Slashdot Mirror
Snowden: FBI's Claim It Can't Unlock The San Bernardino iPhone Is 'Bullshit' (theguardian.com)
An anonymous reader writes: Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI's attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters. The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force. Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: "The FBI says Apple has the 'exclusive technical means' to unlock the phone. Respectfully, that's bullshit." Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI's claims in the case are fraudulent. Apple's clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
This all boils down to legal precedent.
Always has been.
We know the FBI *can* unlock it without help, but we also know that this brings with it a certain level of technical risk that adjusted firmware would not (whereas the firmware would pose a certain level of privacy risk), and an attempt rate that is abysmal at best.
The ACLU report specifically states that they can desolder the storage chip, copy the storage entire, put in a socket (no risk there), plonk the chip in, try, and if it fails - restore the storage to the chip (or a model with equal behavior and characteristics). Several of these steps come with risk, and all of it comes with it the fact that it takes time. A lot of time. Even with a rig that pops the chip out and drops another one in, with chips going on a merry-go-around for reprogramming after N attempts, it's a lot slower than a firmware that would allow an effectively unlimited number of attempts.
Push comes to shove, they can try decapping it and looking straight at the bare metal. But as anybody who does forensic work would know, that's not exactly your go-to method; figuring out the password directly, or figuring out a pre-existing backdoor to bypass protection entirely, would be very much preferable. If disabling the maximum number of attempts is hypothetically an option as long as you can get the manufacturer to agree to do it, hell yes it's on the table.
The FBI wants a tool that is ready for a long list of other domestic cases. A tool that is portable, federal support for state law enforcement ready. The domestic, court ready, master key for a generation of phones.
"“The request we got from the government in this case is, ‘Take this tool and put it on a hard drive, send it to the FBI,’ and they’d load it onto their computer,” "(March 2, 2016)
http://nypost.com/2016/03/02/f...
Its not a "one-off" or just for this case tool.
The NSA owns that tool set, missions, contracts, bids, contractors and the wins that result. The funding and fame follow the wins . The no bid contracts and experts gravitate to the NSA ensuring every generation of telco product is wide open to the US gov and mil. Only the NSA can then secure, support or plan any such missions.
When federal and state law enforcement get in on the bids for the same tool sets? Any state contractor, federal contractor can then sell their tools at a low cost and the national publicity goes to the FBI.
Political leaders see new hi tech contractor jobs in FBI support in their states and the contractors that get the new work can the support the local political leaders re election that got them the new FBI contracts.
Everyone is now winning, new federal cash is flowing out, political leaders helped their local hi tech sector with new gov work, the FBI has a flood of new cases in open court and wins.
What was the NSA's missions, fame, role, new experts, no bid contracts, code and skills now in the hands of state officials, local law enforcement, federal gov workers, anyone working with US federal law enforcement around the world. All the ex staff and former staff who got invited in on the methods.
Anyone interesting stops using US branded trapdoor and backdoor ready turnkey network, telco and computer devices.
A few decades of easy tracking, voice prints, effortless decryption is lost in months in open court.
The cults, faith groups, criminals, dealers, embassy "agents" who once had to be seen with a phone just to keep the cover as been a normal person that was always reachable all go dark.
Domestic spying is now "Benign Information Gathering"
Assuming the FBI is privy to the NSA's capabilities.
This is a terrorism case, so the FBI and the NSA are supposed to cooperate.
I keep hearing this but what does it matter? The government does whatever it pleases without consequence. The NSA admitted to illegally spying on members of congress. Nobody was fired or even given a letter of reprimand.
Only the State obtains its revenue by coercion. - Murray Rothbard
If the NSA can do it, it would probably not be allowed as evidence in court. If the FBI did it, maybe it would.
Which of the dead shooters are we taking to court?
The government deals with the consequences of their actions all the time. The whole Apple-FBI conflict is happening out in the open for every one to see. No classified FISA involvement or equally classified NSL's being used to force Apple into doing anything. The government is following the law and as a consequence they have already lost some high profile court proceedings over their similar requests. I predict they will lose the current FBI-Apple case as well. On the other hand the NSA serves a whole different purpose than the FBI and it's efforts are concentrated in the realm of foreign espionage which is the organizations mandate. And the only law the NSA follows on it's foreign activities is don't get caught. This is standard operating procedure for every foreign state espionage service around the world. You cannot condemn the NSA without factoring in the fact that there are some very powerful and well funded state security agencies in the world whose entire purpose is to conduct espionage operations against the US. US industrial, military, and political structures are constantly being targeted by both allies and enemies. Then you also have the non-state actors actively looking for ways to attack the US or anything associated with the US. However with all the hyperbolic statements being tossed around you would think that the US is the only country on the planet who conducts espionage operations around the world.
The government has a very long history that shows that they are no more credible than Snowden. The entire kabuki is to convince the public that encryption is an evil tool of terrorists, and it's working.
“He’s not deformed, he’s just drunk!”
(Note that Microsoft has already been forced to give its source code to the Russian security services, and it seems likely that Apple has succumbed to similar pressures.)
This is domestic terrorism, there is slight evidence that there was any foreign involvement or planning. The FBI needs to make the case that there is a need for cooperation. With this phone however there is not very much probable cause to assume there is any evidence of value on that phone. The FBI wishes such data exists of course, which would allow them to open up *new* investigations only, but their real motivation is not in finding any foreign mastermind of the shootings but instead they want to crack open that door with Apple to enable relatively mundane phone cracking in the future for low level cases (drug crimes, financial crimes, etc).
The FBI *claims* it's a one time only request and we should accept their word on this, except that their word has proven to be unreliable in the past and they certainly can not make this one-time-only pinkie promise on behalf of the entire US goverment or all governments around the world. Once Apple caves in then we already know there is a New York DA highly interested in getting Apple's help fishing through a few buckets full of phones. The courts rely on precedence and this would set a very large precedent for future requests.
Apple is correct in taking this case all the way to the supreme court if they have to. It is their right to do so, and they are in no way unpatriotic for asserting their rights.
The NSA is supposed to deal with foreign intelligence only. The FBI is supposed to deal with domestic criminal investigations only. The fact that both agencies have been trying to expand their reach so that there is functional overlap is evidence that the two agencies are not sharing their secrets with each other so readily.
This is also a domestic terrorism case with no evidence that there is any foreign involvement except for the gut feeling that all terrorism comes from a secret mastermind hidden on a island somewhere off the shore of New Jersey. We know who the shooters were. We know who they called and when, from both the work phone in question and the other phones that were actively used by the shooters. The case is essentially closed, and would be closed if it weren't for politics. The NSA is not going to open its kimono wide to the FBI for a simple case like this one. Cooperation or no, the need to know process is still in effect.
The ACLU's site explains it quite well. It has nothing to do with the firmware, it's the idea of copying the Toshiba NAND chip first. Install a test socket onto the board, then start running the password attempts. Get locked out, or the chip erased, pop another NAND chip in with the same image written on it. Repeat until you get in. This would probably take a long time, copying and swapping a chip for every ten attempts. But a process that is annoying is still a long ways from a process that is technically "impossible" as the FBI is claiming.
The ACLU misses one point:
The FBI does not know if the erase feature is enabled. The court should force them to run through the desoldering routine at least once to figure out if maybe they don't even need Apple to disable this feature.
That they didn't try, that they go to court without being sure, tells the whole story. If this were about breaking into the phone, they would have tried this, in the time that has passed with court cases they would already be sure if they need Apple at all or not, and if it turns out that not, they probably would have already broken into the phone.
ACLU is right, but they still miss just how malicious the FBI is.
Assorted stuff I do sometimes: Lemuria.org
No, you're wrong. The NSA is a DoD office and *in theory* bound by posse comitatus and cannot be used for domestic purposes. The head of the NSA is always a commissioned general officer.
Scruting the inscrutable for over 50 years.
What makes folks think he's privy to this information or knows their full capacity?
What makes everyone believe he's telling us this of his own volition?
How is he an authority on this particular issue, it seems likely to be beyond his scope?
We can read.
This isn't really coming from Snowden, he just happened to be a high profile person who tweeted about it. His statement is based on legal filings by the ACLU and others who point out methods that the FBI could use to crack the PIN code on their own.
For example, they could back up the flash memory, make 10 attempts, the phone wipes it and they restore it and try the next 10 numbers. The link is right in the summary.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC