FBI Couldn't Tell Apple What Hack It Used, Even If It Wanted To

An anonymous reader writes: The US Federal Bureau of Investigation doesn't own the technique used to unlock the San Bernardino iPhone, so it can't reveal the method to Apple even if it wanted to, Reuters reported, citing unnamed White House sources. The Washington Post reported yesterday, citing unnamed sources, that the FBI had paid a hacker a one-time fee to use a piece of hardware that allowed it to access the iPhone 5c belonging to one of the San Bernardino, California assailants. The vendor that supplied the hack is a non-US company, according to Reuters. But according to the Post report, it is not the Israeli firm Cellebrite, which had previously been named. The FBI would require the vendor's cooperation in order to submit the technique it used to Vulnerabilities Equities Process, a mechanism that allows the government to consider whether it should disclose security flaws to manufacturers. It's a move that mirrors Apple's own efforts to create security systems on its phones that even it wouldn't be able to crack, meaning it can't comply with a government order to hand over user data even if it wanted to.

I may not always quote sources...

[JBMcB]

... but when I do, I prefer them to be unnamed.

Re:I may not always quote sources...

[0a100b]

According to both unnamed sources an unnamed entity used an unnamed technique for the hack.

Find out more next episode.

Re:I may not always quote sources...

[oldmac31310]

At least twice.

Which lie did the FBI tell?

At least one of these things has to be false:

1) The FBI paid a hacker to unlock the phone and doesn't have access to the technique
2) The FBI is able to help local law enforcement unlock iPhones

Which of these is false? Assuming the FBI isn't going to foot the bill to pay a hacker each time local law enforcement wants an iPhone unlocked, these things are mutually exclusive. Which lie did the FBI tell?

And because the FBI lied, why should I have confidence in law enforcement at all? I understand that they may not want to disclose the details of an ongoing investigation, but that doesn't justify lying about things that don't have to be kept secret to preserve the integrity of the investigation.

Re: Which lie did the FBI tell?

You have a weird sense of lying.

The fbi can help local law enforcement by paying for or just introducing the company to hack. Bam, fbi helped local law enforcement.

Re:Which lie did the FBI tell?

It is entirely possible and highly likely the person they bought it from included a clause saying they couldn't pass it along to third parties. Them unlocking something for someone is not the same as them telling someone how to unlock something. If they broke their agreement it would open them to being sued.

Re:Which lie did the FBI tell?

Why not both? :)

Re:Which lie did the FBI tell?

Add a dash of conspiracy theory to the mix, and you get :

The "hacker" does not exist.
Apple did proceed to unlock the phone for the FBI, but is simply hiding it through this fake panama-papers-style "hacker".

All the legal battles are only smoke (lots of it) so that they can stand that their product is secure and that they did not cooperate to unlock the phone.

Apple simply do not want to give every govt access, like Blackberry has.

Re:Which lie did the FBI tell?

If they broke their agreement it would open them to being sued.

Not really, but if they revealed who did the hack then Apple would have someone to sue.
Since FBI probably hacked the phone themselves it's more convenient to say that they used an unnamed third party.
Since they officially didn't do it themselves, any illegal practice needed would be something they didn't know about.

An unnamed third party is not an uncommon way to cover ones ass.
I even know of a politician that got away with tax fraud by stating that an unknown third party helped her with the taxes.

Re:Which lie did the FBI tell?

Sue the FBI for something that is illegal to do? I would love to see that go through our court system.

Re:Which lie did the FBI tell?

[ooloorie]

Which of these is false?

They are probably both true: the FBI knows how to unlock some phones themselves, and for others, they need outside help.

And because the FBI lied, why should I have confidence in law enforcement at all?

It should be obvious to anybody that civilization requires jackbooted thugs carrying guns and protected by (un)qualified immunity reading your E-mail. For the children. And so that you don't cheat on your taxes. Seriously, do you want to live in SOMALIA?

Re: Which lie did the FBI tell?

What, really? I'm confused as shit. What is it about that sentence he wrote that makes you write such a long reply that doesn't even address said sentence.

I think people just like to argue for the sake of arguing.

Re:Which lie did the FBI tell?

[Frank+Burly]

I am commenting to bump parent up because the grandparent exhibits the lazy cynicism often seen here. The FBI probably signed an NDA which forbids sharing the trade secret (exploit) with anyone who would might share it with Apple. While I would prefer that the FBI prevent crime (depending on the other possible use of this exploit) by disclosing the exploit, I don't think that the FBI should be above the law (even contract law) and I am fairly certain that Apple has enough money to bounty zero day exploits out of existence.

Re:Which lie did the FBI tell?

Screw people like you that turn whatever they read into unneeded arguments just because they have nothing better to do with their crummy life.

Like what you just did.

Re:Which lie did the FBI tell?

[macs4all]

I don't think that the FBI should be above the law (even contract law)

Apparently you are not familiar with the concept of Sovereign Immunity?

Re:Which lie did the FBI tell?

[Solandri]

The FBI giving this hacker's business card to local law enforcement would constitute helping them, so both 1 and 2 are easily truthful. There is no inconsistency.

Re:Which lie did the FBI tell?

[Asgard]

Sovereign Immunity is not a blank check. The FBI (or any other agency) cannot have the legal authority to trump the legal process by contract. That would allow them to trump discovery in any court case by constructing contracts that prevent disclosure.

"Your Honor, your order to produce the basis for the evidence against the plantiff is trumped by our contract with party X to not disclose that." Nope.

It would work if they actually don't have that information, not if they 'promised' not to disclose it.

Re:Which lie did the FBI tell?

Option 3, you are a moron and don't realise that they can act as a middle man, and get a look at what is on the phone at the same time, without ever knowing how the hacker exploits the phone. And by hacker I mean friendly foreign intelligence agency that they trust. You probably hang out on Reddit too, right, oh man you kids are so naive. Even if your government is not allowed to spy on you there is nothing to stop their "friends" from doing the job for them and passing the intelligence data back to them via the usual channels.

Re:Which lie did the FBI tell?

[macs4all]

Sovereign Immunity is not a blank check. The FBI (or any other agency) cannot have the legal authority to trump the legal process by contract. That would allow them to trump discovery in any court case by constructing contracts that prevent disclosure.

"Your Honor, your order to produce the basis for the evidence against the plantiff is trumped by our contract with party X to not disclose that." Nope.

It would work if they actually don't have that information, not if they 'promised' not to disclose it.

You either work for the government and/or have never sued the government.

You say that that Sovereign Immunity doesn't trump Discovery? Well, technically that is true; but as soon as you file a Discovery Request, the Gummint WILL immediately file two Motions (well, they will probably have already filed a Motion To Dismiss based on that Sovereign Immunity), but they will DEFINITELY file for a "Stay" of your Discovery Request "Until the Motion To Dismiss is Adjudicated." They will trot out two metric tons of case law in support of their position that Immunity ALSO means "Immunity from the 'burden' of Discovery."

To absolutely NO ONE'S surprise, the Court will Grant this Motion. And it will do ABSOLUTELY no good to argue that you need that Discovery to "Pierce" their Immunity in the first place.

Then, since you can't produce evidence to overcome their Motion To Dismiss...

So, don't tell me it can't happen; I had the unpleasant experience of falling victim to EXACTLY THAT TACTIC when I attempted to sue my State about 3 years ago.

Re:Which lie did the FBI tell?

[Wovel]

The problem for the FBI comes the next time they want Apple to do something. Apple could reasonably request them to explain why the method they used before is not applicable now.

Re:Which lie did the FBI tell?

Which lie did the FBI tell?

When has the FBI (or FIB as I call them) EVER told the truth?

Re:Which lie did the FBI tell?

[macs4all]

The problem for the FBI comes the next time they want Apple to do something. Apple could reasonably request them to explain why the method they used before is not applicable now.

Yeahrightsure.

Re:Which lie did the FBI tell?

[doccus]

Screw people like you that turn whatever they read into unneeded arguments.....

Actually, I'd rather not, thank you. They're probably the kind to fake their orgasms..

Re: Which lie did the FBI tell?

[Ravaldy]

What he wrote is no different than me writing that you have no credibility because you score is zero or because you are posting anonymously. Do you agree that the prior statement has no foundation?

If you agree then you'll agree that the parent comment had no foundation and was intended to draw in the sheep behind him because you know how spitting on authorities is popular on /.

If we are going to start modding up implied facts then we are in for further dilution of content on /.

Re:Which lie did the FBI tell?

[Ravaldy]

I pointed out a comment that was modded up which should not because it was implied and not factual. But don't worry, the majority of users on /. took care of making sure it was treated like fact just because it goes with their own opinion. It's just unfortunate opinions for some aren't based on facts.

Meh.

[Frosty+Piss]

The FBI's ever changing story is flaky to say the least. On the other hand, I don't really care.

CYOA

Another reason outsourcing is preferred.

On the other hand, at least they're not claiming a NDA is preventing them from saying.

Re:CYOA

I don't think the FBI gives a shit about any NDA

But what about when they need it next time?

[um...+Lucas]

Certainly someone in government could reverse engineer the code to enable re-use?

Who would be the wiser? I mean besides defendants who suddenly start seeing the contents of their phones used as evidence against them in trial.

I mean, if the company that licensed the software to the FBI tried to force the them to reveal their decryption technique, could the FBI then argue that releasing such code into the wild could result in the widespread hacking of iPhones around the planet? You know, turn the tables a bit?

Re:But what about when they need it next time?

[plague911]

"reverse engineer the code" "piece of hardware "

Re:But what about when they need it next time?

[Frosty+Piss]

Certainly someone in government could reverse engineer the code to enable re-use?

From the "story":

the FBI had paid a hacker a one-time fee to use a piece of hardware that allowed it to access the iPhone 5c

...which actually is an interesting clue.

Re:But what about when they need it next time?

If this story is true, they got use of a piece of hardware, not a copy of some software. Whatever code is in the box they rented is not FBI property, and was probably built to self-corrupt if the box was opened.

After the last five official stories from the FBI, I suspect that this may be an attempt to fabricate a scenario where public perception is that this case did not hinge on Apple's cooperation, but that future cases would, so obviously Apple needs to add a FBI password into everything they build.

Re:But what about when they need it next time?

[Archangel+Michael]

They desoldered the chip, cloned it, and cracked it, using brute force. From how fast it took to actually crack it, it probably wasn't that difficult once the chip was cloned. And this would hardly be a "hack" of the phone. It would require specific skills and direct access to the phone.

Physical access to the hardware has always been a security concern from the origins of computing.

Re:But what about when they need it next time?

[Phusion]

Oh, you're not paying attention are you? The post is pretty clear, they paid someone to unlock the phone with a gadget of some kind. So, no, they could not reverse engineer anything, they just got an unlocked phone, nothing more.

Re:But what about when they need it next time?

What I find ironic is that they feel they can force a company focused on securing devices to make those devices less secure, and yet, they didn't try to force a company that specializes in breaking secure devices from revealing how it was done.

Sure seems like they could give a rats ass about security, and those who break security for a living are the good guys here?

Re:But what about when they need it next time?

[EvilSS]

And tell the vendor what? "Please turn your back and ignore any noise and funny smells for the next few hours." You don't seriously thing the vendor consented to just mail the hardware to the FBI do you? They would have had techs on site, hell they may have even had the FBI come to them instead of the other way around.

Re:But what about when they need it next time?

[Archangel+Michael]

What you said isn't at odds to what I said. I didn't say who did the desoldering or the brute attack, I just said how it was done. And quite frankly it doesn't matter "who" did it, but the how.

Can we trust what they found?

[wcrowe]

IANAL, but it seems like they would have a chain-of-evidence problem here or something like that. Let's imagine, instead of a phone, that the FBI wanted to unlock a safe. So they hire a safe cracker, and he says, "I'm going to unlock the safe, but you can't watch me do it." The safe cracker goes into the room, shuts the door. After a few minutes the safe cracker walks out and says, "It's all yours," wherein the FBI finds an open safe. But now we don't know what happened. Did the safe cracker take anything from the safe? Did he put anything in the safe? The FBI doesn't know for sure.

It seems like there could be a similar problem with the phone. If you don't know how it's done, then how do you know if what you see is what was really in the phone? Did the hacker put something in the phone? Did he take anything out? If there is evidence in the phone that says, for example, that Bob Loblaw was part of the conspiracy, can you trust that information?

Basically, it sounds like the FBI hired someone to make it rain. That person lit a fire, and did a little dance, and it rained. And now the FBI is saying, "Hey, we don't know what the guy did. We're just happy that it's raining."

Re:Can we trust what they found?

[Altus]

sure it might not be admissible but that wont stop them from creating warrantless wiretaps using the info found in the phone and then they can use evidence gathered there in court.

It should matter, but in this day and age,it really doesn't.

Re:Can we trust what they found?

[gregulator]

it seems like they would have a chain-of-evidence problem here

There is no problem, because the terrorist is dead. They are not prosecuting him, thus there is no defense team nit-picking their tactics.

Re:Can we trust what they found?

Depends who cracked it. If we know it's not Celebrite because they were named as a contractor and they said it wasn't them, but there is nobody else named as a contractor it may well be another agency which is going to be granted a higher level of trust.

Re:Can we trust what they found?

Yet. https://en.wikipedia.org/wiki/Fruit_of_the_poisonous_tree

Re:Can we trust what they found?

I thought about that too but I missed something here.... It's not evidence at all. This is research into other areas that already don't require probable cause by the hands of Big Brother. What they gather here will never see a courtroom but what it may lead to might and that let's them off the hook as far as supporting this step that they've taken. Granted, there was likely nothing ever there anyway. The FBI was just trying to force Apple's hand in the court of public opinion and lost. Don't be surprised if they try again in the near future. I'm sure Apple is already preparing for the next attempt.

Re:Can we trust what they found?

[Registered+Coward+v2]

Yet. https://en.wikipedia.org/wiki/...

Except that is not applicable here. The FBI had a warrant to recover information from the phone, so how they did it is irrelevant to weather or not the evidence was obtained legally. In addition, even if a court decided there wasn't probable cause for the FBI to search the phone, since ether FBI did the search in good faith believing the search was legal then the good faith exception would apply.

Re:Can we trust what they found?

[MachineShedFred]

As for the FBI case, they probably don't care about chain of custody, as the person using the phone is already dead. Nothing from that phone is going to see a court, so they don't have to keep meticulous chain-of-custody for it.

As for other law enforcement agencies using this "service" that is probably a legitimate question.

Re:Can we trust what they found?

"If there is evidence in the phone that says, for example, that Bob Loblaw was part of the conspiracy, can you trust that information?"

I'm sure they will do what they've been doing for a while now. With the information gained from the phone, they'll make up some other way they could have theoretically gotten that same information, and use that in court instead of how they actually got the information.

Re:Can we trust what they found?

[guruevi]

Not only that, but they took the safe, sent it outside the country to probably a we-spy-back-on-the-US country (eg. Israel) and let not just the hacker but possibly a host of other countries it passed through on the way (whatever North-African or European country UPS/FedEx has a depot in) mess with the phone.

Re:Can we trust what they found?

"It should matter, but in this day and age,it really doesn't."

I'll bet it matters to the poor SOB who is facing a life sentence based on a parallel-construction which is based on fabricated evidence, and his lawyer.

Re:Can we trust what they found?

[oldmac31310]

What has the weather got to do with it?

Re:Can we trust what they found?

[Registered+Coward+v2]

What has the weather got to do with it?

Because when the DOJ decides to to charge you their motto for bringing charges is "When it rains, it pours..."

Alternatively, I hate auto correct...

Re:Can we trust what they found?

[wcrowe]

Yes, but even if they have a warrant, they still need to maintain proper chain of evidence. That's really the issue I'm talking about. If the FBI can't see what the hacker did to the phone, how do they know, without a shadow of a doubt, that what they found in the phone was actually there and not planted by the hacker?

Re:Can we trust what they found?

[Registered+Coward+v2]

Yes, but even if they have a warrant, they still need to maintain proper chain of evidence. That's really the issue I'm talking about. If the FBI can't see what the hacker did to the phone, how do they know, without a shadow of a doubt, that what they found in the phone was actually there and not planted by the hacker?

Since they would act on the information in a good faith belief it was accurate, if they found other evidence as a result of an investigation I would doubt the courts would toss out a case. I would agree they can't just grab the person and charge them base don a connection or text on the phone; but using it to start an investigation would not seem to be an issue even if they cannot establish with 100% certainty the information was not planted. The standard is reasonable doubt, not shadow, and is really only applicable in a court case not the investigation, and the phone's evidence would likely not be what the case hinges on. If it was, then yes, they would probably need to convince a jury that it was not planted.

Re:Can we trust what they found?

[shawn2772]

"It should matter, but in this day and age,it really doesn't."

I'll bet it matters to the poor SOB who is facing a life sentence based on a parallel-construction which is based on fabricated evidence, and his lawyer.

There's no need for parallel construction based on fabricated evidence here. That's only necessary when the investigators have no *legal* authorization to perform a search. In this case they had total legal authority to extract the contents of the phone, they just lacked the practical ability to do it. The extraction process may mean that any information from the phone that is presented as evidence in court can be challenged by the defense (probably not excluded, but impeached), but there's absolutely no problem with investigators using information contained in the device to generate leads which in turn uncover evidence -- evidence which does have a proper chain of custody and is unimpeachable in court.

The whole "fruit of the poisoned tree" issue only apples when the investigators obtain information illegally. It has no bearing when they legally obtain information that doesn't meet the standards of evidence required in court. Investigators pursue leads all the time that are derived from weak and speculative information and there's nothing wrong with that.

Re:Can we trust what they found?

And lest we forget it, the express permission of the owner of the phone.

An unfortunate new reality

"can't comply with a government order to hand over user data even if it wanted to."

Which is unfortunately what all manufacturers/software developers should be working towards. We're seeing case after case where government orders effect the purchased and owned products of consumers, most of whom are completely innocent. Cases where people have books deleted off of their E-readers because some court order to the company that makes the reader, DVRs being remotely disabled because of a patent dispute, and cars that become surveillance tools against their owners.

"The dog ate it..."

[tonyyeb]

...Is next in the line of FBI excuses.

The problem with non-disclosure legally

[UnknowingFool]

The problem with not being able to disclose the technique is that legally the evidence cannot be used in court then. Since terrorists are dead, it is not much of a legal ramification to them; however, against anyone else, a prosecution team must provide the technique/technician to a defense team for cross examination. That was one of the objections that Apple had in their brief: If the FBI forced them to assist them, Apple would have to constantly provide their personnel for court cases to testify. In the case of a forensics company that does DNA testing, that is part of the service that they should provide. An unknown "hacker" may not agree to be part of future investigations.

Re:The problem with non-disclosure legally

[Altus]

The evidence doesn't need to be admissible, it just needs to point them to the people they should get warrantless wiretaps against so they know who to monitor for evidence they can use. Awful, isn't it?

Re:The problem with non-disclosure legally

[Agent0013]

Plus, they can just kill the people they want to investigate. Then there is no privacy for someone alive that might cause problems with their warrantless searches.

Nice

Plausible deniability for your own crimes.

How's that go for everyone else, these days? Oh right, waterboarding.

Re:Nice

[Impy+the+Impiuos+Imp]

One wonders if they set up a little fake company so they could use some technique buried deep inside the NSA, so they could hide it from court examination. There is no plausible parallel construction lie.

As the guy is dead, there is no trial, and thus no defense lawyers to force the issue.

No Reports About what they FOUND on the phone

[dav1dc]

Maybe the contents of the phone contained NO helpful information pertaining to the investigation - and perhaps the FBI doesn't want to admit that they jumped created this huge FUSS and it provided no distinctive investigative advantage over not having access to the data on the phone.

Re:No Reports About what they FOUND on the phone

I believe I noted something similar in another board when this whole thing began. "We'll see one of two outcomes. They crack it and find something crucial in which case they'll saturate every news service and press conference with a "this proves we need backdoors into consumer devices by law". Alternatively they crack it and find nothing, they claim that they are "still assessing" the information for months/years and eventually quietly release a hundred page report that effectively says "we found nothing", and then wait for the next major crime to occur to start the whole thing over again."

Re:No Reports About what they FOUND on the phone

I suspect it actually contained the cure for cancer - and pharmaceutical companies have lobbied to keep it a secret to protect their profits...

But really, nobody seriously thought the phone would contain anything useful - that wasn't the point of the exercise after all.

Re:No Reports About what they FOUND on the phone

Remember there were two phones, both in possession of the shooter. One was destroyed, one wasn't. I think we all know which phone might have had the incriminating evidence. It's the one that was destroyed. The one that survived did so because it didn't have anything of value.

..."can't do it, even if i/it/they/we wanted to.."

[turkeydance]

yeah, that's it. works every time.

Chain of custody

How can the FBI ever hope to use data recovered in Court, if they cannot prove chain of custody since they let a 3rd party use "secret sauce" to get the data.
A lawyer could get any data recovered tossed out of court quicker than your mother can unbutton her overalls.

Re:how to stop the FBI from accessing your phone

[deodiaus2]

Unless of course you think that the government is undemocratic, corrupt and repressive. Let's face it, the government tries to suppress dissent and marginalizes those not in power.

Court Order

[Macdude]

Perhaps Apple could get a court order forcing the FBI to expend resources to figure out how to get the information it claims it can't access. That would be reasonable, right?

That can't be true

[KeithJM]

That can't be true. If they found data that led them to a conspirator, they would want to arrest that person. They would need to have evidence to present in that person's trial that they participated in this terrorist event. I can't imagine that their plan is that if the defendant's attorney asks them how they got this data, they'll just say "some un-named third party pulled this data out of their own hardware and assured us their hardware had copied it from this mobile phone." I'm calling bullshit on that one.

Re:That can't be true

[Registered+Coward+v2]

That can't be true. If they found data that led them to a conspirator, they would want to arrest that person. They would need to have evidence to present in that person's trial that they participated in this terrorist event. I can't imagine that their plan is that if the defendant's attorney asks them how they got this data, they'll just say "some un-named third party pulled this data out of their own hardware and assured us their hardware had copied it from this mobile phone."

Your honor, the phone data merely indicated possible suspects. We conducted an investigation, based on that and other information in addition to ongoing investigations, determined the defendant was conspiring to commit terrorist acts.

The phone data would merely be one piece of evidence used and probably only point to possible additional suspects. In essence, it's no differenttahn a tip that comes in anonymously.

Re:That can't be true

The government does not have to produce evidence against a terrorism defendant if doing so compromises national security. I am not making this up. Government lawyers can say "the evidence proves it, but we can't show you because national security," and the judge by law must accept the evidence as satisfactorily incriminating. Defendant cannot provide exculpatory response because he is not allowed to know what the evidence is.

Go Murka.

Re:That can't be true

Yes, you *are* making this up.

DMCA

[zentigger]

Doesn't the DMCA have some anti-circumvention measures in there? While the FBI may be immune to that sort of thing, I'm pretty sure that circumventing encryption for profit is not exempt, aside from being a criminal offence. Despite the fact that the phone belonged to an alleged criminal, afaik it is still illegal for a private individual to hack into it.

Re: DMCA

I was going to suggest the sand course of action for Apple.

Re:how to stop the FBI from accessing your phone

[Archangel+Michael]

But But But .... Global Warming Deniers need to be prosecuted!

This is a good thing

Now Apple has no alternative but to finally get serious about finally spending all the money they hold in the reserves properly.
They will be forced to spend a shitload on a bunch of security teams to hack their own software, find loopholes and vulnerabilities, and fix that shit up.
Apple is the 3rd worst vendor in terms of security on CVE listings. Hopefully, this will fix them up. Given the recent months of really bad news in regard to the
field of cyber security, lack of experts and proper education and effort in it, hopefully Apple will finally invest its riches properly, and everyone will benefit from a surge of programming talent oriented at security and exploits.

Re:how to stop the FBI from accessing your phone

Most Federal laws are not Mens Rea anymore; they are mostly Strict Liability. Add to this the fact that the Federal Government doesn't even know how many laws there are, and you get a situation where your ignorance of the law is a given and no excuse, and you don't even have to know what you were doing was wrong. Looks pretty bad for you doesn't it? But add to this situation the fact that the prosecutor/DA has total immunity for his actions and can get a grand jury to indict a ham sandwitch, and you've very likely broken three laws today without knowing it.

So what have we learned? You can't "stop breaking the law" and be safe. Your safety is purely due to the fact that no one in power in the Criminal Justice system has decided they want to prosecute you. As soon as they do, they'll go and look through all the records they've gathered about you, break into your phone, and find the laws you've broken and arrest you. You know they have a greater than 98% conviction rate, so you'll likely plea to something so you don't go to prison for the rest of your life.

Welcome to Soviet Amerika!

So what did they find already?

[TheDarkener]

Was it worth all this commotion? Will they stop future terrorist attacks from the information retrieved?

Why is this not the question everyone is asking??

Re:So what did they find already?

[Agent0013]

It is never about stopping future attacks. It as about combing through the wreckage after an attack and looking for evidence on who did it. They are not capable of stopping attacks even when they have the information needed in their huge illegal database of phone calls. The haystack is too large to find the needles they are looking for. But once the attack is over it is easy to look at the data they had and tell us who was behind it. Then they can claim they need more money or power to stop the next one.

Re:So what did they find already?

They are capable of stopping attacks actually. After the Brussels attacks, a man of higher position who was interviewed pretty much dropped the bomb on the BBC by saying that either the people have to give up some freedoms (in terms of encryption and such), or the human intelligence levels need to go back to how they were ~15 years ago.
The Human Intelligence part being the bomb.
Stopping attacks can also be helped by cutting the source of what creates terrorism, like for instance a drone dropping a rocket in Pakistan, blowing up an innocent family as collateral, and a surviving relative of that family rightly losing their mind and swearing a war against the government which is part of that idiotic presence in the Middle East.
Cut the source of terrorism by stopping the idiotic foreign politics, and stopping trying to artificially manipulate and "lead" other nations instead of letting them naturally develop on their own, even if through hardships which will sculpt their minds.

Calling Bullshit

If a witness reports a crime/event to the police they can't claim they can't tell anyone who the witness was because they don't 'own the information'...they may not be able to disclose the details of any equipment used (but even THAT is a spurious claim) but nobody 'owns a bug' other than Apple. I call it a 'bug' because it is clearly not a behaviour that Apple intended the phone to have as such I'm sure they'd like to fix it. The FBI has a responsibility to tell them. This is absolutely no different than someone telling the FBI about a manufacturing defect in a safe, the FBI would have a responsibility to tell the manufacturer about it. In fact if they don't tell them & a safe is broken in to because of it I'd claim they were legally negligent/responsible.

"I saw someone kill someone but I can't tell you who it was or how they did it because I don't own the information"...that's a bullshit piece of logic if I ever saw one...no stretching of logic can make this a reasonable statement. This is exactly the type of behaviour by government/law enforcement that promotes citizens to ignore/bend the law themselves...'heck if the government can get away with it so can I'...thankfully the majority of citizens don't think that way but some do & more will as law enforcement insists on 'bending the rules just a little more'...

Answer a question?

[Okian+Warrior]

it seems like they would have a chain-of-evidence problem here

There is no problem, because the terrorist is dead. They are not prosecuting him, thus there is no defense team nit-picking their tactics.

Can you answer a question for me?

Suppose rooting around on the phone they find evidence of someone helping them plan and execute their crimes. Suppose the evidence doesn't directly indicate culpability, but strongly implies it.

Can that be used as evidence against such a 3rd party conspirator?

Would chain-of-evidence be broken, and could that be used as a defence in court?

Re:Answer a question?

[tlhIngan]

Suppose rooting around on the phone they find evidence of someone helping them plan and execute their crimes. Suppose the evidence doesn't directly indicate culpability, but strongly implies it.

Can that be used as evidence against such a 3rd party conspirator?

Would chain-of-evidence be broken, and could that be used as a defence in court?

Depends. If the phone is the only logical evidence tying both people together, then the FBI has a major problem, because a competent defense attorney would first ask what ties the two people together, because presumably they want to introduce evidence that ties them together so they can charge the 3rd party with that act as well.

If it boils down a text message on the phone, they will ask about the phone itself - how was that message obtained? If it turns out they broke chain of custody then that evidence can be discarded (again, competent attorney needed) because who knows what that person did. In fact, even before that all the information needs to be revealed - what that person did to get into the phone, etc because the phone is the link, and the defense attorney will want to make sure all that i's were dotted and t's crossed, so they will make sure the phone's evidence is 100% solid against their client. This also includes making sure the hack used doesn't affect the phone's contents - e.g., does it install an app to break in (every jailbreak since iOS7 required loading an app onto the phone, then running that app) which would mean the phone's contents were tampered with as a result of breaking in. So even if chain of custody was maintained, the fact that breaking in changed the contents of the phone is grounds for dismissal since the evidence was tampered. (It's why they make great use of write blocker hardware and such).

Chances are, they will make sure the phone isn't the only link - they will hunt down other pieces of evidence that links the two people together other than the phone and make sure the phone's evidence is convenient, but not necessary nor needed.

And no, it cannot be used as a defense, but the defense can use it to exclude or toss out evidence. If the phone is the only link, then tossing that evidence can cause the prosecution's case to collapse since any subsequent piece of evidence may be excludable if it was obtained with faulty evidence.

But since the FBI will try to find more convenient evidence, they will try to avoid needing to present the phone to begin with - they just happened to find a piece of paper in the house linking the two people.

DMCA allows it

[raymorris]

I posted relevant portions of the law last week, if you care to read the details. There are two sections that are mainly relevant.

First, DMCA explicitly says that circumvention by or FOR the government is legal. So you can hack it if the government asks you to.

Secondly, and this is important to my job developing security testing tools, DMCA says twice that it is legal to create tools to research on the security of the measures as long as those tools aren't used, or intended to be used, for copyright infringement as specified in DMCA.

So it's a lot like gun laws in areas that have Constitutional gun laws - using a gun to commit a felony is an additional crime, but just having a gun is legal. Similarly, building a circumvention tool FOR THE PURPOSE of copyright violation is unlawful, but building it for research, security, and investigation purposes is fine.

Re:DMCA allows it

[Solandri]

Third, the phone belongs to the San Bernardino County government, not to the shooter. It was a work phone assigned to the shooter. So the copyright for anything on the phone belongs to the government (or more precisely since the government cannot hold a copyright, there is no copyright). And thus even if your first two points were invalid, there is still no DMCA violation.

This is why I've said all along that this is a bad case for Apple to be pursuing this line of objection. Basically, Apple was refusing to help a phone's owner break into their own phone after they'd lost the password. Apple's reasoning carried out to its logical conclusion (contents of a phone belong to the user, not the entity which paid for the phone) would've jeopardized the entire practice of company-provided phones and parents buying phones for their kids, as well as made you liable for erasing a thief's data if you ever managed to recover your phone from a thief.

Re:DMCA allows it

Technically all of that only applies to the copyright for things produced *by* the government. There's plenty of opportunity for the phone to contain a wide variety of copyrighted content, not the least of which is the operating system for the phone in question, which would have to have its access control software circumvented to get at any of the *other* content.

The entire second paragraph is a complete non sequitur, chained to further non sequiturs. (e.g.: A thief never owns the stuff he stole, so if the contents belong to the owner, then the contents never belonged to the thief either.)

so didn't the hacker violate DMCA?

[Maxo-Texas]

by going around the protective mechanisms?

So FBI hired someone they consider a criminal and ignored the crime.

Re:so didn't the hacker violate DMCA?

[Standard comment regarding DMCA violation not a problem when hacked on government orders.]

Taxpayers

I love how US taxpayer dollars go to support this organization created by and ran for homosexuals

Maybe there need to be some "clerical errors"

Perhaps some "clerical errors" in processing all that money we send to Israel to help them murder innocent women and children in Palestine. Perhaps then the vendor would be willing to cooperate with the preservation of human rights, if only just a little?

We all know Israel has the worst human rights record IN THE WORLD, but perhaps if you gut the little money grubbers off from the teat, they'll come around enough.

Shouldn't be hard to figure out

[schiefaw]

Supposedly, the exploit works on the 5c, but wouldn't work on the 6. It should not be that hard for Apple to check the design history to see what holes they plugged between those designs.

Re:Shouldn't be hard to figure out

[Wovel]

I think it is funny people think Apple does not already know what the FBI had done. They suggested several times that the FBI could get into the phone on their own.

They'll do what their told

Like most of us they will do what the courts tell them to, and unlike high level government officials lying to Congress, the courts tend to take a dim view of that when someone is caught doing it on the witness stand. That is one reason they are so anal about keeping Stingray and evidence laundering (aka parallel reconstruction) out of the eyes of the courts.

So was it worth it?

Did they get anything useful off of the phone?

Also, they could find out how it was done if they want to, forcing the company to divulge it, much like they (attempt) to force everyone else.

Genius Hack

Contact geniushack08'at'gmail'dot'com to hijack emails,school grades,social networks,mobile phones and phone calls,web servers and database,credit cards,bank accounts,text messages,criminal records,etc