Apple Might Be Forced to Hand Over iOS Source Code to the FBI

Bruce66423 writes: In its latest filing, the FBI implies that, if the burden on Apple programmers of their alternative approach is too great, then Apple should release the whole source code to the FBI to allow them to do the work, quoting the precedent of the Lavabit confrontation. Clearly it is time for Apple to move offshore!? To recall, Lavabit abruptly shut down in 2013 when the FBI attempted to get the company to hand over the encryption keys for its secure email service. While the current situation seems to put Apple in the same ballpark as Lavabit, what gives the Cupertino-giant company an advantage is the immense support it is receiving from other Silicon Valley companies and personnel. Many believe that the FBI doesn't really need Apple's help in unlocking the iPhone. Reports claim that the iPhone in question already has a "backdoor" which could allow the government-backed institution to access the data on the smartphone. Other widely reported theories include cracking the iPhone and manipulating the innards to trick the system into spilling out all the information. One proposed method, which requires the phone's NAND flash chip to be taken out, may not work, though. Daniel Kahn Gillmor, a technology fellow with the ACLU's Speech, Privacy and Technology Project, pointed out the risks in playing with flash memory. He said that an error in removing the memory could make the data unreadable forever.

It's simple.

The FBI doesn't want anybody to be able to keep any secrets from it ever, with no regard to what impact this might have on commerce. They are attempting to use this case to ensure that they get complete authority and ability to decrypt everything at their whim. If they can offload the work to other companies for free, all the better, but the real win is that nothing anywhere can ever be kept secret from them for any reason.

That's all this is. Everything else is just politico/legalease/bullshit.

Re:It's simple.

[Bartles]

If only there was someone in charge that could tell the FBI to stop this.

Re:It's simple.

[s.petry]

Are you signed up for the revolt? That is the only way you are going to get someone in charge who is not an authoritarian, wanting the FBI to get their way. Not a single candidate in either the Democratic or Republican party has mentioned the Constitutional protection which should exist. They have all said that the FBI should be able to do what they want, when they want, to whom they want.

In fact they have all said Safety is more important than Freedom and Government intrusion. (a couple have intentionally used double speak to try and hide it, but..)

Tyranny is frighteningly close.

Re:It's simple.

[s.petry]

There are plenty of places for you to educate yourself on the subject outside of Slashdot. I would strongly recommend that you do your homework in the future.

The Fourth Amendment of the U.S. Constitution provides, "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly ...

Demanding a company perform an action which is ILLEGAL in all other circumstances meets and exceeds the definition of abuse of power. If you want to use the common, and somewhat fallacious, argument of a safe: A safe maker may be compelled to produce a key for a safe, and reimbursed for the cost of making said key. If the safe owner modified the lock and the key does not work, the Government can NOT compel the safe maker to blow open the safe.

What the Government is demanding is not just for Apple to blow up the safe, they are requesting a permanent opening be made in ALL safes for their convenience. The only way this would meet probable cause would be to claim that ALL citizens are criminals. That last part is a violation of much more than the 4th amendment.

Re:It's simple.

[Jason+Levine]

Don't worry. The FBI/NSA/etc. know where all those people are now, what they are doing, and who they have been talking with. Soon, the FBI might also be able to see what's on all of their phones as well. You know, just in case any of them even thinks of doing "wrong." (Where "wrong" is defined by the FBI/NSA/etc.)

Re:It's simple.

[niftymitch]

Um, what constitutional protection?
The FBI went through a court, that is the extent of the protection the constitution guarentees with the fourth amendment.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized

Do you try to say that there isn't probable cause, there want an Oath or affirmation, or that the thing to be searched was not described well enough?

Not simple.

The source code is a stretch, the seizure of source code was not specified in the writ.
It is more than source code...

This would be a second pile of worms.
And I suspect interesting bits are not Apples to release.
It is not uncommon for hardware to be built with devices that are opaque without
information obtained via NDA. Files that contain offsets for registers and functions
that describe and make the device do its thing fall into this NDA world like nVidia driver
blobs in Windows and Linux.
For the FBI to work with blobs Apple would have to engineer an API and deliver binary blobs.
A single chunk of silicon can contain the IP of numerous companies.
Some are patent exchange agreements with exclusions to sell and disclose.

The complexity of patent contracts and portfolios is non trivial.
This can extend to tools and tool chains.
Apple recently chopped LLVM from some of its build tool chains read why.
Swift and other internal tools and libraries may apply.

It is likely that source is shared on many other devices so to reach in
and grab source, tools, make files and more for one device would be
a reach into all of the products: iPad, Mac, iTunes, AirPlay, Apple Watch.

The Apple ecosystem is not public. You cannot hire individuals with knowledge
of iPhone and IOS internals without their being in violation of individual NDAs.
Training... there is no external training program for internals.

A less worthy bit of hardware is the Pandaboard and obtaining
full documentation is non trivial. When Texas Instruments backed off
interesting software devel stopped. The graphics hardware IP blobs
are often the tightest in the industry and would be necessary. Radios,
network chips, USB devices.

Copyright... it took a couple years to identify all the copyright owners
in some flavors of BSD Unix and rewrite or license them. Transfer
to someone without permission could be expensive.
Most licenses are not transferable... sure if identified in open court
but most contracts have silence clauses.

Some IP might be international in origin. Can this court reach out
to compel IP from a Japanese, Korean, Chinese Canadian company.

Someone is smoking some wackey tbackey...

 

iOS source should not be handed over

Let's be honest, the FBI's goal isn't to access one iPhone. They want access to all encrypted communications. This should be obvious. Handing over the source code to iOS will probably allow the FBI the opportunity to look for other vulnerabilities that could be exploited to read private communications. This isn't acceptable. Furthermore, wouldn't Apple still need to cryptographically sign any build of iOS that would be loaded onto the San Bernardino shooter's phone? The FBI has carefully picked the fight in a case where there's no defending the deceased shooter to maximize public opinion being on their side. They're being disingenuous and it's obvious to anyone who's willing to look carefully at their claims. What is it that makes elected officials almost unanimously support reducing the privacy of the people when there's no such consensus among the people? And why isn't there an effort to impeach the leaders of these three letter agencies for their activities? Impeachment isn't limited to the President, and those who violate the Constitution as they do should be accountable through impeachment.

Re:iOS source should not be handed over

From TFA:

“The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.

“The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”

So, the NSA & FBI can crack the iPhone . . .

[PolygamousRanchKid+]

. . . but it's difficult and there is a danger of data loss.

So what they want, is a master key, so they can unlock any iPhone whenever and wherever they want, without a big hassle. Or a warrant. So they're claiming they can't access it, simply because they want easier access.

Well played.

Ha HA! We're an IRISH company now!

[xxxJonBoyxxx]

Maybe Apple would want to pack up and completely move to Ireland then...would it have more to offer than massive tax breaks? (http://qz.com/273631/how-apple-got-its-2-tax-rate-in-ireland/)

Clash of the titans

[Okian+Warrior]

Thinking about the Apple situation, I noted that for years people have predicted that we would live in a corporatocracy.

And here we are, huddling in fear while giant organizations battle for our rights.

It is now too expensive for anyone except the upper 1% to go to court, so we are forced to hope and pray that some organization will take up the cause, leaving us on the sidelines rooting like sports fans.

Of course, those giant entities will only battle for our rights if it aligns with their other goals - Apple isn't opposing this out of their good nature, it's because doing it would cost the money and hurt their bottom line with future sales.

What a world we live in!

Re:Clash of the titans

[alvinrod]

It's even worse than that. Many of the individuals who have tried to sue the government have had their cases dismissed because they can't actually prove that the government spy programs that we've become aware of were actually spying on them even though they've been collecting data on almost everyone. Basically a giant catch-22 where you can't actually bring a case to court until you have the information you could only get from successfully bringing a case to court.

We need another Snowden who'll dump enough data to clearly give at least a few individuals legal standing. Or just release it all so we can have a massive class action suit involving the entire country against its own government.

Re:Clash of the titans

[Jason+Levine]

In many cases, we live at the whims of giant corporations and our only hope is that a government agency can help us. For example, if your local cable ISP - likely your one source for wired, high speed Internet - decided to drastically cap your data rates to prevent streaming while pushing their TV services. Complaints to the ISP would go unheeded and there would be no competition to jump ship to or to help keep them honest. Only a government agency would have the power to keep them in check.

Here, though, it's reversed. A government agency has decided that they should have access to all phones all the time. (Let's be honest, that's the FBI's end game. They've all but admitted it.) What can the average person do? We can vote for other candidates, but that will only have so much of an effect. The powerful tend to know how to stay in power - even if it means subverting the voting process or corrupting new politicians. A big company (Apple) standing up to the government agency is our best hope at keeping the government agency at bay.

In either case, it's a story of two giant monsters fighting in a big city and the little people getting crushed. It's just a matter of which giant monster is on our side this time. (Next fight, it might the other way around.)

It's not the source code that matters

[guises]

Oh for gods' sake. I wrote a whole comment saying basically, "I don't see the problem here," based on the worthless summary, and then looked at the article. It's not about source code, it's about the signing key. It acknowledges that right in the article title, but whoever submitted this got their head on backwards.

My fault, I suppose, for being lazy.

Re:So, the NSA & FBI can crack the iPhone . .

[pla]

Well played.

Not really - They've backed Apple into a corner. In response, Apple has only two logical next moves - Send all their platform-level development overseas ("You can thank the FBI for the loss of those 1500 highly paid American jobs"), and make the encryption truly unbreakable (absent some unknown weakness in the algorithms themselves), both at rest and in-transit.

Apple may well lose this round - But they can salt that field so deeply as to make Uncle Sam wish he'd never asked. "Gee, sorry, did we just make all your expensive Stingrays almost completely useless, boys? Oops, our bad, wink wink nudge nudge!"

They want to tell everyone who in charge

[evolutionary]

This is what governments do when they start leaning towars totalitarianism. And then they say "it's for your own good". Historically, this never goes pretty or well. This isn't about a phone, it's about getting all companies to acknowledge "whose boss". We jump, you say "how high" or else...you have no rights except those we allow you to have, and they can be revoked at any time it's convenient for us,,,hmm...America, home of the not so brave, not so free.

Come to Canada

[Comboman]

Send all their platform-level development overseas

May I suggest Canada? It's nice and close, we speak English, and I bet you could buy all those empty Blackberry buildings pretty cheap.

The Cost of Social Responsibility

[Bruce+Perens]

Apple is attempting to be socially responsible. The cell phone is a worse instrument for oppression than Orwell ever imagined. I can make your phone record every moment that you are carrying it. I can compress your voice so well that the existing storage is just fine for that. How long do you think it will be before that's happening for governments, if we embark upon this slope?

The problem is that if you attempt to be socially responsible, the government will do its best to damage your business. Or other companies will. So, corporations have to be cowards to survive.

Ultimately, we can't rely on a corporation for hardware that we can trust. It needs to be independently verifiable. Verifying software is possible. Verifying what is in an IC, less so at present time.

Re:Dear FBI,

[Coren22]

Does this include Apple's signing key which is required to create a firmware image that the phone will run?

Regulating the wrong device

[tekrat]

The government is trying to regulate a PHONE because "terrorism" -- but of course, won't lift a finger to impose any regulation on the other, more important device used in terrorism -- the GUN itself.

So, lemme get this straight: you want to impose all these restrictions on my phone, listen to my every phone call, read every email and text message, look at pictures of my GF, and basically peer into my personal life and the personal lives of every American, all because you won't even regulate keeping an eye on someone when they buy 50000 rounds of ammo and large capacity magazines?

Dude, I have to show my driver's license to buy cold medication, but you won't even perform simple background checks when someone buys a gun?

This country is truly fucked up.

Re:handing over the code.

[Jason+Levine]

Apple should make the code available (as printed text) in a cellar with no lights, no stairs in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "Beware of the Leopard."

Spaceship Campus

[Immerial]

They didn't build a spaceship campus for nothing... Wait until that fucker takes off into space... so long and thank you for the fish! =D

Re:APPLE! FBI!

[MobileTatsu-NJG]

Oh thank God. I was worried we may have a 24 hour break without this critically important story to the Slashdot readership appearing on the front page.

FTFY.