Slashdot Mirror
Snowden: FBI's Claim It Can't Unlock The San Bernardino iPhone Is 'Bullshit' (theguardian.com)
An anonymous reader writes: Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI's attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters. The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force. Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: "The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit." Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI's claims in the case are fraudulent. Apple's clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.
yeah, that.
If Apple can write code and copy it up to the phone, then the capabilities for doing so already exist. So why doesn't the FBI do the work themselves? I'm sure Apple would be willing to help with the electronic part - that's just specs. I think there is more at play here than whether Apple can or can't....
Maybe the FBI doesn't have the same resources as the NSA. Snowden's opinion on this is beyond irrelevant, his 15 minutes of fame ended a long time ago.
15 minutes of fame is what validates or evaporates someone who has worked within these very intelligence circles?
Boy, it sure is a good thing we never pay ex-Presidents millions of dollars to come speak in public. God knows Clinton's 15 minutes of cum-stained fame ended long ago.
The only thing that expired here is your sense of logic.
I side with Apple, really don't want my hardware crippled so the government can root through my phone at will, but how would he know? iPhone 5c launched months after he defected.
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
This all boils down to legal precedent.
Always has been.
We know the FBI *can* unlock it without help, but we also know that this brings with it a certain level of technical risk that adjusted firmware would not (whereas the firmware would pose a certain level of privacy risk), and an attempt rate that is abysmal at best.
The ACLU report specifically states that they can desolder the storage chip, copy the storage entire, put in a socket (no risk there), plonk the chip in, try, and if it fails - restore the storage to the chip (or a model with equal behavior and characteristics). Several of these steps come with risk, and all of it comes with it the fact that it takes time. A lot of time. Even with a rig that pops the chip out and drops another one in, with chips going on a merry-go-around for reprogramming after N attempts, it's a lot slower than a firmware that would allow an effectively unlimited number of attempts.
Push comes to shove, they can try decapping it and looking straight at the bare metal. But as anybody who does forensic work would know, that's not exactly your go-to method; figuring out the password directly, or figuring out a pre-existing backdoor to bypass protection entirely, would be very much preferable. If disabling the maximum number of attempts is hypothetically an option as long as you can get the manufacturer to agree to do it, hell yes it's on the table.
He's the only public talking head who actually had clearance and no further obligation to protect information covered under it.
He's the only guy that we can trust to even start a legitimate dialog on the subject.
If we're all speculating on what a secret closed door club can do, who better than A MEMBER OF THAT CLUB to speak out? Are you retarded somehow as to miss that?
Assuming the FBI is privy to the NSA's capabilities.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
I think he and McAfee have been sharing notes
I had a 1972 Duster. Very reliable and economical for the time. Slant 6 engine that wouldn't quit.
It's entirely plausible to me that Apple built something the FBI can't get into using their existing tools and techniques and Snowden has produced no evidence to the contrary. Don't make shit up.
Naturally his fans are obligated to defend this now and build a fictional world view around it, condemning anyone that fails to accept their bullshit... It's all enough to make you hope for a large bolide impact.
Maw! Fire up the karma burner!
I don't know about McAfee, but do you really think Snowden is not getting additional information leaked to him over time?
He's not hiding behind Putin's skirts. He's doing his best to survive getting disappeared by the current regime of the US. Perhaps upon the next regime change he might decide he'd have enough of a chance elsewhere to leave. Doubt it. Nothing fans the flame of nationalism like stringing up a "traitor".
If it had not been for Snowden, that iPhone and all other iPhones as well as other digital hardware would still not be encrypted properly. It is the inappropriate governmental data vacuuming that started this whole super strong encryption movement.
A sufficiently advanced simulation is indistinguishable from reality.
Snowden fanboys are amazingly blind to the irony that someone hiding behind Vladimir Putin's skirts is lecturing people on how to run a successful democracy (ignoring the fact that we've never had a democracy).
Wrong.
The trick here is that the US is so fucking far gone from a democracy that the people who want to speak out against it have to flee to Russia in order to be safe.
Also, you're using "irony" incorrectly.
SexConker posting AC to preserve moderation.
who better than A MEMBER OF THAT CLUB to speak out?
Snowden was in the FBI? That's news to me...
You do not have a moral or legal right to do absolutely anything you want.
I think perhaps it is you, sir, who have missed the point. McAfee admitted he was just trolling for attention when he said he could unlock the phone in question. Snowden's credentials as a source of information are indisputable at least as regards his first pilfered download. It is entirely plausible that others of similar access and philosophy may be finding a means to funnel incremental information to him for release. Not certain by any means, but not impossible.
That isn't true. The CIA is prohibited to performed law enforcement functions inside the US. The NSA is not. They can be used just like any other outside forensic service, which all levels of law enforcement use all the time. Including the FBI.
That is true of course. On the other hand with all of the tracking/software controls going in to the newer cars, something simple, reliable, that can be tuned with a file and a screwdriver, and doesn't blab everything to everyone about where you are and what you are doing, has a very tangible appeal.
I expect they have some reason to keep the device physically intact.
Most techs worth their salt will just remove the storage mount it to a computer make copies. And break into the data with brute force.
But what the FBI is asking for is to get in without the running OS clear itself.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
+1, insightful and informative
The ACLU article is correct. You need to learn to read:
"If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping."
The FBI wants a tool that is ready for a long list of other domestic cases. A tool that is portable, federal support for state law enforcement ready. The domestic, court ready, master key for a generation of phones.
"“The request we got from the government in this case is, ‘Take this tool and put it on a hard drive, send it to the FBI,’ and they’d load it onto their computer,” "(March 2, 2016)
http://nypost.com/2016/03/02/f...
Its not a "one-off" or just for this case tool.
The NSA owns that tool set, missions, contracts, bids, contractors and the wins that result. The funding and fame follow the wins . The no bid contracts and experts gravitate to the NSA ensuring every generation of telco product is wide open to the US gov and mil. Only the NSA can then secure, support or plan any such missions.
When federal and state law enforcement get in on the bids for the same tool sets? Any state contractor, federal contractor can then sell their tools at a low cost and the national publicity goes to the FBI.
Political leaders see new hi tech contractor jobs in FBI support in their states and the contractors that get the new work can the support the local political leaders re election that got them the new FBI contracts.
Everyone is now winning, new federal cash is flowing out, political leaders helped their local hi tech sector with new gov work, the FBI has a flood of new cases in open court and wins.
What was the NSA's missions, fame, role, new experts, no bid contracts, code and skills now in the hands of state officials, local law enforcement, federal gov workers, anyone working with US federal law enforcement around the world. All the ex staff and former staff who got invited in on the methods.
Anyone interesting stops using US branded trapdoor and backdoor ready turnkey network, telco and computer devices.
A few decades of easy tracking, voice prints, effortless decryption is lost in months in open court.
The cults, faith groups, criminals, dealers, embassy "agents" who once had to be seen with a phone just to keep the cover as been a normal person that was always reachable all go dark.
Domestic spying is now "Benign Information Gathering"
Do you believe:
(1) The FBI (and friends) can hack all popular devices, but they want us to believe they can't.
(2) The FBI is using a politically convenient case to effectively outlaw encryption for regular citizens.
(3) When encryption is outlawed, only outlaws will have encryption--by circular definition.
(4) If you haven't done anything wrong, then of course there's no harm if the FBI knows EVERYTHING about you!
(5) All of the above.
Don't look at me. I'm so paranoid that I think Snowden is sincere and was deliberately picked to release exactly the information that the NSA (and friends) wanted us to see. If their psychological profiling didn't spot him many years ago, then we might as well surrender now, Dorothy.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Apple can do it now, but the FBI can't do it, yet, however enough time and money would change that.
If you listen to just Snowden you will not learn the whole truth because he does filter the facts available to him in order to paint a picture that suits his political views, because he is an activist, and nobody should be surprised by that because all activists and lobbyists behave that way.
The NSA may already have the information on the cellphone, from when it was sniffed as it passed over the interwebs.
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
I keep hearing this but what does it matter? The government does whatever it pleases without consequence. The NSA admitted to illegally spying on members of congress. Nobody was fired or even given a letter of reprimand.
Only the State obtains its revenue by coercion. - Murray Rothbard
Well, Snowden's statement is bullshit. The firmware code is signed and without the private key to sign the firmware, it won't run on the iPhone even if you can perfectly write another one. Unless he means the FBI is having Apple's signing private key. If he believes so, he should prove it.
Achille Talon
Hop!
You'll just have to buy the higher octane gasoline at a slightly higher price. Either that or add your own additives. There are plenty of older vehicles still being used today.
So much this.
And now the FBI and NSA are acting like WTBs because they they want their cheats back.
I can see the fnords!
That has nothing to do with the (in)validity of his points.
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
Which of the dead shooters are we taking to court?
The government deals with the consequences of their actions all the time. The whole Apple-FBI conflict is happening out in the open for every one to see. No classified FISA involvement or equally classified NSL's being used to force Apple into doing anything. The government is following the law and as a consequence they have already lost some high profile court proceedings over their similar requests. I predict they will lose the current FBI-Apple case as well. On the other hand the NSA serves a whole different purpose than the FBI and it's efforts are concentrated in the realm of foreign espionage which is the organizations mandate. And the only law the NSA follows on it's foreign activities is don't get caught. This is standard operating procedure for every foreign state espionage service around the world. You cannot condemn the NSA without factoring in the fact that there are some very powerful and well funded state security agencies in the world whose entire purpose is to conduct espionage operations against the US. US industrial, military, and political structures are constantly being targeted by both allies and enemies. Then you also have the non-state actors actively looking for ways to attack the US or anything associated with the US. However with all the hyperbolic statements being tossed around you would think that the US is the only country on the planet who conducts espionage operations around the world.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
These days it's hard to tell where one stops and the other begins...the phrase "functional overlap" comes to mind.
Just cruising through this digital world at 33 1/3 rpm...
The government has a very long history that shows that they are no more credible than Snowden. The entire kabuki is to convince the public that encryption is an evil tool of terrorists, and it's working.
“He’s not deformed, he’s just drunk!”
The iPhone 6 came out a year and a half after Snowden took off with the NSA docs.
I have often said how much I appreciate Snowden's sacrifice and gifts to us. I find him, while a bit sleazy, to be a greater patriot than most of the folks I know - and I served eight years in the Marines. That's saying something - I think.
So, I've gotta ask...
What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?
"So long and thanks for all the fish."
So are 99% of americans and their glorious oligarchic government.
Actually it's about 98.4%, according to the last election results.
“He’s not deformed, he’s just drunk!”
(Note that Microsoft has already been forced to give its source code to the Russian security services, and it seems likely that Apple has succumbed to similar pressures.)
He's the only public talking head who actually had clearance and no further obligation to protect information covered under it.
He's the only guy that we can trust to even start a legitimate dialog on the subject.
If we're all speculating on what a secret closed door club can do, who better than A MEMBER OF THAT CLUB to speak out? Are you retarded somehow as to miss that?
Not disputing what you are saying, but:
iPhone 5c came out in Sept, 2013
Snowden was already getting in trouble in Jan 2014, and was probably out of the loop already (not getting new information) before that.
If Snowden "knows" stuff about the 5c, it's generalized and non specific unless it was cracked out of the box before it was released.
That leaves me skeptical Snowden knows what he thinks he knows.
This whole exercise is goofy, there's probably no data they need on THAT phone anyway, and anybody they are going to chase down is already aware that might out them and done what they are going to do about it. There was reasonably successful attempts to destroy data on other devices, why leave this one out? It's was probably wiped before the attack even happened.
Cracking THAT phone doesn't do anything but set the stage for OTHER cracks of still in use phones.
Assuming the FBI is privy to the NSA's capabilities.
No problem, just subcontract it via China since they will be privy to the NSA's capabilities.
Did you people really think a private contractor in Hawaii was likely to be the only leak from that bunch of toy soldiers?
A snag is that the FBI does not want to ask, and the NSA does not want to answer. Yes, there is supposed to be cooperative sharing between security related government agencies. However the NSA does not want to give out its best secrets to a law enforcement agency. It's much like Apple in that regard in that if it helps out the FBI just once then it'll open the door for continued requests from the FBI or DOJ in the future. The bar to do this helping from the NSA has to necessarily be set pretty high and involve actual national security issues, not merely a fishing expedition with the slim hope that there's some data on the phone. If the FBI had evidence that there was indeed data of value on the phone and that it involved an ongoing terrorism related investigation, then the NSA might help. The NSA is in the business of national security, whereas the FBI is in the business of making arrests. The NSA is highly jealous of its own knowledge, capabilities, and jurisdiction.
So Snowden is probably right with regards to the NSA which he does know something about, but he's possibly wrong about the FBI and he was little to no knowledge of the FBI internal capabilities. I suspect he's assuming a high degree of sharing between the agencies.
This is domestic terrorism, there is slight evidence that there was any foreign involvement or planning. The FBI needs to make the case that there is a need for cooperation. With this phone however there is not very much probable cause to assume there is any evidence of value on that phone. The FBI wishes such data exists of course, which would allow them to open up *new* investigations only, but their real motivation is not in finding any foreign mastermind of the shootings but instead they want to crack open that door with Apple to enable relatively mundane phone cracking in the future for low level cases (drug crimes, financial crimes, etc).
The FBI *claims* it's a one time only request and we should accept their word on this, except that their word has proven to be unreliable in the past and they certainly can not make this one-time-only pinkie promise on behalf of the entire US goverment or all governments around the world. Once Apple caves in then we already know there is a New York DA highly interested in getting Apple's help fishing through a few buckets full of phones. The courts rely on precedence and this would set a very large precedent for future requests.
Apple is correct in taking this case all the way to the supreme court if they have to. It is their right to do so, and they are in no way unpatriotic for asserting their rights.
"The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit."
Browse the various presentations given by hardware security researchers on the topic of bypassing security systems that are more or less exactly like the one in the shooter's iPhone. You'll discover that there are many ways to get the data from the phone that do not require Apple's help at all.
The problem is that none of those ways set a helpful precedent for the US government, so it chooses not to use them. The FBI needs to do what the NSA did in the 1990's: get smarter and more tech-savvy. This is Crypto Wars, Round Two.
The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only. The fact that both agencies have been trying to expand their reach so that there is functional overlap is evidence that the two agencies are not sharing their secrets with each other so readily.
This is also a domestic terrorism case with no evidence that there is any foreign involvement except for the gut feeling that all terrorism comes from a secret mastermind hidden on a island somewhere off the shore of New Jersey. We know who the shooters were. We know who they called and when, from both the work phone in question and the other phones that were actively used by the shooters. The case is essentially closed, and would be closed if it weren't for politics. The NSA is not going to open its kimono wide to the FBI for a simple case like this one. Cooperation or no, the need to know process is still in effect.
1-There have been credible claims they could take the IC apart and extract the pin code directly. 2-It is likely that the NSA would benefit greatly from having Apple's signing code, so we should assume they already have it. Now since this is a Terrorist! case the FBI should expect NSA cooperation in the matter.
Because people will listen to him, because he's Snowden.
I've been saying the same thing for months: the key is stored (albeit encrypted itself) in flash, so all you need to do is to back up the flash chip and you've got as many goes as you need, which with a four digit PIN chosen by humans isn't that many. But even though you can point this out the relevant details in Apple's documentation, people just refuse to believe that the government can get into an iPhone without Apple's help.
That actually kinds of mystifies me. Why would anyone believe that a government that (in part at least) created Stuxnet would be stymied by an iPhone? Whatever the reason, Snowden's imprimatur seems to help them get over it.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
The government is actually asking, naively, "if you've got nothing to hide, why are you hiding it?" Because the use of encryption appears to be so rare at the moment it makes a lot of citizens wonder what's up with those people who actually do use encryption.
So the more people who use encryption the better as it will start to seem mundane and common place instead of setting off mental alarms in the people willing to tear up the constitution if only they can be spared the horrors from people who hate our freedom.
Precedent says what the courts can do are or likely to do. If someone next year wants to get Apple to crack open a phone so we can find out who ate the last box of Thin Mints from the break room, and Apple says "we can't do that", then the court will think that they indeed were able to crack the phone in the past so they should be able to do it now. Once Apple bends over it becomes much easier the next time they're asked to bend over.
The government here does NOT get to do what it pleases without consequence. There's usually not a lot of punishment involved against the government, usually it's just telling them "no, don't do it again". But there have indeed been many cases where the government has had to pay redress or damages. The courts do have a history of being able to tell the government "no".
The FBI and NSA are redundant overhead at the taxpayers expense. There may have been a day when having both agencies made sense, but these days both of their primary functions is to spy on their own people. Let's stop pretending otherwise.
Counsel: Mr Aldridge are you considering the question or are you just dead?
[silence]
Counsel: I think I'd better take a look m'lord.
[looks inside coffin]
Counsel: No further questions m'lord.
Judge: What do you mean, no further questions? You can't just dump a dead body in my court and say 'no further questions'. I demand an explanation.
Counsel: There are no easy answers in this case m'lord.
However it seems, reality can be as weird as Monty Python: http://www.scmp.com/news/asia/...
Trump's first day in office he'll build a wall along the Atlantic and Snowden will have trouble climbing over it.
Putin is a Real Man and does not wear skirts. Or shirts. Nobody hides behind Putin. Except Medyedev.
To the tune of My Country 'Tis Of Thee:
My Own Plutocracy,
Sweet Oligocracy,
Of thee I sing.
Land where my money's spent
On those who who represent,
Each child and innocent,
I would be king!
The ACLU's site explains it quite well. It has nothing to do with the firmware, it's the idea of copying the Toshiba NAND chip first. Install a test socket onto the board, then start running the password attempts. Get locked out, or the chip erased, pop another NAND chip in with the same image written on it. Repeat until you get in. This would probably take a long time, copying and swapping a chip for every ten attempts. But a process that is annoying is still a long ways from a process that is technically "impossible" as the FBI is claiming.
Most people in the US use encryption, they just don't realize it. Anyone who's ever checked their bank account online has used encryption.
I had to explain that yesterday to some people...McAfee wasn't "lying", he was "trolling" as in poking fun at the FBI.
The bank is using and controlling the encryption, not the customer. And the government will never have to ask them twice to turn everything over to them. The problem (to the government) is when the customer controls the encryption and is willing to protect his own rights.
“He’s not deformed, he’s just drunk!”
No more needs to be said.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
The government method for cracking a piece of storage evidence is straight forward. Rule 1. Clone your storage device on the bit level. The FBI and NSA would've done this and this alone circumvents the number of failed pin attempts to get into the iPhone. At that point, they could just set up the storage image with an iPhone simulator or numerous devices and script as many pin attempts as they wish.
What makes folks think he's privy to this information or knows their full capacity?
While he's far from the first to voice public dissent against the NSA and their supposed capabilities, he's the only one so far they've ever publicly decried and gone through such lengths to capture and silence. The effort level of their response alone tends to strongly validate his claims.
What makes everyone believe he's telling us this of his own volition?
I don't think there's any question at least that he feels his hand was forced. I also think that even if he were being forced to say all this by the Russian government, that doesn't necessarily invalidate the content of his statements. At this point, the Russians are probably much happier and it is much more productive for them to be spreading truth about the NSA rather than falsehoods.
How is he an authority on this particular issue, it seems likely to be beyond his scope?
It was beyond his job scope as a contractor at the NSA, however his own claim about this is that his personal investigation into their poor office network security practices and subsequent hushing from his superiors when he tried to voice legitimate, lawful concerns about this lead him down a path of discovery in which uncovered apparently the vast bulk of the data of their surveillance capabilities within the country as well as abroad, all of which also was kept secret because it was completely illegal. At this point apparently he decided to turn vigilante, and again like above, the NSA's own response in action largely validates the truth of his claims to knowledge of their secrets.
This is all fairly common public knowledge by now. Perhaps you've got him confused with Bradly Manning or Julian Assange?
Sadly, the phrase 'functional' doesn't come to mind at all when these two agencies (well, pretty much all federal agencies that are involved in enforcement/intelligence) are brought up in the context of cooperation.
I've been saying the same thing for months: the key is stored (albeit encrypted itself) in flash, so all you need to do is to back up the flash chip
And everyone else has been saying for months that part of the key is stored in the cpu in a region that is not readable. So all you need to do to back up the key is disassemble the cpu and hope you don't destroy it in the process.
What are the odds that the NSA doesn't have some high-ranking Apple employees on their payroll? Just how secure is Apple's signing key?
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
Which of the dead shooters are we taking to court?
There's still the guy who sold them the guns.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
The ACLU misses one point:
The FBI does not know if the erase feature is enabled. The court should force them to run through the desoldering routine at least once to figure out if maybe they don't even need Apple to disable this feature.
That they didn't try, that they go to court without being sure, tells the whole story. If this were about breaking into the phone, they would have tried this, in the time that has passed with court cases they would already be sure if they need Apple at all or not, and if it turns out that not, they probably would have already broken into the phone.
ACLU is right, but they still miss just how malicious the FBI is.
Assorted stuff I do sometimes: Lemuria.org
Are you that clueless that you think exposing sensitive data to the world is speaking out?
I think that Snowden in general did the right thing but realize that what he did is equivalent to espionage.
No, you're wrong. The NSA is a DoD office and *in theory* bound by posse comitatus and cannot be used for domestic purposes. The head of the NSA is always a commissioned general officer.
Scruting the inscrutable for over 50 years.
What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?
We can read.
This isn't really coming from Snowden, he just happened to be a high profile person who tweeted about it. His statement is based on legal filings by the ACLU and others who point out methods that the FBI could use to crack the PIN code on their own.
For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers. The link is right in the summary.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I don't dispute what you say other than post 9-11, there is supposed to be cooperation among the various law enforcement agencies and intelligence agencies whether the terrorism is domestic or not. Whether Apple is right or wrong or there is evidence on the phone or not, does not change that.
Now if you want to delve into conspiracy theories, some say the NSA can already get into the phone, maybe even has gotten into the phone, but the FBI needs Apple to do it because 1) the NSA doesn't want it known they can do this and 2) if there was incriminating data, it would be inadmissible because there wasn't a warrant.
Like I said, that is all conspiracy theory stuff. It could be 100% accurate, 0% accurate or somewhere in between. This part, though, I believe -- If the government doesn't get their way on this case, it won't be long until there is legislation banning encryption for the sake of national security. I think that is their long game.
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
Just another day in Paradise
The one that smells better, obviously.
The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only.
That's how it was back in the 70s, but this is no longer true, and hasn't been for decades.
This is also a domestic terrorism case with no evidence that there is any foreign involvement...
Unless you're part of the investigating team, you're comment is complete conjecture. You don't know what evidence they have.
Just another day in Paradise
Posse comitatus was a Congressional act, and you can see in the text below "except in cases..." Congress also passed some other acts...FISA and Patriot come to mind...that have changed the rules. So, the "theory" has been OBE for a while.
Whoever, except in cases and under circumstances expressly authorized by the Constitution or Act of Congress, willfully uses any part of the Army or the Air Force as a posse comitatus or otherwise to execute the laws shall be fined under this title or imprisoned not more than two years, or both.
Just another day in Paradise
And everyone else has been saying for months that part of the key is stored in the cpu in a region that is not readable. So all you need to do to back up the key is disassemble the cpu and hope you don't destroy it in the process.
Then "everyone else" would be wrong in this case. The "secure enclave" was introduced in Apple's A7 processor. The phone in question is an iPhone 5c which has an A6 processor. There is no crypto coprocessor to store anything in. The Apple docs even describe the process used to erase the keys in question from flash.
Now as for the iPhone 5S and later, there's no question they're tougher to hack -- that's the whole point of the new hardware features. But I still wouldn't put absolute faith in the inability of the new features to keep the government out if they had physical access to your phone.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
No, I just read the documentation.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
In spite of his god-like status among some of you, Mr. Snowden wouldn't know what capabilities the FBI has or doesn't have. He didn't work there, and he wouldn't have had a need to know, so he would never have been briefed on such. But, let's not let that get in the way of the Snowden gospel.
Just another day in Paradise
Sure, if you want to be pedantic. Statistically, by the time you actually cracked it, the human race will have either abandoned Earth due to an expanding sun, or have gone extinct. Unless you get triple-Powerball-winner lucky.
For all purposes of reality, only Apple is getting that thing open unless the NSA has undisclosed methods, and they sure as shit won't disclose them for this chickenshit useless case. The only reason the FBI is going through all this is because they want to have the legal precedent to crowbar anyone's phone open, from any manufacturer, with any warrant or writ from a judge.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
And the legal standard for that is "too fucking bad."
If I bury a box in a forest with my diary in it, and then they want to peek at it after I'm dead, too fucking bad. Same situation.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
You forgot:
"Why do people think that Edward Snowden knows more about iPhone encryption and security than the manufacturer of the iPhone, and the software engineers who wrote the OS?"
Apple has been working with the FBI since day one on this thing. If there was a way in that didn't involve a custom OS image that weakens the security, they would have done it. Apple drew a line, and the FBI is using a Federal Magistrate to challenge that line.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
I'd say it's 50/50 if they pay them or just use blackmail.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
Replace "supposed to cooperate" with "legally required to cooperate." I don't believe there was any such law at the time that the Enigma was developed or in use. Of particular importance is that congress passed the law requiring cooperation in terrorism cases specifically because the lack of cooperation is what led to the 9-11 attack.
"Just how secure is Apple's signing key?"
Not secure enough that one can't bypass it within 10,000 guesses of the PIN.
Seriously, I could easily have this phone unlocked within a day. This court case is bullshit. Anyone with any technical chops knows it.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Legally required to cooperate doesn't imply that they have to give up national secrets in order to do so, and I'm sure Congress didn't imply that they would need to.
Just another day in Paradise
For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers.
Except that wouldn't work. The thing that wipes is not the data but the key. The key is kept in Apple's equivalent of a TPM chip, so cannot be retrieved or replaced after the wipe.
http://searchmobilecomputing.t...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Really? Prove it. It seems there are many people speculating about how easy it would be that don't seem to understand how the encryption works. When the phone wipes, it doesn't wipe the flash, but the encryption key that is inside of a hardened chip. It isn't something that you can just retrieve and replace. So, since you KNOW how to do this, you should offer your services to the FBI, I am sure they would pay you very well to demonstrate the ability on a dummy phone.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
When the encryption key is stored in a TPM chip, yes you do.
When the TPM erases the key after X failed attempts, you don't just get to replace the disk with a bit level image, as the encryption key is what is missing, not the data.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
If your argument is that they don't have to follow the law directed specifically at them stating they are required to share information and resources in cases of terrorism, well there is really no point in discussing the issue further.
https://www.reddit.com/r/theyd...
Good luck breaking into the encryption...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Your talking about more recent models, they have a 5C
Um...my Tundra, which is pretty much as big as those "loud SUV's" gets 15.4 mpg. You might want to look into gas milage figures again...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
http://www.ndaa.org/pdf/SB-Sho...
Is that accurate? It doesn't appear to be what I am reading in the court order.
"The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE"
Not exactly the same as "give us a tool we can use on thousands of phones". Also, I would say that exactly defines a one off tool, as it is signed by Apple's signing key, it isn't like the FBI could take that file and change the unique identifier to any phone they like.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
"The FBI does not know if the erase feature is enabled"
Doesn't matter. If on the 10th try nothing is erased continue testing PINs. If after 10 tries it erases the key then swap in a backup of the chip and continue testing PINs.
Because it is what I am reading in technical articles on the subject:
http://searchmobilecomputing.t...
Please, correct me with some citations to information about how it works.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
If Snowden knows that the FBI claim is bullshit, why doesn't he explains how it is supposed to work or at least give us an idea. It is not like he really cares about disclosing classified information...
Well, the FBI or NSA can probably infiltrate Apple and attempt to steal the key or infect the firmware from the inside but I won't complain if they decide not to do it like this.
I would note there were /. commenters that provided this exact mechanism for the FBI to get the phone data on the day this story broke. Well done, folks, this site is still relevant.
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
That was back when Chrysler corp was still innovating and known for engineering. Shortly after that it really went down hill, the slant 6 was a good engine though, much like those AMC and Jeep inline 6, damn near indestructible.
Time to offend someone
Have you perhaps heard the term, “jailbreak”? That would be running unsigned code on an iPhone. There are no publically known bootloader-level jailbreaks for the iPhone 5c/s & later. NSA or another TLA could still have a very top secret exploit that allows them to run whatever they want.
If the bootloader is 100% secure, then yes, you need Apple’s keys. Find an exploit in the bootloader (or in any code that you can access on a locked phone), and odds are pretty good you can load what you want and unlock it without Apple. Anyone who has such an exploit is going to treat it like the Allies treated the fact Enigma was broken during WW2. As soon as the existance & method of the attack is known to Apple, they can patch it in their next device, closing that avenue of access.
FBI realistically doesn’t care what’s on the phone. They just want to legally strong-arm Apple into unlocking any phone they want without having to spill the beans about their (possible) exploit. Using this phone seemed like a good test case (cause ter’ists!!!), though some of the details that have emerged about the incompetence of how the phone was treated has made it a bit less of an ideal case.
But that’s actually another case where encryption technology is being perfected to destroy the ability to give in to legal demands. If you use TLS with perfect forward secrecy correctly enabled, you wouldn’t be able to turn over anything to LEO that would allow them to decrypt captured traffic. Without the ephemeral data from the initial session initiation on both sides of the negotiation, you can’t decrypt.
Of course a bank is already streaming any interesting data about your activity to the Feds, never mind needing to get a warrant or decrypt anything.
Not on the iPhone 5C, the key is kept in flash memory. The CPU doesn't have a secure memory for keys, only a factory set secret that can only be read by signed, privileged code.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
You're obviously speaking of the IRTPA of 2004, of which the https://www.ise.gov/ was created to execute the sharing you mention.
However, what you don't seem to be grasping is that this does not mandate that the agencies start sharing everything. In some cases, there may be compelling reasons to specifically not share, and those cases would never be adjudicated in a public manner.
Just another day in Paradise
regarding 2): They do not need a warrant, as the phone in question is owned by the county government and they have given permission to search the phone.
Bravo!
Unless you're part of the investigating team, you're comment is complete conjecture. You don't know what evidence they have.
So we just trust that the government tells the truth and we must do what they ask without question or exercising our rights to disagree and wait for the courts to overturn the writ?
As I understand, it is basically a PR war between the FBI and Apple which the FBI instigated to establish legal precedent and authority.
1) The phone in question is an older model. Apple certainly can crack it, FBI probably can also with a bit of effort.
2) Apple doesn't want the impression that their phones are not secure.
3) Apple's new phones *are* secure, Apple may not be able to crack it, FBI likely cannot.
4) By making this a legal issue, the FBI are basically using the highly publicized terrorist incident to try and force a legal decision...
5) The idea being that this is about the future. I think they can get into the phone, they are just using it as leverage to try and force Apple to legally give them access to their new phones into the future, which they currently do not have.
This has less to do with technology and more about using legal and public opinion about a similar issue to force a non-technological future solution to encryption.
Basically the XKCD comic about using a wrench, but where that is a euphemism for legal action prompted by public opinion on a recent event.
Please don't try to twist my words. What you stated is simply not based upon any public evidence, and what you do have to deal with is that evidence isn't made public until it's brought up in court. After that, everything that's not brought out is subject to FOIA requests.
There are plenty of logical reasons for not making evidence public prior to a public hearing. You're welcome to disagree, but you'll have to live with the fact that it's the system we have, and for the most part, it works pretty well.
Just another day in Paradise
regarding 2): They do not need a warrant, as the phone in question is owned by the county government and they have given permission to search the phone.
Then what do they need Apple for?
Of course news about a fake are Fake News.
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
But everybody already knows the NSA can crack your phone. Why pretend they can't just for this case?
Of course news about a fake are Fake News.
You're way too optimistic about the ease of brute-forcing AES-256.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Similarly, if you have an email retention policy and stick to it, you're destroying the ability to give in to legal demands. If the courts tell you to turn over the last year of emails, and you have a six-month retention policy and stick to it, you're fine legally.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
It doesn't have the full secure enclave of the 5S or later. That doesn't mean it doesn't have wipeable hardware AES.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
given unlimited time and money
No, the device would wipe itself after a few tries.
Says who? This is not a default option, so you can only claim that to be the absolute truth if you already have full access to the phone, or have already erased it by trying. In either case Apple couldn't help you.
Anyway An ACLU expert says the FBI wouldn't need Apple to get past the auto-erase
Of course news about a fake are Fake News.
“The request we got from the government in this case is, ‘Take this tool and put it on a hard drive, send it to the FBI,’ and they’d load it onto their computer,”" was directly from "The Encryption Tightrope: Balancing Americans’ Security and Privacy " from the House Committee on the Judiciary Hearings at the 4h 45 min point. :)
https://www.youtube.com/watch?...
The tool is transportable.
What "paper work" is presented online for the press, media in public as "court order" might not always be the real story. Note what was actually asked for
Once the "subject" device is open, the created tool set in gov hands is ready for the case lists at a state and federal level. Welcome to a conscripted GovtOS.
Domestic spying is now "Benign Information Gathering"
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
In general, that would be correct. But, just like when the Enigma was developed, you wouldn't have let that secret out for a single case like this when you're fighting a larger war.
But everybody already knows the NSA can crack your phone. Why pretend they can't just for this case?
Crack?...No, I don't think we've seen any evidence of that. Intercept the calls?...Yes.
Just another day in Paradise
SSLv2 was also top security feature that is impossible to crack by anybody, just make keys long enough. Then SSLv3 was the one impossible to crack. Then everybody started to understand that they are full of holes and workarounds, and who knows how many undisclosed exploits big government agencies have - whatever country you will take. The "private" key isn't that private too if you think more about it. There is bunch of people at Apple who have access to it and it is not hidden in some Faraday cage 100 feet under ground with vaulted doors.
The tool is supposed to be tied to a serial number (device ID), it is also to be signed by Apple's software signing key, so I am not sure how exactly the tool can be used on the next device without modification by Apple.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
I'm just saying that one of those two events will have happened. Not that they would have just happened, or that you'd have a nice shiny crypto key that works billions of years afterward.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
The government can and does dictate retention policy for many things. And they can put a gag order on it besides with their NSLs and various other tricks. Once the judge puts the hammer down, you will do what they say if you want to keep your business and maybe your freedom.
“He’s not deformed, he’s just drunk!”
Theres the UID key needed to decrypt the flash key, and it is in fact stored in the processor and inaccessible. The difference between it and the secure enclave is the secure enclave contains the whole flash key instead of just the key to decrypt the flash key and the secure enclave erases itself through the unupdatable firmware on it, whereas without the secure enclave erasure of the flash key is done by the operating system.
Having the encrypted flash key is worthless without that uid as it is impossibly difficult to decrypt. Look into how long it would take to decrypt aes-256. If the fbi could get that UID key then they would have decrypted the flash key already. This is all explained in the aclu's blog on this. Try reading the article the summary links to man.
The customer is stilling using the encryption, just by using the app / website. So is the bank, of course.
They are using the bank's encryption, not their own. That's an important difference.
“He’s not deformed, he’s just drunk!”