Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Might Be Forced to Hand Over iOS Source Code to the FBI (theguardian.com)

Posted by msmash on from the the-plan-b dept.

Bruce66423 writes: In its latest filing, the FBI implies that, if the burden on Apple programmers of their alternative approach is too great, then Apple should release the whole source code to the FBI to allow them to do the work, quoting the precedent of the Lavabit confrontation. Clearly it is time for Apple to move offshore!? To recall, Lavabit abruptly shut down in 2013 when the FBI attempted to get the company to hand over the encryption keys for its secure email service. While the current situation seems to put Apple in the same ballpark as Lavabit, what gives the Cupertino-giant company an advantage is the immense support it is receiving from other Silicon Valley companies and personnel. Many believe that the FBI doesn't really need Apple's help in unlocking the iPhone. Reports claim that the iPhone in question already has a "backdoor" which could allow the government-backed institution to access the data on the smartphone. Other widely reported theories include cracking the iPhone and manipulating the innards to trick the system into spilling out all the information. One proposed method, which requires the phone's NAND flash chip to be taken out, may not work, though. Daniel Kahn Gillmor, a technology fellow with the ACLU's Speech, Privacy and Technology Project, pointed out the risks in playing with flash memory. He said that an error in removing the memory could make the data unreadable forever.

50 of 273 comments (clear)

  1. It's simple. by Anonymous Coward · · Score: 5, Insightful

    The FBI doesn't want anybody to be able to keep any secrets from it ever, with no regard to what impact this might have on commerce. They are attempting to use this case to ensure that they get complete authority and ability to decrypt everything at their whim. If they can offload the work to other companies for free, all the better, but the real win is that nothing anywhere can ever be kept secret from them for any reason.

    That's all this is. Everything else is just politico/legalease/bullshit.

    1. Re:It's simple. by Bartles · · Score: 4, Interesting

      If only there was someone in charge that could tell the FBI to stop this.

    2. Re:It's simple. by s.petry · · Score: 4, Insightful

      Are you signed up for the revolt? That is the only way you are going to get someone in charge who is not an authoritarian, wanting the FBI to get their way. Not a single candidate in either the Democratic or Republican party has mentioned the Constitutional protection which should exist. They have all said that the FBI should be able to do what they want, when they want, to whom they want.

      In fact they have all said Safety is more important than Freedom and Government intrusion. (a couple have intentionally used double speak to try and hide it, but..)

      Tyranny is frighteningly close.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    3. Re:It's simple. by sjames · · Score: 2

      It's not as if the FBI has never blackmailed a president.

    4. Re:It's simple. by halivar · · Score: 2

      IIRC, Rubio is the only candidate to say (at least, int he debates) Apple should not acquiesce. The only other candidate to even acknowledge that there were privacy implications was Cruz, but even he hedged as said that even considering, Apple should give in. Everyone else is on the side of security theater.

    5. Re:It's simple. by Notorious+G · · Score: 2

      According to the Washington Post, Rubio, Clinton, and Sanders are sitting on the fence on this issue.

      Translated, they're waiting until after they get their votes before letting everyone know they're going to side with the idea of the FBI having absolute authority over business.

    6. Re:It's simple. by Bartles · · Score: 2

      Oh really. So what crime is Apple suspected of committing? What evidence has the FBI used to establish probable cause against Apple that requires it to submit to the burden of a ....... search? Only, it's not really a search, is it? In fact, what the FBI is seeking doesn't even exist at the moment, does it?

    7. Re:It's simple. by s.petry · · Score: 5, Insightful

      There are plenty of places for you to educate yourself on the subject outside of Slashdot. I would strongly recommend that you do your homework in the future.

      The Fourth Amendment of the U.S. Constitution provides, "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly ...

      Demanding a company perform an action which is ILLEGAL in all other circumstances meets and exceeds the definition of abuse of power. If you want to use the common, and somewhat fallacious, argument of a safe: A safe maker may be compelled to produce a key for a safe, and reimbursed for the cost of making said key. If the safe owner modified the lock and the key does not work, the Government can NOT compel the safe maker to blow open the safe.

      What the Government is demanding is not just for Apple to blow up the safe, they are requesting a permanent opening be made in ALL safes for their convenience. The only way this would meet probable cause would be to claim that ALL citizens are criminals. That last part is a violation of much more than the 4th amendment.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    8. Re:It's simple. by Bartles · · Score: 2

      Not only that but technical assistance from an entity that has done nothing wrong, and is not suspected of doing anything wrong. I may be mistaken, but suspected wrongdoing is one of the elements necessary to establish probable cause.

    9. Re:It's simple. by Jason+Levine · · Score: 3, Insightful

      Don't worry. The FBI/NSA/etc. know where all those people are now, what they are doing, and who they have been talking with. Soon, the FBI might also be able to see what's on all of their phones as well. You know, just in case any of them even thinks of doing "wrong." (Where "wrong" is defined by the FBI/NSA/etc.)

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    10. Re:It's simple. by s.petry · · Score: 2

      Behold the power of MASS MEDIA! Stop thinking of R vs. D and think of "Tyrants" vs. "Society". The former is a small subset of people who own the land, the banks, the utilities, and the media.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    11. Re:It's simple. by s.petry · · Score: 2

      According to the Washington Post? Really, you can't look at their records and form your own opinion based on facts?

      I don't have time to list everything you have not been told by the Washington Post about those same people.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    12. Re:It's simple. by macs4all · · Score: 2

      Or Congress. This agency started its life with a leader that used blackmail as a standard law enforcement technique. The FBI should have been dismantled from the ground up when Hoover died as his ghost still haunts the agency in all it's actions.

      John Kennedy threatened to do that with the CIA, and you see where that got him...

    13. Re:It's simple. by amicusNYCL · · Score: 2

      If only there was someone in charge that could tell the FBI to stop this.

      Like who, this guy? This doesn't sound very promising:

      As a practiced politician, Obama avoided coming down too hard on any one side, and he said he wasn't able to discuss the ongoing FBI vs. Apple case at all. But by and large his message was that sacrificing some degree of privacy for the sake of our safety has served the country well for hundreds of years, and he expects we'll figure out a way to do so digitally as well.

      Here he is pondering:

      "The question we now have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong that there's no key or no door at all," Obama pondered, "how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?"

      I'm going to answer his question with another question: why does he think that people feel like strong encryption is necessary? If he doesn't know the answer to that, he should ask Edward Snowden. If the government only ever used its authority responsibly then we wouldn't be having this argument. Here's another gem:

      As to how to balance these things Obama said we'll have to figure out "how do we have encryption as strong as possible, the key as secure as possible and accessible by the smallest pool of people possible, for a subset of issues that we agree is important."

      The "smallest pool of people possible" is 1, the person who owns the data. No one else needs that key. As far as "the subset of issues that we agree is important", I'm pretty sure that you don't set up encryption where you have one key that you can give to the government which only works to decrypt the data if they are actively pursuing a child porn investigation and have a warrant for your phone. I'm pretty sure the key always works, regardless of who is using it. But I'm not a cryptographer, so don't quote me on that. As far as the government only using that key if it was part of a legal investigation, see above about Snowden and how much trust we have in the government to use its authority responsibly.

      Benjamin Franklin would like a word, see below.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    14. Re:It's simple. by niftymitch · · Score: 3, Interesting

      Um, what constitutional protection?
      The FBI went through a court, that is the extent of the protection the constitution guarentees with the fourth amendment.

      The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized

      Do you try to say that there isn't probable cause, there want an Oath or affirmation, or that the thing to be searched was not described well enough?

      Not simple.

      The source code is a stretch, the seizure of source code was not specified in the writ.
      It is more than source code...

      This would be a second pile of worms.
      And I suspect interesting bits are not Apples to release.
      It is not uncommon for hardware to be built with devices that are opaque without
      information obtained via NDA. Files that contain offsets for registers and functions
      that describe and make the device do its thing fall into this NDA world like nVidia driver
      blobs in Windows and Linux.
      For the FBI to work with blobs Apple would have to engineer an API and deliver binary blobs.
      A single chunk of silicon can contain the IP of numerous companies.
      Some are patent exchange agreements with exclusions to sell and disclose.

      The complexity of patent contracts and portfolios is non trivial.
      This can extend to tools and tool chains.
      Apple recently chopped LLVM from some of its build tool chains read why.
      Swift and other internal tools and libraries may apply.

      It is likely that source is shared on many other devices so to reach in
      and grab source, tools, make files and more for one device would be
      a reach into all of the products: iPad, Mac, iTunes, AirPlay, Apple Watch.

      The Apple ecosystem is not public. You cannot hire individuals with knowledge
      of iPhone and IOS internals without their being in violation of individual NDAs.
      Training... there is no external training program for internals.

      A less worthy bit of hardware is the Pandaboard and obtaining
      full documentation is non trivial. When Texas Instruments backed off
      interesting software devel stopped. The graphics hardware IP blobs
      are often the tightest in the industry and would be necessary. Radios,
      network chips, USB devices.

      Copyright... it took a couple years to identify all the copyright owners
      in some flavors of BSD Unix and rewrite or license them. Transfer
      to someone without permission could be expensive.
      Most licenses are not transferable... sure if identified in open court
      but most contracts have silence clauses.

      Some IP might be international in origin. Can this court reach out
      to compel IP from a Japanese, Korean, Chinese Canadian company.

      Someone is smoking some wackey tbackey...

       

      --
      Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
  2. Dear FBI, by psergiu · · Score: 2, Informative

    Dear FBI,

    You can ALREADY start downloading OS X & iOS source code from here:

    http://opensource.apple.com/

    --
    1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
    1. Re:Dear FBI, by Coren22 · · Score: 4, Insightful

      Does this include Apple's signing key which is required to create a firmware image that the phone will run?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    2. Re:Dear FBI, by omnichad · · Score: 2

      You can start, but you won't get very far:
      JavaScriptCore-7601.1.46.3
      WTF-7601.1.46.3
      WebCore-7601.1.46.10
      WebKit-7601.1.46.9
      WebKit2-7601.1.46.9
      libiconv-44

      You could compile most of a web browser.

    3. Re:Dear FBI, by omnichad · · Score: 2

      Seems to be Web Template Framework

  3. iOS source should not be handed over by Anonymous Coward · · Score: 5, Insightful

    Let's be honest, the FBI's goal isn't to access one iPhone. They want access to all encrypted communications. This should be obvious. Handing over the source code to iOS will probably allow the FBI the opportunity to look for other vulnerabilities that could be exploited to read private communications. This isn't acceptable. Furthermore, wouldn't Apple still need to cryptographically sign any build of iOS that would be loaded onto the San Bernardino shooter's phone? The FBI has carefully picked the fight in a case where there's no defending the deceased shooter to maximize public opinion being on their side. They're being disingenuous and it's obvious to anyone who's willing to look carefully at their claims. What is it that makes elected officials almost unanimously support reducing the privacy of the people when there's no such consensus among the people? And why isn't there an effort to impeach the leaders of these three letter agencies for their activities? Impeachment isn't limited to the President, and those who violate the Constitution as they do should be accountable through impeachment.

    1. Re:iOS source should not be handed over by Anonymous Coward · · Score: 3, Interesting

      From TFA:

      “The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.

      “The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”

    2. Re:iOS source should not be handed over by NatasRevol · · Score: 2

      Yes, that's they point of TFA.

      The FBI threatened, in federal court, to take the source code from Apple by force.

      If it were the mafia, they would be threatening knee caps. But really, potato/potahto.

      --
      There are two types of people in the world: Those who crave closure
    3. Re:iOS source should not be handed over by Anonymous Coward · · Score: 2, Insightful

      This: The FBI could give a shit about the source code. The FBI (and intel groups) want the code-signing keys so that they can sign their own malware.

  4. So, the NSA & FBI can crack the iPhone . . . by PolygamousRanchKid+ · · Score: 4, Insightful

    . . . but it's difficult and there is a danger of data loss.

    So what they want, is a master key, so they can unlock any iPhone whenever and wherever they want, without a big hassle. Or a warrant. So they're claiming they can't access it, simply because they want easier access.

    Well played.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  5. Ha HA! We're an IRISH company now! by xxxJonBoyxxx · · Score: 4, Interesting

    Maybe Apple would want to pack up and completely move to Ireland then...would it have more to offer than massive tax breaks? (http://qz.com/273631/how-apple-got-its-2-tax-rate-in-ireland/)

  6. Clash of the titans by Okian+Warrior · · Score: 5, Interesting

    Thinking about the Apple situation, I noted that for years people have predicted that we would live in a corporatocracy.

    And here we are, huddling in fear while giant organizations battle for our rights.

    It is now too expensive for anyone except the upper 1% to go to court, so we are forced to hope and pray that some organization will take up the cause, leaving us on the sidelines rooting like sports fans.

    Of course, those giant entities will only battle for our rights if it aligns with their other goals - Apple isn't opposing this out of their good nature, it's because doing it would cost the money and hurt their bottom line with future sales.

    What a world we live in!

    1. Re:Clash of the titans by alvinrod · · Score: 4, Insightful

      It's even worse than that. Many of the individuals who have tried to sue the government have had their cases dismissed because they can't actually prove that the government spy programs that we've become aware of were actually spying on them even though they've been collecting data on almost everyone. Basically a giant catch-22 where you can't actually bring a case to court until you have the information you could only get from successfully bringing a case to court.

      We need another Snowden who'll dump enough data to clearly give at least a few individuals legal standing. Or just release it all so we can have a massive class action suit involving the entire country against its own government.

    2. Re:Clash of the titans by Jason+Levine · · Score: 4, Insightful

      In many cases, we live at the whims of giant corporations and our only hope is that a government agency can help us. For example, if your local cable ISP - likely your one source for wired, high speed Internet - decided to drastically cap your data rates to prevent streaming while pushing their TV services. Complaints to the ISP would go unheeded and there would be no competition to jump ship to or to help keep them honest. Only a government agency would have the power to keep them in check.

      Here, though, it's reversed. A government agency has decided that they should have access to all phones all the time. (Let's be honest, that's the FBI's end game. They've all but admitted it.) What can the average person do? We can vote for other candidates, but that will only have so much of an effect. The powerful tend to know how to stay in power - even if it means subverting the voting process or corrupting new politicians. A big company (Apple) standing up to the government agency is our best hope at keeping the government agency at bay.

      In either case, it's a story of two giant monsters fighting in a big city and the little people getting crushed. It's just a matter of which giant monster is on our side this time. (Next fight, it might the other way around.)

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  7. Re:APPLE! FBI! by fbobraga · · Score: 2

    This AD is more viral than you think ^^

  8. It's not the source code that matters by guises · · Score: 4, Informative

    Oh for gods' sake. I wrote a whole comment saying basically, "I don't see the problem here," based on the worthless summary, and then looked at the article. It's not about source code, it's about the signing key. It acknowledges that right in the article title, but whoever submitted this got their head on backwards.

    My fault, I suppose, for being lazy.

  9. Re:So, the NSA & FBI can crack the iPhone . . by pla · · Score: 5, Insightful

    Well played.

    Not really - They've backed Apple into a corner. In response, Apple has only two logical next moves - Send all their platform-level development overseas ("You can thank the FBI for the loss of those 1500 highly paid American jobs"), and make the encryption truly unbreakable (absent some unknown weakness in the algorithms themselves), both at rest and in-transit.

    Apple may well lose this round - But they can salt that field so deeply as to make Uncle Sam wish he'd never asked. "Gee, sorry, did we just make all your expensive Stingrays almost completely useless, boys? Oops, our bad, wink wink nudge nudge!"

  10. They want to tell everyone who in charge by evolutionary · · Score: 3, Interesting

    This is what governments do when they start leaning towars totalitarianism. And then they say "it's for your own good". Historically, this never goes pretty or well. This isn't about a phone, it's about getting all companies to acknowledge "whose boss". We jump, you say "how high" or else...you have no rights except those we allow you to have, and they can be revoked at any time it's convenient for us,,,hmm...America, home of the not so brave, not so free.

    --
    "Imagination is more important than knowledge" - Einstein
  11. Eminent Domain by hawguy · · Score: 2

    It's this pretty much seizing the source "for the public good", so they'd need to pay fair market value under Eminent Domain laws?

    1. Re:Eminent Domain by ChrisMaple · · Score: 2

      Good idea. I figure about $120 billion, half of Apple's annual revenue. Cost to average citizen, $400, so not such a good idea.

      --
      Contribute to civilization: ari.aynrand.org/donate
    2. Re:Eminent Domain by hawguy · · Score: 2

      Yes, but given that if Apple's source code was to be placed into the hands of the US government, the value of that code would plummet -- and therefore the "fair market value" (which would be determined *by* the government) would likely be far less than it is now.

      I don't think valuations work that way, or every house taken to build a freeway would be valued at $0 since once the government takes over the house and bulldozes it to build the freeway, the house would be worthless. The valuation has to be based on the market value at the time of the seizure of the property.

  12. Come to Canada by Comboman · · Score: 5, Funny

    Send all their platform-level development overseas

    May I suggest Canada? It's nice and close, we speak English, and I bet you could buy all those empty Blackberry buildings pretty cheap.

    --
    Support Right To Repair Legislation.
  13. The Cost of Social Responsibility by Bruce+Perens · · Score: 4, Insightful

    Apple is attempting to be socially responsible. The cell phone is a worse instrument for oppression than Orwell ever imagined. I can make your phone record every moment that you are carrying it. I can compress your voice so well that the existing storage is just fine for that. How long do you think it will be before that's happening for governments, if we embark upon this slope?

    The problem is that if you attempt to be socially responsible, the government will do its best to damage your business. Or other companies will. So, corporations have to be cowards to survive.

    Ultimately, we can't rely on a corporation for hardware that we can trust. It needs to be independently verifiable. Verifying software is possible. Verifying what is in an IC, less so at present time.

    --
    Bruce Perens.
  14. "Clearly it is time for Apple to move offshore!?" by Nutria · · Score: 2

    Which country, exactly, can it go to where the government can't force the issue if it really wants to?

    Ooh, ooh, I know!! They can follow Edward Snowden into the safe, comforting arms of Putunist Russia!!!

    Yay!!!

    --
    "I don't know, therefore Aliens" Wafflebox1
  15. Re:So, the NSA & FBI can crack the iPhone . . by OhPlz · · Score: 2, Insightful

    Where would they send those jobs? I doubt there's a foreign country with enough skilled workers whose government wouldn't make the same demands or worse. This type of BS is not unique to the US federal government.

  16. Unreadable FOREVER? by Overzeetop · · Score: 2

    "He said that an error in removing the memory could make the data unreadable forever."

    Well, considering that's the current state of the data, they really have nothing to lose.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  17. Not the worst case scenario by Locke2005 · · Score: 2

    Forcing Apple to turn over trade secrets so that the FBI can hack it themselves actually bothers me a lot less than the FBI forcing Apple to do their job for them, with no compensation, which would be an even worse precedent. Couldn't any secrets in the source code be ferreted out eventually by disassembling the executable image? I don't think Apple encrypts the executable, do they? Give 'em the source code, and then change in the next release any trade secret that creates a security hole if leaked to wrong the people. Still makes work for Apple, but still not the worst case.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  18. FBI has it all wrong by fibonacci8 · · Score: 2

    The burden is ethical, not financial. Finding people who could sleep at night after doing this is the trouble.

    --
    Inheritance is the sincerest form of nepotism.
    1. Re:FBI has it all wrong by liquid_schwartz · · Score: 2

      Finding people who could sleep at night after doing this is the trouble.

      I so wish that were true. There are *hordes* of people who are well intentioned idiots and would do whatever people in authority tell them. Very few people have a true backbone as shown here: https://en.wikipedia.org/wiki/...

  19. Re:Apple can take care of itself. by Locke2005 · · Score: 2

    Allowing others to break one of the value added features you provide to customers (data encryption), lowers the value of the product and the market cap of the company. As a general rule, one doesn't want government to be able to choose winners and losers in business, otherwise the smartest competitive strategy is to simply bribe congress to put your competitors out of business. Don't for a minute think that hasn't already happened, that lobbyists haven't already hand-written laws to provide a competitive advantage to the corporations paying their exorbitant fees.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  20. Regulating the wrong device by tekrat · · Score: 5, Insightful

    The government is trying to regulate a PHONE because "terrorism" -- but of course, won't lift a finger to impose any regulation on the other, more important device used in terrorism -- the GUN itself.

    So, lemme get this straight: you want to impose all these restrictions on my phone, listen to my every phone call, read every email and text message, look at pictures of my GF, and basically peer into my personal life and the personal lives of every American, all because you won't even regulate keeping an eye on someone when they buy 50000 rounds of ammo and large capacity magazines?

    Dude, I have to show my driver's license to buy cold medication, but you won't even perform simple background checks when someone buys a gun?

    This country is truly fucked up.

    --
    If telephones are outlawed, then only outlaws will have telephones.
    1. Re:Regulating the wrong device by Alypius · · Score: 2

      Dude, I have to show my driver's license to buy cold medication, but you won't even perform simple background checks when someone buys a gun?

      Dude, you've never bought a gun before, have you?

  21. Re:handing over the code. by Jason+Levine · · Score: 3, Funny

    Apple should make the code available (as printed text) in a cellar with no lights, no stairs in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "Beware of the Leopard."

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  22. ha ha by pghmike4 · · Score: 2

    Does anyone believe that the FBI has programmers who could even *build* iOS with the source code, but no active assistance from Apple? Much less then get their patched OS right enough to actually not destroy the contents of the iPhone in question. Apple should definitely take them up on this offer: no assistance but enjoy the source code.

  23. Spaceship Campus by Immerial · · Score: 4, Funny

    They didn't build a spaceship campus for nothing... Wait until that fucker takes off into space... so long and thank you for the fish! =D

  24. Re:APPLE! FBI! by MobileTatsu-NJG · · Score: 3, Insightful

    Oh thank God. I was worried we may have a 24 hour break without this critically important story to the Slashdot readership appearing on the front page.

    FTFY.

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)