Cluelessness Regarding What’s At Stake In The Apple Versus FBI Fight
BY Herschel Smith
8 years, 9 months ago
I guess this isn’t that surprising, but as the big legal fight heated up this week between Apple and the Justice Department over whether or not Apple can be forced to create a backdoor to let the FBI access the contents of Syed Farook’s iPhone, all of the major Presidential candidates have weighed in… and they’re all wrong. Donald Trump is getting the most attention. Starting earlier this week he kept saying that Apple should just do what the FBI wants, and then he kicked it up a notch this afternoon saying that everyone should boycott Apple until it gives in to the FBI. Apparently, Trump doesn’t even have the first clue about the actual issue at stake, in terms of what a court can compel a company to do, and what it means for our overall security.
This isn’t another Trump-bashing post. I’ve had my share, and it’s so easy. But in this case, every other presidential candidate – every other presidential candidate – is close to being as bad on the issue, and lacks even a basic clue as to what’s at stake.
There is also misunderstanding within the field who purports to comprehend the technology of the issue. This post at Zero Hedge is an example.
On the surface, this appears like valiant attempt by the CEO of the world’s most valuable company to stand up against the Big Brother state made so famous in the aftermath of the Edward Snowden revelations.
However, a quick peek beneath the surface reveals something far less noble and makes Tim Cook seem like you average, if very cunning, smartphone salesman.
According to the The Daily Beast’s Shane Harris, in a similar case in New York last year, Apple acknowledged that it could extract such data if it wanted to. But the real shocker is that according to prosecutors in that case, Apple has unlocked phones for authorities at least 70 times since 2008. (Apple doesn’t dispute this figure.)
As Harris observantly adds, “in other words, Apple’s stance in the San Bernardino case may not be quite the principled defense that Cook claims it is.”
To this, my oldest son Josh sends the following.
He doesn’t understand the subject matter. He’s in over his head and backing in to a predisposition.
Apple was unlocking phones years ago, when security feature such as system-wide encryption hadn’t been implemented. It was a different kind of “unlocking.” This isn’t a fight over keys to a single device. This is a fight over encryption, which the government doesn’t want any of us to have, because the government is run by political science and history majors.
Of note is the fact that any device from the 4th generation forward (beginning with 5s) is impossible – IMPOSSIBLE – to decrypt without the actual key, because Apple has moved encryption duties to a separate System On A Chip (SoC) that runs its own OS, is married to the device by UUID, and totally inaccessible.
The phone the FBI is freaking out over is a 5c, not a 5s.
The FBI doesn’t need the phone. They have what they need already. This is about encryption. The government needs an event they can point to and blame for encryption, and they’ve chosen this one.
This is the politics of control and power. To categorize it as a publicity stunt is disingenuous to the point of being dangerous.
Note that we’ve discussed here and here the weaknesses in random number generators and the ability to hone in on keys, but Apple has a feature that cuts the entire system off and erases data if this approach is tried beyond just a few random numbers.
Concerning this report, Josh also send the following.
The phone was in the possession of the San Bernardino County Department of Public Health in the hours after the attack. An idiot IT worker with the department performed a remote reset of the iCloud account attached to the device.
This disabled an assortment of services and functions on the phone, including automatic backups to iCloud, which the FBI seems to think would have been helpful, even though they’re also encrypted.
They’re fixating.
Bottom line. The fedgov has not asked for Apple to break into this phone. They have asked Apple to develop an approach that allows them to completely bypass all security, thus making them malleable to a FISA court ruling for any or all phones in the future.
All of your worst suspicions are true. This is the government at its most totalitarian.
|
|
On February 23, 2016 at 12:06 am, gamegetter II said:
John McAfee- the guy who started the McAfee anti-virus software made an offer to the FBI to hack the phone free of charge,wrote an op-ed about how if the FBI gets the encryption “backdoor” there will be no more privacy,etc,etc.
Maybe the San Bernadino county idiot IT worker knew exactly what he or she was doing because they were aware of who the shooters were.
The FBI wasn’t even looking for others who were possibly involved until recently.
If the phone’s not a 5s and is a 5c,and there’s no threat to encryption-then who’s not giving up the whole story besides the FBI?
On February 23, 2016 at 1:06 pm, Josh said:
Both the 5c and 5s (and beyond) are encrypted, but every phone after the 5c has encryption duties offloaded to a separate SoC. This illuminates the point: most existing phones and all future iPhones are impossible (or impractical enough as to be impossible) to decrypt. The government does not like this, and they want to compel an Americam company to create something that does not exist.
Now take Google, who just re-launched Jibe, an implementation of the RCS messaging protocol. RCS was developed to standards defined by a constortium of telecom providers. RCS does NOT provide end-to-end encryption, and never will.
Shocking, I know…
On February 23, 2016 at 8:20 am, Publicola said:
I’m surprised no one has mentioned the 13th amendment angle.
The .gov is basically demanding a private company to perform a service for it against that company’s will. Since this is not the result of a criminal conviction, or even an award in a civil suit, this smacks of involuntary servitude.
Course judges have been deferential to government in similar matters (jury duty, the draft, filling out paperwork, etc) but I think a very strong 13th amendment argument could be made. Or perhaps should be made.
I have heard several news reports trying to make a big deal out of Apple having unlocked phones before, without mentioning that the previous unlocking involved earlier phones with different security systems. I’d almost think it was misinformation of a conspiratorial nature, except I know how earnestly ignorant most reporters are about devices as mechanically simple as firearms.
On February 23, 2016 at 10:28 am, Blake said:
The 13th amendment went out the window when health care and marriage became a “right.”
On February 25, 2016 at 7:42 pm, Ned Weatherby said:
Exactly. One is supposed to obtain a “license” from the government (permission) to get married. This is one of the repugnant parts of 501(C)(3) religious corporations.
On March 20, 2016 at 3:20 pm, MyLyingEyes said:
Since the FBI is willing to pay Apple for its time the 13th Amendment doesn’t seem to have any relevance. All writs compel someone to do something.
On February 23, 2016 at 10:28 am, Ned Weatherby said:
Exactly right bottom line, Herschel. And now, “everyman’s outsider” Trump, calls for a boycott, illustrating that he is little more than a crony uber statist, ever willing to give the government more power. Add to that the Frank Drebin/ Inspector Clouseau matter of TPTB managing to disable the phone all by their little lonesome selves, and it becomes even worse.
On February 23, 2016 at 11:53 am, Fred said:
This is the exact type of case that baby Bush wanted to be able to
investigate through non law enforcement means – terrorists on US soil
with foreign ties, communicating with other network assets and/or
handlers.
@ gamegetter is asking the write question; “who’s not giving up the whole story”. Josh is completely right and Mr. Smith your bottom line is correct. There is an agency whose sole purpose is the securing of US data and collection of foreign data. Both aspects include encryption. It is the national subject matter expert on encryption and encryption technology. It could get the data requested by the FBI with a 48hr turn around. The FBI DOES NOT WANT THE DATA!!! It very likely has the data already, obtained not through criminal investigation but through national security channels. The FBI would like to avoid the firestorm of revealing it’s source for acquiring the data in court so it is pressing Apple in order that it may cover illegal (without warrant) information gathering through this other agency.
Why not just handle this case in a national security court? The FBI wants the ability to hack phones plain and simple. Use of the secret courts would also require an admission by the administration that Jihad is an international security threat in the US.
Here is, at least, a partial answer to @ gamegetter and maybe some blanks filled in.
On March 20, 2016 at 3:24 pm, MyLyingEyes said:
The FBI director also mentioned a murder case, in Louisiana iirc. There is no reason why warrants should reach the contents of insecure phones only in national security cases.
On February 23, 2016 at 2:06 pm, UNCLEELMO said:
Bill Gates (Microsoft founder) has publicly stated that Apple should give the FBI (of LaVoy Finicum fame) what they want.
That’s all I need to know to form an opinion on this subject.
On February 23, 2016 at 2:26 pm, Herschel Smith said:
I just saw that. God, what an awful man. But anyone who develops software that bad must by definition take awful views on everything else.
On February 23, 2016 at 3:12 pm, Archer said:
Here’s a good write-up of exactly what the FBI is demanding of Apple, compared to the assistance Apple has provided in the past: http://www.zdziarski.com/blog/?p=5645
In short, Apple has been “unlocking” phones for investigators forever. It’s not been an issue, and I believe they’ve made the offer to try it on this phone. That’s not what’s being demanded. The FBI is asking for a “tool” to break into phones, in the form of a modified iOS (I’ve seen this dubbed “FBiOS”, heh!), and the court turned that request into a demand.
A “tool”, though, must be built, vetted, and independently tested and verified to work on a multitude of devices. Independent testing and verification, by definition, occurs outside of Apple. The method for accessing the encrypted information is no longer considered or treated as a “trade secret”; it’s published, and therefore able to be reverse engineered. Thus, Apple does not get to maintain control over it or destroy it once the task at hand is completed, as is promised by the court order. That promise cannot be kept, so naturally it will not be kept.
This goes FAR beyond the court order’s requirement that Apple provide “reasonable technical assistance” to the FBI in obtaining the information on the phone, and the bone offered to Apple to entice/coerce their cooperation is an illusion.
I believe Apple is correct in disputing a self-contradictory court order.
On March 20, 2016 at 3:35 pm, MyLyingEyes said:
There is nothing in the order requiring Apple to produce a tool “independently tested and verified to work on a multitude of devices”, still less to turn it over to the FBI or anyone else. Apple need meet none of Zdziarski’s imagined requirements, and if the lack of doing so prevents the results from being admitted in court that’s the FBI’s problem, not Apple’s. There is no warranty of merchantability from Apple to the FBI — they only have to obey the order.
On March 21, 2016 at 10:55 am, Archer said:
Did you read the article? Forensic analysis is what Zdziarski does; the requirements aren’t “imagined”, and in context make perfect legal sense. Do you really think the FBI won’t try to hold Apple accountable if the results are found inadmissible for lack of verification?
Also, re-check the “requirements” of the software the court orders Apple to build. It must override iOS security/privacy to allow brute force hacking of the PIN. That’s a given. But it must also allow such brute force hacking to be done wirelessly, over the network or via Bluetooth. If the FBI has the phone and can plug it into a computer to hack the PIN (which only needs to be done once), why on Earth would they need the ability to do the same wirelessly?
I’ll leave the implications for you to figure out.
On March 21, 2016 at 11:28 am, Herschel Smith said:
He doesn’t want to figure out implications. He’s a troll.
On February 24, 2016 at 8:56 pm, tireddog said:
This is an exercise in ‘pull through marketing’. FBI wants encryption gone, Apple pretends to object, gullible public demands end to encryption, demands CONgress do something and the CONgress happily obliges, even before this case winds its way through the courts. Having already claimed that encryption is a CONgressional issue Apple can stand down when the boots drop. The stupid cows will have done govs work for it while Apple retains some cred.
On February 25, 2016 at 7:44 pm, Ned Weatherby said:
One wishes that premise were not true. Though it likely is.
On March 20, 2016 at 2:52 pm, MyLyingEyes said:
Um, no, no, and no….
“They have asked Apple to develop an approach that allows them to completely bypass all security, thus making them malleable to a FISA court ruling for any or all phones in the future.”
This has nothing to do with a FISA court, and there is nothing to prevent Apple from designing phones which they truly cannot help the FBI to break into.
This is not remotely about encryption and is not about a backdoor. It’s about certain protections on the front door that Apple CAN remove and therefor will be forced to remove. Whether they’ve fixed this with the Secure Enclave is in some doubt as the firmware for the SE can also be “updated” without unlocking the phone.
By now you probably know that the iCloud password reset was the FBI’s fault, but this is a red herring of no significance whatsoever. The FBI can compel a bank to open a safe deposit box even if one of their agents dropped a key into the river.
iCloud backups are not encrypted. (And incomplete, I believe.) That Apple gave the backed up data to the FBI without a fuss should give you pause to think what this is about.
On March 20, 2016 at 10:28 pm, Herschel Smith said:
Yes, yes and yes. You’re lying, and you know it. Based on your comments here, I think you’re a paid government troll. And shouting it louder than everyone else and making more comments doesn’t mean you’re right.