FBI Director 'Not Trying to Set Precedent' With iPhone Unlock Demand

[JohnGrey]

Just to play devils advocate. The other precedent is, "Global corporation decides they are above the law, snubs FBI request” ?

That's the problem that Apple has with this discussion, and they haven't been doing enough to frame the debate in these terms: it's not just them electing not to comply the order, they need to make it clear that they are declining because they feel the order is unconstitutional and therefore lacks the force of law.

Instead, they're trying to frame the debate in technical terms, some of it so arcane that perhaps 5% of population has sufficient experience to understand the details. It really is in their interest to engage a person of high technical qualification to speak on their behalf, someone like Jonathan Zdziarski, who is perhaps one of the foremost experts on iOS security and forensics, and who has written extensively about this case on his blog, for the technical explanations, and retain a dynamite constitutional lawyer for the other side of their strategy.

 

[tgara]

There is a huge difference. If I use a 12 digit AN code best of luck. Now if they can just extract the data and it's unencrypted irrespective of the passcode/password ... not the same.
[doublepost=1456181509][/doublepost]

Technically, I'll take your word for it. Thanks for clarifying.

Legally, however, there is no difference. And that's what's important here, not the tech.

 

[JohnGrey]

But in this case, it's protected by only a 4 digit PIN, which means there is no real protection against brute force once the 10 guess limit and time delays are removed. What happens next time when a bad guy uses a 15+ digit passphrase and the FBI can't brute force it? They will immediately demand that the encryption itself be backdoored, and we're back to the Clipper Chip debacle of the 90's. This is something they have already demanded.

2011: FBI Director Robert Mueller vists Silicon Valley campaigning for backdoors -- https://www.schneier.com/blog/archives/2011/10/fbi-sponsored_b.html

September 2014: Justice Department has a conniption over Apple's and Google's new encryption schemes in iOS and Android -- https://www.techdirt.com/articles/2...-decision-to-encrypt-phone-info-default.shtml

September 2014: FBI Director James Comey says the FBI has had contact with Apple and Google about encryption. As a bonus, John Escalante, chief of detectives for the Chicago PD, says the iPhone will be the phone of choice for pedophiles -- https://www.washingtonpost.com/news.../09/26/the-phone-of-choice-for-the-pedophile/

October 2014: FBI Director James Comey speaks at the Brookings Institution hinting that "the administration might seek regulations and laws forcing companies to create a way for the government to unlock the photos, emails and contacts stored on the phone" -- http://www.nytimes.com/2014/10/17/u...-devices-hindrance-to-crime-solving.html?_r=0

October 2014: For the first time in over a decade since the crypto export regulations were revised, a company was fined, fundamentally changing how the rule is enforced -- https://www.bis.doc.gov/index.php/a...0-penalty-for-unauthorized-encryption-exports

related to the above: http://www.goodwinprocter.com/Publi...on-Exports-May-Be-Treated-More-Seriously.aspx

This is just a small piece of the larger context in which we must place the FBI's comments. The San Bernardino attack is only a pretext. I will post some more links when I get the chance.

This, precisely. This whole base process will not end till its struck down irrevocably by the courts or until there's no encryption standard left in this country, which will mean massive theft and far more damaging acts of terrorism that the deplorable loss of life in San Bernadino. That's exactly the the FBI and the federal government have made this appeal regarding the massacre there, and why they always invoke child molestation. Extreme emotional reactions are the only means by which one party can incite another party to act against its rational self-interest. It's neurolinguistics 101.
[doublepost=1456183576][/doublepost]For anyone that believes the order is a non-issue and that Apple should comply, read very carefully:

The basic facts - http://www.zdziarski.com/blog/?p=5638#more-5638
Why it's a terrible idea - http://www.zdziarski.com/blog/?p=5645

 

[dk001]

Even if you are right (which you are not btw), the valid court order does indeed compel them to help in THIS case. See paragraphs 2 and 3, especially.

https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6053155/in-the-matter-of-the-search.0.pdf

No it doesn't. See my post (#119). Apple has the right to appeal based on the reasons they come up with. That is what the hearing on March 22 is for - the details to be heard in court.
[doublepost=1456183749][/doublepost]

Technically, I'll take your word for it. Thanks for clarifying.

Legally, however, there is no difference. And that's what's important here, not the tech.

Guess we agree to disagree

 

[Trius]

Dress it up which ever way you like sport, if they have had a legal and official demand from a judge and decided not to comply……

You know what. If I chose not to pay my council tax and the powers that be handed down an order that I defied, (whatever the reason means to me), I’d be taken to the cleaners.

What if you were ordered to invent a new thing that doesn't exist (because the last thing you invented was done too well) on your own time with no plan of compensation? Oh, and it will mark the downfall of your billion dollar private business.

Why don't they go after Masterlock when they run into a padlock with no key? Because that's stupid. New tools had to be created by third parties to circumvent the technology, bolt cutters, lock picks, etc.. The FBI should be putting its effort into breaking the encryption if they need in so bad, or you know, do real investigative work like they're supposed to do.

 

[tgara]

No it doesn't. See my post (#119). Apple has the right to appeal based on the reasons they come up with. That is what the hearing on March 22 is for - the details to be heard in court.

OK, fine, I can play the hyper technical game too. The March appearance is not an appeal at all. It's a "show cause" hearing (the legal term is relief/opposition motion to the government’s motion) as to why Apple should not or could not comply with the court order. Its all part of due process. If they lose on that, then they can appeal. I guess you missed that day in Civ Pro class in law school, eh?

 

[Tech198]

yes, and how does privacy come into all this ?

If its only to this one phone, then ok, as how it should be......

Try and see Apple.... Its your phone,,, you have control anyway..

By not mentioning something, this what the government is the only ting their good at i would say.

 

[dk001]

OK, fine, I can play the hyper technical game too. The March appearance is not an appeal at all. It's a "show cause" hearing (the legal term is relief/opposition motion to the government’s motion) as to why Apple should not or could not comply with the court order. Its all part of due process. If they lose on that, then they can appeal. I guess you missed that day in Civ Pro class in law school, eh?

Never been to law school and wasn't trying to be technical by any stretch of the imagination. Have had more than a few legal / law classes (corporate, regulatory) over the years. Zzzzzz...

That post (#119) detail came from the LA Times who got it from the court and various other sources. It was the most complete I found and reflects/confirms information that has cropped other in other periodicals, news sources, Apple, and the FBI. Take it for what it's worth. If you want to make it a tad more "techy", go for it.

 

[garylapointe]

I've thought about that too - but as I understand it, you can put your phone into DFU mode (Device Firmware Upgrade mode), connect your phone to iTunes, and without a passcode, you can update your operating system.

The only firmware allowed to update the phone in this mode is Apple-signed code. So, yes, I think Apple can do this. This is sort of Apple's backdoor that exists already.

IF that's true then I supposed it would work. From everything I've been reading I was thinking it wasn't possible to do but I guess they do have the option.

Apple doesn't want to create this version of the OS, because Apple can't just destroy it, it will be needed every other day when the FBI wants to unlock yet another phone. So, this OS will have to be kept somewhere within Apple. This opens it up to the possibility of an employee leaking this OS out somewhere defeating all of Apple's security. Additionally, the employees who create this could simply re-create it out in the wild when they leave Apple, as they know how to do it.

I agree that would be the problem with creating it, but I'd think anyone (of the few people) who knows how to compile up a signed copy of the operating system could do this already; change 10 passcode attempts to unlimited and it'd be good to go. (In regards to the hypothetical people who leave, they'd still need whatever is needed to sign it.)

I do see this as something Apple wouldn't want to do and I agree with that.

Gary

 

[duffman9000]

This, precisely. This whole base process will not end till its struck down irrevocably by the courts or until there's no encryption standard left in this country, which will mean massive theft and far more damaging acts of terrorism that the deplorable loss of life in San Bernadino. That's exactly the the FBI and the federal government have made this appeal regarding the massacre there, and why they always invoke child molestation. Extreme emotional reactions are the only means by which one party can incite another party to act against its rational self-interest. It's neurolinguistics 101.
[doublepost=1456183576][/doublepost]For anyone that believes the order is a non-issue and that Apple should comply, read very carefully:

The basic facts - http://www.zdziarski.com/blog/?p=5638#more-5638
Why it's a terrible idea - http://www.zdziarski.com/blog/?p=5645

This should be added to the first post and be mandatory reading.

 

[IHelpId10t5]

What happens next time when a bad guy uses a 15+ digit passphrase and the FBI can't brute force it? They will immediately demand that the encryption itself be backdoored, and we're back to the Clipper Chip debacle of the 90's.

This is of course the issue at hand and 556fmjoe has some nice citations to show where this is going. It's always been about prohibiting the general public from having or using strong encryption. And, for the seemingly small number of Americans that seem to understand the issue, they also understand that there is strong encryption and useless encryption -- there is no in between. The goal of the Feds. is to prevent the use of strong encryption of consumer devices and computers so their job can be easy at the expense of the safety and security of every user of electronics on the planet.

The terrorism part means nothing and the threat from terrorists "going dark" is trivial compared to the absolutely certain losses of life, liberty, financial protections, privacy, ... that WILL occur if strong encryption is no longer available to consumers. Lets be clear that they are "striking while the iron is hot" so they can take advantage of the terrorism FUD propaganda that is currently in every single right-wing political commercial that plays incessantly on every TV channel.

 

[maxsix]

I'm not one to trust the government. But it does seem that Tim Cook is grandstanding in front of the Apple Faithful. If nothing else there's certainly a hint of conflict of interest here. Apple is wedged in a very difficult spot because of this. After years of bragging about Apple products security, the true test is about to take place.

 

[H2SO4]

That happens, and to answer your question: "Sadly not nearly as much as I'd want", but as a poster on Facebook or Twitter, you, and you only, control what info you decide to post there. I suspect most savvy terrorists, and with the constant exposure of crimes solved by cracking seized computers, increasingly even ordinary career criminals with an IQ over 110, wouldn't leave an incriminating trail of evidence in their search history.

Terrorists are getting smarter and more sophisticated. Weakening our smartphones with forced decryption as an option, will move the terrorists to alternate methods of communicating their evil intentions, thus making us no safer, while all law abiding citizens will once again have been scammed to give up more privacy and freedom under the guise of patriotism.

This is exactly what I was talking about. You’ve actually helped illustrate the point.
Trouble is I’m not on Facebook/Twitter - it’s the friends and family that are. Then their friends and family are ’share' and before you know it……
Everyone is getting smarter. Over time Joe Public has a harder and harder time with the digital world. The gap between how familiar he is with the technology and how quickly it is advancing will forever widen regardless of what happens in this case.
[doublepost=1456217018][/doublepost]

No, actually any individual or entity has the right to say "no" and appeal the decision. Apple is not stuck unless/until the case is heard by the Supreme Court. Hopefully they can tie this up in litigation for years, or at least until we get enough elected representatives with a spine who will pass legislation that will block the FBIs backdoor attempt, and set law to protect encryption/privacy.

Well then the oposite also applies and we have no story or headline. The FBI is not stuck either.
[doublepost=1456217229][/doublepost]

Fortunately you don't run the US judicial system. The way it works is that when a judge or jury issues an order that a party deems unjust they are afforded the opportunity to appeal it. Don't look for this order to stand up on appeal. Especially not in the 9th Circuit.

Fortunately you have no idea what I do or don’t run. We’ll see what happens on the 26th.
[doublepost=1456217572][/doublepost]

No, it is "Global corporation makes a sensible case to the US Courts that the FBI's request is an undue burden under the All Writs clause, and that the requested hack would be an inevitable loss of the rights of privacy for all Americans [and other non-American peoples if they count for anything] without providing any reasonably robust new tools for the FBI to use in this or future cases".

I know, seeing a rational and well-constructed argument lead to a law being properly applied (or not applied as in this case) is indeed a very dangerous precedent.

Semantics, you can change the wording to whatever you like. Even if this case was about Tim Cook getting served a court order to make breakfast for all of the DAs in US, if he says no for whatever reason he is NOT complying. He can say why he can’t comply, or shouldn’t comply or won’t comply.
But he has not complied. We’ll see soon though.
[doublepost=1456218066][/doublepost]

I wish people would get it right: Apple did not unlock, they merely extracted and delivered. They had no need to unlock. With iOS 8 and beyond, extraction only gets you encrypted data.
[doublepost=1456180207][/doublepost]

So many get this wrong and quote headlines stating "Unlock". Thanks for the link.

The bit that I took from that was;
It’s worth noting that in its statements to the court in the New York case, the government never says Apple unlocks devices, but rather that it bypasses the lock to extract the information.
Now, if I help you get into my house by bypassing the lock on my front door, do I really care? The fact is you are in. I may as well have given you the key myself.

 

[CaTOAGU]

Just to play devils advocate. The other precedent is, "Global corporation decides they are above the law, snubs FBI request” ?

I don't think it is. If it was just a request then Apple would not be placing themselves above the law by ignoring it. Encryption is legal, Apple is doing nothing wrong encrypting their devices. The FBI are not above the law themselves, they are not entitled to anything and everything they want, ask for or demand, there are limits on their investigative authority. Refusing a,"request" does not place you above the law.

As it stands Apple is appealing a court order, which they are perfectly entitled to do according to the terms of the court order itself. If Apple wins this appeal they will not be placing themselves above the law they will be following it, as they are now. It remains to be seen what Tim Cook will do if Apple looses but due to the high stakes of this case it may be several years before we find that out. This is a very unusual use of the all writs act and the case may well end up at theSupreme Court.

 

[tom vilsack]

Mr Director: How about doing your job and bringing charges against a women who should be in jail,rather then running for President! The whole phone thing is a heck of a lot less important then having a criminal as our President!!!

 

[rdlink]

Comey is not fit for his job.

That's been obvious for several years. Our "Constitutional law professor" of a President should have demanded his resignation the day he started spouting off about the iPhone being too secure back in 2014.

He seems to have forgotten, as have the US government under Obama, that the US is not a totalitarian state. If the government try to force through their demands on Apple, they should be overthrown by any means. The US government has betrayed the Constitution and has shown that it is not fit for office. Revolution may be needed to rid the States of this cancer.

Pretty sure Thomas Jefferson was right on this one.

 

[Michaelgtrusa]

Keep the Government small and never trust it.

 

[maxsix]

Keep the Government small and never trust it.

I most certainly agree.

Problem is the Progressive Lefties...

Like:
The Clinton Machine and Shillary
Hussein and his Crew of Thugs
The left wing B.O. Directed "News Organizations"

 

[tgara]

"It is about the victims and justice."

If I hear this line of reasoning again, I'm going to @#$%& scream.

I don't doubt that Comey has the victims in mind when he makes this case, but the bottom line is that you CANNOT trample basic rights and privacy to achieve that end.

Keep in mind, before going to the FBI, Comey was a senior DOJ official in the Bush administration best known for refusing to approve bulk surveillance programs favored by the administration until changes were made. While the disagreement played out in secret at the time, it was eventually revealed that he and others had threatened to resign over the issue. So yes, I think he's very concerned about citizen privacy and will defend it, while at the same time using legal means to access the phones of these terrorists. To be honest, I wish more government officials were like Mr. Comey.

 

[PinkyMacGodess]

Want to know what the FBI wants?

1. iOS can be set to erase its keys after 10 incorrect passcode guesses. The FBI wants software with this feature disabled.
2. iOS imposes increasingly long delays after consecutive incorrect passcode guesses to slow down guessing (this is commonly called rate limiting). The FBI wants software that accepts an arbitrary number of guesses with no delays.
3. iOS requires individual passcodes be typed in by hand. The FBI wants a means to electronically enter passcodes, allowing it to automatically try every possible code quickly.

Someone could hack your iPhone in minutes. The only thing that might stop them is to use a 'complex passcode', but then you have to stand there and enter it. At that point TouchID would be a blessing, but they can just put your finger on the sensor and waltz right in...

It's positively shivering, how they want to make the iPhone a joke.

It does make me wonder what Android does to allow the FBI access to their users information.

 

[td1439]

I most certainly agree.

Problem is the Progressive Lefties...

Like:
The Clinton Machine and Shillary
Hussein and his Crew of Thugs
The left wing B.O. Directed "News Organizations"

What is the point of making this about Team Red vs Team Blue? Both parties have shown tendencies to intrusive, big government; certainly there are plenty of neocons who could care less about citizens' privacy in the GOP establishment.