Slashdot Mirror
FBI Delays Case Against Apple; May Have Way To Break Phone (threatpost.com)
msm1267 writes: The FBI has delayed its case against Apple less than a day before a scheduled court hearing and showdown over its demands that Apple help unlock a terrorist's iPhone. The government late Monday afternoon filed a motion to vacate its case, putting a halt to a saga that began in mid-February when a federal magistrate ordered Apple to help the FBI access a phone belonging to one of the shooters involved in last December's attack that killed 14 in San Bernardino, Calif.
The motion also indicates that the FBI may have found a way onto the phone without Apple's help. "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [shooter Syed] Farook's iPhone," the motion says. "Testing is required to determine whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. ("Apple") set forth in the All Writs Act Order in this case." Update 3/22/16 at 01:05:00 GMT: The story was updated to reflect the correct information that the case was delayed, not dropped. A federal judge agreed to postpone the oral arguments between Apple and the U.S. government.
The motion also indicates that the FBI may have found a way onto the phone without Apple's help. "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [shooter Syed] Farook's iPhone," the motion says. "Testing is required to determine whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. ("Apple") set forth in the All Writs Act Order in this case." Update 3/22/16 at 01:05:00 GMT: The story was updated to reflect the correct information that the case was delayed, not dropped. A federal judge agreed to postpone the oral arguments between Apple and the U.S. government.
See, life always finds a way :)
I meant hacking! HACKING!
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
" it should eliminate the need for the assistance from Apple Inc. "
Until Apple fixes this exploit in the next release...
Sounds like the FBI will be busy unlocking phones for hundreds of LE agencies now. Way to turn the burden around. In the meantime, the FBI posts "Now hiring for iPhone repair positions".
The US Government knows that Apple has made encryption a cornerstone of their product strategy in order to protect their international sales in our post-Snowden era (in other words, to protect the world from the US Government). What better way to hit back at Apple for their lack of cooperation than to strike at the heart of Apple's strategy.
So who is this outside party? Who's going to be the first to file an FOIA request?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
what he didn't already have.
I certainly don't think that any information about this phone (or some new approach to getting info off it) is what prompted the change here. Giving up at this stage means one of two things:
1. They flinched. They thought they'd lose, either in court or in public opinion - so they kicked the can down the road.
2. They've already won; they know that legislation is about to become more favorable for them, and they'll have the tools they want without needing a precedent here.
3. They've already lost; they know that there will soon be enough robust/secure devices in the wild that having leverage over companies like Apple won't actually help them (because the Apple's of the world may not be able to break their own devices)
We'll find out which it is over the next few years.
Let's not stir that bag of worms...
During Tim Cook's presentation today, I couldn't help thinking that they were pushing CareKit to make people start to consider how much information about their health would be on these devices, and who else could potentially have access to it. I could simply be overthinking it, but it very well could have been that he was trying to win over more people to Apple's side of the argument.
If you post as Anonymous Coward, don't expect a reply.
Translation: Next time the FBI sues someone to force them to break encryption it will be someone that can't fight back, and they will get their precedence then.
The last salvo from Apple's lawyers was fairly devastating to the DOJ's case: It pointed out errors of law, errors of logic, technical mistakes and omissions, and general arrogance. The DOJ knew lat week that they were getting shot down, so they'd rather not have that happen in court where it could affect their future error-and-arrogance-filled filings.
Last week someone pointed out that Apple has far better lawyers than the DOJ. True. Tragic, sad, demoralizing as an American, but obviously true.
I think not...(*poof*)
So the government is dropping the case because some third party might have a way to break into the phone? Might have a way? So they haven't even verified that it works before dropping the case? Why not let the case proceed and if they come to find out later that the 3rd party method works then drop the case?
Surely it can't be to save taxpayer money. That has never been a criteria for any branch of government when it comes to prosecution (errr...persecution). Maybe the FBI had a way to break into the phone all along and this was just a shakedown of Apple.
Are we really to believe that some mysterious "3rd party" just suddenly appears a day before the case is to go to court? I call BS on this whole thing.
My guess: "shit we aren't winning in public. How do we retract this without saving face."
The FBI didn't drop the case. They asked for and got a continuance until April 5th.
1. "The government actually had this capability all along; they just wanted the precedent."
No...just, no. Facts not in evidence. Also makes no sense, because if "the government" had the capability, and was able to use it in secret, the whole discussion is moot.
No, because having the precedent would make the FBI's access into secure devices much easier in the future.
2. "But they need the precedent so they can force companies to weaken/break products that they really can't break in the future."
Again, no. As I can't guarantee the sun won't explode tomorrow, I similarly can't "guarantee" anything with regard to precedent, but it does not follow at all that any government victory in this narrow case somehow translates into the government being able to "force" vendors to do any such thing.
Why not? If the government can force Apple to write a whole new operating system so that it can break iPhone security, then what else could they force vendors to do?
3. "The government was afraid it was going to lose, so it had to slink back into the corner with its tail between its legs."
No. If the government did lose on this specific case, it would change nothing, because the phone would still be locked, and the questions still need to be answered.
Uh, if the government lost, then there would be concrete case law on the books that the All Writs Act isn't a "give us whatever we want" card.
4. Further, you couldn't really ask for a better case to use if all they were really going for was "precedent": an older, breakable phone made by a US company, used in an international terrorist attack on US soil, owned by a US county government agency, which has given full permission to search the device. So it's not like "the government" is now going to "wait for a better case".
Quite possibly. This case was pretty strong, in that a lot of people were supporting Team FBI.
5. If the government does drop the request, people get exactly what they wanted: the status quo.
But all of these questions still need answers:
Yep. I just hope the answer isn't going to be making National Security Letters the new standard MO.
You don't have to break the encryption if you can subvert the code that counts the number of attempts, that could easily be done by altering one of the cpu instructions in the silicon or disabling it.. basically a brute force attack on the silicon. Another way would be to replace the CPU with a custom emulator of the CPU which could step around the sequence for destruction.. or simpler.. multiply the number of times by an arbitrarily chosen "factor".. or reset it to zero after each attempt.
FBI drops its case on the same day that both OS X and IOS have updates rolled out...
Please oh please let there be a news release stating that the FBI went to John McAfee to unlock it...
This is not how good lawyers work, you throw as much as you possibly can at the wall and see what sticks.
There is no reason for the FBI to vacate unless they are 100% sure they can get into this phone. I mean wasn't this case important?
Here is what really happened. Apple's response to the FBI's "all writs" order posed a constitutional challenge to their BS. The FBI simply didn't want to get laughed out of court or worse have this make it all the way to the Supreme Court and be told that they were abusing the law.
Is there a way Apple can continue this ex-parte and set a precedent to stop this from being abused in the future? It would be of great benefit to all-tech-kind.
Oh wait, late breaking news. The case is not dropped, the FBI asked for a continuance until April so they can get some better lawyers and threaten Apple behind the scenes with National Security Letters.
So now we have an interesting play going on.
If the FBI hacks the phone, Apple loses the security high ground.
If the Apple hacks the phone, Apple loses the security high ground.
This is a lose/lose for Apple, because even if the FBI doesn't hack they phone they will say they did just to spite Tim Cook and his keynote speech today.
I see what you did there FBI, nice move, but be careful, your next move is critically important to winning the game and you can still lose.
. . . some brilliant agent finally thought to try 123456 on the pass code screen.
Sure, anything is hackable, give the time. The point is that they are trying to make a secure box and they are standing up for our privacy. I don't think it is just marketing in this case. Apple's CEO is gay, and I think he, more than anyone realizes the implication of leaked private data. This is how governments own you, both foreign and domestic. These really nice guys swoop up all your breadcrumbs and look for anything that could be misconstrued or taken out of context, then threaten you with it.
Let's take a look at EmoWindt's phone and see what we can find.
That doesn't feel good does it?
Knowing that your location data, texts, calls, browser history, apps, music collection, notes, could be made public.
That is what Crapple is fighting against, and I hope they win. I don't want to live in Orwell's 1984.
...the local law enforcement guy who accidentally turned on the passcode after they found the phone found the Post-It note with the new code.
Translation: They figured out they have a non trivial chance of losing this case so they 'discovered' this new alleged hack that they doubtless had all along.
The government used to do this in gun rights cases all the time--fold when they were gonna lose, which is why it took so long to finally get to the Supreme Court where, guess what? They lost. Just like they'll lose this one.
Next step: have the FBI manufacture a 'terrorist' to arrest who used strong encryption (provided by the FBI) so as to have an even more sympathetic case.
It is cancelled: https://twitter.com/BrendanSas...
Move along, no sig to see here.
ROT13 is best. Higher numbers mean higher encryption. Everyone knows that.
It might be a little late to short some Apple.
They already have all the useful information. Or Apple Backups? Anything typed into a phone is replicated many times....
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
Anything is breakable with enough time & money. This is all about making the cost higher to break an iPhone.
It's not cancelled. They got a continuance. Kind of different.
Apple's concern about "security" is just a marketing ploy and posturing - that's it.
So they're ~just refusing to crack their own product for the US goverment because it's good for their business~?
No Karma Bonus Post Anonymously
GOOD!
If it's the right BUSINESS decision, they'll KEEP doing it. I trust that a LOT more than if they're doing it because it's the moral thing to do. Morals last until the stockholders replace the C-suite with fresh, intelligent, psychopaths from the big-name business schools. The profit motive lasts as long as the officers in charge are smart enough to see which side of the bread has the butter.
In this case the Apple execs judged that the situation was SO lopsided that it was worth risking the company and their own personal freedom to FIGHT THE US GOVERNMENT HEAD-ON rather than cooperate.
With the public show over that decision, it should last at least until they have deployed code they couldn't crack if they wanted to. Further, they now have the incentive to write that code, before the government gets a judge that will move against Apple and make the issue moot in the other direction, or the world market deserts them in droves and it becomes apparent that even Apple is not "too big to fail".
If the FBI or anyone else really wants to get in, they'll get in.
Being crackable by nation-state level outside attackers is only Apple's problem to the extent that, if true, it's another incentive to work on the future code to make it still more robust.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If the government can force Apple to write a whole new operating system
Its not a new OS, just a small code change. What Apple has that FBI lacks is the digital signature needed to install the modified firmware.
At least the FBI is not demanding that, though few would be surprised if the NSA already has it.
*Insert Standard Code Rant*
Unless you've actually SEEN the code, SHUT THE FUCK UP. You're not qualified to gauge how large or small such a change is. Nor how much effort it will take to alter/implement it.
Chas - The one, the only.
THANK GOD!!!
Oh come on. It's not that hard to alter a counter so it doesn't increase.
Unfortunately, everything I've seen on that says the government is immune to these kinds of lawsuits. There's no way for Apple (or any other private citizen/company) to force a decision. The gov't gets to pick its favorite case.
It's not that simple, they'll have to sign the binary. *Sarcasm*
Yeah, but ROT-13 sucks for I18N and true geniuses use double ROT-13.
Please see parent post for my answer.
Chas - The one, the only.
THANK GOD!!!
Yep. I just hope the answer isn't going to be making National Security Letters the new standard MO.
An NSL wouldn't help the FBI in a case like this. NSLs can only compel metadata in the company's possession. Apple doesn't possess the data on Farook's device, and so can't be ordered to extract and deliver the metadata.
Actually, it was Apple who qualified the changes. They claim it would take a handful of engineers spending four to six weeks, or something thereabouts. So, I guess for Apple that's relatively "minor". For a one-programmer shop like mine, that's fairly significant. Depends on your perspective, I guess.
My feeling is that the FBI saw that their chances in court were not looking great, so decided to accept the outside offers (NSA?) for cracking the phone that had in fact been available to them all this time. The excuse that they no longer need to crack the phone also allows them to back down without losing face.
Irony: Agile development has too much intertia to be abandoned now.
Next step: have the FBI manufacture a 'terrorist' to arrest who used strong encryption (provided by the FBI) so as to have an even more sympathetic case.
They tried this already. It was called "Fast and Furious" and the only reason why no one was indicted when it was discovered was that everyone involved were Democrats.
I shouldn't need to point out the obvious answer that everyone seems to avoid. If the FBI succeeds in this action they have precedent that they can force private companies and people to develop devices/software/whatever under threat of imprisonment for contempt of court (absolutely no appeals and you can be imprisoned until you cooperate up to life in prison). This would make the all writs act a law of incredible power allowing the FBI to impress into service any person or company with the ability to do something it needs for the investigation. Apple in this action is at best a third party, they developed and had manufactured the phone but they are neither the owner nor do they have access or the software to do what the FBI asks. The FBI is asking for them to be compelled to do work for the FBI under threat of imprisonment or divulging their most precious assets (a public release of which could decimate their company revenue).
With the precedent of this case, If you had the skill to do something the FBI needed for an investigation they could simply compel you to do so under the all writs act and if they refuse you could go to jail until you comply. This is ALL kinds of scary and 99% of the articles and comments I read about it focus on the insignificant details of this individual complaint and not the precedent it sets.
And the standard code rant says that until one knows what they're actually talking about, they don't actually have an opinion in the matter.
Chas - The one, the only.
THANK GOD!!!
I don't want to live in Orwell's 1984.
Not to worry. We're cutting straight to Golding's "Lord of the Flies".
“He’s not deformed, he’s just drunk!”
...write a whole new operating system...
Patch existing operating system.
Do you realize, that backdoor is, in fact, ALREADY THERE, right?
What government demanded was access to an EXISTING backdoor, conveniently left there by Apple.
Lies. FBI never demanded the keys, on the opposite, the whole "do it at your own headquarters, Apple" suggestion was so that FBI does not touch not only the keys (why would one need them anyway??? +5 interesting, pathetic) but that FBI doesn't touch even binaries for THAT SINGLE IPHONE.
My guess is that the DOJ wanted the precedent - this is the Alinsky way, "never let a crisis go to waste". They thought that if people had the specter of a new terrorist attack hanging over their head's they'd be more malleable. Then they could use it for all sorts of purposes like tax evasion - as Obama clearly stated he wanted to do.
Turns out they were wrong, and the public and the industry didn't go along as easily as they'd hoped. Rather than suffer a judicial defeat which may be counterproductive to their aims, they just "find" an alternative at the 11th hour and move on.
Tax evasion? Start with Apple...
No sig today...
NO, next step is to find a whole load of "evidence" on the phone that could have prevented something or other.
"See, this is what Apple's delay has cost us!"
No sig today...
"FBI gonna get spanked in court, backs off temporarily..."
That's true, but if they call him and his wife "terrorists", due process and the constitution can be ignored and they can play the "You don't want to support the terrorists, do you?" card....
"This is a lose/lose for Apple, because even if the FBI doesn't hack they phone they will say they did just to spite Tim Cook and his keynote speech today." And who seriously believes ANYTHING the FBI or NSA says any more aside from the Flavor-Aid drinkers?
Sounds like a modern version of the Quartering Acts:
https://en.wikipedia.org/wiki/...
"I DARE you to make less sense!"
In light of the Brussels attacks, the conspiracy theorist in me is wondering how long until they crack the phone and find "evidence' that he had used the phone to talk to the Brussels terrorists? "If only Apple had just caved in and done everything we told them to do from the start, lives could have been saved!"
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
They tried this already. It was called "Fast and Furious" and the only reason why no one was indicted when it was discovered was that everyone involved were Democrats.
So Bush was a democrat? It seems the entire project was started under the DOJ in 2006 as project Gunrunner, of which "Fast and Furious" was a new phase taken by Burke, a new Obama appointee. And apparently there were indictments, just not who you wanted. Burke was forced to resign.
The cesspool just got a check and balance.
Really? That program was started under the Bush administration.
Which is why Apple should oppose a motion to dismiss. It's "go big" but the only other option is "go home".
Apple can afford the fight but it cannot afford not to fight. Anything less than "dismissed with prejudice" is a loss, legall.
At least their PR might have been bolstered. I hate to say it, but if the iPhone 7 rejects unapproved signed firmware, I might actually buy one of the damn things.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Occam's razer is only applicable if you have all of the available information.
My eyes reflect the stars and a smile lights up my face.
At least their PR might have been bolstered. I hate to say it, but if the iPhone 7 rejects unapproved signed firmware, I might actually buy one of the damn things.
I thought that this (or something equivalent to it) was already in place, when the reports announced that this intrusion method would not work on a 5S or later iPhone.
Translation: They figured out they have a non trivial chance of losing this case so they 'discovered' this new alleged hack that they doubtless had all along.
I'd bet dollars to donuts (which phrase is about to become obsolete) that they're planning a smudge attack, which could only take ~7 tries...
I think to be fair it's still a very minor change. A massive chunk of that time would be planning, design and testing - something you'd do in a couple of hours.
The code change is trivial, making sure it doesn't have ramifications that wipe the phone anyway aren't.
From what I've read recently, many of the European terrorists don't bother with encryption and just use burner phones. It makes you much harder to trace when your phone is essentially one-use -- its like using a one-time pad for perfect encryption.
I hardly think that someone would spend the money for an iPhone only to use it handful of times, and it seems like a poor idea to talk about illegal acts on a phone that you have a long-term relationship with. It's not just you taking chances with your own phone, either -- it's the chance that the people you're talking to get picked up, which leads the authorities back to you because they have your regular number. Better to use burners all around.
I'm pretty sure that all the FBI will find on the phone are call logs of him calling home, and cat pictures. (though the conspiracy theorist inside me says that they may announce that they found much more, I really think that's all they will actually find.)
I scrolled through most comments on here and it seems no one picked up on one thing that makes this harder to believe. These are government employees. Underpaid, in crappy cubes, and prob not the best of the best... and they were working on a Sunday? Really? So a researcher/hacker/whatever is working on this late into Sat, plausible, and then on a Sunday calls or goes to his/her local FBI office? Come on. "Security" "Yes, this is -REDACTED-" "This building is closed on Sundays, please come back tomorrow." "But I have pwn3d a iphone!" "Congrats. Come back Monday." "But this is HUUUUGE." "OK Donald Trump, come back Monday." "But this will help their case against the dead guy who's phone they can't unlock" **BZZZZZZZ* "Come on in, I'll call in our tech squad."
Translation: They figured out they have a non trivial chance of losing this case so they 'discovered' this new alleged hack that they doubtless had all along.
You are not nearly cynical enough. Let me translate for you... They figured out they have a strong possibility of losing this case so they "discover" a hack that they announce they have. This causes Apples "security" value to plummet (Now everyone knows an iPhone is hackable - the US government said it is). There will be some back channel negotiations, they will come out and say - no it is completely secure, we couldn't get into the phone. Apple will quietly hack the phone and give the FBI the information that it wants
I have mod points and I am not afraid to use them
My feeling is that the FBI saw that their chances in court were not looking great, so decided to accept the outside offers (NSA?) for cracking the phone that had in fact been available to them all this time. The excuse that they no longer need to crack the phone also allows them to back down without losing face.
You are exactly right. Nothing else makes sense. And, the Gummint is notorious for last-second things like this.
My guess is that the DOJ wanted the precedent - this is the Alinsky way, "never let a crisis go to waste". They thought that if people had the specter of a new terrorist attack hanging over their head's they'd be more malleable. Then they could use it for all sorts of purposes like tax evasion - as Obama clearly stated he wanted to do.
Turns out they were wrong, and the public and the industry didn't go along as easily as they'd hoped. Rather than suffer a judicial defeat which may be counterproductive to their aims, they just "find" an alternative at the 11th hour and move on.
You are exactly correct.
NO, next step is to find a whole load of "evidence" on the phone that could have prevented something or other.
"See, this is what Apple's delay has cost us!"
You mean like the Belgium bombings today?
And yes, I do believe the FBI would go that far to manufacture a point.
The flash memory isn't the issue. That's encrypted with AES-256, and is useless without the key. The decryption has to be done by a piece of hardware that can wipe the number the key is based on.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
You're right that those bombers tend to use burner phones and unencrypted messaging (the Paris bombers used plain-text SMS). Still, that didn't stop some politicians from trying to claim that they could have stopped these attacks if only they had encryption back doors. Complete garbage, but many politicians can never pass up the chance to turn a tragedy into more power for themselves by tapping into people's fears.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
The tax avoidance Apple uses is the same one as every other corporation, and it is perfectly legal. If you have a problem with it, vote in a VAT, and it might fix the cause.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?