Slashdot Mirror
DOJ Threatens To Seize iOS Source Code (idownloadblog.com)
An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter's iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state." Footnote Nine of DoJ's filing reads:
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.
What's to stop Apple immediately releasing an update which 1. installs new keys, and 2. revokes the keys in possession of the FBI? i.e. before the FBI has enough time to modify and release their own version?
"Install this update NOW before law enforcement gets access to your phone?"
Or am I missing something?
If that's a feasible option, they're probably working on it right now.
They sentenced me to twenty years of boredom
It shouldn't be the FBI's job to lobby for or against policies with such wide political implications. It's conflict of interest, and outside of their role as part of the Executive Branch. They are to carry out of the orders of the other branches and formal political process, NOT to make or pressure policy.
They can state their preference on political issues as they relate to crime fighting and prevention, but to aggressively push for a stance or policy is another thing.
Table-ized A.I.
... then isn't the derivative work that they make copyright infringement?
File under 'M' for 'Manic ranting'
You know that "oppressive government" people are always talking about?
Here's the baby pictures kids!
Chas - The one, the only.
THANK GOD!!!
In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state."
Of course it could lead to a police state. That's what this is all about, abuse of spying capabilities.
We just found out this week that your giant US-to-foreign email conversations database the NSA shares with you allows warrantless reading of the to: and other fields, not only without a warrant, but without even any tracking and logging .
This is the core of the Constitutional issues the Constitution is supposed to prevent -- people in power having the ability to spy on political opponents, using government powers.
What is to stop, or even notice, a rogue agent working for a politician spying on opponents on their behalf? Nothing, and not even a secret court nor the elected congressmen who are on a national security committee, and are nominally supposed to make sure it isn't abused, can even detect the abuse.
How are we to know this software won't be copied and abused to crack some stolen politician's phone? Of course this assumes you are stuffed looking at who they call, anyway, to feel out their political support networks, the meta info, that itself could be abused, and is warrantless.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I don't think stupid is the right word to describe the situation. Scary seems more fitting in this case.
The decisions made in this case could have immense negative effects in many other areas as well. First they're after Apple's source code repository and signature key and next they'll be serving backdoors or start decrypting computers using Windows Update. That is unarguably a real possibility now.
-SR
Yeah, we really need an amendment for the right to bear iPhones...
Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
> And seriously, who the hell is gonna hack your mobile phone?
I really hope you're never put in charge of anything important.
You know those TSA approved luggage locks? The Washington Post did a story on them, and included pictures of the master keys.
Someone saw this and used the photos to make a functional 3D-printed set of keys. All of those TSA approved locks are useless now.
It is impossible to make a backdoor that only the "good guys" can use. It *will* get leaked, stolen, or cracked.
Can the government compel someone to say something they do not wish to?
As long as code is free speech (Bernstein v. the U.S. Department of State; Brown v. Entertainment Merchants Ass'n). And as long as the ruling of Citizens United v. FEC stands, it seems to me that Apple has a First Amendment right to STFU.
I hope this results in Apple stuffing the EFF war chest to keep that organization going. And the ACLU has made strong statements in support of Apple, but I predict the ACLU won't become involved in the case.
“Common sense is not so common.” — Voltaire
Funny, all those rights didn't stop the government from rounding up the American citizens of Japanese ancestry into concentration camps.
Rights is what government lets you have when it's convenient. They all go into the trash the moment they become a hindrance.
Before you start talking about how the citizen soldiers or the police force will not stand for such things, most heinous acts in history are easily justify by a singular excuse of "just following orders."
ELOI, ELOI, LAMA SABACHTHANI!?
I remember seeing movies about life in Germany under Hitler. Whether accurate or not, random people were walking on the street and officers would mutter that command to people, and if they didn't have what was wanted - bang! You might disappear. It strikes me that where we're going in the US (land of the free!) is this direction. The government HAS to be able to see ALL of your papers - only they are now electronic records. And there CANNOT be anywhere that you can put things that the government shouldn't be able to get in. I wonder how we justify being able to take a walk of two people in the woods, without the government being able to "know", upon warrant, what was said? Should we also have microphones recording at all times so that *everything* is discoverable? And what about the government that starts bending the rules of court-issued warrants, to Hoovering up of ALL records on the phone, or the internet? "It's all for your protection, and for the children....".
I keep hearing people claim that there is a debate, but that is complete bullshit. The Feds are making demands, and people keep providing the same reasons over and over on why the Feds demands are wrong. There is no debate because the authoritarians in power don't care about right and wrong, or rights beyond their own. (They have them, you don't.)
I personally have no trust that if this went to the Supreme Court there would be a favorable outcome. Remember, Corporations are people, and the Feds can re-distribute _YOUR_ wealth however they see fit.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
It is amazing to even try to conceive that the ham-handed FBI, with politically appointed leaders (aka morons who have no idea about building hardware/software and who are trained and incentivized to kick doors down, not pick locks) would be remotely qualified to even understand the ramifications of creating/modifying source code, signing it, and pushing it to carefully designed hardware. Much less qualified to execute on that task with a few government programmers, when it took an organization of 100s of people years to develop what is now the iPhone hardware+software encryption infrastructure.
Just for your reference, the reason the encryption keys are so important / secret is that:
-- All recent (>4 year) Apple hardware has built-in encryption-dedicated processing hardware
-- This hardware has firmware burned-in with Apple public encryption keys that validate that any code has come directly from Apple without modification, on startup
-- This key validation structure is designed to ensure that only code signed by Apple's private key can run on the phone
-- Every iPhone has the same public keys burned on it, because that's how public keys work.
So if Apple is forced to give its private keys to the FBI (assuming the remote likelihood they even knew what to do with it), the FBI would have the ability to encrypt and sign software for any of these iPhones. The idea (legal argument-wise or technically) that "this is about one phone" is laughable.
Forcing someone to disclose encryption keys would be a huge violation of the First Amendment. If there is anything that qualifies as speech and knowledge, it is an encryption key / secret. Then on top of this, there is the question of whether the people at Apple who are in charge of the encryption keys (yes, individuals) would even voluntarily turn it over if given such a blatantly unconstitutional order.
I'm sure that even people within the FBI laugh at the notion that they could develop such code without fucking it up, deploy it, and maintain the secrecy of the keys and source code from outsiders.
And final note by the way, this legal filing was written so poorly as to be a joke. It reads like a summer intern wrote the brief after being dictated it by the paralegal to the Assistant US Attorney dashing out of a meeting.
That would constitute contempt of court - which is a bad idea.
That didn't stop Microsoft. When the court told Microsoft to remove Internet Explorer from Windows, they did so by leaving Windows in a broken state. The judge was astonished by this response. Microsoft was arguing that Windows and IE were one and the same, and presented the logical conclusion of removing IE. Many years of court litigation later, Microsoft eventually complied. By then, it was a moot decision as the marketplace had moved on to leave Microsoft in the dust.
What surprises me from John Oliver's take on this is that Lindsay Graham said we need to step back. Even he now knows that it's not a workable strategy for the government to get access to the phones.
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
According to Edward Snowden, the feds have the capability to get into the phone already. I'm not surprised by this at all, it's so obviously a power grab to set precedent and feed the backdoor to local police so they can start sending drug dealers to jail even more frequently. This is a really scary story, has anyone ever seen anything like this? They're basically breaking down the door and demanding compliance. Fuck everything about this.
640k ought to be enough for anyone.
All that is needed for unbreakable communications is a lengthy sequence of random bytes and an XOR operator. Otherwise known as a one-time-pad.
That comes up a lot. and it's usually wrong. Basically, the weak part of encryption isn't the algorithm, it's the chain of trust. If you can successfully exchange one-time-pads, then you can successfully exchange keys and get good encryption. In fact, exchanging keys is easier.
. If the parties are at least marginally smart in picking and using the pad
Nah, there are a number of mistakes you can make with a one-time-pad, and schneier pointed out a few in that link from before.
"First they came for the slanderers and i said nothing."
the FBI ends up with its finger up its ass anyway.
The FBI has had their finger up their ass since the day they were created. Hoover had a bit of a secret life.
-- Will program for bandwidth