DOJ Threatens To Seize iOS Source Code

An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter's iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state." Footnote Nine of DoJ's filing reads:

"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."

As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.

Re:After reading this, i started wondering...

[Ultra64]

You know those TSA approved luggage locks? The Washington Post did a story on them, and included pictures of the master keys.

Someone saw this and used the photos to make a functional 3D-printed set of keys. All of those TSA approved locks are useless now.

It is impossible to make a backdoor that only the "good guys" can use. It *will* get leaked, stolen, or cracked.

"Please present your papers"

[surfdaddy]

I remember seeing movies about life in Germany under Hitler. Whether accurate or not, random people were walking on the street and officers would mutter that command to people, and if they didn't have what was wanted - bang! You might disappear. It strikes me that where we're going in the US (land of the free!) is this direction. The government HAS to be able to see ALL of your papers - only they are now electronic records. And there CANNOT be anywhere that you can put things that the government shouldn't be able to get in. I wonder how we justify being able to take a walk of two people in the woods, without the government being able to "know", upon warrant, what was said? Should we also have microphones recording at all times so that *everything* is discoverable? And what about the government that starts bending the rules of court-issued warrants, to Hoovering up of ALL records on the phone, or the internet? "It's all for your protection, and for the children....".

Re:"Please present your papers"

Um, the Nazis actually deregulated the gun control laws that were in place. See http://www.law.uchicago.edu/files/files/harcourt_fordham.pdf - p.20-21:

"[..] With regard to gun possession, the 1938 Nazi gun laws represented a further liberalization of gun control regulations.[..] [T]he 1938 revisions completely deregulated the acquisition and transfer of rifles and shotguns, as well as ammunition."

Granted, they did take steps to disarm the jewish people. But if you read up on the history of the Weimar Republic, leading up to the rise of power of Nazism, you would find that the prevalence of weapons was precisely what enabled the terror gangs to murder hundreds of people for political reasons (https://en.wikipedia.org/wiki/Organisation_Consul), roam the street with terror gangs (including the SA and SS) and intimidate the opposition and large parts of the population.

So, yeah. You could argue that the right to gun ownership may prevent the rise of a tyrant. But do not argue with the Nazis, as in Germany, guns did not prevent the rise of Hitler, but rather helped pave his way.

how the keys work

[supernova87a]

It is amazing to even try to conceive that the ham-handed FBI, with politically appointed leaders (aka morons who have no idea about building hardware/software and who are trained and incentivized to kick doors down, not pick locks) would be remotely qualified to even understand the ramifications of creating/modifying source code, signing it, and pushing it to carefully designed hardware. Much less qualified to execute on that task with a few government programmers, when it took an organization of 100s of people years to develop what is now the iPhone hardware+software encryption infrastructure.

Just for your reference, the reason the encryption keys are so important / secret is that:
-- All recent (>4 year) Apple hardware has built-in encryption-dedicated processing hardware
-- This hardware has firmware burned-in with Apple public encryption keys that validate that any code has come directly from Apple without modification, on startup
-- This key validation structure is designed to ensure that only code signed by Apple's private key can run on the phone
-- Every iPhone has the same public keys burned on it, because that's how public keys work.

So if Apple is forced to give its private keys to the FBI (assuming the remote likelihood they even knew what to do with it), the FBI would have the ability to encrypt and sign software for any of these iPhones. The idea (legal argument-wise or technically) that "this is about one phone" is laughable.

Forcing someone to disclose encryption keys would be a huge violation of the First Amendment. If there is anything that qualifies as speech and knowledge, it is an encryption key / secret. Then on top of this, there is the question of whether the people at Apple who are in charge of the encryption keys (yes, individuals) would even voluntarily turn it over if given such a blatantly unconstitutional order.

I'm sure that even people within the FBI laugh at the notion that they could develop such code without fucking it up, deploy it, and maintain the secrecy of the keys and source code from outsiders.

And final note by the way, this legal filing was written so poorly as to be a joke. It reads like a summer intern wrote the brief after being dictated it by the paralegal to the Assistant US Attorney dashing out of a meeting.

See John Oliver's take on this...

[Hussman32]

What surprises me from John Oliver's take on this is that Lindsay Graham said we need to step back. Even he now knows that it's not a workable strategy for the government to get access to the phones.

Re:Waste of time, won't stop uncrackable messaging

[phantomfive]

All that is needed for unbreakable communications is a lengthy sequence of random bytes and an XOR operator. Otherwise known as a one-time-pad.

That comes up a lot. and it's usually wrong. Basically, the weak part of encryption isn't the algorithm, it's the chain of trust. If you can successfully exchange one-time-pads, then you can successfully exchange keys and get good encryption. In fact, exchanging keys is easier.

. If the parties are at least marginally smart in picking and using the pad

Nah, there are a number of mistakes you can make with a one-time-pad, and schneier pointed out a few in that link from before.