Slashdot Mirror
DOJ Threatens To Seize iOS Source Code (idownloadblog.com)
An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter's iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state." Footnote Nine of DoJ's filing reads:
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
Didn't think this could get much stupider. But...
Don't step on the baby.
DOJ's response to Apple's claim that the DOJ is trying to make a police state? You guessed it: create a police state.
Note to everyone: burn your backdoors. Do it now. Apple wouldn't be in this mess if the phone was secure against updates while locked.
See that "Preview" button?
What's to stop Apple immediately releasing an update which 1. installs new keys, and 2. revokes the keys in possession of the FBI? i.e. before the FBI has enough time to modify and release their own version?
"Install this update NOW before law enforcement gets access to your phone?"
Or am I missing something?
If that's a feasible option, they're probably working on it right now.
They sentenced me to twenty years of boredom
As a Portland resident, this hits home to me... I'm locked-n-loaded -- come and get 'em! Dun-diddly.
It shouldn't be the FBI's job to lobby for or against policies with such wide political implications. It's conflict of interest, and outside of their role as part of the Executive Branch. They are to carry out of the orders of the other branches and formal political process, NOT to make or pressure policy.
They can state their preference on political issues as they relate to crime fighting and prevention, but to aggressively push for a stance or policy is another thing.
Table-ized A.I.
... then isn't the derivative work that they make copyright infringement?
File under 'M' for 'Manic ranting'
They only need the key for digital signature, the FBI has the technical expertise to hack the binaries just like black hats. Its all about the key.
If we end up in the horrible situation where this is going to happen then morally Apple must do it. If Apple makes the changes they can also include code that restricts this version of iOS to the single phone in question. A new court order will then be needed for any other phone. However if the FBI is left to make the changes there will be no such restriction, this version would run on any phone and a court order may not be necessary for its use.
Its a classic negative / negative decision. Both options suck but one sucks significantly worse. Apple is morally obliged to help protect its customers as best it can and that means the FBI can't be the one making the changes.
You know that "oppressive government" people are always talking about?
Here's the baby pictures kids!
Chas - The one, the only.
THANK GOD!!!
In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state."
Of course it could lead to a police state. That's what this is all about, abuse of spying capabilities.
We just found out this week that your giant US-to-foreign email conversations database the NSA shares with you allows warrantless reading of the to: and other fields, not only without a warrant, but without even any tracking and logging .
This is the core of the Constitutional issues the Constitution is supposed to prevent -- people in power having the ability to spy on political opponents, using government powers.
What is to stop, or even notice, a rogue agent working for a politician spying on opponents on their behalf? Nothing, and not even a secret court nor the elected congressmen who are on a national security committee, and are nominally supposed to make sure it isn't abused, can even detect the abuse.
How are we to know this software won't be copied and abused to crack some stolen politician's phone? Of course this assumes you are stuffed looking at who they call, anyway, to feel out their political support networks, the meta info, that itself could be abused, and is warrantless.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
What's to stop Apple from creating a new corporation overseas and have them hold the IOS source code there? Apple USA no longer has access to the source code, and the new company tells the US Government to go suck an egg.
Wait, I'm white. Does this affect me yet?
Yeah, we really need an amendment for the right to bear iPhones...
Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
Private property rights (that would have defended Apple in this case) were were killed in the USA the moment government was able to apply the Sherman's Act to dismantle Rockefeller's Standard Oil. This is not new, the only people who think this threat by the government Mafia is anything new are the ones who want to discriminate against some (for example discriminating against Rockefeller's right to private property is cheered by a large number of people).
Apple is the modern day Standard Oil. This case against them is the application of Sherman Act against Standard Oil. If nothing is done, 100 years from now idiots will be saying that government using its oppression to destroy Apple's private property rights was the correct thing...
You can't handle the truth.
I know you're just trying to be funny, but when the shit hits the fan the military and law enforcement will be on our side, not the government's.
isn't DOJ law enforcement? or are you saying wait for shit to hit the fan first.
Wait 4 years till the import restriction legislation gets passed and kicks in.
You really should read up on American history... start with Watergate. The reality is that fully encrypted communication channels are the lesser of two evils here... and fully encrypted communication is no different than "taking a walk in the woods" 200 years ago. The underlying idea is that thought is not a crime, speech is not a crime, and full access to my device only gives you my thought and speech. This has nothing to do with guns, you are mistaken about that. Gun control is about individual protection... encryption is about national protection.
Which has more power: the hammer, or the anvil?
> And seriously, who the hell is gonna hack your mobile phone?
I really hope you're never put in charge of anything important.
You know those TSA approved luggage locks? The Washington Post did a story on them, and included pictures of the master keys.
Someone saw this and used the photos to make a functional 3D-printed set of keys. All of those TSA approved locks are useless now.
It is impossible to make a backdoor that only the "good guys" can use. It *will* get leaked, stolen, or cracked.
All this will accomplish is allow the gov. to peek into lazy and stupid criminals communiques. Apparently the FBI thinks the majority of the bad guys fall into this category. They may be right, as it stands now, but if they win, that may be the event that causes bad people to get smarter. The response may be worse than the current situation, and everyone's security will be placed at risk because of it.
Can the government compel someone to say something they do not wish to?
As long as code is free speech (Bernstein v. the U.S. Department of State; Brown v. Entertainment Merchants Ass'n). And as long as the ruling of Citizens United v. FEC stands, it seems to me that Apple has a First Amendment right to STFU.
I hope this results in Apple stuffing the EFF war chest to keep that organization going. And the ACLU has made strong statements in support of Apple, but I predict the ACLU won't become involved in the case.
“Common sense is not so common.” — Voltaire
How did the police even do their work back in the days before smart phones? Talk about a complex of entitlement vs doing hard work.
I as a citizen at this point I could care less if that phone contained codes to disarm a nuclear bomb. I choose civil rights over government entitlement.
I so want the government to storm into apple like they say. Let's make this a presidential issue. This has totally blown up in the democrats faces. They better switch sides or there is no way Hillery is going to get elected which before now I would have said was guaranteed.
I suspect all companies in the future will implement combinations of keys that can't be compromised though any one countries government.
OK - so OLD phones will be subject to this problem but new phones need a new signature from now on.
Funny, all those rights didn't stop the government from rounding up the American citizens of Japanese ancestry into concentration camps.
Rights is what government lets you have when it's convenient. They all go into the trash the moment they become a hindrance.
Before you start talking about how the citizen soldiers or the police force will not stand for such things, most heinous acts in history are easily justify by a singular excuse of "just following orders."
ELOI, ELOI, LAMA SABACHTHANI!?
No matter who makes those changes, the problem is the same... If Apple makes it and just lets the FBI use it, then the FBI will just keep on asking in the future whenever they need their help, and Apple keeping it around means that there will exist a possibility that it might get misappropriated from Apple. By expecting Apple to cooperate with the FBI, the government is basically telling Apple to play Russian roulette with its own IP. What sane person would voluntarily pull a trigger of a loaded gun that was pointed at their own head, even if they knew that most of the chambers were empty?
File under 'M' for 'Manic ranting'
I remember seeing movies about life in Germany under Hitler. Whether accurate or not, random people were walking on the street and officers would mutter that command to people, and if they didn't have what was wanted - bang! You might disappear. It strikes me that where we're going in the US (land of the free!) is this direction. The government HAS to be able to see ALL of your papers - only they are now electronic records. And there CANNOT be anywhere that you can put things that the government shouldn't be able to get in. I wonder how we justify being able to take a walk of two people in the woods, without the government being able to "know", upon warrant, what was said? Should we also have microphones recording at all times so that *everything* is discoverable? And what about the government that starts bending the rules of court-issued warrants, to Hoovering up of ALL records on the phone, or the internet? "It's all for your protection, and for the children....".
I keep hearing people claim that there is a debate, but that is complete bullshit. The Feds are making demands, and people keep providing the same reasons over and over on why the Feds demands are wrong. There is no debate because the authoritarians in power don't care about right and wrong, or rights beyond their own. (They have them, you don't.)
I personally have no trust that if this went to the Supreme Court there would be a favorable outcome. Remember, Corporations are people, and the Feds can re-distribute _YOUR_ wealth however they see fit.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Trump assured us, in a recent debate, that if he gave unconstitutional order to the military, they would obey him.
I don't know if he's right, but it's clear that he, and the significant portion of Americans who are blindly following him, think he's right.
I'm a life-long Republican, but if push comes to shove, I'll vote for whoever wins the Democratic nomination to keep Trump out of office. I think he really is that bad.
Could apple contract with a foreign person, outside the jurisdiction of any U.S. Court, to do all the key signing that apple currently does? The sub-contractor would work according to a contractually specified algorithm, that basically says to signs what apple wants it to sign, but refuses to sign anything coerced. The sub-contractor would store the signing key outside the jurisdiction of any US court. If this scheme is ruled illegal and apple is pushed to the wall, apple could move all of itself offshore, and the Justice department could take responsibility for the resulting job loss.
It is amazing to even try to conceive that the ham-handed FBI, with politically appointed leaders (aka morons who have no idea about building hardware/software and who are trained and incentivized to kick doors down, not pick locks) would be remotely qualified to even understand the ramifications of creating/modifying source code, signing it, and pushing it to carefully designed hardware. Much less qualified to execute on that task with a few government programmers, when it took an organization of 100s of people years to develop what is now the iPhone hardware+software encryption infrastructure.
Just for your reference, the reason the encryption keys are so important / secret is that:
-- All recent (>4 year) Apple hardware has built-in encryption-dedicated processing hardware
-- This hardware has firmware burned-in with Apple public encryption keys that validate that any code has come directly from Apple without modification, on startup
-- This key validation structure is designed to ensure that only code signed by Apple's private key can run on the phone
-- Every iPhone has the same public keys burned on it, because that's how public keys work.
So if Apple is forced to give its private keys to the FBI (assuming the remote likelihood they even knew what to do with it), the FBI would have the ability to encrypt and sign software for any of these iPhones. The idea (legal argument-wise or technically) that "this is about one phone" is laughable.
Forcing someone to disclose encryption keys would be a huge violation of the First Amendment. If there is anything that qualifies as speech and knowledge, it is an encryption key / secret. Then on top of this, there is the question of whether the people at Apple who are in charge of the encryption keys (yes, individuals) would even voluntarily turn it over if given such a blatantly unconstitutional order.
I'm sure that even people within the FBI laugh at the notion that they could develop such code without fucking it up, deploy it, and maintain the secrecy of the keys and source code from outsiders.
And final note by the way, this legal filing was written so poorly as to be a joke. It reads like a summer intern wrote the brief after being dictated it by the paralegal to the Assistant US Attorney dashing out of a meeting.
That would constitute contempt of court - which is a bad idea.
That didn't stop Microsoft. When the court told Microsoft to remove Internet Explorer from Windows, they did so by leaving Windows in a broken state. The judge was astonished by this response. Microsoft was arguing that Windows and IE were one and the same, and presented the logical conclusion of removing IE. Many years of court litigation later, Microsoft eventually complied. By then, it was a moot decision as the marketplace had moved on to leave Microsoft in the dust.
Those TSA-approved locks were already useless against someone with a $40 set of linesman's pliers, but your point still stands.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Fucking coward.
Remember that pesky clause at the end of the 5th ammendment? "... nor shall private property be taken for public use, without just compensation." According to the stock market today, "just compensation" for Apple's IP is somewhere in the $600 Billion range.
" that they all knew was used to handle classified data "
Yup, right ;)
" You're a paid Hillary! shill "
Hah!
If the State is comfortable issuing a court order to force apple to write code it doesn't want to write and stealing the code it has written. Then why are we wasting so nearly 1.5 trillion in tax payer money on Lockheed Martin. The DOJ could just write a court order that they have to build the F-35 and save us a butt load.
What surprises me from John Oliver's take on this is that Lindsay Graham said we need to step back. Even he now knows that it's not a workable strategy for the government to get access to the phones.
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
Would this work?
http://getthemonourside.blogsp...
Science & open-source build trust from peer review. Learn systems you can trust.
According to Edward Snowden, the feds have the capability to get into the phone already. I'm not surprised by this at all, it's so obviously a power grab to set precedent and feed the backdoor to local police so they can start sending drug dealers to jail even more frequently. This is a really scary story, has anyone ever seen anything like this? They're basically breaking down the door and demanding compliance. Fuck everything about this.
640k ought to be enough for anyone.
Another lifelong Republican here, and what I'm hoping is that in burning down the old house we will get some new parties out of this. Can we hope for a Science And Technology Party being one of them?
"We do. It's the amendment two over [wikipedia.org] from the right to bear arms"
In addition, forcing Apple to do work for the government against its will is a Thirteenth Amendment violation. We haven't had one of those for some time.
Refuse to pursue clear, obvious mishandling of State secrets by its own SecState. Ignore the use the IRS to attack political opponents. And now threaten to seize assets of a company that has done nothing wrong. Absolute fascism on display. 2017 cannot come soon enough - and as long as it's not Hillary, I don't care - Bernie or Trump would be fine. Anyone to tear down the fascist bureaucratic facade that is the Federal Government today.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Much of the military will be on the citizen's side, but law enforcement has been operating in full-on "us vs them" mode against the citizenry for decades now. They're completely comfortable kicking in their fellow Americans' doors and shooting them in the street.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
So the government really is trying to take our guns.... :-D
Check out my sci-fi/humor trilogy at PatriotsBooks.
When you give us the voting machine source.
It is not hard to predict. One thing is that Apple is wrong about this reading to a police-state. The US already is one, just in the earlier stages: The police gets most of the laws and equipment they want, without any real balancing with civil rights. When policemen rape or murder someone, they have an excellent chance to get away with it, while penalties for citizens are grossly inflated. And if you listen to Trump, you can already hear the first indicators of the fascism that invariably follows a police-state eventually.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Wouldn't it be faster if they just outlawed business, innovation, science and technology, religion, commerce and probably fire too? They could put out incentive programs to thugs, the mentally retarded and people seen swinging from trees going after low hanging fruit too.
That guy has threatened to arrest "rascal" Apple CEO, if it comes up.
So, would sheriff Judd hesitate to arrest Cook himself?
From my understanding, it is not THIS particular phone that is important at all, what IS important is the FBI setting a precedent to use for all future, similar cases. They care not a whit what is on this phone, they care about setting themselves up to access anyones phone at any time based on the rulings they hope they get.
right - this isn't just police tactics; its mafia tactics.
how nice - the fbi is now at the same level as tony soprano.
home of the free, land of the brave. yeah, maybe a long time ago, but not anymore ;(
--
"It is now safe to switch off your computer."
Here is the thing.
As a fellow Oregonian, those Federal Lands are already shared lands. I have access to them, because they're Federally owned. The idea of taking those lands and giving them to "the county" to sell off to private parties, well guess what? I would no longer have access to those lands.
The only reason Oregonians didn't take up arms and join militias and go take back our shared lands, is that the FBI wanted to get them out their own (very slow) way.
We may be liberal, we may oppose many wars, but don't think Oregonians are unwilling to take up arms and defend the United States of America.
I just checked the political news, and I wouldn't be at all surprised if there is a Civil War II in my lifetime. We're here, we're ready, and we support the Constitution. The real one with words, not the imaginary one that says "no hippies, mmmmmkay"
This is so down the thread no one's going to read it, but here's my $0.02.
The US only has one good thing going right now for them: the IT and Technology sector. It has no manufacturing (that's all down in China now), and besides Google, Apple is the only big one in the game.
If the FBI forces Apple to give out their source code, this is how is see it playing out:
- Not only the US but the rest of the world loses confidence in Apple products.
- Apple stock drops like a sack of potatoes.
- Apple is forced to downsize: massive layoffs
- Poor sales of Apple products make having the source for iOS irrelevant (no one is using them) and the FBI ends up with its finger up its ass anyway.
Sure... but there already *is* a law for copyright. The question then becomes does a judge have the authority to knowingly allow someone to break an existing law without legal consequence for that violation? I'm pretty sure the answer is no.
File under 'M' for 'Manic ranting'
the FBI ends up with its finger up its ass anyway.
The FBI has had their finger up their ass since the day they were created. Hoover had a bit of a secret life.
-- Will program for bandwidth
Maybe we could build a government for the people and by the people? Nah! Never happen.
The purpose of those locks isn't really to prevent someone from stealing from your luggage. It's so they can't do it without you realizing it. They don't even need pliers, just cut through the fabric with a knife. But again, the point is I will KNOW that someone got into my bag, and be able to hold the airline (or whoever) responsible.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
This argument has been suggested, but it presupposes an expansion of eminent domain to human labor. This has not happened yet, even with the current SCOTUS.
Those TSA-approved locks were already useless against someone with a $40 set of linesman's pliers, but your point still stands.
I'm very curious how, like a key, using nothing but your linemans pliers you can remove the lock, rummage through and replace items in the luggage, and then put the lock back on leaving no trace of break-in what so ever.
Specifically that last part. It never worked for me with bolt cutters or torches.
Could you detail your methods for me please?
>>>move the source code and the signing key to Germany
Not to Germany. Rather putting the source into encrypted file system spread across multiple independent countries. (RAIJ, Redundant Array of Independent Jurisdictions). You can have the file system fragments here in the United States, the German, Irish, Chinese, Brazilian, . . . are of course not covered and need to be addressed in each country.
Interesting. We have something you don't like coming from a sitting democrat administration and you somehow are insistent that it is the republican's fault.
Look, you compare gun control and encryption control again and I'm going to shoot you right in the heart with the AES-256 algorithm. Then I'm going to hide the evidence in a gun. The perfect crime.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
You seem to misunderstand the idea of "sovereign immunity". The government can only be sued if the government allows itself to be sued. The government is unlikely to allow itself to be sued for copyright infringement in such a case. IANAL, but I'd be surprised if the government allowed itself to be sued for such things - in particular, stuff that the government doesn't actually do (the damage in case of a leak is from a lot of individual criminals, even if it was only made possible by government malfeasance).
You don't have a Constitutional right to a copyright. Congress has Constitutional authority to create such laws, which means that almost all the specifics are statute and case law rather than Constitutional law. I don't know the copyright law in detail, and I don't know what other limitations on liability there may be in other Federal statutes.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Remeber one of the major rules of security: If you have physical access to the machine, you have access to the data. If the machine can decrypt the data, then whomever has the machine can decrypt the data.
If the FBI is even remotely intelligent, the first thing they did upon seizing the phone was crack that sucker open and disconnect the battery to prevent any data self-destruct or remote wipe mechanisms from functioning. To consider the case where the FBI wants to brute force it like they have been claiming, there are probably a few different ways of getting at the data. The first thing you would want to do is get a byte-for-byte copy of the flash contents. This can probably be done via JTAG, but if it can't or it is considered too risky to try, the flash chips can be unsoldered from the board and sent read commands directly via a dev board. It is not like such hardware is hard to get or restricted in any way. Once the data from the flash chips is backed up, you can brute force without risk of losing something useful. Does anyone know of any reason this wouldn't work?
This means that all the instructions required to boot and decrypt the data are now available to be dissected offline, since the phone couldn't decrypt the data without those instructions. All that is missing is whatever the secret is that is used to encrypt the user data.
One exception to the "immediately unplug the battery" rule might involve putting the phone in some sort of ICE mode via JTAG without rebooting it so as to get a RAM dump of the running system. If Apple were sloppy, they might have left a copy of the secret in plantext somewhere in memory. I don't know if it is possible to inject instructions into an iPhone via JTAG that would allow this without rebooting the phone, but I'm sure that could be figured out on a test device first. Maybe "immediately remove the battery" should be replaced by "immediately put the phone in a Faraday cage with a charger."
In any case, what is most distressing about all of this is that both Apple and the FBI are clearly using this situation and the courts to get press that is favorable to their agendas. Apple wants everyone to think they are super pro-security, anti-government power, and the FBI wants everyone to think that they can't decrypt an iPhone without a backdoor. This is all just theater.
The only argument you could make would be that the price the government paid was below market value. If that was true, those ranchers could sue for the difference. They don't file that suit, because it isn't true, and there is no Constitutional problem at all.
These are not lands that were recently taken, either, BTW. Or even lands that were ever taken. Most of Oregon is public land, and most of it was Federal land before Oregon became a State. These wannabe cowpokes don't even know the history of the land they want to steal.
These lands are heavily used. For example the ranchers who started the arson fire caused people recreating on that land to have to flee for their lives. These idiots live next door and just see a bunch of trees and hippies, no people. Right?