"The ruling is not binding in any other court"
"Orenstein found that the All Writs Act does not apply in instances where Congress had the opportunity but failed to create an authority for the government to get the type of help it was seeking, such as having firms ensure they have a way to obtain data from encrypted phones."
So he is saying, OK if you want it, put it in law explicitly and see how the voters react to it.
More like "change the law that says you can't".
In the section of CALEA entitled “Design of features and systems configurations,” 47 U.S.C. 1002(b)(1), the statute says that it “does not authorize any law enforcement agency or officer —
(1) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
The surviving conspirator, Enrique Marquez, HAS been charged. Apparently he bought the guns used in the attack and otherwise assisted in this attack and previously planned attacks.
So has anything else the shooter used at his work been declared evidence in the case against Enrique Marquez? I guess his stapler could have been used as a weapon...
The All Writs Act is quite broad, and says the Courts have the authority to issue any order you can imagine that is "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." So the Court has the authority to use the All Writs Act to aid the investigation, and get info off the phone. There really isn't any way for Apple to dispute that bit.
Yes there is - because the AWA specifically is not applicable when there is legislation regarding the issue at hand. In this case it's the Communications Assistance for Law Enforcement Act
Well, given the iPhone 5c in question is property of the San Bernardino County, I don't really think both cases are similar in any way. There is no need to charge anyone, the iPhone is government property, there shouldn't be any personal and/or private data on it. It ends up with the government asking Apple to unlock a government property.
Why should a company be forced to get information off a phone in a very complicated way when the owners together with the FBI by malice or incompetence voided the option to restore it easily? Even more to the point: why should any government entity be allowed to operate phones without mobile device management software on it, that would allow them to access any of their phones no matter what passcode their employee has set?
Especially when almost everybody with experience believes there's not a thing of interest on the phone? Not the least because it wasn't his nor his wife's private phone which they destroyed, but a government owned phone which he likely suspected to not be "safe".
All Writs Act essentially just says that the courts can do stuff without needing micromanaging from congress.
Unless congress has already done that micromanagement, then they can't. In this case it's called "Communications Assistance for Law Enforcement Act".
In the section of CALEA entitled “Design of features and systems configurations,” 47 U.S.C. 1002(b)(1), the statute says that it “does not authorize any law enforcement agency or officer —
(1) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
(2) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
Demanding that Apple force its programmers to write custom software THAT DOES NOT NOW EXIST to allow the FBI to break into one particular iPhone is "unreasonable"
But what if the software does exist? Asking "Hey, can you change a couple of variables, and recompile" is not very burdensome.
Yes. And that is what they will claim in the next cases already piling up, because then, not now, the software will exist.
Apple has claimed it will take "two to four weeks [...] for six to ten Apple engineers and employees dedicating a very substantial portion of their time" to comply with the government's request.
If a company the size of Apple can spend about $100,000 of developer time to get to your data, I think it is only semantics to say the back door doesn't already exist. It would be the equivalent of me saying your house is secure from me breaking in because it would cost me 25 cents to create a master key to your home.
You very obviously don't understand - if Apple did what they are told to, after a couple of weeks the iPhone still wouldn't be "cracked", It just wouldn't be unreasonably hard to crack it anymore. Well, at least if the guy actually only used a 4-digit key to lock the phone,
Provided the iPhone is San Bernardino's county property, the privacy issue is nullified. Apple should stop playing the wrong game here and give the FBI what it asks for in this particular case,
Don't you mean the San Bernardino's county should give the FBI what it wants, since it's their fucking phone?
I forgot to mention: if the dumb terrorist only uses a 4-digit passcode, why would he care to enable the ten-attempts-auto-destcruct? And if he is smart enough to erase all the computers in his possession (which the FBI claims) - why the hell wouldn't he also wipe his iPhone, easily done over the web on the Find-my-iPhone site?
A dumb suicide bomber doesn't use a 50 character passphrase.
But he somehow uses top-secret encrypted messaging software to communicate with every single member of ISI, Al Qaeda and Hamas, and the FBI could read all of his communication if they just had that 4-digit code. But not any other way.
FBI didn't actually ask for the code involved though. They said Apple could do this at their facility as long as the FBI have remote access to do their brute force after the patch/update/backdoor was applied.
Ahh, so what exactly would then prevent them from accessing the modified OS that is running on that iPhone they have full remote access to?
FBI wants to brute force the phone. The phone is set to erase all content after 10 attempts. They have asked Apple to modify the phone to allow unlimited attempts and give them a method to automate trying lots of codes at high speed. It's a 4 digit PIN code so easily brute forceable in =10000 attempts if Apple did that so computing power is not the issue.
Well, yes and no. "The passcode is entangled with the device’s UID, so brute-force attempts must be
performed on the device under attack. A large iteration count is used to make each
attempt slower. The iteration count is calibrated so that one attempt takes approximately
80 milliseconds. This means it would take more than 5½ years to try all combinations
of a six-character alphanumeric passcode with lowercase letters and numbers"
Just so that the debate here is a little more well-informed:
The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would:
1) Disable the auto-erase feature
2) Allow the FBI to brute force submit password guesses to the phone, and
3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock.
I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.
One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can't they do it today?
But the most likely explanation for this policy is probably the simplest one: Apple was never really 'cracking' anything. Rather, they simply had a custom boot image that allowed them to bypass the 'passcode lock' screen on a phone. This would be purely a UI hack and it wouldn't grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn't encrypt all of the phone's interesting data using the passcode, the unencrypted data would be accessible upon boot.
No way to be sure this is the case, but it seems like the most likely explanation.
To me the problem is not the inability to crack the information on the iPhone. But the fact these two got into the country with no red flags, no surveillance and not even a hint of what they were doing.
What do you mean - "got in"? Unlike Ted Cruz, the guy was actually Born in the USA.
"Scientists" should understand the difference between the low earth orbit that an ICBM can almost achieve versus intercepting an object in deep space.
Actually, "scientists" may not be talking about ICBMs at all (despite the article first claiming so), because when it goes to the vague details of the plan there's suddenly an additional word: "The Russians would like to test their ICBM defense system on 99942 Apophis..."
and recall "iPhone has secret software that can be remotely activated to spy on people, says Snowden" ( 21 January 2015)
http://www.independent.co.uk/l... ".. published files from the NSA showed that British agency GCHQ used the phones UDIDs — the unique identifier that each iPhone has — to track users."
Well, that software obviously needs the user to type in his passkey to be used, else the FBI could just use it, no?
Very nice explanation, thanks. But help me out here... at some point software reads that key and uses the key to create encrypted data. How safe is __that__ code from being used to detect the key. Is the whole crypto library located on the enclave?
"Every iOS device has a dedicated AES 256 crypto engine built into the DMA path
between the flash storage and main system memory, making file encryption highly
efficient.
The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused
(UID) or compiled (GID) into the application processor and Secure Enclave during
manufacturing. No software or firmware can read them directly; they can see only the
results of encryption or decryption operations performed by dedicated AES engines
implemented in silicon using the UID or GID as a key. Additionally, the Secure Enclave’s
UID and GID can only be used by the AES engine dedicated to the Secure Enclave.
Slashdot Mirror
The FBI has said that what they're asking of Apple, is something which Apple has done 70 times before for them. So it's not really burdensome.
So you claim the FBI is as much a liar as you are? Fuck, even the EFF says you are a liar, and they claimed Apple build DRM into their headphones.
"The ruling is not binding in any other court" "Orenstein found that the All Writs Act does not apply in instances where Congress had the opportunity but failed to create an authority for the government to get the type of help it was seeking, such as having firms ensure they have a way to obtain data from encrypted phones." So he is saying, OK if you want it, put it in law explicitly and see how the voters react to it.
More like "change the law that says you can't".
In the section of CALEA entitled “Design of features and systems configurations,” 47 U.S.C. 1002(b)(1), the statute says that it “does not authorize any law enforcement agency or officer —
(1) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
The surviving conspirator, Enrique Marquez, HAS been charged. Apparently he bought the guns used in the attack and otherwise assisted in this attack and previously planned attacks.
So has anything else the shooter used at his work been declared evidence in the case against Enrique Marquez? I guess his stapler could have been used as a weapon...
The All Writs Act is quite broad, and says the Courts have the authority to issue any order you can imagine that is "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." So the Court has the authority to use the All Writs Act to aid the investigation, and get info off the phone. There really isn't any way for Apple to dispute that bit.
Yes there is - because the AWA specifically is not applicable when there is legislation regarding the issue at hand. In this case it's the Communications Assistance for Law Enforcement Act
Well, given the iPhone 5c in question is property of the San Bernardino County, I don't really think both cases are similar in any way. There is no need to charge anyone, the iPhone is government property, there shouldn't be any personal and/or private data on it. It ends up with the government asking Apple to unlock a government property.
Why should a company be forced to get information off a phone in a very complicated way when the owners together with the FBI by malice or incompetence voided the option to restore it easily? Even more to the point: why should any government entity be allowed to operate phones without mobile device management software on it, that would allow them to access any of their phones no matter what passcode their employee has set?
Especially when almost everybody with experience believes there's not a thing of interest on the phone? Not the least because it wasn't his nor his wife's private phone which they destroyed, but a government owned phone which he likely suspected to not be "safe".
Well, given the iPhone 5c in question is property of the San Bernardino County...
Criminal evidence is not government property. The owners of the iPhone are the next of kin in accordance with inheritance law.
It was the shooters work provided phone, not his personal property. He worked for San Bernardino County.
All Writs Act essentially just says that the courts can do stuff without needing micromanaging from congress.
Unless congress has already done that micromanagement, then they can't. In this case it's called "Communications Assistance for Law Enforcement Act".
In the section of CALEA entitled “Design of features and systems configurations,” 47 U.S.C. 1002(b)(1), the statute says that it “does not authorize any law enforcement agency or officer —
(1) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
(2) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
Demanding that Apple force its programmers to write custom software THAT DOES NOT NOW EXIST to allow the FBI to break into one particular iPhone is "unreasonable"
But what if the software does exist? Asking "Hey, can you change a couple of variables, and recompile" is not very burdensome.
Yes. And that is what they will claim in the next cases already piling up, because then, not now, the software will exist.
The back door is already there.
Prove it or STFU
Apple has claimed it will take "two to four weeks [...] for six to ten Apple engineers and employees dedicating a very substantial portion of their time" to comply with the government's request.
If a company the size of Apple can spend about $100,000 of developer time to get to your data, I think it is only semantics to say the back door doesn't already exist. It would be the equivalent of me saying your house is secure from me breaking in because it would cost me 25 cents to create a master key to your home.
You very obviously don't understand - if Apple did what they are told to, after a couple of weeks the iPhone still wouldn't be "cracked", It just wouldn't be unreasonably hard to crack it anymore. Well, at least if the guy actually only used a 4-digit key to lock the phone,
Because maybe the phone will lead to other connections, people willing to do the same violent act...?
You mean his co-workers, who are also as unhappy about their co-workerst that they want to kill them?
Provided the iPhone is San Bernardino's county property, the privacy issue is nullified. Apple should stop playing the wrong game here and give the FBI what it asks for in this particular case,
Don't you mean the San Bernardino's county should give the FBI what it wants, since it's their fucking phone?
It doesn't have the fingerprint sensor. If it did, they could have unlocked it right there on the spot with the finger attached to the corpse.
Yeah, unless they didn't use the correct finger three times in a row. Even terrorists have more three fingers before blowing themselves up.
I forgot to mention: if the dumb terrorist only uses a 4-digit passcode, why would he care to enable the ten-attempts-auto-destcruct? And if he is smart enough to erase all the computers in his possession (which the FBI claims) - why the hell wouldn't he also wipe his iPhone, easily done over the web on the Find-my-iPhone site?
A dumb suicide bomber doesn't use a 50 character passphrase.
But he somehow uses top-secret encrypted messaging software to communicate with every single member of ISI, Al Qaeda and Hamas, and the FBI could read all of his communication if they just had that 4-digit code. But not any other way.
FBI didn't actually ask for the code involved though. They said Apple could do this at their facility as long as the FBI have remote access to do their brute force after the patch/update/backdoor was applied.
Ahh, so what exactly would then prevent them from accessing the modified OS that is running on that iPhone they have full remote access to?
FBI wants to brute force the phone. The phone is set to erase all content after 10 attempts. They have asked Apple to modify the phone to allow unlimited attempts and give them a method to automate trying lots of codes at high speed. It's a 4 digit PIN code so easily brute forceable in =10000 attempts if Apple did that so computing power is not the issue.
Well, yes and no. "The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers"
Are you telling me that the default behaviour of an iphone is to destroy the keys if someone punches in some random unlock shit 10 times?
Imma have some fun with this.
"Hey that's a nice phone, mind if I have a look?"
"To further discourage brute-force passcode attacks, there are escalating time delays after the entry of an invalid passcode at the Lock screen. "
Just so that the debate here is a little more well-informed: The government is not asking that Apple give out the user's password, or decrypt the phone, both of which they cannot just do (i.e. are incapable of performing). The request is that Apple produce a piece of iOS software or boot image (as I understand it), that would: 1) Disable the auto-erase feature 2) Allow the FBI to brute force submit password guesses to the phone, and 3) Disable or reduce the increasing-delay-between-guesses feature of the passcode lock. I would be curious to know whether for this iPhone 5c (with iOS 9) this is even possible for Apple to do.
http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html:
Addendum: how did Apple's "old" backdoor work?
One wrinkle in this story is that allegedly Apple has been helping law enforcement agencies unlock iPhones for a while. This is probably why so many folks are baffled by the new policy. If Apple could crack a phone last year, why can't they do it today?
But the most likely explanation for this policy is probably the simplest one: Apple was never really 'cracking' anything. Rather, they simply had a custom boot image that allowed them to bypass the 'passcode lock' screen on a phone. This would be purely a UI hack and it wouldn't grant Apple access to any of the passcode-encrypted data on the device. However, since earlier versions of iOS didn't encrypt all of the phone's interesting data using the passcode, the unencrypted data would be accessible upon boot.
No way to be sure this is the case, but it seems like the most likely explanation.
To me the problem is not the inability to crack the information on the iPhone. But the fact these two got into the country with no red flags, no surveillance and not even a hint of what they were doing.
What do you mean - "got in"? Unlike Ted Cruz, the guy was actually Born in the USA.
"Scientists" should understand the difference between the low earth orbit that an ICBM can almost achieve versus intercepting an object in deep space.
Actually, "scientists" may not be talking about ICBMs at all (despite the article first claiming so), because when it goes to the vague details of the plan there's suddenly an additional word: "The Russians would like to test their ICBM defense system on 99942 Apophis ..."
and recall "iPhone has secret software that can be remotely activated to spy on people, says Snowden" ( 21 January 2015) http://www.independent.co.uk/l... ".. published files from the NSA showed that British agency GCHQ used the phones UDIDs — the unique identifier that each iPhone has — to track users."
Well, that software obviously needs the user to type in his passkey to be used, else the FBI could just use it, no?
Very nice explanation, thanks. But help me out here... at some point software reads that key and uses the key to create encrypted data. How safe is __that__ code from being used to detect the key. Is the whole crypto library located on the enclave?
"Every iOS device has a dedicated AES 256 crypto engine built into the DMA path between the flash storage and main system memory, making file encryption highly efficient.
The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused (UID) or compiled (GID) into the application processor and Secure Enclave during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed by dedicated AES engines implemented in silicon using the UID or GID as a key. Additionally, the Secure Enclave’s UID and GID can only be used by the AES engine dedicated to the Secure Enclave.
Troll-fu is a tough art to master.
Is trollfu like tofu, just made with trolls instead of the real thing?
What more does the FBI want? The suspects are dead. Stop spending money on diminishing returns.
Presumably they want info on who they where talking to. If the shooters had accomplices, the FBI wants to know who they are.
The obvious solution would have been to not kill the suspects.
"and to the really smart criminals"
You mean the FBI?
He said something about "smart".