prisoners and geriatric patients.
(many more but these lists are getting long)
(currently comment #8 on the techdirt article)
"Would apple be able to start the work, then simply send themselves a sternly worded cease and desist letter for DMCA violations?"
---
Last I figured that Apple does not work for the US Government. So tell me is Slavery still a thing in the USA? Can y'all make me or some entity to code for you just because you say so. I don't think so and I would never do it, just because.
Paul E. Bahre
But we all know that Apple can unlock the phone in a heartbeat right? Freedom freedom freedom, yeah I get it. It's a perception/concept anyway. If a hacker stole 5 Billion from Apple and transfered it to Bitcoins on his iPhone. You bet your ass they could (and would) retrieve it.
Apple is as big and powerful as a government and they make and control the rules of Appleland. Think about it.
So dear AC what is the problem with that exactly? In that case Apple would have a clear personal interest in unlocking that phone. It would also be Apple and nobody else trying to FORCE Apple to unlock that phone.
Freedom means people ( or organizations ) should not be required by government to act against their own self interest. This is all about the right to use your own time and property as YOU see fit.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
is this the part where Cook finally tells the Stasi^H^H^H^H^H DoJ to just fuck off?
srsly.
how many of everybody's Grandpas died, fighting against this kind of totalitarian shit?