Apple challenges 'chilling' demand to decrypt San Bernardino shooter's iPhone

[Town Heretic]

is the justice department asking apple to unlock this particular device, or are they asking apple to give them a key that will unlock all devices?

My understanding is that they're asking Apple to disable the feature that would, unaltered, lead to the permanent inaccessibility of the phone's data after a number of failed attempts at guessing the password. Once disabled, the government could run combinations until it unlocked the phone and could then obtain the data.

 

[ok doser]

and the software that would disable this feature - that would remain in apple's control, yes?

 

[theophilus]

and the software that would disable this feature - that would remain in apple's control, yes?

Not.

 

[ok doser]

how so?

it's my understanding that the DOJ is asking apple to create a "master key", use it on this particular device and then do whatever they want with it

i don't see any indication that the DOJ is asking apple to make a master key and give it to them


unless i'm reading it wrong :idunno:

 

[chrysostom]

-I like it when the fbi must get permission from apple to get information on us
-I trust apple

 

[rexlunae]

how so?

it's my understanding that the DOJ is asking apple to create a "master key", use it on this particular device and then do whatever they want with it

i don't see any indication that the DOJ is asking apple to make a master key and give it to them

Not really. It's like this:

Apple has a key that gives them and only them the ability to write software that will run on iPhones. The FBI has asked Apple to create special software for them signed to run on an iPhone which defeats a separate security mechanism. The FBI and the court order has specified that the software be specific to the phone based upon some identifying feature of the phone, but there's no guarantee that you can't fake those IDs.

So, no, the FBI isn't asking for Apple's key. They are asking that software be written and signed with Apple's key. But that doesn't really address the very real risk that they're asking to impose on all iPhones.

 

[ok doser]

Not really. It's like this:

Apple has a key that gives them and only them the ability to write software that will run on iPhones. The FBI has asked Apple to create special software for them signed to run on an iPhone which defeats a separate security mechanism. The FBI and the court order has specified that the software be specific to the phone based upon some identifying feature of the phone, but there's no guarantee that you can't fake those IDs.

So, no, the FBI isn't asking for Apple's key. They are asking that software be written and signed with Apple's key. But that doesn't really address the very real risk that they're asking to impose on all iPhones.

couldn't this be solved by just giving apple the phone (in a forensically controlled manner) and asking them to unlock it, mine the data and give it (the data) to the doj?

 

[rexlunae]

And none of that is being sought by court order.

No, but its security is at risk from the court order. Every iPhone in the world has an real security interest in Apple's use of their private key, and whether they can be compelled to do this.

The hypothetical potential injury that should be preventable compared to the actual need arising?

It's not hypothetical. It's a genuine risk. I'm not sure where your confidence comes from here.

You're not aware of one now. Rather, a key is needed for access. It's really no different than a subpoena for records held closely by a bank. Especially if the instrument itself remains in Apple's possession (the means to the end, not the phone itself).

It's more like if the government demanded that weaker locks be installed on all banks to facilitate access by authorities in a given case.

I know the law is the guarantor of recourse for the violation of right and I'd say your obligation rests within the confines of the law, as does that recourse.

As I noted before, a merely legal barrier is of practically no effect in the context of the modern security state and international criminal hacking groups, some of which are state-sponsored. And I don't think that the Fourth Amendment's guarantee of security is limited to what writs the court can issue to protect the privacy of individuals.

Lastly, the government needn't be in possession of the key that could be misused.

No, that really would be giving away the farm. But that doesn't mean there's no risk in just creating the malicious software and signing it with Apple's private key. And, with nearly a billion iPhones out there, the risk Apple is being asked to assume on behalf of its customers is substantial if for no reason but scale.

 

[rexlunae]

couldn't this be solved by just giving apple the phone (in a forensically controlled manner) and asking them to unlock it, mine the data and give it (the data) to the doj?

Apple can't just unlock it. They would need the lock code to do that. They could brute-force it if they wrote something like what the FBI has asked for, which would essentially be what the court order has demanded they do.

Apple's contention, which I agree with, is that writing that software is like opening Pandora's box. And there's no way that it would be just this one case. It would be a precedent that would be reused all the time.

 

[Town Heretic]

No, but its security is at risk from the court order.

That will depend almost entirely on the security measures Apple puts in place surrounding the key.

Every iPhone in the world has an real security interest in Apple's use of their private key, and whether they can be compelled to do this.

Not without the actual key Apple can safeguard.

It's not hypothetical. It's a genuine risk. I'm not sure where your confidence comes from here.

A risk is a potential for damage, not actual damage. A crime and the fruits thereof is an actual damage. The information sought is sought to both prevent or lessen the potential for risk and to punish those who have actualized a potential and worked a real, tangible harm.


It's more like if the government demanded that weaker locks be installed on all banks to facilitate access by authorities in a given case.

As I noted before, a merely legal barrier is of practically no effect in the context of the modern security state and international criminal hacking groups, some of which are state-sponsored.

I understand criminals aren't going to obey a law. The law isn't there to prevent crime, but to define it and set the standard for redress, though laws will dissuade many, if the penalties are severe enough and the criminal is rational. A losing cost/benefit, after a fashion. The security of the key will lie with Apple, as it should.

And I don't think that the Fourth Amendment's guarantee of security is limited to what writs the court can issue to protect the privacy of individuals.

Something in that escapes me. But I just got back from the dentist, so it's probably me.

No, that really would be giving away the farm. But that doesn't mean there's no risk in just creating the malicious software and signing it with Apple's private key. And, with nearly a billion iPhones out there, the risk Apple is being asked to assume on behalf of its customers is substantial if for no reason but scale.

I think that goes back to my proprietary control and security point. :think: Maybe.

 

[Town Heretic]

Apple can't just unlock it. They would need the lock code to do that. They could brute-force it if they wrote something like what the FBI has asked for, which would essentially be what the court order has demanded they do.

Apple's contention, which I agree with, is that writing that software is like opening Pandora's box. And there's no way that it would be just this one case. It would be a precedent that would be reused all the time.

I'd agree, but I think the precedent is already set where any party is in possession of information or the means to it relating to an ongoing criminal investigation subject to court scrutiny and writ.

 

[Town Heretic]

and the software that would disable this feature - that would remain in apple's control, yes?

I don't see anything in the order that would necessitate Apple losing control of possession of the software required to disable the feature involved.

 

[THall]

completely dishonest discussion here.

Apple is being asked by Fed agencies
all over the U.S. to unlock phones,

In at least 21 cases that we know of.

It is not just this phone, and it never
will be. Wake up.

 

[Zeke]

[Apple challenges 'chilling' demand to decrypt San Bernardino shooter's iPhone: Tim Cook publicly attacks the US government for asking Apple to take an ‘unprecedented step which threatens the security of our customers’ by Stuart Dredge and Danny Yadron] "Apple has hit back after a US federal magistrate ordered the company to help the FBI unlock the iPhone of one of the San Bernardino shooters, with chief executive Tim Cook describing the demand as “chilling”.

The court order focuses on Apple’s security feature that slows down anyone trying to use “brute force” to gain access to an iPhone by guessing its passcode. In a letter published on the company’s website, Cook responded saying Apple would oppose the order and calling for public debate.

“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand,” he wrote.

While Cook took pains to stress that Apple was “shocked and outraged” by the San Bernardino shooting last December – “we have no sympathy for terrorists” – he said company is determined to push back against the court order.

Cook wrote that opposing the order “is not something we take lightly”.

“We feel we must speak up in the face of what we see as an overreach by the US government,” he added..." Full text: Apple challenges 'chilling' demand to decrypt San Bernardino shooter's iPhone Jn 8:36, Re 13:17

Seems like a distraction the size of a knat compared to Camels nose that was under the tent of failures that had to take place during 9-11, still waiting for someone to get arrested for that false flag, But some just have more immunity than others along with best propaganda, and legal team on the planet.

 

[rexlunae]

That will depend almost entirely on the security measures Apple puts in place surrounding the key.

Agreed. Right now, one of the security measures Apple has put in place is that they don't write and sign code that bypasses the security on their phones.

Not without the actual key Apple can safeguard.

No, I'm talking about with the code that they want to compel Apple to write and sign. Every iPhone user has an interest in Apple not doing that.

A risk is a potential for damage, not actual damage.

Sure, but a hypothetical risk is different from a real risk. Perhaps this is splitting hairs a bit, but there's no question that there is some real risk, albeit perhaps a small one, that this code could be abused. What is the risk that software written by Apple for specific law-enforcement purpose leaks? Maybe it's small, but it's not zero, and the only hypothetical here is "...if Apple were required to write such software".

A crime and the fruits thereof is an actual damage. The information sought is sought to both prevent or lessen the potential for risk and to punish those who have actualized a potential and worked a real, tangible harm.

Of course, I see why the FBI wants to see what's on the phone. I want that too. But no one really knows if there's anything useful on the phone, and when the cost is that all iPhones are less security as a result, I'm not sure that's an actual win for justice, safety, or even law and order.

I understand criminals aren't going to obey a law. The law isn't there to prevent crime, but to define it and set the standard for redress, though laws will dissuade many, if the penalties are severe enough and the criminal is rational. A losing cost/benefit, after a fashion. The security of the key will lie with Apple, as it should.

That's exactly my point. The law is an important safeguard, but the first line of defense is strong crypto with multiple measures in place. So courts should think long and hard before they take away one of the main tools on the front lines from the safety of their benches. If the security of the key lies with Apple, compelling them to use the key against their better judgement is a poor idea.

Something in that escapes me. But I just got back from the dentist, so it's probably me.

Meaning that, the protections of the Fourth Amendment guaranteeing security isn't just a protection to be sorted out in court after the fact, but a positive guarantee of the use of tools to protect that security.

I think that goes back to my proprietary control and security point. :think: Maybe.

Well, yes, but the order to use the key in this way is overriding Apple's proprietary discretion.

 

[kmoney]

The FBI wants us to believe that this is about one phone. It's definitely not, and they came close to admitting as much to Congress:

http://www.motherjones.com/mojo/2016/02/james-comey-ducks-most-important-question-in-apple-fbi-fight

Comey is already starting to change his tune and admit that the Apple case will probably pave the way for more of this.

http://www.reuters.com/article/us-apple-encryption-congress-idUSKCN0W33G7

 

[ok doser]

should criminals have better technology than law enforcement?

 

[kmoney]

Of course, I see why the FBI wants to see what's on the phone. I want that too. But no one really knows if there's anything useful on the phone, and when the cost is that all iPhones are less security as a result, I'm not sure that's an actual win for justice, safety, or even law and order.

I think this is an important factor here. No one knows if there is anything of value on the phone. And isn't the current story about this couple that they worked alone? Of course the potential exists that phone data would change that story, but how likely is that if the FBI hasn't found any evidence of that so far?

So at least a small risk for big security concerns along with setting a precedent vs a small chance of any valuable data

I'll side with Apple using that tradeoff.

 

[Town Heretic]

Most of this I think we've covered and I'm fairly confident we understand our differences...just a couple of notes then.

Sure, but a hypothetical risk is different from a real risk. Perhaps this is splitting hairs a bit, but there's no question that there is some real risk, albeit perhaps a small one, that this code could be abused. What is the risk that software written by Apple for specific law-enforcement purpose leaks? Maybe it's small, but it's not zero, and the only hypothetical here is "...if Apple were required to write such software".

I'm not denying there's a risk, but I think it's one that has to be borne.

That's exactly my point. The law is an important safeguard, but the first line of defense is strong crypto with multiple measures in place. So courts should think long and hard before they take away one of the main tools on the front lines from the safety of their benches. If the security of the key lies with Apple, compelling them to use the key against their better judgement is a poor idea.

I'm much more comfortable with trusting the judgment of the court, guided by the principle of justice and mindful of due process than I am a corporation guided by the principle of profit and mindful first and foremost of their bottom line.

Meaning that, the protections of the Fourth Amendment guaranteeing security isn't just a protection to be sorted out in court after the fact, but a positive guarantee of the use of tools to protect that security.

Ah, well I'd say you read the guarantee too broadly and that no right supersedes the needs of the state to secure the foundation of every exercise.

Well, yes, but the order to use the key in this way is overriding Apple's proprietary discretion.

You think a bank ever really wants to release confidential records? I'm saying Apple shouldn't lose all control or essentially any real control over its product save that necessitated by the order and only to the limited extent to fulfill the writ.

 

[rexlunae]

should criminals have better technology than law enforcement?

That will never happen. But the mathematics of public key crypto put cracking it out of reach of even well-funded parties for the time being in a lot of cases.