Slashdot Mirror
DOJ Threatens To Seize iOS Source Code (idownloadblog.com)
An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter's iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state." Footnote Nine of DoJ's filing reads:
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
Didn't think this could get much stupider. But...
Don't step on the baby.
DOJ's response to Apple's claim that the DOJ is trying to make a police state? You guessed it: create a police state.
Note to everyone: burn your backdoors. Do it now. Apple wouldn't be in this mess if the phone was secure against updates while locked.
See that "Preview" button?
It shouldn't be the FBI's job to lobby for or against policies with such wide political implications. It's conflict of interest, and outside of their role as part of the Executive Branch. They are to carry out of the orders of the other branches and formal political process, NOT to make or pressure policy.
They can state their preference on political issues as they relate to crime fighting and prevention, but to aggressively push for a stance or policy is another thing.
Table-ized A.I.
You know that "oppressive government" people are always talking about?
Here's the baby pictures kids!
Chas - The one, the only.
THANK GOD!!!
In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state."
Of course it could lead to a police state. That's what this is all about, abuse of spying capabilities.
We just found out this week that your giant US-to-foreign email conversations database the NSA shares with you allows warrantless reading of the to: and other fields, not only without a warrant, but without even any tracking and logging .
This is the core of the Constitutional issues the Constitution is supposed to prevent -- people in power having the ability to spy on political opponents, using government powers.
What is to stop, or even notice, a rogue agent working for a politician spying on opponents on their behalf? Nothing, and not even a secret court nor the elected congressmen who are on a national security committee, and are nominally supposed to make sure it isn't abused, can even detect the abuse.
How are we to know this software won't be copied and abused to crack some stolen politician's phone? Of course this assumes you are stuffed looking at who they call, anyway, to feel out their political support networks, the meta info, that itself could be abused, and is warrantless.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Since you're from Oregon, I'd thought you'd have turned on a TV and seen how effective a certain other movement's attempt to start a revolution fared against the feds. These neo-revolutionaries are in waaaaay over your head. Best to do what the rest of us are doing and learn to live with what you don't like.
The problem is the keys CAN'T be updated. They're burned into real ROM (as opposed to OTP), the reason being the boot ROM will verify a signature using the key it has. If the key was stored in alterable (e.g., flash) memory, then it would be possible to erase the key, program your own and jailbreak your device that way.
Of course, that also means third parties like the government can do so as well to have it run custom bootloaders and OS and not have to go through the process to get Apple's key which is the only way to create code that will run on the SoC.
Of course, I'm not entirely sure if the source code would have the key in it - it's possible after having the final IPSW file, Apple takes it on a USB key to a special Mac and has that Mac sign the IPSW. That Mac is airgapped and everything so to create an OS update requires physically going to the Mac and doing the signing there. For development, Apple most certainly has dev boards that don't require a signed image (it won't help the FBI to have these boards).
I suppose the bigger question is - don't the FBI realize what kind of stink they're making? So they acquire the iOS source code. But that immediately casts a huge shadow over the US's prime industry - IP. Because sooner or later, that iOS source code WILL leak from a hack of the FBI, which means any IP industry in the US (i.e., the only sectors making money - movies, music, books, TV, software, etc) is suddenly threatened - the government can seize your content and while they promise to keep it secure, it won't be (see IRS and other hacks) and it'll be a field day - get your Hollywood new theatrical releases the day of, courtesy of the FBI.
It seems like the FBI wants to win the battle, but lose the war. We used to mock China for their poor IP protection policies and state-sanctioned piracy, but it appears the US is going to do worse. At least the Chinese government protects Chinese IP while disregarding foreign IP.
Anyone who deals with IP should pay a lot of attention to this case - if you can be forced to give up your IP, and you know the entity forcing you can't protect it, well, all the copyrights of the world won't protect you.
Seriously - the level of silliness is getting absurd. Forcing Apple to give up their source code means the content industry and IP industry have a shot across the bow - the government will take what they want. And then hackers will have it too. Way to destroy one of the biggest industries in the US.
Can the government compel someone to say something they do not wish to?
As long as code is free speech (Bernstein v. the U.S. Department of State; Brown v. Entertainment Merchants Ass'n). And as long as the ruling of Citizens United v. FEC stands, it seems to me that Apple has a First Amendment right to STFU.
I hope this results in Apple stuffing the EFF war chest to keep that organization going. And the ACLU has made strong statements in support of Apple, but I predict the ACLU won't become involved in the case.
“Common sense is not so common.” — Voltaire
Funny, all those rights didn't stop the government from rounding up the American citizens of Japanese ancestry into concentration camps.
Rights is what government lets you have when it's convenient. They all go into the trash the moment they become a hindrance.
Before you start talking about how the citizen soldiers or the police force will not stand for such things, most heinous acts in history are easily justify by a singular excuse of "just following orders."
ELOI, ELOI, LAMA SABACHTHANI!?
No matter who makes those changes, the problem is the same... If Apple makes it and just lets the FBI use it, then the FBI will just keep on asking in the future whenever they need their help, and Apple keeping it around means that there will exist a possibility that it might get misappropriated from Apple. By expecting Apple to cooperate with the FBI, the government is basically telling Apple to play Russian roulette with its own IP. What sane person would voluntarily pull a trigger of a loaded gun that was pointed at their own head, even if they knew that most of the chambers were empty?
File under 'M' for 'Manic ranting'
If they can get the courts to give them the keys and the source code, what good would it do apple to release a new version of IOS with new signing keys? The government would just compel them to release it again... and the 2nd iteration, they'd have a precedent.
Which is really what the FBI wants - precedent. It's already been stated that the NSA could (probably) crack the phone, but the FBI isn't interested because they want a legal precedent - presumably to decrypt any phone any time for any reason...
From http://www.newsweek.com/former...
Richard Clarke (former U.S. counterterrorism official and security adviser to the president) said Monday in an interview on NPR's Morning Edition that he believes that if the FBI asked, the National Security Agency “would have solved this problem” of opening the encrypted iPhone of the San Bernardino, California, shooter.
When asked by NPR anchor David Greene what he would have done if he was still in government, Clarke said he would taken the San Bernardino shooter's iPhone, which is at the center of a national debate over encryption, to NSA headquarters in Fort Meade, Maryland. Clarke believes the FBI is holding out in an attempt to set a legal precedent to facilitate decrypting smartphones in the future.
It must have been something you assimilated. . . .
They can ask but the precedent wouldn't have anything in common with such a thing, so there wouldn't be any judicial power behind the request. Whose phone (exactly) are you talking about? Because when the FBI goes crawling on their hands and knees to a judge, they're going to need some names, probable cause, and a particular crime.
I'm not saying they don't want this power. (We already gave it to them (in a certain form) 22 years ago with CALEA!) But this campaign doesn't give them any advantage on that one. If anything, it gives advantage to We The People, since this case is helping us to wake up to the obvious fact that it's pretty fucking stupid to have a third party (e.g. Apple, Samsung, Sony, whatever) be in charge of your PC's keys. And once we know that and stop pretending that it's too hard or doesn't matter who is in charge of our PCs, we'll take care of things.
People are worried that the FBI might be empowered to take over your phone?!? You should be worried that YOU AREN'T empowered take over your own phone. You will always be vulnerable to a third party being coerced (and possibly without your knowledge!) until you fix that.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Here is the thing.
As a fellow Oregonian, those Federal Lands are already shared lands. I have access to them, because they're Federally owned. The idea of taking those lands and giving them to "the county" to sell off to private parties, well guess what? I would no longer have access to those lands.
The only reason Oregonians didn't take up arms and join militias and go take back our shared lands, is that the FBI wanted to get them out their own (very slow) way.
We may be liberal, we may oppose many wars, but don't think Oregonians are unwilling to take up arms and defend the United States of America.
I just checked the political news, and I wouldn't be at all surprised if there is a Civil War II in my lifetime. We're here, we're ready, and we support the Constitution. The real one with words, not the imaginary one that says "no hippies, mmmmmkay"
I don't think the FBI or DOJ are playing a legal short game, I think they're playing a political long game where they're looking for a legislative solution that would bypass the courts and survive some kind of constitutional challenge. Congress has historically been given wide latitude to regulate interstate commerce and it's not hard to see a law enacted that regulates commercial encryption products that requires their makers to assist lawful law enforcement requests for assistance in decrypting their products.
I don't really buy the bad for business argument that much, though. Even if Apple were to provide some way of granting the government "assistance" I would wager the technology would still be good enough for all but the most high risk situations, and less vulnerable than similar technology made anywhere else. There are few nations on Earth that don't already have fairly draconian public security and censorship as it is -- whose security technology are you going to trust -- Indian? Chinese? Russian?
It'd be nice if Norway, Sweden, Switzerland or the Netherlands produced a secure communications device backed by their own country's strong constitutional protections against invasion of privacy. But they would also be subject to diplomatic pressure to cooperate with law enforcement and intelligence services, something which a US based company can more easily fend off. Even the Swiss caved on a lot of bank secrecy under pressure from the US to go after tax evaders.
Overall, I hope the FBI loses on this issue. I think they're looking for the ability to conduct anytime, anywhere surveillance that has no limits and it's scary.
Nazi Germany didn't happen because the German people were unarmed. Nazi Germany happened because the terms of the Treaty of Versailles left Germany humiliated and impoverished, and then a charismatic sociopath successfully appealed to the worst of an angry people, telling them that Germany's awful situation wasn't their fault, it was the Jews and communists (and unionists, and liberals, and gays, and the Roma, and...).
Nobody wants to admit this about the Third Reich is, because it forces us to realize unpleasant things about ourselves: it didn't happen because Hitler was some sort of super-genius who tricked everybody into thinking he was a nice guy. His message of hate and evil was about as subtle as a freight train's horn. The SOB laid everything out in Mein Kampf. Nazy Germany happened because enough of the largely intelligent and well-educated population of Germany wanted somebody like Adolf Hitler to be Reichskanzler. A strong leader - unlike feckless, weak old Hindenburg - who would stand up to the thieving Jews and traitors among us, who will make Europe respect us again, and take back the stolen lands. You might say... who will make Germany great again!
The only good thing that could come out of this is research and developing of encryption for consumers that's always on, and that is unbreakable even if the Feds seize all the company's assets.
Those TSA-approved locks were already useless against someone with a $40 set of linesman's pliers, but your point still stands.
I'm very curious how, like a key, using nothing but your linemans pliers you can remove the lock, rummage through and replace items in the luggage, and then put the lock back on leaving no trace of break-in what so ever.
Specifically that last part. It never worked for me with bolt cutters or torches.
Could you detail your methods for me please?