Police Unlikely To Win Wider Access To Smartphones Despite FBI Success In San Bernardino Case

An anonymous reader quotes a report from Los Angeles Times: The successful hack of a phone linked to the San Bernardino terror attacks is unlikely to help police win greater access to encrypted data contained inside thousands of smartphones sitting in evidence lockers nationwide, legal experts and law enforcement officials said Tuesday. The process used to gain access to Syed Rizwan Farook's iPhone 5c might not work on other devices, according to an FBI official with knowledge of the investigation. Though the FBI might want to use the new tool to help solve outstanding criminal cases, doing so would also make the process subject to discovery during criminal trials and place the information in the public domain, according to the official, who was not authorized to discuss the case and spoke on the condition of anonymity. "From all the chiefs that I've talked to, we're hopeful this will give us some insight into how we're going to be able to get into some of the phones sitting in all of our evidence rooms," said Terry Cunningham, police chief in Wellesley, Mass., and president of the International Assn. of Chiefs of Police. "We're clearly anxious to learn what they did and how they did it and if it can be replicated."

Unless used in warrantless surveillance

[Thanshin]

Though the FBI might want to use the new tool to help solve outstanding criminal cases, doing so would also make the process subject to discovery during criminal trials

Only if the use is admitted in court. They can use it in warrantless surveillance without a problem.

Re:Unless used in warrantless surveillance

Also, parallel construction is a thing. They snoop into phones / computers / etc, then use that data to create a secondary trail of evidence to the same outcome thus concealing the fact that they snooped without a warrant.

Re:Unless used in warrantless surveillance

[Shadow+IT+Ninja]

Actually, the link you provide specifically says that this method called "Parallel Construction" is illegal in a circumstance where a warrant would have been required for the original evidence. It is always possible that the court will never know that the evidence was tainted but the practice is still illegal. The situation where it is legal is to protect an informant who may be harmed otherwise. Talking to a third person doesn't bring up Fourth or Fifth Amendment issues anyway. The idea of continuing an investigation without ever bringing charges in court, as some have suggested, isn't really discussed in the article. The traditional remedy for Fourth and Fifth Amendment violations is to make the evidence inadmissible in court. If evidence is just used to justify ongoing surveillance without going to the courts, I would argue that it becomes a Sixth Amendment violation.

Re:Unless used in warrantless surveillance

[TWX]

That's the whole point of parallel construction, it's a method to legitimize their actions. Good luck proving it though, and even if you do successfully demonstrate it, good luck proving its extent sufficient to avoid prosecution.

What an insight!

[bickerdyke]

Though the FBI might want to use the new tool to help solve outstanding criminal cases, doing so would also make the process subject to discovery during criminal trials and place the information in the public domain

Yes, if such a tool exists, details on this process eventually will become public.

Which exactly was Apple's point.

All. The. Time.

Re:What an insight!

Apple would have told everyone how they flash their chips internally? They would have provided modified binaries that dont increment the bad password counter? Because that is all that was being asked for.

Re:What an insight!

[shawn2772]

Apple would have told everyone how they flash their chips internally? They would have provided modified binaries that dont increment the bad password counter? Because that is all that was being asked for.

Yes, and yes. Well, Apple wouldn't have done either, but the courts would have done it for them. The right to examine all of the evidence against you implies the right to examine the tools and processes used to gather that evidence. Eventually some court would have ordered the FBI to provide full details to the defense, and it would either come out in the public trial, on the record, or it would have been inadvertently leaked by the defense. Or maybe a copy might have been leaked by an Apple employee for whatever personal reason. Or an FBI employee. Or...

Information is really hard to control.

Re:What an insight!

[TheGratefulNet]

or, there WAS NO HACK and they simply are lying to cover their damned asses.

my guess is that they have no hack and they want us all to think they broke in, so they could abandon a LOSING COURT CASE before the proper precident (one that favors freedom instead of unwarranted authoritarian power-grabs) was set.

the simplest explanation is often the case: they were losing big-time in the court of public opinion and they could not force the richest company IN THE WORLD to do their petty bidding. they knew they'd lose and so they cower with tail between legs, making up a fake 'victory story' which is 100% opposite of the actual truth.

the good guys have switches places, it seems. I wonder if/when we'll get our real good guys back? will that happen in our lifetime?

Re:What an insight!

[tinkerton]

I think partly describes what happened. The FBI was already able to hack the phone before this case, and wasn't even that interested in the content of the phone, but preferred to use it as a precedent to pressure Apple. Now they're backpedalling, but not by lying. Or maybe they're lying even. But they can still hack the phone without apple. Snowden described one technique for hacking the iphone, backing up the memory and overwriting it again and again after x failed password attempts.Can be automated and optimized.

Re:What an insight!

[Sloppy]

Or maybe a copy might have been leaked by an Apple employee for whatever personal reason.

Apple is the party the government wants the exploit to not get leaked to. The entire point of the anonymous official's quotation is that if the FBI ever uses (in court) evidence gained through this exploit, then Apple will be able to fix ..

..uhh..

..their obsolete product from a few years ago. Which nobody cares about, since the entire reason this whole FBI-Apple story exists is because the PC in question had unusually bad security. (This is not an Apple flame, BTW: I think dealing with passphrases on handheld PCs is a fairly hard user interface problem. But nevertheless, it's a problem that goes away once you put the device on a desk, which is why the security is effectively so prehistoric. And the newer-than-5C devices, while they are still deeply flawed (the user is not the device's prime authority -- aha, there is my Apple flame), are also a lot better than the 5C.)

But make no mistake: the effectiveness of the security system that we're talking about, is decades behind what we're otherwise used to. If in 2006 (or 1996) the FBI had asked a hardware manufacturer, "hey, can you crack open these files?" Dell's response would have been to forward them to their supercomputer sales department.

Re:What an insight!

[shawn2772]

But make no mistake: the effectiveness of the security system that we're talking about, is decades behind what we're otherwise used to.

Completely false. Desktop encryption is, in general, far, far inferior to what we have on mobile devices today, because the systems are wide open, which means that the only line of defense is the user's password. Pull the hard drive out, make a copy, and go to town brute forcing it. Done. A small subset of machines these days have a TPM and use it in their encryption, which is better but not hard to fake out. You just have to feed the right sequence of hashes to the device, and it'll do your bidding.

No, mobile devices and mobile OSes are dramatically more secure than desktops and laptops. They use hardware-embedded keys in addition to the user password. When the hardware also enforces brute force rate limiting (as the newer Apple devices do), it's even better.

The one small advantage that machines with full-sized keyboards have is that users are slightly more likely to choose a better password. But only slightly, and hardware performance plus the availability of dirt cheap supercomputing (AWS or GCE) has largely erased that advantage.

Re:What an insight!

[shawn2772]

or, there WAS NO HACK and they simply are lying to cover their damned asses

I was talking about the modified firmware the FBI wanted Appy to create, not about whatever Cellbrite allegedly did or didn't do.

Re:What an insight!

[Sloppy]

the simplest explanation is often the case

If you go by the simplest explanation (and we receive no further information to help us), then you're going to conclude that someone cracked it.

There is significant fraction-of-a-world of people who think Apple's hardware is generally pretty decent (at worst! a lot of people downright like it). But the hardware, for all its perceived virtues, has one big glaring problem: it tries to prevent people from running whatever software that they want to. So there are a fuckton of people who look for bugs, in order to be able to root their own phones and gain control of the machine that they bought. Some of them find the bugs. It has always been so, and that's how it is on this platform too, unless you are saying that you think Apple is the one company in the history of this industry, who has finally managed to produce bug-free consumer products.

You're not saying that, are you?

If not, then the simplest explanation is that someone with physical access to the device managed to gain control of it, since that sort of thing happens all the time anyway, with or without the FBI backing the effort.

they were losing big-time in the court of public opinion and they could not force the richest company IN THE WORLD to do their petty bidding. they knew they'd lose

Believe it or not, you're actually overstating how much the FBI was winning; they were far more doomed and already-defeated than you describe. They've probably won the battle for the iPhone 5c, and they might possibly (it's iffy, but possible) win on some newer handheld/toy PCs. But they have no chance, ever, when it comes to solving the general problem. If users actively try to protect their data then the data will be really encrypted, such that subverting the device doesn't get you the key (or 10k possible keys, where one is really it). And then attackers can go crying or threatening whatever manufacturers they want, and it won't help them a bit.

This time, they couldn't wave their $5 wrench at the user (dead men are hard to intimidate), so they waved it at someone else. (It was either a miracle or technological travesty (pick your PoV) that someone else could actually help them.) Next time, there is no "someone else" unless the user is just as incompetent (or more likely: apathetic) as Farook was.

Re:What an insight!

[Penguinisto]

Perhaps that, instead of some 'mystery hack', they simply figured out how to use the damned controls that the employer (who actually owned the phone) had in place?

Re:What an insight!

[Sloppy]

Pull the hard drive out, make a copy, and go to town brute forcing it. Done.

I hope they have plans for relocating their brute forcermachines, because the sun is going to become a red giant a blink-of-an-eye into the project.

If what you're describing were practical, then the FBI could have done it with that phone too. They wouldn't have cared about obtaining the hardware-embedded keys, because who needs keys?

The one small advantage that machines with full-sized keyboards have is that users are slightly more likely to choose a better password. But only slightly

Quit rubbing it in, that you guessed the 12345 combination on my luggage. I have learned so much since then!!

Re:What an insight!

[shawn2772]

Pull the hard drive out, make a copy, and go to town brute forcing it. Done.

I hope they have plans for relocating their brute forcermachines, because the sun is going to become a red giant a blink-of-an-eye into the project.

No, silly, you don't brute force the encryption keys, you brute force the password. Search the 20-bit space, not the 256-bit space.

If what you're describing were practical, then the FBI could have done it with that phone too. They wouldn't have cared about obtaining the hardware-embedded keys, because who needs keys?

The key being burned into the chip means that brute force search of the password space has to be done on the phone (unless you can dig the key out of the chip). The basic idea here is that the disk encryption key is something like a keyed hash of the password, e.g. HMAC(key, password). If you try to brute force the encryption key directly, being enveloped by the expanding sun is an issue. Same if you try to brute force the embedded key. But on the device you can brute force the password... within whatever constraints are applied by the hardware and software on the device. And the hardware will only run signed software.

Re:What an insight!

[nmr_andrew]

or, there WAS NO HACK and they simply are lying to cover their damned asses.

I'm mainly inclined to believe this as well, especially given the reports I saw yesterday where the phone is now useless because the FBI managed to spill water on the phone, completely destroying it, mere moments after they broke in. Really?

Re:What an insight!

[JazzLad]

The haystack of my password is 3.62 x 10^121; at 100,100,100,100,100 guesses per second, it would take 1.15 hundred trillion trillion trillion trillion trillion trillion trillion trillion centuries to exhaustively search that. Statistically maybe half that time (duhno, I'm no mathematician - I got that from an online calculator at CNBC*), but even massively in parallel it's gonna take until the day after the copyright expires on the mouse.


*(yes, of course I'm kidding about where I checked it; I also tested a gibberish version that shared all characteristics of my actual password).

Re:What an insight!

[Whorhay]

I'm thinking the password is likely to be much larger than a 20 bit space. 20 bits is only slightly larger than the number of words in the English language. If the password can be more than a single word, or a word in another language, or uses even rudimentary and obvious character substitutions this number scales up very rapidly. Maybe you won't get up to the true 256 bit space, but it can still be enough to make brute force costs prohibitive.

Re:What an insight!

[shawn2772]

I'm thinking the password is likely to be much larger than a 20 bit space.

It can be. And I meant to type "40-bit space"... which is still *well* within the realm of what's brute forceable. 20 bits can be searched in under a second on a single machine, depending on the per-try computation required (use of a good password hash algorithm makes it a little harder).

Maybe you won't get up to the true 256 bit space, but it can still be enough to make brute force costs prohibitive.

Less than you might think. Passwords are weak. Very few users actually choose passwords that get anywhere near 40 bits of entropy, and these days you really need closer to 50 bits. And climbing, but as computers get faster users don't get any better at choosing passwords.

No, for real security you can't rely on the password alone. You need something more.

Re:What an insight!

[shawn2772]

I hope your employer doesn't make you change it every 90 days.

Now, here's the real question: What percentage of users have a password like yours?

Re:What an insight!

[JazzLad]

Two good points. My work PC has a very weak password (for that very reason), but domain authentication, so anyone brute forcing it would either be unsuccessful or shame on our ITSEC.

Re:What an insight!

Apple would have told everyone how they flash their chips internally? They would have provided modified binaries that dont increment the bad password counter? Because that is all that was being asked for.

Not only that, but the modified binary could have been locked to the specific phone, and since it would have been signed by a key known only to Apple there was no risc of the binaries spreading or being modified.

Now they got chaos instead

Re:What an insight!

[Sloppy]

I take your point. You're right.

Now let's try to help. Please stop using the word "password." It's "passphrase." Thanks.

(ObXKCD.)

Re:What an insight!

[shawn2772]

I take your point. You're right.

That's very unusual on slashdot. Well done, sir. And, BTW, I apologize for inserting "silly" into my earlier post. That was unnecessary.

Now let's try to help. Please stop using the word "password." It's "passphrase." Thanks.

(ObXKCD.)

Passphrases are better, certainly, but without some significant anti brute force mitigation they're also not going to be secure for long. There are limits to what people can invent and remember, and are willing to enter regularly, and those limits aren't anywhere near the "red giant sun" range... particularly if people have to deal with many different passphrases.

Re:What an insight!

Passwords are weak. Very few users actually choose passwords that get anywhere near 40 bits of entropy, and these days you really need closer to 50 bits. And climbing, but as computers get faster users don't get any better at choosing passwords.

However, that broad brush you're wielding misses those individuals who knowingly (as opposed to buying an HDD with built-in encryption) encrypt their data. If I can memorize Pi to 50 decimal digits (and I did, and haven't forgotten any of it since that summer after 4th grade), I can memorize a sufficiently long passphrase, including some digits and symbols tossed into the mix. Maybe most people cannot do this, but most of those who determine such a need to will be able to do so, which makes your point on brute forcing passwords largely moot. Few people care if the government can brute force data belonging to some soccer mom using "password1" to hide tracks of an extra-marital affair.

Now for a minor quibble:

I meant to type "40-bit space"... which is still *well* within the realm of what's brute forceable. 20 bits can be searched in under a second on a single machine, depending on the per-try computation required (use of a good password hash algorithm makes it a little harder).

Hashed passwords in such a small space are usually attacked with a rainbow table. The time to brute force such passwords is usually moot because it has already been expended when the rainbow table was built.

- T

FBI did not win

The media is overstating the case. The actual FBI court filing of two days ago did not say they had defeated the iPhone security; it merely alleged to have 'obtained the contents of the iPhone' in question. Maybe they found an iPhone backup for all we know.

The FBI has a significant reason to mislead or lie since they would want to avoid a negative precedent being set at the District Court level, especially after federal Magistrate Judge Orenstein of Brooklyn, NY ruling that Apple did not have to be subject to the All Writs Act. I believe that the FBI will wait for an even more sympathetic case.

http://www.nytimes.com/2016/03/01/technology/apple-wins-ruling-in-new-york-iphone-hacking-order.html

Even if they had "cracked the iPhone" there is no reason that the FBI would not pursue the case in District Court IF it thought it would prevail, since there is no reason to believe that Apple would not patch the bug and a favorable ruling wold apply to all hardware vendors.

No, it is clear that the FBI lost this one AND they are likely to be misleading or lying about about the obtaining the information.

Here is the relevant text from the very short FBI filing:
“...the FBI has now successfully retrieved the data stored on the San Bernardino terrorist’s iPhone and therefore no longer requires the assistance from Apple required by this Court Order,”

The technically naive would naturally think that this means they cracked the iPhone security. Bullshit.

Re:FBI did not win

I believe that the FBI will wait for an even more sympathetic case.

That is one of the factors making waiting worth their while. Others include:

1. A defendant who is sympathetic or has fewer resources;
2. A sympathetic court.

The objective of the FBI, if their mindset is as plain as it is stated, would be stare decisis: a binding judicial precedent that would give them permission in subsequent cases.

Stare decisis can be overruled by legislation, though (with some exceptions).

Re:FBI did not win

So far, the only binding precedent is *against* the FBI on this matter. Unfortunately, it is only binding for one jurisdiction in New York, and is only persuasive in other jurisdictions.

Re:FBI did not win

[JaiWing]

more than that they now claim to have destroyed the phone after gaining access but before accessing the data:
The NewYorker
"Unlocked iPhone Worthless After F.B.I. Spills Glass of Water on It"
By Andy Borowitz
http://www.newyorker.com/humor...

Re:FBI did not win

Psst: That URL contains the word "humor" for a reason.

Propaganda machine in full swing

Wow, two articles in one day claiming a victory in the case they withdrew. Seems the propaganda machine is in full swing.

Re:Propaganda machine in full swing

Even worse than the expected FBI spin is the NYT coverage both declaring an FBI victory and smearing Apple as a defiant scofflaw.
http://www.nytimes.com/2016/03/18/technology/apple-encryption-engineers-if-ordered-to-unlock-iphone-might-resist.html

Despite the fact that Timothy Cook said that Apple will follow the law once settled in the courts what it actually is.

John Markoff is a long-time NYT tech staff writer and I have known him for more than 25 years; I cannot imagine why he would want to vilify Apple in its principled dispute with the FBI.

Re:Propaganda machine in full swing

Well, at least the chocolate ration is up.

Re:Propaganda machine in full swing

Because his editors told him to do that to sell more subscriptions.

News in the last decade has nothing to do with the truth; it is now entertainment and it is being made up to sell the most.

Re:Propaganda machine in full swing

...from 1 ounce to nearly 20 grams!

Re:Propaganda machine in full swing

[Bing+Tsher+E]

Despite the fact that Timothy Cook said that Apple will follow the law once settled in the courts what it actually is.

In other words, Tim Cook wanted to be able to pay his lawyers to make law.

Well, somebody has taken that cookie away from him, now.

Re:Propaganda machine in full swing

beat me to it!

this has gotten to the point of being utterly disgusting. did the fbi have success in getting the data off the phone? maybe. did they have success against Apple or against strong encryption? fuck no.

i've been saying from the very beginning that iGummies do not run on faerie dust and unicorns. (even 35,000 year old unicorns!) i am fucking sick of the media misleading the public to believe that Apple has some kind of deep magick from before time that they've cast on their phones that make them impossible to crack.

i will say this, though. if my choice is between a device that $oem controls and a device i control, i would much rather have a device that i control even if that means law enforcement can also control it by having physical access. i am fine with that. there is no way to create a security system that is impossible to crack given physical access unless you also want to create a system that could be bricked by a bad firmware update. even then, that's just from my perspective as a software professional. the device needs to boot somehow.

Re:Propaganda machine in full swing

Simple, media and govt are allies.

Re:Propaganda machine in full swing

Found the FBI agent!

Re:Propaganda machine in full swing

[AHuxley]

It stops people thinking about parallel construction. ICREACH https://en.wikipedia.org/wiki/... and PRISM like contractors at the federal/state/city level https://en.wikipedia.org/wiki/... The mass use of dirtbox https://en.wikipedia.org/wiki/... or collecting voice prints.
Keep using any phone with confidence to chat, call and keep lots of data on it too :)

Yeah right

Police are likely to do whatever they fuck they want. That's how it has always been. That's how it'll always be. Status quo.

I'm betting they spent $$ on a vulnerability

[Virtucon]

I'll bet the DOJ/FBI spent some money at one of those purveyors of vulnerabilities. You know, the folks who constantly sell hacks and backdoor tricks to governments for big profits.

Re:I'm betting they spent $$ on a vulnerability

They sent our tax dollars to Israel, and in return, Israelis committed acts of espionage against an American (a dead one in this case). This is nothing new. The US government is very good at giving Israel our tax money, and Israel is very good at fucking over American citizens.

As we all let out a collective....

[wkwilley2]

The process used to gain access to Syed Rizwan Farook's iPhone 5c might not work on other devices, according to an FBI official with knowledge of the investigation.

uh DUH!

Re:As we all let out a collective....

[Hognoxious]

Why not? If you can make a lucky guess once you can make a lucky guess twice.

Claimed Success

They falsely claimed success to cancel the case they were going to lose big time. That is perjury.

Re:Claimed Success

As a one-time litigator in US district court, it is not perjury to lie to the court unless explicitly under oath. Though as an officer of the court it is unethical--possibly even contemptuous or an obstruction--to mislead or lie in a motion or other non-sworn court paper. In my experiences sanctions are few and far between for such behavior, however, despite my experience that the most prolific perjurers in court are the police and the attorneys.

In general parties ask for dismissal of their claims all the time before adjudication in order to avoid a bad result. For example, I made a motion for summary judgment in a trade secret case in San Jose. The Plaintiff moved for dismissal with prejudice. Since it was immediately granted, I did not gain a District Court precedent.

  In this case the smearing and vilification of Apple is in fully swing. I suppose that it is punishment for not simply rolling over for LE demands.

Re:Claimed Success

and the attorneys

In most states, neither the prosecutors nor the defense attorneys are sworn in and can say whatever they please, subject to objections by the other side.

Re:Claimed Success

Police etc are "sworn in" when they become an officer of the law. Just because they don't explicitly restate that every time they enter a courtroom doesn't invalidate the oath.

Re:Claimed Success

In this case the smearing and vilification of Apple is in fully swing. I suppose that it is punishment for not simply rolling over for LE demands.

As long as it stops Apple's Marketing Hype Team from rolling around in the poop to get attention and market more Iphones, it's all good to me.

Re:Claimed Success

They falsely claimed success to cancel the case they were going to lose big time. That is perjury.

Only if they're idiots.

"We no longer require Apple's assistance to access to this phone, so would like to drop the case" can be true whether or not they can access the phone without Apple's assistance as they could simply not need to access the phone due to other changes in the investigation including but not limited to the case bing closed because the powers that be decided they don't care anymore.

Re:Claimed Success

Even if lying while not under oath isn't perjury, it violates the rule that "thou shalt not bring the justice system into disrepute." The courts are supposed to protect against this outcome and do not take kindly to people doing it.

As to how rigorous adherence to this rule is, I cannot say. Also many others have pointed out for years that following the rules alone can also bring the justice system into disrepute and the courts have no remedy for that. Witness the entire subjects of "getting off on a technicality", "jury nullification", "double jeopardy" (for some limited circumstances), etc.

opening the phone isn't cheap or convenient

So all those DAs and Police Chiefs were hoping for a "plug in cable and download contents" kind of hack. More likely, the FBI's contractor opened the phone, carefully removed the NAND flash, copied it, and went about the crack in the way described in the ACLU filing. This is a "multiple work week" kind of task and probably would cost $15-20k/phone: the technique, the tools, and the process are well understood. No police department is going to invest $20k to crack a phone for a minor crime.

Furthermore, there are all kinds of tricky aspects to this sort of "search", among which is the potential for destruction of the property of an innocent (til proven guilty) person. This is not an issue in the San Bernardino case, phone was the property of the county, and the designated user was dead. However, in a real criminal case, with a real live defendant, the defense gets to take their own crack at the evidence, etc.

Apple has a new acquisition target :)

[jsepeta]

A rich company like Apple could acqu-hire the company who did the FBI's dirty work.

Re:Apple has a new acquisition target :)

[PPH]

Probably not. Rumor has it that it's an Israeli company. And most companies based in foreign nations that are involved in security or intelligence work are not available for purchase by outsiders. Or anyone not inside the good old boys intelligence circle (definitely not Apple).

Re:Apple has a new acquisition target :)

[cayenne8]

Rumor has it that it's an Israeli company. And most companies based in foreign nations that are involved in security or intelligence work are not available for purchase by outsiders.

Except, it seems...for the US, where just about any company or asset of the US is up for sale to other nations....freely.

I think I only have heard of ONE sale that in recent history was denied, one of the large shipping hubs I think on the east coast somewhere?

Re:Apple has a new acquisition target :)

It is an Israeli company owned by a Japanese electronics company whose primary business activity is video games.

unintended consequence

This ( alledged hacking of an iphone as opposed to just asking the NSA for transcripts ) is likely to encourage Apple ( and Google ) to redouble their efforts to secure their products now that consumers think the security can be easily cracked. Terrorists on the other hand will just turn to code words and ciphers.

Where is the proof?

[jmd]

Is there any proof that the FBI gained access to the data on this phone. I've not seen any. And they have plenty of reasons to lie.

Re:Where is the proof?

[PPH]

And they have plenty of reasons to lie.

Just watch. Every 'no knock' warrant served in So Cal for the next few years will be based on 'intelligence' gathered from Farook's phone.

Re:Where is the proof?

Well, if you believe that the FBI just gave up on Apple with a two paragraph ex parte motion to the court if they knew they would win the larger case....I mean, the FBI is technically inept, but they are both otherwise intelligent and perseverent:know when to hold 'em and when to fold .em.

State of Non-Emergency, I'll miss you most

[Impy+the+Impiuos+Imp]

"We need this unusual power for terrorists! Emergency! Emergency! Emergency!"

"So you won't immediately use it for normal crimes?"

"Mmmmmm...pay no attention to that tiny pile of thousands of phones behind the curtain."

a new federal holiday

[TheGratefulNet]

its called LIARS DAY and it 'celebrates' the fact that our government will happily lie, cheat or steal to get what it wants; ironically, becoming the very evil it claims to be at war against!

april first is 'all fools day'; I propse we take the day before and call it 'all liars day' and we all wear fbi, cia, nsa, leo costumes and make a big party of it.

(sigh. yes, this is depressing. humor is the only way I can deal with such bullshit.)

Here it is

[willoughby]

The DOJ don't want you to be able to own a thing they can't open. It could be a new super-secure safe, a car with a security trunk, or an electronic device.

If they attack your right to own such a thing, they look like bad guys. So, they've been working behind the scenes to ensure you can't acquire such a thing to begin with. The secret moves against Truecrypt and now the iPhone encryption show this new strategy . I don't know how many other companies have been pressured also.

I think it's wrong, but I don't know what to do about it.

The risk of precedent

The risk of precedent and discovery assumes that the FBI won't just use parallel construction. So not sure why ppl bring it up.

They proved they can do it themselves

[HalAtWork]

Since they already demonstrated they don't need apple's help, even after much insistence, it will be much more difficult for them to convince the courts they can't do it without apple's help.

I cannot Trust Anything About This

[BrendaEM]

I cannot trust the US Government had not already opened the phone when they raised is as a fulcrum in a war against personal privacy.
I cannot trust the US Government successfully opened the phone, because they were in no position to admit they could not.
I cannot trust the US Government did not state they opened the phone, to wait for a better political climate, meaning after the next inevitable terrorist attack, to push their agenda forward.

I cannot trust the US Government because they lied to the American people, and went ahead with the Total Information Awareness program--even after they were told not to.

People, we have three serious problems:
Firstly, there are terrorists in the world, who do nothing more than than soldiers who strike against civilian targets.
Secondly, we have people in power using unpolitical tested methods to gain information, and therefor power, with no checks and balances.
Lastly, and no one seems to be talking about this: it is impossible for any information to collected and observed--and not be used in a partisan way.

not officially anyway :(

Can you say "parrallel construction?"

I knew you could. :(

Does this mean police will do more police work?

[k6mfw]

I was thinking this big priority on accessing phones, surveillance, etc. but generally police no longer respond to burgarlies. I'm old enough to remember police would investigate burgarlies but these days not really. Will it free up resources to concentrate on crimes that effect us commoners?

Re:Does this mean police will do more police work?

[Agent0013]

I was thinking this big priority on accessing phones, surveillance, etc. but generally police no longer respond to burgarlies. I'm old enough to remember police would investigate burgarlies but these days not really. Will it free up resources to concentrate on crimes that effect us commoners?

If the burglar does not leave his iPhone behind then the police will have nothing they can do!

Evidence room

[Toshito]

The FBI would like to unlock all those phones collecting dust in the evidence room...

Which got me thinking about a dead man's switch?

Apple could get the secure enclave to wipe the key and all data on the phone after a long period in the locked state?

Let's say after 2 months, if the phone hasn't been unlocked successfully you wipe the key and all data.

I would like something like that on my phone, so if it get stolen or lost I know that it will eventually wipe itself after some time (if I'm unable to do the remote wipe).

Re:Evidence room

[Bing+Tsher+E]

In other words, if your phone is lost, you want it to automatically wipe all information on it that would make it possible for somebody to return it to you.

Why not just toss it off a bridge into the ocean?

Re:Evidence room

[Toshito]

The loss of my phone is of litte consequence to me, apart from the inconvinience of buying a new one and configuring/re-installing the apps.

Re:Evidence room

Don't try to reason with him.

Clear LOSS for the FBI.

[gurps_npc]

This was not about getting the information. Neither Apple, nor the public, nor the courts said the FBI could not get the information.

This was always about whether the government could force Apple to get the information for them. That did not happen.

Therefore the FBI clearly lost this issue. They failed to convince Apple to do their bidding. They failed to convince a court to order Apple to do their bidding. They failed to convince the general public that their bidding was righteous, they even failed to convince Congress that their bidding was righteous.

The FBI failed on this issue, all round.

On the entirely separate issue of obtaining the information, they achieved their goal - but NO one except for criminals were trying to stop that from happening.

Re:Clear LOSS for the FBI.

[Bing+Tsher+E]

As long as the 'case' goes away and we don't have to read about it every day in the MSM, we have all won.

Except Apple's marketing people.

All the wanted was a variable set RO.

My guess is that the Israelis (or who ever did the hack) just emulated that piece of hardware and made sure the "tries" counter didn't update. It was never about breaking the encryption, it was about removing the check that made brute force impossible. Usually pretty trivial when you have direct access to the hardware.

I'm all for it, but....

I'm all for getting into terrorists' devices. But, we ALL know governments won't stop there. It'll be 'for your own good' that they monitor your every step. Which is government speak for 'we're going to do everything in our power to STAY in power'.

Bastards and cretins.

How long do they keep phones in the evidence rooms

[BostonPilot]

be able to get into some of the phones sitting in all of our evidence rooms

At what point if any can a defendant request the government return his property (phone)? If we acknowledge that smartphones are different because they contain a huge amount of personal information, should there be a limit to how long law enforcement can hold onto the device?

It would be like them seizing your entire house of all contents, along with all your safe deposit boxes, and every document from your place of business, and keep them forever while they decide whether or not to make a case against you.

Just curious whether they should have to return the device to you after some reasonably short period of time. What if you say you might need access to the device in order to mount your defense?

"Ok... But we don't have to tell Apple."

[jpellino]

(That's kinda messed up.)

"From all the chiefs that I've talked to, we're hopeful this will give us some insight into how we're going to be able to get into some of the phones sitting in all of our evidence rooms," said Terry Cunningham, police chief in Wellesley, Mass., and president of the International Assn. of Chiefs of Police. "We're clearly anxious to learn what they did and how they did it and if it can be replicated."

The epitath on The Rule of Law's tomb stone

[ThatsNotPudding]

"Parallel Construction"

Loss is Victory

Ignorance is Strength. Freedom is Slavery. War is Peace.

Re:propaganda

[david_thornley]

Replying since this got upmodded to 1 by somebody...

A little chip can do AES-256 encryption, and cracking that, assuming we could develop large enough quantum computers that ran sufficiently efficiently, would require more resources than exist in the Solar System. The only way to attack the cipher is to determine what the key is. The key, on a 5C or later, is a 256-bit random number combined with the PIN in some manner. The 256-bit random number is inaccessible, so the only way to get the key is to put in the right PIN or to do hardware-level hacking on the chip to read off the number, which isn't trivial.

Now, a 4-digit PIN can be brute-forced. I believe it takes 80ms to test a PIN in a 5C, which means that brute-forcing will take less than an hour, and a 6-digit PIN should fall in less than a week. To counter that, Apple has the 10 strikes and you're wiped rule. In the 5C, this is monitored in software, meaning that loading a hacked OS would allow such brute-forcing. Later iPhones have the counter in the hardware, which means that this attack doesn't work (which doesn't mean there are no vulnerabilities).