Slashdot Mirror
FBI Had No Way To Access Locked iPhone After Terror Attack, Watchdog Finds (zdnet.com)
The FBI did not have the technical capability to access an iPhone used by one of the terrorists behind the San Bernardino shooting, a Justice Department watchdog has found. ZDNet: A report by the department's Office of Inspector General sheds new light on the FBI's efforts to gain access to the terrorist's phone. It lands almost exactly a year after the FBI dropped a legal case against Apple, which had refused a demand by the government to build a backdoor that would've bypassed the encryption on the shooter's iPhone. Apple said at the time that if it was forced to backdoor one of its products, it would "set a dangerous precedent." Syed Farook and his wife, Tashfeen Malik, killed 14 people in the southern Californian town in December 2015. The 11-page report said that the FBI "had no such capability" to access the contents of Farook's encrypted iPhone, amid concerns that there were conflicting claims about whether the FBI may have had techniques to access the device by the time it had filed a suit against Apple. Those claims were mentioned in affidavits in the court case, as well as in testimony by former FBI director James Comey.
Allegedly the FBI had techniques that could have opened the San Bernardino iPhone, and withheld them — even while FBI leadership was testifying differently in front of Congress!?
Continuing to discuss this topic just plays into the hands of people who want to take your rights away. By keeping the discussion going for years they start to normalize the idea that there is something to discuss - i.e. that both sides have merit. They don't. It is just a case of one side having no point but refusing to die. But by keeping the articles flowing the public starts to get the subtle "both sides must have a point" message.
You aren't just stepping onto the slippery slope, you are helping them spread the crisco. Just stop.
I guess FBI and the newspapers will keep repeating this story until they get their backdoor.
Itâ(TM)s quite interesting however that it seems no other nation has huge problems to retrieve forensic data from iPhones...
The FBI did not have the technical capability to access an iPhone used by one of the terrorists behind the San Bernardino shooting
So what? For most of the FBI's existence they didn't have access to any iPhones at all and yet somehow they still managed to be an effective police force. It is highly unlikely that any critical evidence was on the phone that could not be gathered by any other means or that the inability to unlock the phone would result in an acquittal. It's no different than if the phone was damaged or lost. The FBI can suck it up and do some old fashioned investigating. They have access to metadata, witnesses, video, testimony, and much more. If that isn't enough it's unlikely that the iPhones will make or break the case.
This is probably the only time I will agree with Apple but I am glad they stood up to the man. It doesn't matter if they have the capability or not. It only matters that due process is followed when it comes to obtaining that information.
Who needs the iPhone? iCloud backs all data up automatically.
Given the IRS's reign of auditing against the tea party and the DOJ vetting their activity with Bill Clinton at the airport I have more concerns about the federal government than I do about jihad.
The day will come and is already here when it won't matter if you are law abiding or not.
Continuing to discuss this topic just plays into the hands of people who want to take your rights away.
If you don't discuss the topic then the people who want to remove your rights will succeed in doing so. Heck we're still having to argue against idiots who think racism is good, vaccines are bad, homeopathy is effective, climate change isn't real, the moon landings were a hoax, evolution is a "theory", etc. If you don't engage the idiots and slap them down then the idiots will win by default.
Unfortunately we have a lot of news media that continue to present every story as if there are two equally valid sides to every argument. THAT needs to change. But the need to fight ignorance will never end.
Here's how the argument goes:
We must violate the Rights of peaceful, law abiding citizens and take away their guns because a small minority of the population misuses them to commit crimes, including murder.
We can't have a judicially overseen process to break the encryption on the personal devices of small minority terrorist or other criminals because it would infringe on the Rights of peaceful, law abiding citizens.
Did I get it right?
The FBI doesnt need access to the phone or its contents. Encryption will get stronger and no government will beable to bypass it.
Captcha: controls
Very misleading. FBI didn't pursue a solution internally and an outside vendor was found that could. So saying the FBI wasn't able to is incorrect. Did the FBI possess the technical ability at the time, perhaps not. Could they obtain it, YES!
"According to the report, FBI executive assistant director Amy Hess "became concerned" that the department chief of the Cryptographic and Electronic Analysis Unit (CEAU), the division charged with obtaining evidence from electronic devices, did "not seem to want to find a technical solution" that would unlock the shooter's phone.
The report added that the chief said he may have have known of a solution, "but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple.
The report found that nobody withheld knowledge of an existing technical capability, as Hess had feared, but the watchdog found that the CEAU didn't pursue all possible avenues in the search for a solution. http://www.zdnet.com/article/f...
agree with Apple but what if they do it for china but not for the usa then how will you feel?
If only Martin Luther King Jr. had been so lucky to not have his phone snooped on by the FBI, then they wouldn't have been able to try blackmailing him into suicide.
Go fuck yourself.
We must violate the Rights of peaceful, law abiding citizens and take away their guns because a small minority of the population misuses them to commit crimes, including murder.
Are you seriously comparing a purpose built weapon designed explicitly to kill living things with a multi purpose computer/phone? Spare me the false equivalency. Nobody is arguing for or against gun control here but it isn't at all the same issue or the same logic.
We can't have a judicially overseen process to break the encryption on the personal devices of small minority terrorist or other criminals because it would infringe on the Rights of peaceful, law abiding citizens.
When you can design an encryption system that isn't rendered useless by the presence of a back door then your strawman might be credible. Unfortunately the laws of mathematics are pretty inflexible and nobody has figured out a way to put in a back door that only trusted parties have access to. Even if we completely trusted the government (which we don't) it still would be a bad idea.
Did I get it right?
Not even a little bit.
I believe that the FBI is attempting to distract us from the critical, core issues of this debate. In arguing the technical details of accessing cell phones, they distract from the critical speech issues. They REALLY don't want us to ask:
The US government has managed to bypass the 1st, 4th and 5th amendments by creating and extending the 3rd party doctrine. This doctrine roughly states that once information passes out of an individual's direct control, he can no longer exercise any control over it. This gives the government easy access to huge amounts of shared information.
The "Responsible Encryption" debate is a new legal theory to destroy speech and freedom. It is a "No Party Doctrine". That is, No Party, except the government, is allowed to control information. The No Party Doctrine says that information is so important to the government, that nobody except the government should be allowed to control it. There is no information so sensitive, private or protected that it should escape government control. Since information is so important, individuals must not be allowed to control it through their speech, actions, tools, or situations.
The FBI is cheerfully stating that the creators of the constitution would have allowed complete government control if only they had realized that information was important to a criminal investigation.
We should denounce the "Responsible Encryption" proposals as a straightforward attack on our freedom of thought, speech and association.
Instead, we should act to limit the 3rd party doctrine and restore our rights of speech and association.
For the love of deity, someone invent unicode!!!!
Requiem for the American Dream
If the FBI cannot access the contents of dead terrorist's phones after they have committed their heinous acts then how can we expect them to properly close barn doors after the horses get out?
Maybe start weaning yourself (and others) off 'news' and TV more generally - if you can't stop them from spreading outright nonsense, you can at least stop listening to it.
Pretending idiots don't exist will result in the idiots winning. Boycotts don't work unless they involve enough people to really make a difference and to get that you have to have already changed minds rendering the boycott pointless. Worthwhile to try to convince others to listen to credible news sources but tuning out without ensuring others are tuning out too is a Bad Idea.
Personally, I don't care if the FBI has a backdoor. However, this was discussed since the early 1990s, and the point was driven home by all the leaks, that if a backdoor is in place, some other party will discover it. Does the FBI want to contribute to Chinese hegemony, allow Russian mobsters to target vulnerable firms for ransomware attacks, or just allow some Middle Eastern group that is well funded by anti-Western interests to make yet another NotPetya to do mass data destruction using the backdoor (assuming it allowed in-flight modification of data.)
I understand the FBI's want for it. However, as discussed innumerable times, backdoors will just bring far worse consequences. We had this same discussion when Clinton was pushing the Clipper Chip on everyone, mandating all encryption be done by it. Ironically, the LEAF fields were easily hacked and Skipjack was broken in days of its declassification.
Until then I'll just ignore all malformed comments.
It's already invented, but Slashdot is still stuck in 1988.
#DeleteFacebook
Not to sound macabre, but didn't the FBI have both the fingers (as well as everything attached) and the iPhone in their custody well before the required password timeout kicked in? I recall Apple suggested the phone was still free to use the biometric unlock while the FBI was in possession of everything they needed to do this.
So if I do recall correctly and if this is the case, then this watchdog's findings are not entirely true. Unless they mean the FBI doesn't have their shit together enough to access the terrorists phones.
The FBI at the time said they didn't have the ability to access these iphones and that was why they demanded backdoors. It took all this time for someone to say they didn't have the capability!
Also James Comey said nand mirroring doesn't work or was impossible and Sergei Skorobogatov shows how to do it and for less than $100 in parts and some fiddly soldering work.
What rights exactly are you referring to? What is the difference between the FBI reading a dead gunman's postal mail, and the FBI having Apple send an over the air update to unlock the dead gunman's phone.
If I really need to explain that to you please hand in your geek card. Breaking the encryption on the iPhone renders ALL encryption on the iPhone useless. It isn't just the government we are worried about here. If the US government can get into my correspondence then so can malware makers, foreign governments, thieves, etc. Any process used to open one iPhone effectively opens ALL iPhones. If I have to explain why that is bad then you need to go get some education before this discussion goes any further.
They already had full authority to seize all of the gunman's correspondence.
Authority != Ability. Furthermore there are civil rights issues in play here that extend FAR beyond the gunman's correspondence. I'm not worried particularly about the gunman. I'm worried about MY rights. We have limits on law enforcement because they have a LONG history of abusing their authority.
If he had a storage unit, would you oppose the FBI compelling them to hand over the key?
Him handing over a key to his storage locker does not render my storage locker accessible to thieves. Seriously? You don't see the difference?
The article says that the FBI didn't have the ability to "access" but the actual report says "exploit". The difference is that we know that the FBI had the ability to access the iCloud information that the phone shared but lost it when they disregarded Apple's advice on how to access that information. So the FBI had the ability to access some information on the phone. Also we know how to access the iPhone; guess the number combination. Given default settings with a forced delay, it would take 200+ days to unlock a 4 digit combination.
The report says that the FBI didn't have the capability to exploit the phone at the time of the Congressional hearings on the matter which is probably true. They probably possess some capability now depending on model and iOS version.
Well, there's spam egg sausage and spam, that's not got much spam in it.
This is verifiably false. There are companies available to the FBI who can unlock all of the data available on phones today. Anyone saying the information isn't available is a liar. Period.
So good.
Doesn't matter nearly as much as the FBI funding cut to track right wing terrorists. #MAGA
Ummm, evolution is absolutely a scientific theory.
It is a theory (meaning model), not a "theory" (meaning unproven). Evolution is only a "theory" in the syntactic sense as used to describe scientific arguments. That's why I used the quotes. People who argue against it argue that it is a "theory" using a different definition of the term theory to disingenuously argue that it somehow is still an open question as to whether it is real. In reality it is about as debatable as whether gravity exists.
Let's say there was a back door. Couldn't he still have smashed the thing with a hammer and thrown it in a lake before going full-on Jihad? What's next, mandate automatic cloud backup of all data, because someone might destroy a device before committing a crime?
Because the phone did not belong to the terrorist. It belonged the San Bernardino County government. It was assigned to the terrorist for work use (i.e. he didn't own nor pay for it, and he was only supposed to use it for tasks which the owner could audit anyway). On top of that, the guy was dead, and legally thus far your human rights evaporate upon death.
Apple spun it as a privacy issue, as if the government were trying to get into your personal phone, and the press ate it up. That wasn't the case here at all. The closest personal analogy would be if you bought an iPhone for your kid with the clear understanding that it was only on loan to him, and he ended up being killed while committing a crime which made national headlines, and the police wanted to see if the contents of the phone you bought him might help their investigation, but you didn't know your kid's password. The precedent that was set wasn't that Apple wouldn't help the police break into your phone. The precedent that was set was that Apple wouldn't help you break into your own phone.
There was a backup. The phone belonged to the terrorist's public employer who were cooperating to provide access. The FBI requested that San Bernardino reset the phone password which then caused the phone to stop syncing data which had not yet been backed up (correct and expected behavior).
So, it was the FBI's error that caused the phone data to be potentially important in the first place. Of course, the FBI did not actually know (and could not know) whether there was additional data on the phone or not, so the importance of the phone itself was highly speculative.
They're just not admitting to the capability.
It's possible to build a hack-resistant backdoor into something like an iPhone, but it's just not economical unless the value of a key-escrow system is extremely high.
The key things that make it hack-resistant are:
* Difficulty and cost of decrypting a device is high
* Decrypting a device requires lots of human effort, lots of time, and physical access to many different things which are not in the same place.
* Decrypting one device does not get you any closer to decrypting similar devices
One solution - listed below - amounts to a version of the key-escrow schemes proposed by the United States in the 1990s.
Each phone would have a an encrypted version of a unique random key burned into the hardware, not directly accessible by the device, and indirectly accessible only through something akin to the iPhone's security module.
The key to decrypt this key would be be that phone's "back door." If you can decrypt the key that belongs to a given phone, you can decrypt the entire phone.
In other words, if "A" is the magic key that can decrypt the phone, and "B" is encrypt(A, key), then B is burned into the phone and "key" (or its private-public counterpart) is the phone's "back door."
These "back doors" would not be stored electronically. Rather, they would be stored offline, possible even on paper, split into multiple pieces, each piece itself encrypted, and the results stored in different locations. The idea being that a significant amount of human and computational effort would be required to re-assemble the pieces even if there was a court order.
So, for each phone, "key" would be divided into many pieces, K1 through KN. Each of them would be encrypted and the encrypted versions stored offline across a wide geographic area, all under tight physical security. Of course, the key that could be used to decrypt K1 through KN would also be stored under tight security and not stored on any network-connected device.
Of course, one a computer or phone's keys had been re-assembled, for all intents and purposes that device will never be secure again.
The system has several advantages over other backdoor proposals:
* There is no "you broke it for all devices" situation like when DVD encryption was broken.
* It's very difficult, difficult enough to deter random "fishing expeditions" by law enforcement and even deter all but the most "high value" targeted "fishing expeditions"
As a backdoor, this system is not without its weaknesses:
* There is a short window during manufacturing where the key can be stolen without anyone knowing about it. For example, if a manufacturer were coerced by a government, or if an employee with such access were being blackmailed.
* If a key is recovered and the device is not destroyed, future owners may believe they have a secure device, when in fact they do not.
* There are still some sensitive keys, such as the key that can be used to decrypt the parts that are geographically dispersed.
* I'm sure there are other weaknesses, after all, this is just one guy thinking off-the-cuff somewhere on the Internet, not an academic making sure his proposal will pass peer review.
Countries which are not free but who wish to have the veneer of freedom may want to have phones that are "secured" in this way. If the people correctly believe that it will cost their police force weeks of time and hundreds of thousands of dollars to decrypt their phones, it will cut down on the fear that exists in most police states, which will help those in power stay in power longer. I'm especially thinking of countries like China and Russia, but I'm sure more than a few readers have some English-speaking countries in mind as they read this.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
On top of that, the guy was dead, and legally thus far your human rights evaporate upon death.
That is patently not true, although I have been hearing rumblings of it recently.
When you die, your rights pass on to your next-of-kin, and it has always been this way. Otherwise, upon a person's death the government (or anyone else for that matter) could legally seize all property that was under said deceased person's name.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
backdoors don't stop attacks. guns don't stop attacks. people will still get killed.
Do you mean they bullied a fellow employee without realizing he was also a budding terrorist.
If the FBI would actually do their job, they would have had access to those phones via warrant BEFORE the whole thing went down.
It turns out, most of the crazy shit happening today is usually KNOWN to the FBI before the SHTF, they just never do anything or act upon this information.
If you get word that X is gonna shoot up a bus full of Nuns, you get a warrant going and you start watching the folks in question. Hell, even Apple will help you if you have a proper warrant.
But, going back to at least 9/11, that's just not how Federal Law Enforcement or Intelligence operates.
Sad.
The real headline should read...Other than the solution the FBI knew about and used at the last second before going to a trial they would lose, the FBI didn't know of a solution. The Justice Department will allow even the most ludicrous burial of heads in sand to be an excuse.
There. That's what happened as the details of the article show.
I don't buy the argument that unlocking one phone is tantamount to a backdoor to all phones.
Then you don't understand the technology at work. With any encryption if you break it on one device you have de-facto broken it on every device that shares that encryption system. That's how it works like it or not. It is analogous to the act of creating a key. If you hand a key to a third party (even a trusted one) that key can (and probably will) be copied without your knowledge or consent. If there is a backdoor with a weak or nonexistent key there is no way to hide it so that only the "good" guys have access.
He obviously had the PR department go over this with him.
Of course he did. That doesn't mean is he wrong. He is absolutely correct that any tool created to circumvent encryption WILL be used in ways that were not intended or authorized. Including by law enforcement which has a LONG history of abusing their authority.
The FBI and Apple both chose to appeal to the public. Apple inserted privacy and security language in their response, and won. That sounds great except next time the request won't be public so you won't even know how it turns out, and Apple will be just fine with that, because the illusion is maintained.
Oh so you are going with the conspiracy theories now? Apple has been very public about the fact that they cooperate with law enforcement. The line in the sand they drew was in breaking or circumventing their encryption. Why? Because there is no way to break/circumvent solely for law enforcement and the first thing their competition would do is point that fact out. Apple isn't doing this because of some moral compunction. They are doing it because breaking encryption is bad business for them. The FBI is asking them to do something contrary to Apple's profit motive.
I want law enforcement to have access. But only with a warrant. This should be treated no different that snail mail, as it's the private communications of individuals, but the system has managed to pervert that by claiming that there should be no expectation of privacy. THAT needs to be fixed.
Just another day in Paradise