Sewell testified under oath that the FBI wanted this new tool on a hard drive.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Justice Department Officially Drops Lawsuit Against Apple in Ongoing iPhone Unlocking Dispute [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Sewell testified under oath that the FBI wanted this new tool on a hard drive.
Everyone who has a clue knows exactly how this was done. It's a decades old technique (that gets modernized as architectures shrink) called de-capping. It's been used by every intelligence agency who needs to see what a chip does or what it contains for decades.
http://hackaday.com/2012/08/13/taking-a-look-at-decapped-ics/
Defcon 21 - Decapping Chips The Strike Easy ... - YouTube
[doublepost=1459272234][/doublepost]
There is no middle ground on encryption. There simply isn't and there will never be a technical ability to create an opening that can't be exploited. This is the security arms race that has been around since day one of encryption. Simply stating there should be (as the FBI and the no-nothing President have been doing) doesn't change reality.
Yes, it is frustrating. That's exactly why the tech companies have to be involved. Most of the legislators are lawyers, so they think about these issues in terms of legal requirements (4th amendment protections, reasonable searches, etc.)
In the hearing a couple week back, Darrell Issa, who has a good background in the security business, really grilled Director Comey regarding how the FBI was doing it's analysis of the phone and what other methods they were trying. Issa is the kind of guy you want on this issue because he sees it from both sides.
Your view is part of the problem why this issue is so divisive. You want to be on one extreme end, but I don't see that as reasonable or possible. The FBI will be back, as Arnold has said:
I found this article enlightening.
https://www.lawfareblog.com/apple-v-fbi-shows-lawyers-and-tech-speak-different-language-privacy
It doesn't matter what you view as possible. Computer Science says it's not possible. Logic (by which I mean computer logic) says it's not possible. It's not ****ing possible to put an access vector into software that can't be exploited by anyone else who discovers it.
Lawyers views don't change anything about how computer code works. The FBI's view doesn't change anything about how computer code works. Your views don't change anything about how computer code works. Your problem is you refusing to acknowledge that any method put in place to access a phone that is encrypted can and will be exploited by bad actors.
Viewing this as a side vs side issue is again just simply ignoring to accept reality. Now you can be of the mind that we should take the risk and put the "door" in, but that doesn't change the technical reality that that "door" can and WILL be exploited.
Except in the case of internal dissident like the Huygur and Falun Gong where they do need to monitor according to the CCP modus operandi. There is no right to privacy whatsoever in China and I wouldn't be surprised that Apple is complicit in making sure the CCP has access. If they don't they'll lose that lucrative market and China doesn't give a damn about bad publicity concerning human right.
Wow! You read an article about this case!? Bravo! Kudos to you!!!
IIRC, the govt said they were able to access SOME information. Regardless, Apple wasn't attempting the FBI from accessing the phone, in fact they have assisted the FBI on several occasions and were helping the FBI on this case specifically for several months. Their stance was threat they not be compelled to create a version of iOS that would break their encryption (simplified for brevity).
Here's the thing...yes...all Apple would need to do is create a process by which they could bypass security and allow the FBI access to the phone. Two things about that...it's a process that could be replicated 1000's of times. So not literal 'master key', but for all intents and purposes, it's figuratively a 'master key (process)'. You see, if apple can do it for one phone...then the process will work form all iPhones (with the same HW/W combo in this case; later phones have much stronger HW/SW encryption).
I think Apple took the right tone. The FBI took it to the streets and went on the attack after Apple spent months trying to assist. It was only after Apple refused their request that they began to make a big issue of it. This is similar to the Clipper chip issue in the 80's. Apple did the right thing by coming out strong against the FBI's statements. In the end it was the right thing to do because the FBI backed down.
IIRC, the govt said they were able to access SOME information. Regardless, Apple wasn't attempting the FBI from accessing the phone, in fact they have assisted the FBI on several occasions and were helping the FBI on this case specifically for several months. Their stance was threat they not be compelled to create a version of iOS that would break their encryption (simplified for brevity).
Here's the thing...yes...all Apple would need to do is create a process by which they could bypass security and allow the FBI access to the phone. Two things about that...it's a process that could be replicated 1000's of times. So not literal 'master key', but for all intents and purposes, it's figuratively a 'master key (process)'. You see, if apple can do it for one phone...then the process will work form all iPhones (with the same HW/W combo in this case; later phones have much stronger HW/SW encryption).
I think Apple took the right tone. The FBI took it to the streets and went on the attack after Apple spent months trying to assist. It was only after Apple refused their request that they began to make a big issue of it. This is similar to the Clipper chip issue in the 80's. Apple did the right thing by coming out strong against the FBI's statements. In the end it was the right thing to do because the FBI backed down.
10-20?
Maybe 10-20 thousand....
Just two agency's here in Los Angeles have in excess of 400 of them. Start adding every other LEO agency (State + Federal) and you will have thousands.
Last edited:
Okay... explain to me how the FBI won.... Methinks thou are missing a few lines / scenes of this play.
Yes, understand that part. However when things like this happen, it tends to turn to pandemonium quite fast, and if many are armed and start firing it gets messy. You cant tell the good guys from the bad, and you are likely to have lots of friendly fire issues.
I'm not a gun person. I think the stats for home gun ownership are fairly clear, as its many times more likely to be used against a family member than an intruder.
I have no problem with those that want to own firearms. Its their choice. As long as they keep them secure, more power to them. However at least every month I read about some kid who shoots his brother when he finds a unsecured gun, or the kid in Walmart who shot his mom from the gun in her purse.
Here's speculation that the FBI found a zero-day exploit. The article isn't clear as to whether this possible exploit is particular to the iPhone 5c or whether it could be achieved on any iPhone:
http://www.eweek.com/security/fbi-exploits-zero-day-on-ios-to-hack-terrorists-iphone.html
http://www.eweek.com/security/fbi-exploits-zero-day-on-ios-to-hack-terrorists-iphone.html
Thanks for the info on the Clipper chip, I had forgotten the name of that scandal and couldn't find anything when looking for it. Unfortunately the NSA has gotten far more nefarious these days. They intercept shipments to install hardware backdoors, but I'm afraid they've gone much further than that. They are involved in the actual development of many upcoming encryption standards (meaning they design a vulnerability right in), and beyond that no one is stopping them from infiltrating the Intel's and ARM's of the world to just etch the damn circuitry right in where no one will see it unless they've personally traced all billion transistors on a given chip design.
The surveillance apparatus that the USA operates is beyond anything anyone could have fathomed during the Cold War.
[doublepost=1459274319][/doublepost]
I wonder if they simply shopped around for it, or if they went the de-capping route.
It's only divisive to someone that's viewing this from an emotional or visceral standpoint. The unequivocal fact, which cannot be argued logically, is that you either have encryption or you do not. Encryption that is weakened to become ineffective at obfuscating apprehension by anyone other than the author and the intended recipients, irrespective of who said party is or their reason, ceases by definition to be functional encryption.
Even if one assumes the general benignity, beneficence and justness of a government is absolute, or even reasonably probable, one must also assume that said government alone will possess the means; financial, technological and intellectual; to circumvent the weakened encryption and that more malevolent parties will possess neither the means nor the desire to do so as well. With encryption guarding financial transactions and lucrative secrets, only an utter idiot would assume this to be the case.
Will strong, even realistically unbreakable, encryption protect unknown predators, criminals, terrorists, etc? Yes, absolutely. I, and I must presume many other advocates of privacy and digital security, do not care. We come to the entirely logical and reasonable understanding that for every one of those deplorable people the technology protects, there are hundreds of thousands of decent people that are protected by the same technology. I do not accept that sacrificing the good of those hundreds of thousands is a reasonable price for one person, or fourteen, or twenty-two or however many.
Love how you always reframe something to try to be right...
A backdoor is not "a way to instantly bypass normal authentication". You were almost right. Of the varying definitions, the one from Wikipedia is the most succinct: "A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc. "
So a backdoor is a process (a synonym for method) for access. That process can be easy and instantaneous (as you implied) or it can be more involved...such as the backdoor the FBI was requesting. But that's semantics really.
While involved, the FBI was trying to force Apple to perform this process (create/access this backdoor) on this phone as a proof of concept...a precedent. If they can force Apple to do this for them this once...they can force Apple to do it again and again regardless of the HW/SW encryption changes on later iPhones.
As you mentioned, malicious actors still need the Apple signed certs to access the device. But why should apple be compelled to create it in the first place? Would it be accessible because of the signature? Probably not. But tech and security don't stand still. IF it were to get out (and it's a big if) it wouldn't be useful as you said. But why open yourself up to yet another possible avenue of approach? It's only a matter of time before someone figures out how to crack that.
I'll go back to this: Apple should be not be legally compelled to write code for the govt to sidestep it's own security.
A backdoor is not "a way to instantly bypass normal authentication". You were almost right. Of the varying definitions, the one from Wikipedia is the most succinct: "A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc. "
So a backdoor is a process (a synonym for method) for access. That process can be easy and instantaneous (as you implied) or it can be more involved...such as the backdoor the FBI was requesting. But that's semantics really.
While involved, the FBI was trying to force Apple to perform this process (create/access this backdoor) on this phone as a proof of concept...a precedent. If they can force Apple to do this for them this once...they can force Apple to do it again and again regardless of the HW/SW encryption changes on later iPhones.
As you mentioned, malicious actors still need the Apple signed certs to access the device. But why should apple be compelled to create it in the first place? Would it be accessible because of the signature? Probably not. But tech and security don't stand still. IF it were to get out (and it's a big if) it wouldn't be useful as you said. But why open yourself up to yet another possible avenue of approach? It's only a matter of time before someone figures out how to crack that.
I'll go back to this: Apple should be not be legally compelled to write code for the govt to sidestep it's own security.
Strong encryption for our personal data IS the middle ground between having no digital footprint at all and having every aspect of our digital lives subject to scrutiny.
Much of what we do online leaves a trail that law enforcement officials (or bad actors) can follow. We have far less privacy in our lives than our grandparents had. Where I am sitting right now eating lunch, I can see four video cameras watching me. But there are places I can go where there are no cameras, like my bedroom. You are saying there must be a middle ground between not having cameras in my bedroom, and having them.
So, in a nutshell, your position is: I would rather have people die than sacrifice my security and privacy.
Sorry, but that's an untenable position, and, I might add, a morally derelict one.
[doublepost=1459276713][/doublepost]
I understand all this, believe me I do. But as I said, it works both ways for the good guys and the bad guys. Let me ask you this: How would law enforcement do its job with encryption and security at the levels you propose? Is there a way?
I'm all for privacy and security, but since it can also be used against us, there needs to be a way for law enforcement to do its job and not be frustrated by super high level encryption. My position is that with the right mix of legal protections and technology, a reasonable balance can be achieved. Maybe not perfect on either side, but a reasonable, workable balance.
Last edited:
You may want to explain that one to our first US Postmaster General and author of the US Declaration of Independence. He had the same position that you criticize as 'derelict and untenable'.
BL.
meh. one could view it that way if one really wanted to. i was more inferring their design/aesthetics speaks to their core principles, behaviors, ethos.. i get it that some people want to gloat about apple being 'inhibitors of justice' and all that, but i fail to see cause for celebration - other than to 'celebrate' the fact they'll certainly be upping their game from here on out.
Actually they will.
By law, the FBI must inform security system manufacturers of discovered/known weaknesses.
On the other hand, it might be better from a PR POV if Apple leaves the Icloud hole open so that they can continue to claim they are being helpful to the court. If both the iPhone and icloud data cannot be provided, the court/government will continue to claim that Apple is blocking their investigations.