DoJ Wants Apple To Decrypt 12 More iPhones

tlhIngan writes: The Wall Street Journal (paywalled) is reporting that the Department of Justice is seeking Apple's help in decrypting 12 other iPhones that may contain crime-related evidence. The cases are not identified, though a list of the 12 phones in question has come out, but it is not known what level of Apple assistance is required (i.e., how many of those cases are waiting on the FBI request for special firmware to be developed and to be used on "one more phone"). It appears Tim Cook's assertion that hundreds of requests are waiting on this software may not be a fabrication, and the goal is not about just one phone, but to set a precedent to unlock more phones. As TechDirt (which also lists those 12 cases, a list which certainly does not encompass all the phones the Feds would like to peer into) puts it, "[O]nce again, Director Comey was flat out lying when he claimed the FBI has no interest in setting a precedent."

The duck quacked

[Tablizer]

Tim was right: gov't wants to open Pandora's box.

Re:The duck quacked

[ShanghaiBill]

Here are a some non-paywalled links:

http://www.reuters.com/article/us-apple-encryption-idUSKCN0VW0BM
http://www.macrumors.com/2016/02/23/doj-vs-apple-12-court-orders

If the new owners of Slashdot really want to improve this site (and I have seen no evidence that they do), a good first step would be stop linking to stories that are paywalled, or that prohibit adblockers. There are always plenty of alternatives.

Re:The duck quacked

[knightghost]

DOJ actively works against citizen's interests. In this case, they are demanding a WMD that will be used by governments and criminals against hundreds of millions of people.

The FBI already has tremendous search capability and that is increasing given how corporations track people then sell that data.

Re:The duck quacked

[phorm]

and another here

Re:The duck quacked

[powerlord]

DOJ actively works against citizen's interests. In this case, they are demanding a WMD that will be used by governments and criminals against hundreds of millions of people.

Oooo ... if they are developing WMDs, can we invade and throw them in Gitmo?

I wonder how many would support any presidential candidate that makes this happen.

Re: The duck quacked

[jofas]

This quote doesn't really apply when large chunks of the public decry said loss of liberty.

Re:The duck quacked

[Tablizer]

I don't think it's so much about the Constitution, because they can get a search warrant. But it could drive business away from US companies, not unlike what Snowden's revelations about Cisco products did to Cisco sales.

If you drive business away from US companies/products/sites by putting holes in them, then US law enforcement companies will have even less leverage because they would be dealing with over-seas companies and governments. DOJ is robbing long-term Peter to pay short-term Paul. And it hurts our economy.

Re:The duck quacked

[l0n3s0m3phr34k]

Maybe the powers-that-be actually listened to you? I didn't see the article before, but now there are non-paywall links as well and the "main link" is to macrumors. Perhaps we need a new story for an Ask Slashdot, "Why does Slashdot keep putting paywall articles up?" lol.

In regards to the article, the public needs to know the scope of these requests. Is there any "terrorism" in these? I really doubt it, but I think Apple should tell us to show the FBI's whole "it's about terrorism" is a flat-out disinformation lie. Everyone here on Slashdot already knows this, but the general public needs to know too. Not that they seem to care...

Re:The duck quacked

[NatasRevol]

Here's a link to an article showing that there's hundreds or thousands of state/local cases waiting for this exact precedent.

http://www.nytimes.com/2016/02...

To that point, the New York City police commissioner, William J. Bratton, and the Manhattan district attorney, Cyrus R. Vance Jr., criticized Apple after it refused to comply with the court order and said that they currently possessed 175 iPhones that they could not unlock.

Charlie Rose recently interviewed Mr. Vance and asked if he would want access to all phones that were part of a criminal proceeding should the government prevail in the San Bernardino case.

Mr. Vance responded: “Absolutely right.”

Re:The duck quacked

[flopsquad]

Tim was right: gov't wants to open Pandora's box.

Pandora's Box, whoa!! Slow down, pardner. We just want to investigate 12 phones! That's only 11 more than the 1 phone we claimed was The Only One That Needed to Be Unlocked.

I mean, when you really think about it, 11 is a pretty small number. You can't even get a dozen eggs with only 11 in there. Would you not crack a handful of eggs to Stop Terrorists From Killing Us All? They probably have sarin gas hidden under an orphanage, and that blood will be on Tim Cook's hands.

Oh, and we're gonna need to use this for a few CP stings, just the very worst of the worst, really only like 350 devices. What's 350? I mean, that's not even 10 minutes worth of seconds! Can we not spare a few minutes to Keep Your Children Safe? Being against decrypting these phones is basically like letting a predator live in your basement and eat your Goldfish crackers while you tell the cops you've never met him.

Right, and there's about 10,000 devices involved in drug crimes we'll be needing to do this for. Drugs are bad, and you don't want your kids being Forced at Gunpoint to Try Meth, right? It's not like it's *your* phone, it's a bunch of violent thugs who were born this way, like Lady Gaga.

There's no other way to stop a black market that we ourselves created than to step just a tiny tiny bit on civil liberties. Terrorists, pedophiles, and cartel assassins don't really *need* civil liberties that badly, do they? Maybe the extra civil liberties we're taking from them we'll give to you good people, like in a tax credit or something.

Look, while we're at it, Sony and UMG are telling us that lots of phones have pirated music and movie content. This is Probably Responsible for Kanye West Being $50 Million in Debt, and you don't want him to starve in the streets, do you?

We just want to use this court-sanctioned decryption process in a targeted, limited way to inspect every device that comes within 150 miles of a border or port of entry to the US. And any time someone is stopped or questioned by law enforcement. And at random checkpoints. But they'll have juice and cookies at the checkpoints! And shackles, but mostly snacks!

It's Kanye West fachrissakes! He's a musical genius, said it himself! And while we're looking for any unauthorized copies of any music, movie, or software, or evidence of participation or support of any act of piracy, we can *also* check for terrorism links, CP, drug use references, GPS data that would indicate a traffic violation, evidence of any past criminal activity, plans to stage disruptive protests, and other unamerican activities.

And just to pacify you civil liberties nuts, this means we won't have to target those other 10,362 people! Don't say we never did anything for you.

Pandora's Box... lord you anti-government nutters and your hyperbole!

Re:The duck quacked

[AutodidactLabrat]

The question is, how many Republican Congressmen does the DEA, FBI, BATF, IRS and Child Protective services already own?
Might explain the reluctance of Republicans to move toward more of the freedom they claim we are losing with votes to defund those ever growing domestic spy services.

Re:The duck quacked

[pla]

If the new owners of Slashdot really want to improve this site (and I have seen no evidence that they do), a good first step would be stop linking to stories that are paywalled, or that prohibit adblockers.M

Why would a largely ad-sponsored site want to help people seeking to block ads? I appreciate that Slashdot hasn't done the same - Yet - But I sure as hell don't expect them to help me avoid ads at other sites.

Re:The duck quacked

[RavenLrD20k]

Ummm...I've seen you here for a very long time, and with such a low UID, you've been here a while... have you never used the Submission system before to know how it works? You know, the community user (not an editor) goes out on the internet, finds an article that he thinks would be good for the site, posts a summary with (hopefully) a link... and then the "editors" (I wonder how much of the firehose acceptance procedure is automated, given the amount of times I've seen early stories have had broken links that had to be, and eventually were, fixed) will pull that submission in to display on the front page.

Judging by the fact that your MacRumors link seems to have been added to the summary and noted as the primary link in the headline; as well as a link to techdirt added post user quoted summary...I think it's safe to say that the human editors have gone back and added some of the more open links that you've suggested, albeit keeping the original user submitted WSJ link. Already that's marginally better than how it used to be with direct copy and only an edit if a story /summary posted was wildly inaccurate...and often not even then.

How fast do you really expect this site to change under new ownership, anyway? We've already made our distaste for overwhelming change very much heard with the previous masters (slashdot beta...yes, it was a bad design...but boy did we as a community let them know how we felt about it). I frankly don't blame Whipslash & team from taking their time with deciding on what changes to start implementing. They even devoted a full article/discussion to getting community opinions on the matter. They know we're the sort that run for the pitchforks and torches whenever something is slightly amiss (you can put yours down for the moment...seriously), and they're not going to want to upset that balance for fear of revolt or (worse for them) mass exodus.

In summary: The new /. team is going to need at least a few months to get the new code worked out and I wouldn't be surprised if it's all going to be stuff that we as a community wouldn't even notice unless we were completely focused on the subtle. As a WebDev rolling out a new site for my company, it took us over a year of planning and 6 months of coding to get things to where a completely fresh new site was rolled out (granted...as a software house, we move slower than what appears to be the norm). All the back end automation stuff is probably going to be streamlined and fluffed to serve the new masters before we start to see ANYTHING on the front end.

Re:The duck quacked

[schwit1]

Obama is relocating the Gitmo terrorists, so it will soon have a lot more room just in time for Tim Cook and the Apple band.

Re: The duck quacked

[yacc143]

Another aspect other countries have courts that can issue legal orders too.

Winner how the FBI will it like if the PR China decides that Apple has to cooperate or they will be removed from the Chinese market.

Re:The duck quacked

[Shoten]

If the new owners of Slashdot really want to improve this site (and I have seen no evidence that they do), a good first step would be stop linking to stories that are paywalled, or that prohibit adblockers. There are always plenty of alternatives.

I think the solution is for people not to submit links that are paywalled, or that prohibit adblockers.

Re:The duck quacked

[RavenLrD20k]

Hope. The greatest evil still left in the box. With the promise of hope you can control the will of billions. You can perform the greatest tyranny in the name of hope for a better future. Using the people's undying hope of a perfectly secure utopia, the DOJ will open a tyrannical dystopian state to oppress us all. I think Tablizer's use of Pandora's Box is aptly portraying the underlying theme of the story. The theme that very few tend to realize. The theme that there was nothing good within that box and nothing good could ever come from opening it.

Then there's the other, more crude, interpretation where Pandora's Box was actually referring to her womb in that the hope of the future of mankind lies within...but what so often comes out is...well...human along with all the evils that humanity is famous for.

Re:The duck quacked

[tnk1]

Submissions are made by users. The users are submitting the links.

Yes, Slashdot has editors, but technically there is no editorial policy that certain links will not be accepted. Perhaps that is what is required.

However, it may be odd for an ad-supported site to come out strongly against what is technically within the right of the other sites to do; that is to block access to their sites unless their own ads are viewed. I suppose the new administration has to weigh the two considerations and determine what is in their best interests.

Re:The duck quacked

[tnk1]

How would a government agency "own" Congresspeople, considering Congress sets their budgets? Perhaps the police unions are contributing to them, but frankly, I think this is all on the Republican legislators.

So, it isn't that the police own the Republicans, it is that the Republicans run on a "law and order" platform, and they have been convinced that perhaps their efforts in support of these agencies fits that platform. Backing FBI or police positions helps them with that, and certainly the cops have a sympathetic ear if they make a convincing case that people will be "safer" with these precedents, but the dog actually is wagging the tail, and not vice versa.

There was some poll that said about half of the US was actually in favor of the government's efforts to unlock the phones. That's significant enough for a legislator to take note of. We may generally be against this in a tech forum, but our reasoning is not always so obvious to the general population.

Re:The duck quacked

[tnk1]

The problem with anyone who wins on that platform is that they become in charge of the DOJ. So it ends up being their own people, and even if some radical candidate ended the DOJ (as such), he'd create a Department of Liberty or something, and they'd end up doing the same thing.

But he could end up throwing the old team in Gitmo, which might still be entertaining, at least.

Maybe they could put a track in at Gitmo and make them do a Death Race or something for PPV.

Re:The duck quacked

[KGIII]

Wait, Slashdot has ads? ;-)

I used to give Slashdot money once in a while but it never seemed to listen to my settings so I'd burn through it quickly. Maybe they need to get that figured out and they *might* be able to rely on less ad revenue. They also don't prohibit the use of ad-blocking here. They could, perhaps, consider avoiding linking to sites that disallow access with ad-blocking enabled.

However, I'd submit that the onus is on the submitter and the firehose voters to check to ensure the links don't go to sites that disallow visits from people with ad-blockers. On a personal note, I simply close the browser tabs to those sites. I could work around 'em but it's their property and if they say I have to access it in a certain way then I'm inclined to respect that request.

Note: I use Opera. That doesn't prohibit me from changing the URL from http to cache. Then, I am not accessing their property.

Re:The duck quacked

[KGIII]

You might want to rethink the partisan thing. I've found more supporters on NPR than I've found on Fox New Radio. (I've been listening to see what the differences are and the entertainment value.) It doesn't even remotely appear to be just the Republicans supporting this. No, I'm not a Republican - not even close.

Re:The duck quacked

[erapert]

Why is this modded funny? Isn't there a mod option for "deadly serious" or "too real to be funny"?

Re:The duck quacked

[shilly]

I'm pretty sure the OP is suggesting that legislators may be being blackmailed because of information the agencies possess about their personal lives. Ourobouros ftw!

Re:The duck quacked

[tnk1]

I was responding to the previous comment which called them out specifically. And Republican lawmakers do tend to be law and order, which is one reason for me to actually like them, even if I don't like the current overreach in the name of law and order.

I know there are authoritarian Dems out there who would be happy to force Apple to comply. They just tend to be a little more carrot and a little less stick about it publicly. The end is the same, government overreach.

Re:The duck quacked

[Irate+Engineer]

If the new owners of Slashdot really want to improve this site (and I have seen no evidence that they do), a good first step would be stop linking to stories that are paywalled, or that prohibit adblockers. There are always plenty of alternatives.

Not if the new /. owners are being paid to steer us to paywalls and advertising. It's all about the clicks and eyeballs, not the quality of your experience. Money wins.

Re:The duck quacked

[q4Fry]

I read this in my head with JK Simmons' "Cave Johnson" voice. I would pay money to hear him read it out loud.

Re:The duck quacked

[whipslash]

You're right on

Re:The duck quacked

[mysidia]

My suggestion is that when a user submits a story with a link.... editors before finally deciding to post should first spend 5 minutes to click the link and see if the content is acceptable..... next do a quick search, and see if they can find a "higher quality" source for the same information.

For example: A source that provides more information. A source that posted the story earlier. A source that has high-academic repudity.... e.g. such as a major science journal's website on a breakthrough discovery over Bob's blog; if the subject is an academic one, that is. A source that does not contain a referral link profiting the submitter.

A source that is not paywalled when checking the link out.

Re:The duck quacked

[whipslash]

When the news broke it was originally reported by only the WSJ so we wanted to provide the breaking news before waiting for another site to regurgitate the news. Once they did, we updated the story (which was submitted to us by a user and voted up in the firehose).

No evidence that we want to improve the site huh? Well I answered hundreds of questions here on how we can improve Slashdot: https://ask.slashdot.org/story...

In the 3 weeks we have owned the site we have removed the "Jobs" section, discontinued "Videos" (by popular demand), fixed the search bar, have the groundwork laid to roll out https in the next week or two, and are well on our way to supporting Unicode.

Re:The duck quacked

[mysidia]

Why would a largely ad-sponsored site want to help people seeking to block ads?

Because ads are annoying, and Slashdot should prefer sites that don't have annoying ones (IMO) and don't do obnoxious thing like try to block blockers that block annoying ads.

If Slashdot itself is profiting from ads from many people who often view without an Adblocker.... that's fine, so long as they aren't "annoying ones" such as pop-up style ones or floating ads that interrupt people

I would suggest Slashdot finding additional sources of revenue such as "Sponsored stories" that won't be taken out by adblockers.

Re:The duck quacked

[whipslash]

We're not being paid to steer you into paywalls. In fact we have made a concerted effort to stop linking to paywall sites. However, when the news is breaking we'd rather you guys have the news, and update the story as soon as another source is available.

Re:The duck quacked

[flopsquad]

Thanks for the props! I'm open to suggestions. I've had thoughts along similar lines, but from a different angle: how to go about writing more and getting it out there. And things like above... feel like they only really work in a Slashdot post.

If there's a way to wave the satirical caution flag at a broader audience, what would that look like? Submitting unsolicited material to... I'm not exactly sure who. (Whom? Shit now I'm sunk for sure.)

Re:The duck quacked

[rtb61]

Nett result, Apple no longer gets to push security and privacy against Windows anal probe 10. Now everyone is starting to see how really big this is and who is really pushing it, especially after Gates just publicly championed the attack on Apple. Not so much the FBI and M$ trolling in the background.

Re:The duck quacked

[Tablizer]

I see it more like the PC pattern. Macs are better engineered but have only about 15% of market (long-term average), while PC's became almost a commodity.

iPhone will be the "pocket" version of the Mac, and Android-clones the pocket version of the PC. Google is the new Microsoft, but perhaps with less control over the OS. Google can make some money defining and coordinating phone OS standards, but cannot charge and arm and a leg (no pun int.); more like the ARM model.

I did find my iPhone had a cleaner interface than my Android. Android kind of slapped together apps or features designed mostly independently, while iPhone has the feel of being more carefully planned and coordinated, and more likely to say "no" to clutter and junk.

Re:The duck quacked

[Pfhorrest]

As someone who doesn't pay a whole lot of attention the the behind-the-scenes stuff going on about Slashdot, I just want to say that you guys, whoever you guys are now (I wasn't even aware of a change of ownership and have no idea who the new owners are), seem to be doing a good job so far or at the very least exhibiting the attitude of someone who'll do a good job.

Re:The duck quacked

[cavreader]

The government is handling this situation out in the open using the normal judicial procedures. The government could have sent Apple a NSL request instead of a warrant or just bypassed Apple completely and handed the problem over to the NSA geek squad. But they are trying to handle this request out in the open where people can see the particular facts of this specific request.Terrorism is not the only crime the FBI investigates and prosecutes. Crimes such as murder, drug trafficking, fraud of all types, and organized crime investigations. And since Apple is fighting this request it seems they do possess the ability to disable the password manager which would allow brute force attacks to get at the data on the device. However, if Apple can technically give the FBI what they are after so can someone else. If Apple could not give the FBI what they are asking for because it is technically impossible they could have said that upfront and as long as they are not lying about their capabilities the problem would go away.

Re:The duck quacked

[zugmeister]

I mean this seriously and with no sarcasm.
Thank you!

Re:The duck quacked

[whipslash]

You're very welcome.

Re:The duck quacked

[whipslash]

Thanks!

Re:The duck quacked

[BronsCon]

So wait... Slashdot is a news site again?

Re:The duck quacked

[subreality]

I come here to see the news picked apart in the discussions, not to get the latest breaking headlines. I therefore find either a paywalled link (so I can't RTFA), or a discussion about a previous paywalled link which doesn't match the article I'm reading.

However, thank you for taking the time to answer us. I'm more optimistic for Slashdot's future knowing that you've given thought to this and are making a reasoned decision.

Re:The duck quacked

[Th0th]

I agree with everything you've said (except I don't really think his UID is very low).

Re:The duck quacked

[strikethree]

There will always be people who will be saying negative things. Some of them are normally people who say good things.

I have noticed the efforts you have personally put into getting things in order and many others have as well. Than you for your time. I believe you are sincere.

Re:The duck quacked

[sl149q]

How many of those 175 phones are related to terrorism? And how many to simple home grown criminal cases.

Re:The duck quacked

[thegarbz]

so we wanted to provide the breaking news

Oh man you're going to ruin my relationship with my girlfriend. We had a good thing going here. I would sit in the study on the computer, she'd be in the living room on the TV. I'd read a slashdot article and start a sentence with "Hey did you hear...." to which the answer would always be "Yes that was in the news 2 days ago, stop reading slashdot"

I wish this was made up.

Re:The duck quacked

[buck-yar]

Thanks Whiplash for listening and responding.

Re: The duck quacked

[buck-yar]

They also might imprison Americans in China working for Apple to get them to comply. My old boss wouldn't travel to China out of fear he'd be abducted by the govt as he once worked on classified projects for the military.

Re:The duck quacked

[Maritz]

Part of me wonders what they do, as individuals, when they succeed. Do these FBI dickheads think they can go shopping on Amazon after they've made encryption illegal/trivial to defeat?

Re:The duck quacked

[NatasRevol]

It doesn't matter.

That's the whole point.

Once the precedent is set, it's a free for all.

Re:The duck quacked

[buck-yar]

"How would a government agency "own" Congresspeople"

Skeletons in the closet.

Re:The duck quacked

[halivar]

Doesn't 6 digits mean pre-2000?

Re:The duck quacked

[whipslash]

Haha. Yes we'll cut down on that big time

Re:The duck quacked

[whipslash]

Thanks much

Re:The duck quacked

[AutodidactLabrat]

Forgive me. I have to assume most people remember when FBI director Hoover kept detailed files on the pecadillos, crimes and compatriots of Congressmen, trading on his information in return for a lifetime reappointment to America's Secret Police.
Now we have other 3 lettered agencies expanding the databases to everyone.
Power corrupts.

Re:The duck quacked

[computererds]

If Slashdot started with that sponsored stories bs, it would be dead to me.

Re:The duck quacked

[Pubstar]

People actually RTFA before posting? That's news to me.

Re: The duck quacked

[cthulhu11]

How could a site know that an ad-blocker is in use?

Re:The duck quacked

[RavenLrD20k]

I joined in mid-2000. He could have joined later 2k or early 2001. Th0th....might as well be a bloody founder (though I have seen a few active users with lower UIDs than even him).

Re: The duck quacked

[KGIII]

I imagine it's not that hard but just a question of how many compute cycles they are going to throw at it. It's currently done with scripting,

There's a few other ways. They can go for some sort of communication - send a packet from that address and if it's not sending an ACK then dump to a different page or don't display the content at all. They can check browser extensions, I'm not sure how that's done - I've not kept up with site design as much as I could/should have. They can use cookies, if the cookie isn't accepted then they don't display the content. So, they load a cookie and the ad loads a cookie of its own, if they don't match then you don't get a page. I'm sure there are other ways.

I'm also sure there are ways passed that and ways to get around them. It's just a question of how many compute cycles we're going to throw at it - at either end.

I was an "early adopter." I had broadband at work. I owned my own company and let me tell you, broadband was more meaningful back then. I had fiber by the mid 1990s as I recall. (I wanna say a T3?) Anyhow, at home I had dial-up. I hated it... Man, did I hate it. I came across an application that ran in the system tray. It was like Proximatron only different. It was some yellow icon but not "Cookie Muncher." (I've had this conversation here on Slashdot before and we all tried to find it again - can't remember, can't find it, but a few others remember it.)

Basically, you changed your proxy settings and used it or it would automatically do it with Internet Explorer from a right click menu. It was Windows 95, I'm pretty sure. You could download updated lists, apply your own filters, it filtered based on size, it filtered based on names, and it supported wildcards, subdomains, and things like that.

At any rate, I've been blocking ads for this whole time. I'll be blocking ads for a long time in the future. But... Here's the thing - they're going to find a way around it. They can detect lots of things - I'm pretty sure. If you don't let the script load, they don't display content. They can wrap it in JavaScript. They can check cookies and alter the cookies if they ad is loaded. They can have the script send back a packet that says the content has been displayed, etc... There's probably quite a few ways to do this - and they probably will at some point. And we'll leapfrog and figure it out as we go along.

Right now, I think they don't because it's wasted computational overhead. But, if they absolutely have to do it then they just might. It will kind of suck because I'm not letting them through. There's no way I'm letting them through. I'll just use other sites. I'll happily pay sites that I use some money if it's worth it. Or, if they want, I'll give them something more valuable - namely content, such as here. (Though I have paid for Slashdot use in the past.)

One odd side effect? Now that everyone's starting to block ads, I'm seeing more and more restricted content. Now that the practice is gaining in popularity, it's ruining my internet experience. Ah well... It's for the best but it is an odd side effect. In hindsight, I should have anticipated it. I expect a rapidly escalating war between blockers and site owners. However, I dare say that we blockers have more compute cycles than they have.

Re:The duck quacked

[l0n3s0m3phr34k]

The FBI is still being disinigious about "this phone". There is already a line of a couple hundred phones that this will be used on. The reason there was no NSL is because the FBI is using this as a PR stunt because of "terrorism", as just some meth dealer's phone wouldn't make the cut to force this issue. I'm betting if Apple caves, within six months every law enforcement in the country will also have this "FBI IOS". In another few months other countries will get their hands on it too. Journalists in repressive countries will be at even greater risk; just imagine Saudi Arabia being able to use this to get lists off iPhones, and then rounding up and executing every single contact in the phone. If your OK with the FBI doing this, then this blood will be on your hands too.

Hipster Terrorist?

[wkwilley2]

The San Bernadino phone was just the start, pretty soon, it will be "DOJ wants the backdoor keys for all your iPhones"

Re:Hipster Terrorist?

[clodney]

Where I think this is going to get interesting is what happens next.

From my perspective, and I assume from Apple's, they have a security vulnerability in the current version of iOS: anyone with the Apple signing key can sign firmware, which can then be loaded onto the phone without unlocking the phone first. This custom firmware can then defeat the measures designed to prevent brute forcing of the users passcode.

Regardless of whether they win or lose the current court battle, I expect Apple to fix the vulnerability in the next version of iOS. I think that is as simple as altering the operating system so that if new updates are applied without an unlock, the original OS/firmware wipes the phone *before* applying the update. That plugs the hole because before the brute force friendly firmware gets installed, the data is destroyed.

Suppose Apple loses the case - I doubt this new version of firmware technically counts as contempt of court, but certainly after having had their cooperation be compelled by the government, said government will not be happy if Apple decides to make sure they can't get forced in that particular way again, and I would expect some level of retaliation by the courts/government.

Re:Hipster Terrorist?

[amicusNYCL]

I don't know if you know the answer to this or not, but if someone leaves their iPhone sitting around can anyone pick it up, enter the incorrect PIN 10 times, and destroy all of the data on it?

Re:Hipster Terrorist?

[dunkindave]

I don't know if you know the answer to this or not, but if someone leaves their iPhone sitting around can anyone pick it up, enter the incorrect PIN 10 times, and destroy all of the data on it?

If the phone has that feature enabled (not the default), the answer is yes.

Re:Hipster Terrorist?

[taustin]

That is apparently the case, yes. Don't leave your phone lying around.

Re:Hipster Terrorist?

[BasilBrush]

And then if Apple ever have a bug in their software that bricks phones, they will not be able to be rescued, but will need to be trashed on mass. No thanks.

Re:Hipster Terrorist?

[MitchDev]

With increasing delays on how long you must wait to try again after about 5 failed attempts...

Re:Hipster Terrorist?

[dhaen]

Interesting idea, but it makes me wonder if there are ANY circumstances where we would want to allow a decrypt. How about: The authorities are sure that a phone contains information that would thwart an imminent attack? Where is the morality in creating a system upgrade that would defeat us from ever preventing this?

Don't get me wrong, I am in favour of privacy, but I'm troubled by the absolute implications.

Re:Hipster Terrorist?

[Marco+Polo]

Depends on how long "Jest laying around is" 2 hrs and 21 mins then yes.

Depending on how long you have it you can LOCK it for a few mins and They can't use it.

TRY - wait time ---- Total Time
1-5 -- none ---------- none
6 ---- 1 minute ------ 1 minute
7 ---- 5 minutes ----- 6 minutes
8 ---- 15 minutes --- 21 minutes
9 ---- 60 minutes --- 81 minutes
10 -- 60 minutes ---141 minutes
11 -- black screen -- wiped device

Re:Hipster Terrorist?

[l0n3s0m3phr34k]

If Apple has a bug in the software, it would more than likely be covered under their warranty. They fixed their Error 53 issue, and they don't want a class-action lawsuit against them.

Re:Hipster Terrorist?

Suppose Apple loses the case - I doubt this new version of firmware technically counts as contempt of court, but certainly after having had their cooperation be compelled by the government, said government will not be happy if Apple decides to make sure they can't get forced in that particular way again, and I would expect some level of retaliation by the courts/government.

If the All Writs Act can compel Apple to write an exploit and sign it -- which can be a pretty hefty undertaking... why can that same writ not simply compel Apple (and Google, and Microsoft, and basically everybody else) to turn over their private code signing keys to the FBI?

Re:Hipster Terrorist?

Is torture also included in this exception?

Re:Hipster Terrorist?

[BitZtream]

What you described in the second paragraph is already how it works in current iOS versions. You can't update a locked phone without unlocking it OR wiping it.

Re:Hipster Terrorist?

[clonehappy]

Was this comment meant to add to the discussion here in some way?

Re:Hipster Terrorist?

[Tom]

and I would expect some level of retaliation by the courts/government.

You are seing it already. Apple made things the way they are exactly because of previous requests. So this time, the angle is "you are on the side of terrorists". It's a warning shot. Next time it will be "you ARE the terrorists".

The thing saving Apple is that thanks to two decades of NeoCon politics, multinational corporations are now more powerful than governments, and the crooks can't play hardball anymore.

Re:Hipster Terrorist?

[cfalcon]

If the user has enabled the feature and leaves his phone around monkeys for two hours, then yes.

Then he goes home and restores it from his encrypted backup.

Re:Hipster Terrorist?

[chihowa]

You mean "en masse". Hopefully you won't get too pissed off about being corrected and we can gradually become (or at least appear) more educated as a group.

The fact that our language contains so many idioms makes this harder, but a first step should be to think about what "on mass" could mean and decide that it probably isn't the actual phrase you're looking for.

Re: Hipster Terrorist?

[bill_mcgonigle]

Don't get me wrong, I am in favour of privacy, but I'm troubled by the absolute implications.

It's impossible to have a free society where every "Hollywood movie plot threat" can be neatly solved. Even (especially) heavily-controlled societies like prisons cannot eliminate crime.

If somebody is telling you that they can take away the risks inherent in life, watch your wallet and your freedom.

Re:Hipster Terrorist?

[cfalcon]

> Where is the morality in creating a system upgrade that would defeat us from ever preventing this?

Same morality that doesn't require the government cut off our hands and feet at birth. Tools should function as tools, not be agents of a state. Remember, if everything is backdoored for state use (to prevent terrorism, or whatever song and dance they have to sing to make it so you own and control nothing for fear that you too are a terrorist), then we are just rolling the dice every year and hoping we continue to roll up governments that aren't willing to tighten that noose. Once you can't be trusted to control your data, everything else will follow soon enough, and you are betting on the government being continuously correct for, say, four hundred years. What are the odds of that? Can it even be calculated?

Re:Hipster Terrorist?

[MitchDev]

Sure, and if the terrorists hate your family and are threatening to blow up a building unless the US government beats your kid to death before your eyes, you're fine with that too, because what's life of your one kid vs. the thousands in the building.... right?

Re:Hipster Terrorist?

[MitchDev]

Not just other governments, but this will be in the wild in less than a week and all manner of criminals (Like the US Government and other governments as well) will have it...

Re:Hipster Terrorist?

[CrashNBrn]

I think they might head in this direction: Random Key Generator, "on" Silicone using randomly wired chips created with carbon nanotubes.

Re: Hipster Terrorist?

[yacc143]

Well the government did it already, remember lavabit?

Re:Hipster Terrorist?

[CrashNBrn]

Silicon, yes yes I know.

Re:Hipster Terrorist?

[DarkOx]

What is amazing to me is this isn't even a fourth amendment/privacy/fifth amendment/rights of the accused/exclusionary evidence/ type question. Its a question of very very basic freedom.

Apple sells a phone, they are not necessarily in any on going business relationship with the owner of said phone after that happens. The DOJ argues though that they should be able to phone them up and demand they create something which does not today exist (an unlock tool or firmware without protections). So Apple who was not a participant in any crime, an accessory, or in material possession of evidence etc now must act.

This quite literally sets the precedent the DOJ can conscript and individual or organization who has ever sold or manufactured something to assist in an investigation! We are supposedly not slaves! This very concept should be offensive to all freedom loving Americans and frankly anyone who isn't siding with Apple on this "Hates Freedom."

Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. --William Pitt

Re:Hipster Terrorist?

[sjames]

The authorities are sure that a phone contains information that would thwart an imminent attack?

Will they pinkie swear that the information is really there and the attack really is imminent or will it be another Iraq? WMDs, we're super serial OMG YELLOWCAKE!!!

The authorities have lied so big and so often that there is nothing they can say that would convince me of a genuine need to break the encryption on anything at this point. I absolutely positively do believe that they would claim millions of lives hang in the balance if they don't get the data from some small time pot dealer's phone immediately.

Re:Hipster Terrorist?

The San Bernadino phone was just the start, pretty soon, it will be "DOJ wants the backdoor keys for all your iPhones"

The DOJ is not asking for a backdoor key here. It is asking for a structural weakness that would affect any iPhone. They are not going to run to Apple for every backdoor they are then going to batter in by brute force. All they want is that the phones will not self-destruct when under attack.

They explicitly had the password changed on that phone so that they could blame Apple for their "problems". And it's more theatrical with phone drenched in blood, so they tampered with this phone rather than use a different phone waiting in the stalls for their "precedent".

Re:Hipster Terrorist?

[clodney]

What you described in the second paragraph is already how it works in current iOS versions. You can't update a locked phone without unlocking it OR wiping it.

From what I have read about this case I don't think that is true. I think the phone is up to date (or at least on iOS 9.something), but I thought the firmware will permit (signed) updates without wiping a locked phone, which makes this particular attack feasible. I think the current state is that the firmware can be updated but the lock remains intact, and 10 failed unlock attempts wipe it. So the FBI is asking for an update to the firmware to remove the 10 try limit and the enforced wait between unlock attempts.

Re:Hipster Terrorist?

[macs4all]

But can't Apple still send OTA updates while it's locked?

Nope.

Re:Hipster Terrorist?

[gnasher719]

Regardless of whether they win or lose the current court battle, I expect Apple to fix the vulnerability in the next version of iOS.

Starting with the iPhone 5s, the security features that protect the phone against brute forcing the passcode are built into the hardware and not controlled by the firmware anymore. That doesn't mean changing the firmware of a locked phone would be impossible, but it wouldn't help you unlocking the phone.

Apart from that, checking each passcode takes at least 0.08 seconds, so a 10 digit passcode is pretty much safe.

Re:Hipster Terrorist?

[gnasher719]

If the All Writs Act can compel Apple to write an exploit and sign it -- which can be a pretty hefty undertaking... why can that same writ not simply compel Apple (and Google, and Microsoft, and basically everybody else) to turn over their private code signing keys to the FBI?

I think it is a matter of compensation. I think Apple would quite rightfully say that this would require a complete recall of all iPhones and replacement with new ones with new code signing keys, and ask whether the FBI has $100bn lying around to pay for this.

Re:Hipster Terrorist?

[currently_awake]

What will it take before the major cellphone makers lock down phones so it's physically impossible to get the data off them? It will definitely require secure hardware, with the lockscreen and passcode implemented by that hardware so there is no possible way to update the security code, ever.

Re:Hipster Terrorist?

[currently_awake]

Given that the Government is a bigger threat to your life/safety/security than the Terrorists, i'd say it's a worthwhile risk.

Re:Hipster Terrorist?

[currently_awake]

If it's possible to update the security code, then it's possible for the NSA to steal Apples signing code and make their own updated software. Or for China to do so.

Re:Hipster Terrorist?

[brantondaveperson]

anyone with the Apple signing key can sign firmware

Yes, of course.

which can then be loaded onto the phone without unlocking the phone first

Is this true? I've heard both this claim, and its counter-claim, and I'm not sure which is true. I think you would at least need physical access though, right?

This custom firmware can then defeat the measures designed to prevent brute forcing of the users passcode.

True, unless you have a nice long passcode (I don't, personally).

Re:Hipster Terrorist?

[brantondaveperson]

The authorities are sure that a phone contains information that would thwart an imminent attack?

They 'know' the information is in there? But they don't know what it is? Sounds pretty unlikely to me.

The world is full of people, and those people don't always behave themselves. Sometimes, due to their bad behavior, good people get hurt. At some point to have to limit the governments powers, even though it may be true that one could conceive of a scenario under which such powers would save people. It's a balance, between the likelihood of the scenario, and the societal burden of the power. The argument here is not that such a scenario doesn't exist, even if your example is especially unlikely, but that the societal cost is too high. That the government should not have to power to inspect every aspect of your life is the issue here.

For instance, an acquaintance of mine once argued that the police should be empowered to come into your house and search it without probable cause, because "a little girl was missing". Well, for one thing, there's always a little girl missing. And for another, the cost of this power is too high.

Re:Hipster Terrorist?

[nytes]

Interesting idea, but it makes me wonder if there are ANY circumstances where we would want to allow a decrypt.

I can think of a few:
- A politician accused of accepting bribes
- A politician accused of abusing the power of the office
- A politician accused of using illegal interrogation methods
- A politician accused of mishandling state secrets

Note that all of these crimes involve a particularly nefarious class of criminals, so I'd be inclined to just authorize rubber-hose decryption. Then no phone hacking software would ever be needed.

Re:Hipster Terrorist?

[BasilBrush]

A warranty doesn't retrieve any data nor make up for the lost time with a broken phone.

Re:Hipster Terrorist?

[rgomezc]

Government doesn't need to try the custom firmware in secret... if they manage to force Apple to create this special firmware, then they will be able to force Apple to create "specific" firmware for any device they want. That's the thing with Legal Precedents. So, why bother trying to hack the hacked firmware produced by Apple, when you can just "ask nicely" again... and again... and again...

Re:Hipster Terrorist?

[rgomezc]

As far as I know, they did NOT change the password on this phone, but on the iCloud account (they are not the same). If they did change the password on this phone then they are really playing a very dirty game, even for Government standards. Not that I don't think they will... but if that's the game they are playing then all bets are off, and we can just assume this will happen... and probably worse.

Re:Hipster Terrorist?

[nytes]

I wonder, what would happen if Apple agreed to comply, but Apple employees then refused to do the work? What if they threatened to quit if Apple attempted to order them to do the job?

Re:Hipster Terrorist?

[RyoShin]

Could this be a violation of the 3rd Amendment? While its original intention was precisely to block the housing of soldiers, in a broad sense it blocks the federal government from usurping control of a person's property, regardless of time length, to further government interests that do not directly involve the property owner. An Op-Ed a few months back asked if government-created viruses spreading through unrelated computers would run afoul of the 3rd; I think it might*, and believe this would fall under the same reasoning.

* but am no constitutional scholar, only a citizen and former military member concerned with privacy

totalitarian tip-toe

It's always about stripping away another level of your rights. Fight now, later it will take a lot more blood, sweat, and tears.

All together now

"This is my surprised face."

Meanwhile: "...New York City police commissioner, William J. Bratton, and the Manhattan district attorney, Cyrus R. Vance Jr., criticized Apple after it refused to comply with the court order and said that they currently possessed 175 iPhones that they could not unlock."

So that's 188 on the list so far...

Re:All together now

[__aaclcg7560]

So that's 188 on the list so far...

That's a lot of iPhones with illicit cat videos.

Re:All together now

[oneiros27]

I assume those were the two people that Charlie Rose had on his show. (I remember they were from New York, and that number sounds right):

http://www.bloomberg.com/news/...

It was horrible -- he was trying to point out some flaws, but he really didn't sufficient background to counter them.

Their argument was basically 'we used to be able to do this, and then Apple went and locked us out at the last OS update.' and 'Apple claimed iOS 7 was secure, so they should just go back to that'.

Re:All together now

[Anubis+IV]

Indeed. Here's the New York Times article that's the source for that information about New York already having 175 iPhones lined up to be unlocked if this precedent gets set. The FBI's assertion that this is just about one case is pandering to the public's short attention span by downplaying the ramifications this case would have on others.

Re:All together now

[macs4all]

*can unlock with the NSA's help, but don't want to because they want to help the government obtain judicial precedent.

So they're deliberately stalling resolution of cases to play a political game, to the detriment of both suspects and victims of crime.

What disgusting negligence.

And what happened to the Speedy Trial Rule?

Bruce Schneier says

[Okian+Warrior]

My go-to person for security issues is Bruce Schneier. Here's what he says about the issue:

The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court's demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.

He elaborates on this in another section:

This is an existing vulnerability in iPhone security that could be exploited by anyone.

There's nothing preventing the FBI from writing that hacked software itself, aside from budget and manpower issues. There's every reason to believe, in fact, that such hacked software has been written by intelligence organizations around the world. Have the Chinese, for instance, written a hacked Apple operating system that records conversations and automatically forwards them to police? They would need to have stolen Apple's code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.

The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked. IOW, the user is presented with an alert, and the user must type in the passcode before the update is applied.

This would seem to solve the problem for future releases, Apple could legitimately say that there's no way to unlock the phone.

Re:Bruce Schneier says

[DarkFencer]

The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked. IOW, the user is presented with an alert, and the user must type in the passcode before the update is applied.

This would seem to solve the problem for future releases, Apple could legitimately say that there's no way to unlock the phone.

I think this is a great idea, but I don't think they can do it now until this situation is settled in the court. Not doing what the government has taken them to court on is one thing, but making what they are wanting harder while it isn't settled is obstruction of justice (I'm not a lawyer so the charge may not be exact but you get the idea).

Re:Bruce Schneier says

[clodney]

This is an existing vulnerability in iPhone security that could be exploited by anyone.

There's nothing preventing the FBI from writing that hacked software itself, aside from budget and manpower issues. There's every reason to believe, in fact, that such hacked software has been written by intelligence organizations around the world. Have the Chinese, for instance, written a hacked Apple operating system that records conversations and automatically forwards them to police? They would need to have stolen Apple's code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.

I think this is overly simplistic. I have no idea what precautions Apple takes with its code-signing key, but other organizations I know take this very seriously - a USB key in a locked safe, with 2 people required for access, and the signing only done by loading the binary onto an air gapped computer, signing the binary, and then returning the key to the safe.

If Apple takes precautions at that level, it is by no means a given that the code signing key has leaked. On the other hand, if phones are signed at the end of a production line in Foxconn, it is a whole different story.

Re:Bruce Schneier says

[Anubis+IV]

Or you could just turn off iCloud Backups. They're easily disabled via the Settings app. Or you could delete all recognized WiFi hotspots, since iCloud Backup only happens when you're connected to one and plugged into a charger. Really, just don't do your method, since it doesn't even work in practice. Apple could simply grant you additional iCloud storage on a temporary basis in order to prompt your iPhone to back itself up, thus allowing them to hand your data over to the authorities. Your method provides no security at all.

Re:Bruce Schneier says

[Imazalil]

I think general iOS updates do require one to unlock their phone before proceeding, what is being talked about is the phone recovery mechanism when one connects the phone to a computer. I assume this was left 'open' so that it could be performed when the phone is software "bricked" so that the hardware may be ok, but the software is beyond usable/repairable.

If Apple blocks this for the obvious personal info safety benefits it would mean that the only way to recover a phone may be to wipe it completely clean, which I'm all good with, but expect lots of people complaining about it as well.

Re:Bruce Schneier says

[Xylantiel]

I see the second issue as exactly opposite to the first quote. A precedent in favor of the government on this case seems like a good way to ensure that hardware makers stop giving themselves access to their customers' devices, otherwise they will get showered with government orders. That is exactly what we want -- i.e. actual security, not pretend security at the changeable whim of the vendor. Apple, for this device model at least, seems to want to have its cake and eat it too. They want to themselves be able to subvert the security on their customers' devices but at the same time be able to tell the government that they can't do so. Sorry, that doesn't fly.

Re:Bruce Schneier says

[tlhIngan]

I think general iOS updates do require one to unlock their phone before proceeding, what is being talked about is the phone recovery mechanism when one connects the phone to a computer. I assume this was left 'open' so that it could be performed when the phone is software "bricked" so that the hardware may be ok, but the software is beyond usable/repairable.

If Apple blocks this for the obvious personal info safety benefits it would mean that the only way to recover a phone may be to wipe it completely clean, which I'm all good with, but expect lots of people complaining about it as well.

I think even on a DFU update, it erases the entire media. The only reason it appears that all your data is safe is because iTunes does a backup immediately before, erases and applies the DFU update, then immediately does a restore, so appearances are that it did an in-place upgrade.

Because DFU is the "emergency restore" method, it makes sense engaging it forces a complete wipe to clear out any crud that may be wedging the software.

Re:Bruce Schneier says

[Xylantiel]

I don't feel like you're really thinking through what it means to have the resources of a national intelligence agency.

Re:Bruce Schneier says

[dunkindave]

I think this is a great idea, but I don't think they can do it now until this situation is settled in the court. Not doing what the government has taken them to court on is one thing, but making what they are wanting harder while it isn't settled is obstruction of justice (I'm not a lawyer so the charge may not be exact but you get the idea).

Since this "is only seeking access to Farook's phone and no one else's", then as long as whatever Apple does doesn't affect "this one phone" it wouldn't be a legal problem since they aren't making what this court wants harder.

The political ramifications though, are left as an exercise for the reader.

Re:Bruce Schneier says

[suutar]

Govt: "Unlock this, we have a writ"
Victim: I can't
Govt: Precedent says you have to
Victim: I really can't
Govt: welcome to contempt of court
Victim: But it's just flat out not possible. It's not because I don't want to, I _can't_.
Govt: *snore*

Re:Bruce Schneier says

[sjames]

Since the FBI has claimed that this is only about that one iPhone, not all, they can legitimately lock up all the others now. They have been explicitly told that the other iPhones and future iPhones are not at all involved.

Re: Bruce Schneier says

[yacc143]

You do realize that courts have ordered companies to hand over their private keys to the FBI in the past? Some companies like lavabit have closed down over that, others have surely complied without informing the public (not all CEOs/legal departments realize the relevance of this).

Simple solution

[MikeRT]

1. Build a LLC that owns all IP rights to the tools that forensics tools.
2. Have the LLC sign a contract with Apple that states that Apple will never release trade secrets to other vendors to comply with the production of forensics tools.
3. Have Apple refer them to the LLC.
4. Let the LLC charge the government $100,000/job as a firm fixed price contract.

You'll see the FBI getting pretty libertarian in how it prioritizes searches and seizures if that's the only way Apple will work with them.

Re:Simple solution

[pr0fessor]

Aren't there already other companies that already offer those services at a really high price?

Re:Simple solution

7. During trial AppleHax employees provide unlock keys as ordered by a judge.
8. FBI accidentally changes password to something that made sense at the time.
9. FBI drags Canonical to court demanding they unlock the servers.

Re:Simple solution

[Actually,+I+do+RTFA]

(2) Is illegal. Or rather, will not legally shield Apple. All NDA's have (or will be modified by the court to have) a clause that allows compliance with subpoenas. Usually, the best an NDA can guarantee is that I contact the party I have an NDA with, and they can (at their expense) try to squash the subpoena, and I won't comply if they are taking legal measures to block it.

Re:Simple solution

[Dixie_Flatline]

Unfortunately, I think that would pretty much be doomed to fail. This (http://www.zdziarski.com/blog/?p=5645) a great article on some of the problems inherent in this request by the FBI from a forensics and court-case point of view.

tl;dr

The FBI wants Apple to create an *instrument*, and this instrument needs to pass forensic muster. That means it can't modify the data on the phone, it just has to unlock it. But how do you check that? Well, it turns out tools like this need to be tested and validated by a third party. But then, if it comes up in a court case (because the owner is actually still alive) it would be well within the defendant's rights to request a copy of the software so the defense can validate whether or not it does what it says it does. If the software isn't peer reviewed, any retrieved data could be thrown out as evidence. If the defense can't get their hands on the software to test it themselves, that's not fair.

The can of worms is huge. Apple would be forced to make a tool that exploits weaknesses in their devices and then DELIVER those weaknesses to other parties so they can validate those weaknesses. Here's the concluding paragraph from the article:

"Not only is Apple being ordered to compromise their own devices; they’re being ordered to give that golden key to the government, in a very roundabout sneaky way. What FBI has requested will inevitably forse Apple’s methods out into the open, where they can be ingested by government agencies looking to do the same thing. They will also be exposed to private forensics companies, who are notorious for reverse engineering and stealing other people’s intellectual property. Should Apple comply in providing a tool, it will inevitably end up abused and in the wrong hands."

flat out lying still reaps all the rewards

[fustakrakich]

I am still waiting to see how any of this will affect the elections. Chances are not much will come of it. Just a lot of noise.

Camels nose ...

[gstoddart]

This will open the floodgates of making all of these companies be responsible for developing tools for law enforcement to demand access. And then law enforcement will demand they simply be given those tools to avoid the whole pesky court system and due process.

Welcome to the future, where law enforcement wants it to be illegal for you to have information they cannot access, and failure to allow yourself to be spied on is a criminal act. You can't have any freedom and security because they need to remove it to protect your freedom and security.

You have nothing to fear if you have nothing to hide, citizen.

In Soviet America, phone unlocks you.

But keep telling yourselves you don't live in a surveillance society, one day you'll believe you have always been at war with Eurasia. Failure to comply is now a thoughtcrime.

What happened to those oaths to defend and uphold the Constitution, instead of wiping your ass on it?

Re:Camels nose ...

[MitchDev]

America hasn't been America for a LONG time...

Re:Camels nose ...

[erapert]

This is literally why the Second Amendment exists.

Re:Camels nose ...

[erapert]

The Founders disagreed with you.

Tomas Jefferson:

“False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils, except destruction. Laws that forbid the carrying of arms laws of such a nature. They disarm only those who are neither inclined nor determined to commit crimes. Such laws make things worse for the assaulted and better for the assailants; they act rather to encourage than to prevent homicides, for an unarmed man may be attacked with greater confidence than an armed man.” – Quoting Cesare Beccaria, On Crimes and Punishment

“No freeman shall be debarred the use of arms [within his own lands].” – Proposed Constitution for Virginia – Fair Copy, Section IV: Rights, Private and Public, June 1776; The Works of Thomas Jefferson, Federal Edition, Editor: Paul Leicester Ford, (New York and London, G.P. Putnam’s Sons, 1904-5); Vol. 2

“A strong body makes the mind strong. As to the species of exercise, I advise the gun. While this gives moderate exercise to the body, it gives boldness, enterprise and independence to the mind. Games played with the ball and others of that nature are too violent for the body and stamp no character on the mind. Let your gun therefore be the constant companion of your walks.” – Letter to Peter Carr, 1785; The Letters of Thomas Jefferson: 1743-1826, Electronic Text Center of University of Virginia

“[W]hat country can preserve its liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance? Let them take arms.” – Letter to William Stephens Smith, November 13, 1787; The Works of Thomas Jefferson, Federal Edition (New York and London, G.P. Putnam’s Sons, 1904-5) Vol. 5

Patrick Henry

“O sir, we should have fine times, indeed, if, to punish tyrants, it were only sufficient to assemble the people! Your arms, wherewith you could defend yourselves, are gone; and you have no longer an aristocratical, no longer a democratical spirit. Did you ever read of any revolution in a nation, brought about by the punishment of those in power, inflicted by those who had no power at all?” – Speech in the Virginia Ratifying Convention, June 5, 1778; “Debates in the Several State Conventions on the Adoption of the Federal Constitution,” Jonathan Elliot, editor, vol. 3, pp. 50-53

“Are we at last brought to such humiliating and debasing degradation that we cannot be trusted with arms for our defense? Where is the difference between having our arms in possession and under our direction, and having them under the management of Congress? If our defense be the real object of having those arms, in whose hands can they be trusted with more propriety, or equal safety to us, as in our own hands?” – Debates in the Several State Conventions on the Adoption of the Federal Constitution, Jonathan Elliot, ed. 1836, vol. 3, p.168

“The great object is, that every man be armed Every one who is able may have a gun.”– Debates in the Several State Conventions on Adoption of the Federal Constitution, Jonathan Elliot, ed. 1836, vol. 3, p. 386

Alexander Hamilton

“If the representatives of the people betray their constituents, there is then no resource left but in the exertion of that original right of self-defense which is paramount to all positive forms of government, and which against the usurpations of the national rulers may be exerted with infinitely better prospect of success than against those of the rulers of an individual State. In a single State, if t

D'oh

[penguinoid]

Was it too difficult to wait until the precedent had been set, before demonstrating that those who warned us that it wouldn't end there they were exactly right?

Re:D'oh

[powerlord]

Was it too difficult to wait until the precedent had been set, before demonstrating that those who warned us that it wouldn't end there they were exactly right?

Be happy Government Intelligence is ahead of the curve.

Perhaps the Court of Public Opinion might come to the correct conclusion and see the man behind the green curtain.

Re:D'oh

[guruevi]

It simply demonstrates that they don't care what the outcome is going to be because most people (51% or so) don't care.

Re:D'oh

[penguinoid]

It simply demonstrates that they don't care what the outcome is going to be because most people (51% or so) don't care.

Most of the minority of people who answer a stranger's questions about their personal opinions over the phone, don't care.

DOJ is bored and wants nudes

[wardrich86]

DOJ is requesting remote backdoor capabilities to all phones so that they can browse for hot nudes at any time anywhere. They originally wanted it to stop terrorism, but then realized that every other thing they've done to try to stop terrorism seems to have failed miserably. The DOJ is happy to announce that this time their plans will be used 100% as expected, and will for sure have great success.

Re:DOJ is bored and wants nudes

[burtosis]

DOJ is requesting remote backdoor capabilities to all phones so that they can browse for hot nudes at any time anywhere. They originally wanted it to stop terrorism, but then realized that every other thing they've done to try to stop terrorism seems to have failed miserably. The DOJ is happy to announce that this time their plans will be used 100% as expected, and will for sure have great success.

I'm not sure I want to grant them backdoor access unless they at least buy me dinner first.

Time for an old US ritual?

[chthon]

Pitch and feathers!

Unlocked firmware

[JesseEnjaian]

>>"The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked." The flash memory on the iPhone can be flashed from an external computer connected to the flash chip via an interface (http://www.mouser.com/Semiconductors/Memory/Flash-Memory/_/N-488w1), so software solutions probably won't work. Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that... I think the most dangerous thing is what Tim Cook said: the All Writs Act. When has the gov't forced companies to affirmatively make them something for their investigation? I can't think of an example from the physical-world.

Re:Unlocked firmware

[omnichad]

Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that

The newer iPhone already has that. So closing the firmware update hole would completely fill the gap for newer phones.

Re:Unlocked firmware

[tlhIngan]

>>"The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked." The flash memory on the iPhone can be flashed from an external computer connected to the flash chip via an interface (http://www.mouser.com/Semiconductors/Memory/Flash-Memory/_/N-488w1), so software solutions probably won't work. Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that...

iPhones since the 3GS have hardware encryption to flash memory. The key is derived partly from a secret per-SoC key that is generated and Apple does not have. You cannot program the flash outside of the device (you lack the encryption key), nor can you remove the flash and read it out (you lack the decryption key). The data stored on the flash memory is married to the SoC and you need the SoC to decrypt it.

Re:Unlocked firmware

[macs4all]

>>"The best solution I've seen so far, from right here on Slashdot, is to have future firmware updates require the phone to be unlocked." The flash memory on the iPhone can be flashed from an external computer connected to the flash chip via an interface (http://www.mouser.com/Semiconductors/Memory/Flash-Memory/_/N-488w1), so software solutions probably won't work. Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that... I think the most dangerous thing is what Tim Cook said: the All Writs Act. When has the gov't forced companies to affirmatively make them something for their investigation? I can't think of an example from the physical-world.

I think you just described Apple's Secure Enclave chip, which appeared first in the model AFTER the San Bernadino phone.

Re:Unlocked firmware

[macs4all]

Maybe you could try to use a hardware burned cipher in a "security chip" that can't output its key to engineer around that

The newer iPhone already has that. So closing the firmware update hole would completely fill the gap for newer phones.

Everyone on here just ASSUMES that an iPhone with the Secure Enclave Chip (5s and above) can have it's Firmware updated without unlocking the phone; but NO ONE has actually provided PROOF of that rather important assumption.

Re:Unlocked firmware

[omnichad]

I haven't assumed it - I'm just saying it's not a hardware restriction, as far as I know. I have no idea if they've closed that or not, but since we don't know it's best to assume on the side of less secure.

Comment removed

[account_deleted]

Comment removed based on user account deletion

privacy vs non-encryption

Well - options:
Learn some math and develop some encryption of your own. And don't forget the monkey wrench ingredient.... OR
Learn Navajo ( precedent is WWII...)..... then convince family and friends to do the same...
Learn Mandarin, Tagalog, and a localized slang Urdu from India... then convince family and friends to do the same...
Learn Tamarian..... then convince family and friends to do the same...
Go full tard in speaking, writing, communicating...... then convince family and friends to do the same....
Send LOTS of diversionary texts, emails, call everyone every day....... then convince family and friends to do the same....
Order a collection of clothing, flags, lamps from 'other' countries...... then convince family and friends to do the same....
We in the deep south can mix it up a little, ghetto - Errr- Ebonics can also, Canuck and Nawrleens can, some...
Just to be a smidge difficult...

Re:privacy vs non-encryption

[grub]

Go full tard in speaking, writing, communicating...... then convince family and friends to do the same....

I've been trying this for years, but most of my family and friends don't want to join /.

So Much for the I in FBI

[mrlinux11]

Integrity

Re:So Much for the I in FBI

[Austerity+Empowers]

Really that one was at the bottom of my list:

Idiots
Imbeciles
Ignoramuses
Iconoclasts
Indigents
Imps
Indian givers
Ingrates
Inbreeds
Iberis
Ibex
Ichneumons
Ichthyocoprolites (A personal favorite) ... (at least two dozen others) ...

Investigation
Integrity

Corney - Our requested is "limited"

[evolutionary]

Yea, good one. Like we can trust the FBI and CIA with a one off. We all knew this was the goal. If you say yes to one you have to say say to all. Now...when is the public going to stand up and say "NO"? Or do we want cases like the the one just posted today: http://yro.slashdot.org/story/... This is when the data was unprotected. Which in essence will be the effect if the FBI has it's way. (some in the FBI has said we should ban encryption so the government has full unfettered access).

Or another case that came to light today as well: https://www.washingtonpost.com...

Where the government OPM database was breached in 2014 and 2015, partially by foreign (the Chinese..of course...).

If you create a key, everyone will want to use it. And everybody will...especially private/foreign hackers. And when it come to hacking, the international hacking community will find any backdoor created. (rumor has it Apple already has one may be patching it before they strong armed into disclosing it). Put the word out (as this case will if Apple complies) that there is such a key, and watch the effort redouble to find/exploit. The public needs to say, "enough is enough" before everything becomes the data "wild, wild west". Benjamin Franklin was so insightful: We truly deserve neither. and that is what we appear to be getting.

if encryption is outlawed

if encryption is outlawed only outlaws will have encryption.

Next iPhone hardware changes.

[grub]

The next iPhones should have the timer between password attempts and the "wipe after 10 tries" options moved from software to the security chips in silicon.

"Sure we can put in a hacked iOS version, but the counters and timers are all in chip and iOS cannot touch those."

Re:Next iPhone hardware changes.

[tlhIngan]

The next iPhones should have the timer between password attempts and the "wipe after 10 tries" options moved from software to the security chips in silicon.

  "Sure we can put in a hacked iOS version, but the counters and timers are all in chip and iOS cannot touch those."

iPhone 5S and above already do that - the secure enclave checks PINs, enforces the 10 entry lockout and wipe (if enabled), and enforces the delays. And it's speed means the slow hashes stay slow.

The iPhone 5c is based on the iPhone 5, which lacks the secure enclave.

Re:Next iPhone hardware changes.

[grub]

Good to know, thanks. I'm still rocking the old iPhone 5 and should be updating soon. I thought counters and such were in code on all the iPhones.

Re:Next iPhone hardware changes.

[Imazalil]

Not sure if serious.

Apple has already done both of those things. The timer is already in place on the phone in question, and I believe any Apple device with an A7 or newer moved some parts of the encryption key blah blah into hardware - I really don't know what I'm talking about when it comes to the specifics but have seen this info come up in previous articles.

Re:Next iPhone hardware changes.

[steveb3210]

Well, its your lucky day. Every iPhone with an A7 chip or better implements the timer in the secure enclave.

https://www.apple.com/business... on page 12.

DOJ wants even more

[drummer315]

BIG F'N SURPRISE, RIGHT? I support Apple on this. The story of Pandora's Box has stayed in our culture for a reason.

Re:DOJ wants even more

[MitchDev]

But government is doing everything it can to get it out of schools and remove critical thinking from the education system....

Hacking is irrelevant, only the precendent matters

[taustin]

Once the precedent is set, the feds are only a national security letter away from telling Apple (and all other phone an IoT manufacturers) that "your next routine iOS (or whatever) update will have remote access to everything that we can activate without your involvement, and if anyone finds out it exists, you go to prison." That's not a hack, that's a built in back door, as part of the OS, and no security can possibly protect you from the manufacturer's deliberate intent.

The precedent is the only thing that matters here.

No.

[Imazalil]

Yes you can keep trying to guess the pin, but there is a exponentially increasing time delay between allowed attempts after 5 or so. Getting into something like 10+ hours the closer you get to 10 tries.

So, no, you can't casually wipe people's phone at the coffee shop.

(I don't actually own a recent iphone, just know this from general discussion about this case - someone with first hand knowledge can chime in)

Re:No.

[MitchDev]

1 min, 2 mins, 5 mins, 10 mins, 30 mins, then 1 hour

Can't be

[Trailer+Trash]

I mean, those guys with hearts as pure as driven snow really just want to make sure we've explored those scary terrorists' phones and everything to the extent possible. It can't possibly be that they want to set a precedent that they'll use repeatedly to go after low-level drug users instead.

Look here and you can see that those "sneak & peak warrants" that they got to fight terrorism have actually been used a couple of times to fight terrorism:

http://www.motherjones.com/kev...

See, in 2013 they only used sneak & peaks against terrorists 51 times. Think about that. And forget about the 11,078 times they were used against druggies. Just think about those 51!

ok, maybe 1 out of 2

[Imazalil]

edit - re-reading, you must mean set the wipe-after-10-tries settings setting in hardware somewhere so that the OS can't change it, which I don't think iPhones do now, and is a good idea.

The Government never learns .. WTF?

They will never learn that the people are tired of being lied to. They will keep going and trying to exploit technology to spy on all of us unless we send a clear message that it will not be tolerated.

Re:The Government never learns .. WTF?

[avandesande]

Well whatever they are doing it seems to be working- for 'the people' not so much.

Political guaranteed infinite loop

[waTeim]

for(;;) assert(Director Comey was flat out lying)

And of course it's a busy wait.

So how would this work?

[ardmhacha]

In the customer letter that Apple releasedhttp://www.apple.com/customer-letter/ they said

"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation."

If the phone is locked how can Apple install a new operating system on it?

Re:So how would this work?

[moeinvt]

That was my big question too. My current understanding is that the phone can be put into a "Device Firmware Update" (DFU) mode even without the password. The device has a feature which will erase the data if 10 unsuccessful password attempts are made. It also introduces a delay between the time an unsuccessful password is entered and the next attempt can be made. The Feds want Apple to update the firmware to remove these two features so they can try a brute-force attack on the password.

Progress here....

[TheCarp]

The big progress here..... remember how it used to take years or even decades for DOJ lies to be exposed? Now all manner of government lies are just blasted to all hell within DAYS. It really is wonderful progress.

Re:Progress here....

[radarskiy]

Alternative theory: They've become so lazy they can't be bothered to support the lies that long any more

Alternative alternative theory: They've become so cynical they don't actually care if we know they are lying or not.

Alternative alternative alternative theory: They've become so crazy that they think the Chewbacca defense is reasonable.

Of course they only want *one* phone unlocked...

[superdave80]

Seriously, did anybody think they wanted just the one phone? That belonged to somebody that is now dead (so it is effectively a closed case)? And I'm unsure of how the government thinks that software designed for one phone could not be used on basically every other phone out there? If the government wants us to trust them, they either need to actually be honest, or not be so bad at lying...

Re:Hacking is irrelevant, only the precendent matt

[KGIII]

The NSL, while a nefarious beast, doesn't work quite like that. That doesn't mean they won't do it. It just means that won't be the mechanism.

Life in a surveillance state

[jbmartin6]

I don't think Director Comey was lying at all. he is an honorable man who only has the public interest at heart. Only malcontents and other assorted ne'er do wells would even think otherwise.

Re:Hacking is irrelevant, only the precendent matt

[ShaunC]

who is 'you' in this case? Apple? The programmers? Tim Cook?

You could always ask Qwest's former CEO his opinion.

I'll trade you.

[speedlaw]

We'll decrypt this phone if you give us the number and location of Stingrays in the US and how often they are used.

Best reply

[sgunhouse]

(currently comment #8 on the techdirt article)

"Would apple be able to start the work, then simply send themselves a sternly worded cease and desist letter for DMCA violations?"

is Slavery still going on in the USA

[pebear]

Last I figured that Apple does not work for the US Government. So tell me is Slavery still a thing in the USA? Can y'all make me or some entity to code for you just because you say so. I don't think so and I would never do it, just because.

Re:Hipster Terrorist? Hacker???

[DarkOx]

So dear AC what is the problem with that exactly? In that case Apple would have a clear personal interest in unlocking that phone. It would also be Apple and nobody else trying to FORCE Apple to unlock that phone.

Freedom means people ( or organizations ) should not be required by government to act against their own self interest. This is all about the right to use your own time and property as YOU see fit.