Apple Refuses Court Order Over Phone Encryption

[unchanged_lineup]

http://m.rte.ie/news/2016/0217/768635-apple-fbi-san-bernardino/

This fascinates me and I'm sure there's more at stake than meets the eye. I'm also very interested how the public are going to perceive it.

I'm guessing the issue for Apple is a concern that whatever mod they do could be leaked (which means not trusting the FBI's water-tightness) or that the mod could be reverse engineered and applied to other phones (which the FBI would probably love to have). There are probably lots more things going on behind the scenes too beyond public statements.

Apple has opposed a court ruling that ordered it to help the FBI break into an iPhone recovered from a San Bernardino shooter, heightening a dispute between tech companies and law enforcement over the limits of encryption.

Apple CEO Tim Cook said the court's demand threatened the security of Apple's customers and had "implications far beyond the legal case at hand."

Yesterday Judge Sheri Pym of US District Court in Los Angeles said that Apple must provide "reasonable technical assistance" to investigators seeking to unlock the data on an iPhone 5C that had been owned by Syed Rizwan Farook.

That assistance includes disabling the phone's auto-erase function, which activates after 10 consecutive unsuccessful passcode attempts, and helping investigators to submit passcode guesses electronically.

 

[Krovv]

EFF has come out in support of Apple: https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle

EFF to Support Apple in Encryption Battle

We learned on Tuesday evening that a U.S. federal magistrate judge ordered Apple to backdoor an iPhone that was used by one of the perpetrators of the San Bernardino shootings in December. Apple is fighting the order which would compromise the security of all its users around the world.

We are supporting Apple here because the government is doing more than simply asking for Apple’s assistance. For the first time, the government is requesting Apple write brand new code that eliminates key features of iPhone security—security features that protect us all. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we're certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security.

The U.S. government wants us to trust that it won't misuse this power. But we can all imagine the myriad ways this new authority could be abused. Even if you trust the U.S. government, once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens as well.

EFF applauds Apple for standing up for real security and the rights of its customers. We have been fighting to protect encryption, and stop backdoors, for over 20 years. That's why EFF plans to file an amicus brief in support of Apple's position.

 

[Raoul]

Future global jihadis rejoice....

 

[villain]

Used to work at Apple - from my time there, and what I've been told they make the phones and the operating system so that it cannot be accessed - effectively there's nothing they can do, because they don't even have the data. Its one of their big priorities that customer's privacy is protected at all costs.

http://www.apple.com/customer-letter/

Thats what Tim Cook as said in regards to the situation, particularly this

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Their reasoning is that once you create a system that can unlock a phone with an unlimited amount of attempts (which is what the FBI want) then that system can be used on any device thereafter, and creates a lot of privacy concerns, particularly if that key was in the hands of the wrong individual. Plus it sets a dangerous precedent for the future.

 

[unchanged_lineup]

Is that actually possible to make it that way though, or a bluff?

 

[Raoul]

Used to work at Apple - from my time there, and what I've been told they make the phones and the operating system so that it cannot be accessed - effectively there's nothing they can do, because they don't even have the data. Its one of their big priorities that customer's privacy is protected at all costs.

http://www.apple.com/customer-letter/

Thats what Tim Cook as said in regards to the situation, particularly this



Their reasoning is that once you create a system that can unlock a phone with an unlimited amount of attempts (which is what the FBI want) then that system can be used on any device thereafter, and creates a lot of privacy concerns, particularly if that key was in the hands of the wrong individual. Plus it sets a dangerous precedent for the future.

My understanding is the Feds want to work with Apple and other private companies to have a back door into the software that can be authorized on an as needed basis by the company in special circumstances when (for example) a terrorist act is being/has been plotted.

 

[FCBarca]

Future global jihadis rejoice....

...along with all present, past & future innocent people

A reminder that the most aggressive perpetrator of cyber-warfare is the country that most loudly warns against it

 

[Krovv]

My understanding is the Feds want to work with Apple and other private companies to have a back door into the software that can be authorized on an as needed basis by the company in special circumstances when (for example) a terrorist act is being/has been plotted.

My understanding is that such a system can and will be abused, as the NSA did for years. These people are whining now because software companies have fixed most of the loopholes that let them access people's personal data. If you create a backdoor, it will be misused. And you can't just create a backdoor and expect that only the Feds will use it. If it exists the loophole will be found by other security experts, hackers, etc, and that opens another can of worms altogether.

 

[FC Ronaldo]

There's a wider point to all this with the increased pressure from EU data privacy laws and arguments as well as an undercurrent that feels like a political power play too.

This, being so public, is the last thing Apple shareholders will want to be hearing. Any public objection to a national security case, for whatever reason - morally and ethically correct or not, will lead to some degree of reputation tarnishing before rebuilding.

As Apple's shares are traditionally at their weakest around this point in the annual iPhone product lifecycle (peak drop off 6 months post-release before climbing ahead of pre release of the next unit), they're at their most vulnerable to further declines and market movements.

As Alphabet's (Google's new company) stock has surged, one wonders if they will remain quiet or join Apple in the defence of such a movement. Previously most of the major tech company players united in defence of data protection laws vs EU and UK challenges.

Pressure is on Apple now and just in time for a heavily rumoured product launch next month which will no doubt feature a public event and press interviews asking questions beyond their products should this case continue.

Will be very interesting to observe how this plays out in the first instance, then with what aides and movements of other tech companies in the second instance.

 

[villain]

My understanding is the Feds want to work with Apple and other private companies to have a back door into the software that can be authorized on an as needed basis by the company in special circumstances when (for example) a terrorist act is being/has been plotted.

That is what the want.

The problem is a few things:

1 - even if you do produce a backdoor in extreme circumstances; a six-digit numeric code can be cracked in about 1 day, but a complex alpha-numeric password could take over 10 years due to all the possible combination of numbers and letters.
2 - each individual phone has its own hardware key that's created as part of the chip, Apple doesn't store records of this and in order to extract the data off the chip, you'd have to melt the plastic off it and use lasers to hopefully (because theres no guarantee in each case) recover bits of it.
3 - there's no guarantee that having the data would have prevented San Bernardino and similar attacks happening, and there's no guarantee it will prevent future attacks from happening either.
4 - there's no guarantee that it can be just used on a case-by-case basis, and if put in the wrong hands the technique could be used to unlock hundreds of millions of data, bank information, classified reports etc. and there's no guarantee it can be traced after the fact because the whole purpose is to be able to extract the data and not have it traced back.

The FBI are relying on a law that was written in the 1700's for their case, and Apple have given them all the information that they are able to extract legally.

Personally I wouldn't want such a tool to exist.

 

[Raoul]

My understanding is that such a system can and will be abused, as the NSA did for years. These people are whining now because software companies have fixed most of the loopholes that let them access people's personal data. If you create a backdoor, it will be misused. And you can't just create a backdoor and expect that only the Feds will use it. If it exists the loophole will be found by other security experts, hackers, etc, and that opens another can of worms altogether.

There can be safeguards instilled to prevent the abuse though - having a company representative embedded with the government to ensure compliance etc.

 

[Raoul]

...along with all present, past & future innocent people

A reminder that the most aggressive perpetrator of cyber-warfare is the country that most loudly warns against it

Innocent people would also die in terror attacks (as opposed to fear the inconvenience of being hacked by the government).

 

[unchanged_lineup]

There can be safeguards instilled to prevent the abuse though - having a company representative embedded with the government to ensure compliance etc.

That's putting a lot of responsibility on one person and relying on them to never be coerced. Sounds very very risky to me.

 

[FCBarca]

Innocent people would also die in terror attacks (as opposed to fear the inconvenience of being hacked by the government).

A lot more innocent people die everyday at the hands of government, particularly the one pushing for unparalleled access to all aspects of our lives.

 

[Raoul]

A lot more innocent people die everyday at the hands of government, particularly the one pushing for unparalleled access to all aspects of our lives.

I just don't see that, or even whether that is relevant to this discussion. We simply have to grapple with the fact that modern terrorists are routinely using apps to organize their terror plots, and we will not be able to mitigate them without a reliable back door into their communications.

 

[Krovv]

There can be safeguards instilled to prevent the abuse though - having a company representative embedded with the government to ensure compliance etc.

I see where you're coming from, but sadly that's impossible. I live in a place that's suffered due to countless acts of terrorism and yet I cannot justify it. The system you are suggesting is also a privacy nightmare.

 

[Pexbo]

I'm not sure I agree with total privacy and I don't think it is up to Apple as a company to decide that their customers should have this privilege.

For god knows how many years, a search warrant has given law enforcement agencies the right to access private property in search of evidence.

With encryption technology, a new way of securing incriminating evidence has been created. No amount of knocking or thermite is going to break into this safe and I think that's pretty dangerous for a society.

 

[FCBarca]

I just don't see that, or even whether that is relevant to this discussion. We simply have to grapple with the fact that modern terrorists are routinely using apps to organize their terror plots, and we will not be able to mitigate them without a reliable back door into their communications.

Not sure how you could credibly remove what is absolutely relevant to the discussion.

There's a simpler way to mitigate terror that wouldn't involve digging into the personal lives of innocent people - stop encouraging, participating & perpetuating in terror

 

[Raoul]

Not sure how you could credibly remove what is absolutely relevant to the discussion.

There's a simpler way to mitigate terror that wouldn't involve digging into the personal lives of innocent people - stop encouraging, participating & perpetuating in terror

That's not a simpler way but infinitely more complicated given the way global politics work. Surely the government and private industry can reach a compromise that protects privacy and the general public from violent messianic fanatics who seek to kill as many civilians as possible.

 

[PedroMendez]

yes, but there can´t be a compromise about back-doors, that only one government uses. That is technically simply not possible.

 

[Pexbo]

I wonder why they can't duplicate the phone's hard drive 100 times onto 100 phones.

 

[Krovv]

I wonder why they can't duplicate the phone's hard drive 100 times onto 100 phones.

The data on iPhones and most new Android phones is encrypted. If someone can't unlock the phone then even if they manage to copy the data, it's basically useless as they can't access any of it. That is why security agencies are crying foul.

 

[Pexbo]

The data on iPhones and most new Android phones is encrypted. If someone can't unlock the phone then even if they manage to copy the data, it's basically useless as they can't access any of it. That is why security agencies are crying foul.

Yeah I realise it is encrypted. But it's only the data that is virtually encrypted by the pass code. I don't see why the hard drive can't be physically removed and physically duplicated - encryption and all. Then each duplication should give 10 attempts at the pass code.

 

[Green_Red]

I find it hard to believe and a bit disheartening that a police department supposedly as resourceful as the FBI doesnt have the means or know how to hack an iphone. Surely it cant be that hard.

 

[rcoobc]

I find it hard to believe and a bit disheartening that a police department supposedly as resourceful as the FBI doesnt have the means or know how to hack an iphone. Surely it cant be that hard.

Plus I thought that the 256 key encryption was the limit because beyond that thr CIA couldnt break the encryption.

Apple have beefed up their security to win government contracts.

Some sources which I haven't checked are on topic (1) (2) (3)

So if Apple are trying to stop countries like Russia, China, etc from cracking their phones, you can see why the FBI are struggling.

 

[adexkola]

I just don't see that, or even whether that is relevant to this discussion. We simply have to grapple with the fact that modern terrorists are routinely using apps to organize their terror plots, and we will not be able to mitigate them without a reliable back door into their communications.

A reliable back door will be exploited by any cnut with an internet connection and Tor access, weeks after a product with this is released to the public.

 

[FCBarca]

That's not a simpler way but infinitely more complicated given the way global politics work. Surely the government and private industry can reach a compromise that protects privacy and the general public from violent messianic fanatics who seek to kill as many civilians as possible.

So because it's easier to have a surveillance state, terrorism stemming from geopolitics rather than religion should simply continue unabated because the innocent victims abroad are inconsequential in this discussion? You might want to bear in mind the actual number of innocent people victimized by domestic terrorism in the US is dwarfed by those via geopolitical terrorism that invariably leads to the former.

And the last thing any individual should hope for is the US government & private industry reaching a compromise over anything, particularly individual rights

 

[adexkola]

@Revan, how far away are we from solving P = NP?

 

[Raoul]

I find it hard to believe and a bit disheartening that a police department supposedly as resourceful as the FBI doesnt have the means or know how to hack an iphone. Surely it cant be that hard.

Plus I thought that the 256 key encryption was the limit because beyond that thr CIA couldnt break the encryption.

For all we know they may have complete access and are whipping up this public debate as a ruse to ensure jihadis continue to use their chat apps.

So because it's easier to have a surveillance state, terrorism stemming from geopolitics rather than religion should simply continue unabated because the innocent victims abroad are inconsequential in this discussion? You might want to bear in mind the actual number of innocent people victimized by domestic terrorism in the US is dwarfed by those via geopolitical terrorism that invariably leads to the former.

And the last thing any individual should hope for is the US government & private industry reaching a compromise over anything, particularly individual rights

I'm saying its unrealistic to change the power structure of global society where states seek to maximize their advantage over one another . It is however realistic for a democratic state to work with private industry to reach a compromise between privacy and terrorism. Both sides can be assuaged imo.

 

[villain]

For all we know they may have complete access and are whipping up this public debate as a ruse to ensure jihadis continue to use their chat apps.



I'm saying its unrealistic to change the power structure of global society where states seek to maximize their advantage over one another . It is however realistic for a democratic state to work with private industry to reach a compromise between privacy and terrorism. Both sides can be assuaged imo.

What right does the US Government have, for a tool which can access potentially any iphone in the world?
Why don't Russia, North Korea, Iraq etc get the same privileges?

You only open yourself up to a dangerous precedent if something like this is created.

 

[Raoul]

What right does the US Government have, for a tool which can access potentially any iphone in the world?
Why don't Russia, North Korea, Iraq etc get the same privileges?

You only open yourself up to a dangerous precedent if something like this is created.

No those states wouldn't as Apple is an American company. The discussion is narrowly about whether a democratic state has the right to collaborate with its own private industry (which by the way used the country's business infrastructure to grow and nurture its own business for decades) in order to mitigate terrorist attacks on its own citizens. Privacy and Security can both be improved and safeguarded if both sides are willing to reach the appropriate compromise.

 

[Will Absolute]

I'm not sure I agree with total privacy and I don't think it is up to Apple as a company to decide that their customers should have this privilege.

For god knows how many years, a search warrant has given law enforcement agencies the right to access private property in search of evidence.

With encryption technology, a new way of securing incriminating evidence has been created. No amount of knocking or thermite is going to break into this safe and I think that's pretty dangerous for a society.

Thankfully, no Government has ever had complete information about its citizens. Large areas of people's lives, legitimate or otherwise, have always been immune to prying by the authorities - face to face conversations conducted in private, for instance. Governments have, in the past, found ways to fulfill their public safety obligations despite this handicap, and the Western world survives intact.

I don't think the threat posed by modern 'terrorism' is so great that Western Governments will be overwhelmed, and unable to keep us safe, without being granted this additional recourse to violate our privacy.

 

[villain]

No those states wouldn't as Apple is an American company. The discussion is narrowly about whether a democratic state has the right to collaborate with its own private industry (which by the way used the country to grow and nurture its own business for decades) in order to mitigate terrorist attacks on its own citizens. Privacy and Security can both be improved and safeguarded if both sides are willing to reach the appropriate compromise.

Apple is an American company but the tool would be used to access data about American & non-American citizens, so it concerns the safety and privacy of anyone.
And if the FBI were to use this, and foresaw a terrorist attack happening on say.... Russia by American citizens, would they inform Russia of said attack? Are Russia not allowed to access this information also?

And like @adexkola if this tool was to be made, every single hacker would work 24/7 to receive it, because as I pointed out in my earlier post, being able to access and unlock any phone at any time anonymously poses great threat to peoples private data, such as bank details. So imagine all the people looking to hack the bank accounts of the 1%, or politicians and government officials etc.
It would be a mess.

 

[Striker10]

Apple are correct and maybe people should be asking how these terrorists are getting weapons etc......Terrorists should be behind bars. Period. Taking away peoples freedoms is the stupidest thing I've ever heard. The fact is, we're in this position because of idiots, who incite violence. They do it on purpose or they are the kids at school who never grew up. Either way, people need to focus on the right areas. I don't like apple personally and it might be a false stance. Who knows right? Shit get's hacked all the time..do the FBI really need apple? So what is the motive for this story to get out? Again though, is the world safer now then it was 20 years ago? No. So is the answer taking away more freedom? No, they've been doing that for ages and it's not worked. So people need to get real and ask the proper questions.

Privacy is a right of everyone. Never forget that. Maybe though, some people want to live in a world where you can't take a shit without being on camera? Some people might get turned on by that...

 

[Krovv]

Yeah I realise it is encrypted. But it's only the data that is virtually encrypted by the pass code. I don't see why the hard drive can't be physically removed and physically duplicated - encryption and all. Then each duplication should give 10 attempts at the pass code.

All iPhones since 3GS have had hardware encryption built in. It's not just a virtual encryption by passcode. They mention it here: https://support.apple.com/en-us/HT202064

 

[Fearless]

I don't like apple personally and it might be a false stance. Who knows right? Shit get's hacked all the time..do the FBI really need apple? So what is the motive for this story to get out? Again though, is the world safer now then it was 20 years ago? No. So is the answer taking away more freedom? N..

Exactly what 'freedoms' have been taken away from you personally??

 

[Edgar Allan Pillow]

I'm not sure I agree with total privacy and I don't think it is up to Apple as a company to decide that their customers should have this privilege.

For god knows how many years, a search warrant has given law enforcement agencies the right to access private property in search of evidence.

With encryption technology, a new way of securing incriminating evidence has been created. No amount of knocking or thermite is going to break into this safe and I think that's pretty dangerous for a society.

Well said. Agree totally.

If they are really concerned about misuse, they can keep the knowledge to themselves. Whenever any law enforcement agency produces a court order requesting it they can decrypt and provide the output only back. That way they have direct control over the tool.

 

[barros]

My understanding is the Feds want to work with Apple and other private companies to have a back door into the software that can be authorized on an as needed basis by the company in special circumstances when (for example) a terrorist act is being/has been plotted.

Maybe if NSA wasn't tapping the wrong people they would catch the terrorists before they kill people.

 

[barros]

No those states wouldn't as Apple is an American company. The discussion is narrowly about whether a democratic state has the right to collaborate with its own private industry (which by the way used the country's business infrastructure to grow and nurture its own business for decades) in order to mitigate terrorist attacks on its own citizens. Privacy and Security can both be improved and safeguarded if both sides are willing to reach the appropriate compromise.

Then American people would stop buying iPhones and they would buy Samsung for example since is not american.

 

[barros]

Apple are correct and maybe people should be asking how these terrorists are getting weapons etc......Terrorists should be behind bars. Period. Taking away peoples freedoms is the stupidest thing I've ever heard. The fact is, we're in this position because of idiots, who incite violence. They do it on purpose or they are the kids at school who never grew up. Either way, people need to focus on the right areas. I don't like apple personally and it might be a false stance. Who knows right? Shit get's hacked all the time..do the FBI really need apple? So what is the motive for this story to get out? Again though, is the world safer now then it was 20 years ago? No. So is the answer taking away more freedom? No, they've been doing that for ages and it's not worked. So people need to get real and ask the proper questions.

Privacy is a right of everyone. Never forget that. Maybe though, some people want to live in a world where you can't take a shit without being on camera? Some people might get turned on by that...

Reminds me an episode of south park