I can't believe they're actually running with the "it's not Apple's job to protect civil liberties; it's the government's" talking point. It's pure nonsense, a complete inversion of the understanding of the nature of civil rights ever since the Constitution was written.
Yup. There was some great discussion this week at a higher level. Attorney General Loretta Lynch was questioned quite extensively [1] [2] [3]. The only one above her is the President, who has yet to comment, though the issue is sometimes discussed during the daily White House Press Secretary briefings [4]
This statement reminds me of a time when a few companies tried to fix a road that the government refused to fix but kept awarding awarding contracts for yearly.
The government took em to court. The court said that building roads was not the job of civilians. And here is where things for interesting.
They asked the companies to give the government money so that the government would build that road
The FBI seems to be overtly validating the power-drunk law enforcement officer theme that's been entering the public consciousness in the law few years.
It feels like the FBI has been caught with their hand in the cookie jar. They have at least one judge saying they have overreached, a House of Representatives hearing where the head of the FBI got dressed down, and a hearing on the 22nd with a ton of support for Apple from tech companies and other researchers. It feels like a desperate attempt to salvage a losing battle.
The truth is that a large number of Americans believe that the FBI should have access through consumer encryption. Agree or disagree, but the existence of that public sentiment is a fact easily observable in public polling.
Security vs. freedom is a tradeoff. Different people have different opinions of what makes an acceptable trade.
The role of representative government is to adjudicate between differing opinions. That is why this is still an issue, and will continue to be an issue for the foreseeable future--not because there is some secret cabal who is working counter to the wishes of all Americans.
> The truth is that a large number of Americans believe that the FBI should have access through consumer encryption.
This is not a democracy, this is a republic. We should hold our elected (and appointed) officials to higher standards than we hold our voters. Just because our public is uneducated does not excuse the elected government taking advantage of an uneducated public to seize powers they did not have before.
We have a representative democracy in the U.S. We also have a republic. The two terms are not contradictory.
"Representative democracy" tells you how decisions are made--we select a few citizens to make decisions on our behalf. "Republic" tells you who is sovereign--in the U.S. the individual citizens have the right and power to rule, and have used that to construct our own government.
Counter examples:
The U.K. is a representative democracy, but not a republic. It's a monarchy.
North Korea is a republic but it's not a democracy. It's an autocracy.
Just because you call something a democracy doesn't mean it is so. If something is a republic, you can call it a representative democracy analogously, but not literally. Just like a zebra is a striped horse but not, you know, a horse.
Can you address anything I wrote that had substance?
> Can you address anything I wrote that had substance?
That our elected officials represent the disparate opinions of the people they serve might be their personal failing, in your view, because you disagree with them on this issue. I disagree with them too! Encryption should not be backdoored, the FBI is wrong--I agree on all those scores.
I just don't think that the only reason the encryption conversation continues is because of corrupt political elites. It's not. The conversation continues at the public level too.
The reason that matters, is what we can do about it. If public opinion is the problem, then a public campaign can try to move it. If corrupt political elites are the problem then... we throw up our hands? Isn't that just rationalizing despair and inaction?
This definition is meaningless. Under this definition, every government is a democracy. People technically voted for Kim Jong Un.
> That our elected officials represent the disparate opinions of the people they serve might be their personal failing, in your view, because you disagree with them on this issue.
No, their personal failing is not thinking for themselves.
> I just don't think that the only reason the encryption conversation continues is because of corrupt political elites. It's not. The conversation continues at the public level too.
I do agree—however, the elected officials are still failing their constituents by not actually understanding what encryption is. They have a responsibility to be educated when their constituents are not.
> the elected officials are still failing their constituents by not actually understanding what encryption is. They have a responsibility to be educated when their constituents are not.
I totally agree with you on this. Here's a sliver of hope that progress is possible...
> truth is that a large number of Americans believe that the FBI should have access through consumer encryption
Yes, they've been led to believe this by the "corrupt elite" you so casually brush aside. It's better characterized as a gradient of out-of-touchness rather than a well-bounded "elite" class [0], but the net effect is the same.
"Propaganda is to a democracy what violence is to a dictatorship" and all that.
[0] eg the skinjobs parroting the message on TV aren't directly reliant on the propaganda, but thinking too hard about it would lose them their employment.
They've been led to believe this by a common-sense assumption that police are there to police. The notions of the FBI acting counter to the interest of the public or the FBI lacking the competence to protect the weakened access points they would desire are counter to basic education; people must be taught to think in those lines.
When thinking about politics, remember: most hackers are more paranoid than the average person. A lot more. Because our training tends to show us what damage can be done, and that people will do damage for the hell of it [https://medium.com/@blakeross/mr-fart-s-favorite-colors-3177...]. When the Boston Marathon was bombed, the police put the city on basically a full-panic lockdown to catch two men; a lot of people were okay with this because it made them feel viscerally safer, not because they were trained wrong by a corrupt elite. You disregard the actual state of human nature to assume otherwise, which is probably disadvantageous.
And yet many facets of the government were designed from an assumption that organizations do develop ulterior motives. Checks and balances, the adversarial justice system, and the Bill of Rights, to name some fundamental meta-topics. An abstract "don't tread on me" is deep within the American psyche, yet it very easily remains abstract, especially when steered that way.
I agree with your general point about human nature of blindly trusting the biggest stick, but that doesn't mean we should avoid blaming the scumbag mass media for abdicating their traditional duty of critical analysis and turning into pravda.us. If someone wants to ascribe this to an explicit conspiracy with an evil cabal while I simply see panicked well-to-do ignorants promulgating their bubble, I'm not going to let disagreements about details get in the way of agreeing on the commonalities. Any such dissenting viewpoint is a step on the path of extricating oneself from the infopocalyptic centralization we're finding ourselves being pushed into.
That's why we have to build both social and technical institutions to push back. Because the alternative is outright civil war. I'm not sure that such a civil war will lead to any good ends.
In a truly cryptographically secure system, there wouldn't be a master key, and a signing key would not be able to enable access to private data. Security would be guaranteed by mathematics, not by the UI. The data would be encrypted in a fashion that even a modified OS would not be able to decrypt without a user-generated high-entropy passphrase or key that Apple does not have. If iPhones were truly secure, Apple would technically and mathematically be unable to help, and the FBI wouldn't have a case to begin with.
The question here is whether or not the law says the DoJ can compel Apple to hand over these items.
We do not need to allow the DoJ to win in order to get to a point where Apple and others provide us with self-controlled data security. We can both fight the DoJ's position and demand better security from Apple.
Let's focus on the DoJ for now because that is the immediate threat.
This case should be discussed in Congress, not the courts, and the American people should have a say in the matter.
I was heartened to see the video of Senator Lindsey Graham's questioning of US Attorney General Loretta Lynch today on this topic [1]. His delivery and conclusion was perfect. Mike Lee also did a good job [2]. Feinstein was scary to watch (51:00 in the C-Span full video).
Good videos. Graham summed up a lot of the layman's evolving thoughts on the topic. The first days of the PR war had the FBI winning, but their hubris caused them to underestimate Apple's PR machine. As the public learned more about the case, they have definitely turned against the FBI. It also helps that Apple is on the right side of this issue, but thinking about the (children|terrorists|guns|drugs|boogyman) has unfortunately worked before in similar situations.
Yes, and it makes a hell of difference in lobbying fire power.
I'm not really a Apple fan but I hope they win on this.
Lavabit eventually decided to close instead of giving access to the data of their customers. Apple won't close but I wonder if they would go as far as leaving the USA, both the country and the market. That would be more than extreme but if they lose it would be the only alternative to caving in. My very safe bet: it's not going to happen (leaving the USA).
I'm not sure if that would really work, with extradition agreements and all. A lot of other countries' governments will actually agree with the FBI's position, not the position of the American people.
In other news, Apple has been complying all along with Chinese authority requests, including placing Chinese user data on Chinese servers and hand over relevant data when asked. In China if they made a fit over this they'd be thrown out and blocked along with Google and Facebook. For them, complying with Chinese authorities is a revenue-driven business decision.
In the absolute worst case outcome of the FBI case, I imagine they would end up complying with US authorities as well, as a business decision.
For some smaller countries, providing the right privacy-friendly legal protections could be used to attract large multi-nationals.
Iceland is already poised to take advantage of this. A little bit of legislation, a few moderate tax breaks, and they could court Apple rebasing their corporate home, at least mostly on paper, there.
I always wonder how hard it would be and just how effective it would be if it was done.
Sovereignty is a funny topic... If Apple "buys" a country with a land border the "abdication of existing government" could be considered by their neighbours over the border as grounds to consider the territory "vacant" ... If Apple "bought" an island nation or a country comprising multiple islands, then they would have to "defend" their new home from the newfound "enemy" of the USA ( and I hear the Navy is quite formidable ;-) ) who might be a little bit pissed off, or may just decide like to "consider" that Apple purchasing the country makes it not a country and they don't have to listen to Apple when they ask nicely not to enter their territory with aircraft carriers, or say ... submarines that tap into undersea cables...
Right now Apple has a fair amount of protection by virtue of being an American company, an American company that is also considered an American person with rights under the constitution, such as not being "compelled to speak", which is why we're hearing about this sort of possible change in tactics. The FBI can't force them to talk so they ask for the script so they can talk for them.
If you don't have either (a) a competent military of your own, or (b) countries which have strong enough economic or cultural relations with you to want to protect your interests with their military, it is meaningless to form a micronation for the purpose of evading a large country's laws. The US or any other army could just invade, capture, or colonize your little country, which is pretty much how the world has worked throughout history.
Furthermore, without good relations with other nations, you're not going to get very far with exports, internet connections, food, passenger transport, investment, and just about everything else you need to sustain basic life and business.
What you describe is already how the iPhone works. The FBI has vaguely threatened to seek the signing key (not any master encryption key, which doesn't exist) so they can make an operating system that disables software-imposed wipe-on-10-incorrect-attempts and software-imposed-delay-ramp-up, so they can run a brute-force attack. If the phone had used a long passcode, this would be impossible. The only reason this is even a case is because this phone has a numeric passcode, which is within the reach of brute forcing with these UI barriers removed.
The mathematics already impose an 80ms duration ("delay") of each attempt. The FBI knows there is no way around that.
Contrary to other replies, even phones without the secure enclave are protected in this way.
That is in fact how iPhones' encryption works, except the vast majority of users don't set a high-entropy passphrase [1] because a) it's not enabled by default (because of (b) and (c)), b) it's not great user experience, and c) most people don't understand or care.
This is why Apple also implemented the brute forcing protections that the FBI is trying to bypass via a firmware update.
However, I do think that it should be impossible to update the firmware (including via DFU) without either a) the passcode, or b) wiping the phone. If the owner doesn't know their passcode they'll need to wipe the phone anyway. Anyone else doesn't have any business updating the owner's firmware without their permission.
[1] https://support.apple.com/en-us/HT204060 "Change your passcode. Enter a new, six-digit passcode. Or tap Passcode Options to switch to a four-digit numeric code, a custom numeric code, or a custom alphanumeric code"
The problem is, with the code signing key, they can load a new modified OS, brute force the password and get at the data because the data isn't mathematically secure to begin with.
iPhone data shouldn't be encrypted on the basis of a 4-digit PIN. It should have a much longer password that's entered at startup. The 4-digit PIN can be a "screen lock" to prevent casual friends grabbing your phone and swiping pictures but shouldn't be the thing that encrypts your data. There isn't enough entropy in a 4-digit PIN, period.
The iPhone then adds a feature to self-destruct after N attempts. This is where a modified OS comes in. This isn't true security. Get rid of the self-destruct feature and you have brute forcing ability and can decrypt the data in minutes.
In a truly secure system, I would be able to safely just give you an image of the flash storage and all the signing keys. You pick your tools, OS, hardware, and you would still have no shot at decryption, at least not with classical computers and as long as P!=NP.
On the most recent iPhone, data isn't encrypted based on a 4 digit PIN. It uses a tremendously long piece of data as the encryption key, but the encryption key is only accessible through some special hardware they have (which is essentially tamper proof and brute-force proof) with the 4 digit PIN. But as you said, since they can remotely update the software for this special piece of hardware, it is still susceptible to being compromised.
A lot of the conversation happening in regards to this FBI case is only due to it being an older iPhone that doesn't have this special hardware. Which is why people are confused with the FBI chose this case as their poster child when it would have made a lot more sense with the most recent iPhone.
Would you explain how 256-bit AES keys CPU and Secure Enclave and user PIN all work together to provide encryption on the iPhone? Is this documented anywhere?
Is this same method employed across different generations of iPhones?
Basically, the Secure Enclave contains a 256-bit AES key physically fused into the silicon during the chip fabrication process. Apple don't know this key, and neither do the manufacturers. It's different on every iPhone. The key cannot be read by any software, or the OS, or even firmware. All that can be seen is the result of using it in a crypto operation.
The key used for actual encryption on iOS is derived by taking an intermediate key derived from the PIN, and then entangling it with the Secure Enclave key (and, I believe, the CPU's key, which is also unique and fused into the hardware, but not quite so secretive). This effectively ties the crypto process to the phone - if you take a data dump of storage and try to brute force it on some more powerful kit, cracking the PIN isn't enough. You'll also have to crack both the AES keys.
This isn't universal across all iPhones - I think the 5S onwards have it.
> iPhone data shouldn't be encrypted on the basis of a 4-digit PIN. It should have a much longer password that's entered at startup.
As the iOS security documentation details, iOS uses a KDF to generate secure keys rather than just relying on a short PIN.
> The 4-digit PIN can be a "screen lock" to prevent casual friends grabbing your phone and swiping pictures but shouldn't be the thing that encrypts your data.
Photos ARE your data. You either require a full passphrase 100% of the time, or as Apple has done, only allow limited attempts with a PIN. Yes, they* could enforce a passphrase at all times, but this might make iOS less user friendly and drive regular consumers to less secure devices.
* A user can choose to always require a full passphrase/TouchID at all times. I don't use a short PIN on my iPhone.
Disagree - I want to be able to have my phone "casually" locked (when it's on) and "securely" locked (when it's off). If the casual lock is harder to break, that's icing on the cake, but the important thing is that I can quickly prevent access to the phone, and that it will revert to that state automatically after some time.
Ideally my phone would go into "secure" locking mode (requiring my 7 word passphrase) after not being unlocked "casually" for more than X hours.
If the user has to enter the code by hand, it's very impractical to require more than a memorizable number of symbols for the initial decryption code, unfortunately. Plenty of users turn off their phones periodically.
iPhones don't require a four-digit PIN. You can set a nice, long passphrase, which would then make brute forcing completely impossible even with modified OS shenanigans.
The only reason brute forcing is even potentially an option in this case is because the person in question didn't bother to use a secure passphrase.
So, it sure sounds to me like iOS is already doing what you describe. Do you just object to giving the user an insecure option?
Can someone explain how the encryption works on the iPhone? I was under the impression that the 4 digit code is just a screen lock and had nothing to do with the encryption.
Also is there a reason they can't just use this piece of hardware to brute force the phone?
The short version is that your passcode (whether four digits, six digits, or a full password) is combined with an encryption key embedded in the device in a way that's supposed to be impossible to extract, and used to derive the encryption key used to protect your data.
The device you linked to relies on a vulnerability in the US, where it would report that a passcode entry failed before recording that failure to nonvolatile storage. Normally, the device starts adding more and more delays to passcode entry after a few failures. By cutting power to the device immediately after it reported failure, it bypasses those escalating delays. As your link mentions, Apple fixed this vulnerability in a subsequent OS update, so that hardware only works on older OSes. This phone's OS is too new.
I'm not an expert on such things, but I believe people have been saying that the newer iPhones are more or less impossible to do this kind of thing for. The iPhone in question is old enough that it doesn't have the new security features apparently.
Yes, and more-recent iOS devices have stronger security features than the one in question here. Regardless of the outcome of this case, I expect that trend to continue as a result.
> “Without Apple’s assistance, the government cannot carry out the search of Farook’s iPhone authorized by the search warrant. Apple has ensured that its assistance is necessary by requiring its electronic signature to run any program on the iPhone. Even if the Court ordered Apple to provide the government with Apple’s cryptographic keys and source code, Apple itself has implied that the government could not disable the requisite features because it ‘would have insufficient knowledge of Apple’s software and design protocols to be effective’,” the motion says.
> “There was a mistake made in the 24 hours after the attack,” James B. Comey Jr., the director of the F.B.I., told lawmakers at a hearing on the government’s attempt to force Apple to help “unlock” the iPhone.
> F.B.I. personnel apparently believed that by resetting the iCloud password, they could get access to information stored on the iPhone. Instead, the change had the opposite effect — locking them out and eliminating other means of getting in.
> The iPhone used by Syed Rizwan Farook, one of the assailants in the Dec. 2 attack in which 14 people were killed, is at the center of a fierce legal and political fight over the balance between national security and consumer privacy. Many lawmakers at Tuesday’s hearing of the House Judiciary Committee seemed torn over where to draw the line.
> Had there been no reset on the iCloud password, investigators may have been able to get a more updated backup of Farook's iPhone without any need to unlock the device itself.
They simply aren't competent and every time someone suggests they need more power to cover for their incompetence they need to be called out on it.
> F.B.I. personnel apparently believed that by resetting the iCloud password, they could get access to information stored on the iPhone. Instead, the change had the opposite effect — locking them out and eliminating other means of getting in.
I don't believe this one single bit. I believe they already have salvaged whatever they could from the iCloud account.
They have been after the backdoor for a long time. Needing info from a "terrorist's" phone is the perfect cover.
Is the FBI themselves going to be comfortable using devices which, say, the Chinese government, has the source code & keys for? The NSA and CIA certainly won't be. This is a two way street and they damned well know it.
I believe he's suggesting that if America can demand the source+signing keys and get away with it, then so can the Chinese government.
Now the Chinese and every other country in the world can prepare and sign updates to most anyones iPhone, say the FBI directors iPhone.. Heck, if he's travelling in China it would likely even be trivial to push the update over the air to his phone...
I thought it was pretty standard operating procedure to use throwaway phones & computers if you're travelling to China and there's any concern about espionage, whether it's corporate or political.
That too, but also all foreign governments will have predecent for demanding the same capabilities. Apple might as well just strip out all security features if that occurs instead of wasting time catering to demands.
The larger point is, if "secure" devices are illegal in the US, who is going to make them and what are they going to cost? The FBI/CIA/NSA/DOJ/etc all use mobile phones, tablets, and computers. Will all of these government agencies be using special devices built only for them, perhaps by another government agency?
The FBI having the ability to break in to NSA or DOJ machines is definitely not ok and I'm not sure anyone is going to say otherwise besides the FBI. Hell, we can't even trust the FBI agents with a few bitcoins.
Does anyone understand the connection between the iCloud password reset and the ability to get access to the iPhone? Also provided the owner didn't have the secure wipe after ten incorrect pin attempts, was there plan to brute force the pin?
> Does anyone understand the connection between the iCloud password reset and the ability to get access to the iPhone?
I do.
Just to be clear it NEVER would have given them access to the phone. But the FBI claims to want the data on the phone. What iCloud would have allowed them to do is to connect the iPhone to a known WiFi network and have it backup-sync up to iCloud where the FBI could obtain it.
The problem is because they changed the iCloud password that caused the phone to fall out of sync with the service until the new password is entered, and to do that you need the pin.
The speculation has been that the FBI already has most of the key information on the phone (from NSA taps & existing iCloud backups) but this whole thing was never about protecting the public or getting key intelligence, it is a pretence to gain a backdoor or more importantly to establish legal precedent with a case that will gain public support/is sympathetic.
They are this incompetent to realize the catch 22 of resetting the iCloud account? Rhetorical question.
I was curious about you points regarding obtaining key information from taps and existing iCloud backups. How would the NSA get taps on someone manually keying in a PIN code?
Also it sounds like the iPhones PIN code is included iCloud backups is that correct? I wonder why they include that rather than requiring resetting your pin on a restore?
Does using the encrypted backups option via iCloud not make a difference here? I would hope selecting this option(its iTunes) would enable the backup to be protected by AES 128. Can anyone speak to these?
> They are this incompetent to realize the catch 22 of resetting the iCloud account? Rhetorical question.
Yeah that was kind of the point of my OP. They really are that incompetent and since they won't admit it to that ... every time something goes wrong their response is "WE NEED MORE POWER" to deflect blame.
I wonder if Apple has a key revocation procedure for their signing key? It would have been sensible to have done this anyway, in case the key was compromised. They must, after all, be one of the highest profile targets, both for criminals and assorted foreign intelligence agencies. If they give the key to the FBI, they have to assume it is compromised, and so they should revoke it to protect their other customers.
In the same vein what would happen if Apple decided to destroy their master key and all backups? While that would completely screw over iphone updates I would honestly prefer that to the FBI getting source and signing capabilities. If Apple turns over their source it is only a matter of weeks before it gets leaked and its game over afterwards.
Probably, as those who oppose the corrupt use of power are feckless and would essentially do little besides complain while American continues to establish a police state.
This needs to be framed as a political issue. This is Obama's Justice Department. What do you think Hillary Clinton's Justice Department will look like?
If this is bothering you, get out and vote for Sanders. These next few months are the only window where we have a chance to fix this before being locked into 8 more years of a power hungry DoJ.
The entire tech industry should be taking a stand right now. Setting the policy of the FBI & DoJ is more important than net neutrality or SOPA. Not to mention picking the judges that will be deciding these cases for the next 20 years.
To my knowledge Sanders has shown no inclination to take this issue on at all, let alone fight for our side.
His campaign thesis is that rich corporations have corrupted the political process. Apple is one of the richest corporations in the world. It's not clear to me what Sanders will think of their concerns.
Encryption is not an issue that breaks down easily along typical populist political lines, which are the lines that Sanders prefers to stay within.
That said, you are correct that it should be a political issue--particularly in Congressional elections.
I completely agree it should be political. And I think it would be a big win for any candidate to express support for backdoor-free encryption now that the facts are becoming clearer to the public. All we need is someone with some authority to stand up and share those facts.
Unfortunately, Sanders has yet to comment on it, and some feel that his comments about Snowden have been less-than-brave, so he might not weigh in on this. People within his campaign feel it isn't currently a major issue for American voters. I've tried to share some information a couple of times but it hasn't really generated much discussion in the Sanders subreddit [1]
If anyone has any contacts within his campaign, it would be a good idea to reach out to them and talk about the issue. There are two bills, one in NY [2] and one in CA [3], being proposed that would mandate backdoors in encrypted phones. These are based off of text originally produced by Manhattan DA Cyrus Vance in November 2015 [4]. It's just a matter of time until there is similar federal legislation [5]
> The entire tech industry should be taking a stand right now. Setting the policy of the FBI & DoJ is more important than net neutrality or SOPA. Not to mention picking the judges that will be deciding these cases for the next 20 years.
I think you also need to consider the powers that the US government does have over tech companies.
Remember 5 years ago when all the tech companies issued oddly similar statements saying, "we want to tell you more about our cooperation with the government, and we are asking the government for permission to do that." Whatever came of that? Do we know more now?
I think tech companies are timid because they know the DOJ can ruin them. We only found out much later the duress under which Yahoo found itself in 2008 [6]. And, Microsoft was slapped pretty hard under Bill for bundling IE etc. He pretty much always sides with the government now. Also, Apple was just fined fairly heavily in a loss to the DOJ over its ebook negotiations with publishers. Until the supreme court denied Apple's request to hear that case, it seemed like it could go either way. There are probably many more we don't know about. There is a big difference between fighting against the DOJ and fighting publicly with Congress over SOPA etc. Fighting the DOJ is often done behind closed doors where the public and Apple's users cannot have its back.
I find it fascinating that it's commonly believed that big corporations run / control / own the US Government. When that's constantly shown to not be the case. Occasionally they have common ground, more often than not the government imposes its will in the process of seeking more power and control through regulation. If big corporations ran things, the executive branch would be on its knees groveling right now, with trillions of dollars in market value stacked on the Apple side of this. Apple makes so much money, their profit is almost as large as the entire spy budget for all US agencies. So where's the power and control over the government? Turns out that isn't true, the power derived from the guns beats the money every time (which history has shown repeatedly).
> the power derived from the guns beats the money every time
Our collective vote beats both money and guns. When politicians are voted out, they are out of a job and their campaign funds dry up.
From the This American Life's episode on "Take the Money and Run for Office" [1]
Dick Durbin: I think most Americans would be shocked-- not surprised, but shocked-- if they knew how much time a United States senator spends raising money. And how much time we spend talking about raising money, and thinking about raising money, and planning to raise money. And, you know, going off on little retreats and conjuring up new ideas on how to raise money.
Barney Frank: If the voters have a position, the votes will kick money's rear end any time. I've never met a politician-- I've been in the legislative bodies for 40 years now-- who, choosing between a significant opinion in his or her district and a number of campaign contributors, doesn't go with the district.
While money has a hard time to get a politician to take a position contrary to the will of the public, money is a great tool to manufacture public consent.
Isn't this the same thing China is in discussion of demanding of anyone who sells software in China? We've already criticized this as "they can steal our stuff." Why would any country not think the same of us?
The signing key is (ideally) not even known by Apple, but instead held in a security appliance that can be unlocked with a threshold quorum of pass phrases.
It might not even be in the US. I know that the code signing action of Microsoft Windows was done (and perhaps is still done) in Peurto Rico, for tax reasons.
Definitely. My point is that it's not an unheard of practice. Stick your signing keys in a different jurisdiction and . . .
. . . well, I suppose the courts could always compel a roomful of key holders to enter their codes. But it's much harder if some physical presence is required (do they handcuff you, fly you to the Caymans and force you to enter your key? Do they try to recover the hardware in question -- that could be made arbitrarily difficult).
I should add: Bonus points for making your passphrase "On advice of counsel, I respectfully assert my fifth amendment right to remain silent and decline to answer." And that "dot" on the end is important :-)
Also, trap biometrics: Use a fingerprint or two as a duress code. Have an retina scanner, but only some of the participants should use it. Use that sensor for some folks, another one for others. "Sure, you can have my fingerprints! Hmmm... it was working last week, why does it say '30 day lockout' now?"
What I've been wondering about this case is if there is a low tech solution. Out of all the video tapes we have, is there not one shot of him unlocking his phone at work or anywhere else he would have been recorded? Or are those tapes long destroyed. I can't tell you how many times I've sat next to someone on a bus / coffee shop and watched them put their pin code in where I could see it.
This whole issue has zero to do with this phone. The FBI has been waiting for a case involving some high profile issue like terrorism that they could link to forcing Apple to unlock the iPhone in general.
From what I've read, part of the All Writs Act actually does imply that compensation can (should?) be provided for services rendered to comply with the Writ.
I look forward to finding out how this plays out. This tack actually seems like it could work. I'm also curious what Apple would do operationally after being forced to hand over that key. What are the implications of rolling those keys and what ability do they have in that regard? What changes would they make to their next gen security systems to address this situation?
I think it would be easy to send each device new firmware encrypted first with Apple's secret key and then with the public part of an asymmetric key that the device owner controls (derived from the master password and the device ID) and have the secure enclave check both keys before accepting an update.
Problem with that is that forgetting your master password would mean "no more updates for you". So, to be a bit safer, Apple should restrict that to updates to the secure enclave.
Also, Apple would have extra work creating a unique upgrade package for each device, and network traffic would increase, as Apple wouldn't be able to use CDN's for distributing those upgrades.
Edit: I'm not sure that would work. The device would still have to send their key to Apple, giving Apple the ability to create the package, and giving law enforcement the opportunity to request the keys.
There is, unfortunately, nothing easy about "the public part of an asymmetric key that the device owner controls."
How does the device owner control it? Apple doesn't want to be responsible for Genius Bar calls from customers who lost that strip of paper with the huge hexadecimal code on it and now can't ever upgrade their phone again.
I think there could be a market for an optional feature like this. If you enable the super-duper crypto, you have to acknowledge in triplicate that you won't come crying to the genius bar because they can't help you. They could offer a way to print out backup keys (and a really slick method of reading the printed keys with the camera because hey it's apple) and make you sign an oath in blood that you understand that's your only hope of decrypting your data.
Edit: honestly, if apple provided such a mechanism, they'd be winning on all fronts. 1) a user is in control of whether or not there are recoverable keys (simply don't print them out or burn them if you did) and how well-protected they are (are they in your bedside table? taped to the top side of a drop ceiling tile? in a safe?). 2) you have a good answer for the government: go find the keys at the guy's house if they exist. 3) it's possible to be really serious about security and use the device in a way that is the same as if the backup keys simply didn't exist.
It doesn't have to be a huge hexadecimal code; it just needs to be as complex as the device's unlock password. After all, that's what the user, through his choice of password, chose as the desired security level. In fact, it just _could_be_ the unlock password.
It could even generate a new key every time someone asks for one, and only accept the last one it sent out.
But yes, as I outlined, one problem with this is "no more updates for you".
A way halfway around that could be for the secure enclave to accept unsigned firmware updates, but to first destroy the device's encryption key ("sorry, no more updates for you, unless we are allowed to erase your device first")
What I don't understand is how the FBI will get what they want anyway.
Allow me to assume the DoJ supports the FBI and coerces Apple to be required to do what they're asking for: how is Apple, an organization, seriously going to be compelled to actually comply, exactly?
The developers don't have to work on the project and can technically request to work on something else, or quit out of spite.
How do you force someone that works for a company, of which is compelled to do complete an action as a legal obligation, such that an individual isn't the one that would receive the jail time for failing to perofrm the request. Sure, I suppose they could make Apple pay a fine, but outside of trying to ruin them financially, I really don't see how they can hold any of the employees under any legal threat of jail-time or punitive damages for being in contempt.
The fine would probably be pretty hefty and occur on some periodic basis. Yahoo reportedly faced $250,000 daily fines that were set to double weekly back in 2008 [1]
Some engineer will do it for a million dollars, just knowing that the next guy after him will be offered the same amount. And Apple will be happy to pay that amount because to disobey a finalized court order is suicide for everyone.
A better argument for why this won't work as the DoJ would like is that criminals will just use some other method of encrypting their data. It's as easy as downloading an app. Meanwhile, the rest of us will be using devices whose security is compromised. This leaves the criminals safe, our data more vulnerable to theft, and the DoJ with their hands in the air wondering what happened.
That argument makes some sense for the "make us a backdoored OS" demand (IANL), but doesn't make much sense for the "give us the keys" demand.
In the case where they order Apple the company to make a backdoored OS, the engineers who have the skills to do that can quit, and Tim can order it all he wants but the company isn't able to comply anymore.
But if they want the source and the keys, theoretically Tim Cook himself could clone the source repo and put the keys on a thumb drive. They can hold him personally accountable, so they can send him to jail if he doesn't.
I've been saying this for a while:
The "master key" that apple is warning about, the "backdoor", already exists. The master key is Apple's ability to sign a new version of IOS, and update the software on a locked iPhone.
The Federal government isn't asking Apple to create a backdoor. Their asking apple to use the backdoor that already exists.
And now the FBI may simply demand apple hands over the signing key, providing them with the backdoor that apple already has.
You're right. But a master key that can be used to load new software to password protected phones without entering your password first is a backdoor. Even if it wasn't intentionally put there to be used as a backdoor.
I wonder if the FBI understands that threatening to demand the signing key is the equivalent of a nation threatening another nation with nuclear war. Just saying it has serious consequences. The other nation has no other option than to prepare for the worst.
I asume Apple will now prepare for the worst and I wonder how. I think they have two options:
- Consede with FBI that civilians can't have security against their respective nation, and start building some backdoor-per-jurisdiction feature that will allow states to decrypt iPhones within their jurisdiction.
- Take the principled approach and decide they want to offer their customers security, even if nation states don't allow this. They can build strong blockchain / tor type encryption into the OS and hardware, behind an easy checkbox. But this will collide with government interests, they may get into problems in big markets, comparable to Google pulling back from China and WhatsApp company representative being arrested in Brazil. Apple shareholders certainly won't be happy with this approach.
Don't brow beat me too much for this but I don't understand why the Government doesn't get one of their defense contractors to hire away an Apple engineer or three who helped write this code and just do it themselves. I know the timeline wouldn't be as short but then they wouldn't need to go to Apple.
My understanding is that they could easily create their modified iOS, but they can't install it on an iPhone without getting it signed by Apple's signing key.
This is the part where the FBI begins to really scare Apple with its aggression, by intentionally over-reaching to try and prompt Apple to meet them in the middle (settle) out of fear of losing big otherwise. Classic hardball tactic from the government (prosecutors use it routinely; works best if you're an all-powerful entity with the ability to put people in prison or otherwise cripple their existence).
Oh please do! This really gets to the heart of the matter, creating a more defensible position for Apple (the court would be asked to destroy an entire class of speech) and risking a less worse precedent if they do lose.
This has become truly ridiculous. No one believes there's anything of use on that phone yet the FBI continues to persist to try to force Apple. If they want the key and the source code, give it to them. They're obviously so fucking incompetent they wouldn't be able to do anything with them. I assume Apple can revoke any keys remotely so give them the key and revoke it immediately. This isn't at all about anything that happened in San Bernardino anymore and it's just the FBI being the fucking, repressive assholes that they've always been. In fact, this is the exact reason for having crypto on the phone. It's to avoid the fucking assholes of the FBI getting to your data because they're the criminals that Apple refers to when they're talking about protecting their customers.
They are or are making themselves seem incompetent technically (difference is irrelevant in this case), but legally they are very competent and they know exactly what they're doing. This type of sharing is a given, whether intentional or not. In fact, using the backdoored OS for other cases, in other organizations, and for other purposes is their primary objective here. The murder cases are simply a cover they can pander to the idiot masses willing to believe such stupidities. That's why they're calling them 'terrorism' when every single other mass shooting does not get that label nor this level of 'investigation.' To get this backdoored OS to the CIA, NSA, and other objectionable organizations is the objective. Chinese, probably not. But it'll still get into their hands, that's guaranteed.
A win would give them a kind of master key to all encrypted data stored in the US, right? And I suppose also imply that no security may restrict the FBI regardless of how that security is implemented.
I wonder how long the US government can keep doing this kind of shit without most (if not all) of the people in tech with any kind of ethics left leaving the US for, let's say, Europe and take their business with it.
I really, really do.
Note -- To make things clear (in regard to the -1): While it may look like it I wasn't trolling. I'm just wondering when tech people after all the shit happening the last few years have had enough. Because there must be a last straw somewhere, right?
I wonder how long Hacker News commenters will keep excoriating the US government for this kind of shit without realizing European governments aren't really any better.
They can keep doing it for ever, because the vast majority of people don't care. HN and the other internet tech rags represent the vocal minority.
The dystopian future isn't so future anymore, and things continue to play out much in the way that Huxley thought they would. For the most part, Orwell got it wrong. People will continue to let the government do what they will so long as they are entertained.
Even on HN there are a lot of equivocations and ambivalence about issues like this. If those of us who should know better can barely agree, how does the genpop stand a chance?
We are headed to a future where if you don't know how your systems work and control them yourself someone else will.
I know about the IPBill in the UK. I also know several tech companies have already left or are currently planning to leave because of it and its repercussions.
So, yes I did my research.
Also, while none of the governments in Europe are close to perfect, there are probably also good reasons why several people on NSAs watchlist (Jacob Appelbaum and Laura Poitras come to mind) have decided to set up residence in Germany, which is home to the BND -- supposedly one of the closest partners of the NSA in Europe.
European privacy laws protect your data from commercial exploitation, but offer almost nothing in terms of protection from the government. There's no principle in law that the government cannot force you to self-incriminate or unreasonably search and seize your property like there is in the USA. The UK has, and France is getting, mandatory key disclosure laws.
That's because the UK probably has one of the most vicious, regressive governments in Europe at the moment (also the main reason why Corbyn is getting more and more popular every day and the Tories probably will be crushed in the upcoming elections), and the French government is severely overreacting to the terrorist attack in Paris. Also the reason why the latter country is currently caught in some State of Emergency limbo as we speak.
I live in Taiwan. It's not bad. They really appreciate freedom of speech here. Data security and privacy go hand in hand with that. They're a bit behind in some ways technologically (old-looking image-based websites), and salaries are pretty low, but if you can freelance then you can get by. People, food and weather are great. There's also tons of opportunity to advance technology here.
I did leave the US 5 years ago with some idea in mind that our government doesn't know how to govern and guide technology. I was fed up with reading about small software companies getting pummelled by patent trolls, so I jumped ship, took my savings and floated around for awhile.
This is a scary development. Why would a judge refuse a request to subpoena some files and a number? It's a much easier play, unfortunately, than the earlier attempt to force Apple to write some code.
No court would consider these 'some files and a number', they are critical Apple trade secrets. If anything, Apple should have an easier time arguing what's being asked of them is an unreasonable burden.
According to the Supreme court, source code is protected by the First Amendment. Given the court's use of the first for all sorts of things, allowing the government access to make changes seems akin to allowing them to edit content in order to stifle expression.
I sure hope that you're right. Are there precedents in which risk of harm from disclosure has successfully served as an unreasonable burden? (I am obviously not a lawyer.)
I'm no lawyer either so probably should not have talked out of my ass about whether this makes anything easier or harder for Apple. On the other hand, a big part of the justice system adjudicating the conflicting rights and duties of various parties.
More importantly, as actual lawyers here and all over the internet always remind us, the law does not work in terms of nerd technicalities. I'm harmlessly changing numbers on a computer as I type. If I were changing numbers on a computer that keeps track of your bank account, I could go to prison.
I've been reading some court decisions regarding technology lately and they're not impossible to follow.
It's not all legal speak. There's some reason in judgements and magistrates are generally verbose in their statements.
I'm not a lawyer either but I think any reasonable person could see that forcing Apple to give away its source code and signing key would present Apple with some significant security burdens.
It's very similar to what Apple was previously arguing, except the DOJ just made Apple's case stronger because there's the added element of risk that the FBI could now be the ones to let the modified signed software get out into the wild.
In the former situation, Apple was in charge of security of the back door, so there was only one escape hatch, so to speak, and they're the experts (which the FBI Director has noted many times). If Apple were to hand over the source code, the FBI's systems become another target of attack by hackers.
It was a really dumb statement by the DOJ. They intended to sound commanding, but they just weakened their case and helped Apple.
Not a lawyer either, but AFAIK the main difference is you are not exceeding your authorization when using your own computer. You could break into a bank computer, harmlessly write a post on here, and probably still go to prison.
I haven't seen mention of this since the news first broke, but is the FBI not asking Google for the same permissions? Is it simply that the FBI requested this access from Apple first?
From the articles I've read about Google executives affiliation with the government - Eric S. in particular, I'd say they don't need the courts to get whatever they want
Why is the Democratic Party and President Obama taking heat for this? It is his call. He could stop it if so desired. After all, it is an election year.
What's Apple's lawyer talking about the JFK assassination for? That's kind of weird. He could have talked about the various things Hoover did without going into conspirac theory land.
