Apple v. FBI

[iacas]

Just now, k-troop said:

Care to elaborate?

They want a new version of iOS to bypass all sorts of security measures, not just a simple key.

That is the short version of the elaboration.

Plus, the FBI has more than just this case pending. So it's not just this "one time" thing already. We're already traveling down that slippery slope.

And, though it may not really "matter" legally, the FBI likely has no real probability of finding anything at all helpful on the guy's work phone when he took care to destroy all of his other phones. Why would his super-secret terrorist master-mind plans and contacts be on his work phone?

[boogielicious]

28 minutes ago, iacas said:

They want a new version of iOS to bypass all sorts of security measures, not just a simple key.

That is the short version of the elaboration.

Plus, the FBI has more than just this case pending. So it's not just this "one time" thing already. We're already traveling down that slippery slope.

And, though it may not really "matter" legally, the FBI likely has no real probability of finding anything at all helpful on the guy's work phone when he took care to destroy all of his other phones. Why would his super-secret terrorist master-mind plans and contacts be on his work phone?

And why if it was so incredibly important would the FBI tell the county to change the code and not bother writing it down? Sounds like a smoke screen for incompetence to me. Or if you are the conspiracy theory type, they wanted to use this incident as a means to put pressure on Apple and Samsung to make these changes available to them.

[pganapathy]

As far as I am concerned, all companies should build as strong encryptions as possible into all electronic devices.  Yes, the downside is that bad elements (criminals, terrorists etc) can use this, but for me INDIVIDUAL liberties are far more important than the risk of a few people misusing it.  Of course this comes with a cost, but there is no such thing as a free lunch in anything

[saevel25]

http://www.wired.com/2016/02/apple-fbi-privacy-security/

Quote

“You hear over and over and over again, from the pro-backdoor camp, that we need to strike a balance, we need to find a compromise,” says Cardozo. “That doesn’t work. Math doesn’t work like that. Computer security doesn’t work like that 

Pretty much. Security needs to be absolute. There is no compromise. There is no such thing as an opening for only one group of people. If someone can open it, then any good hacker will find the same opening and exploit it. It's a pipe dream that the FBI thinks that only them or Apple would have this ability. 

Here are some more legal implications, 

http://www.wired.com/2016/02/encrypt-act-2016/

Quote

Secondly, Lieu points out that US laws apply only to US companies; while Congress can theoretically force Apple to allow a backdoor, it has no say over what Samsung or LG do with their devices. Last, and maybe most compellingly, is the simple fact that despite the impracticality and exposure, it wouldn’t necessarily even help.

There is another big issue in terms of globalization and would Apple just up and leave the US if push comes to shove? How does that look to those who support keeping jobs in the US? 

 

[k-troop]

56 minutes ago, iacas said:

They want a new version of iOS to bypass all sorts of security measures, not just a simple key.

What the court would find relevant to its decision in this case is what would Apple need to do to allow the FBI to obtain the information it wants from this particular phone.  Initially the FBI wanted Apple to disable the feature that resets the phone after 10 failed attempts to enter the 4-digit passcode.  Apparently this would require Apple to re-write a version of iOS that would allow the feature to be disabled, and then write that iOS to this particular phone.  The FBI could then plug the phone into a device that enters 4-digit numbers until it finds the right one.

I don't know if this is possible, but this is the information that was presented when the district court judge made the initial ruling.

If this were possible, it seems that the "backdoor" would only work with physical possession of the phone.  Physical possession of the phone would necessarily require a warrant--there's no way around that (excepting maybe some FISA authorities which aren't really relevant in this discussion).

56 minutes ago, iacas said:

Plus, the FBI has more than just this case pending. So it's not just this "one time" thing already. We're already traveling down that slippery slope.

Again, if the "key" requires a warrant to use then (IMO) the slippery slope argument is a non sequitur.  Warrants are not a slippery slope, they are the way the government proves to a court that they have a valid and compelling reason to violate a specific person's privacy in a very specific way.

Further, ordering Apple to provide reasonable assistance (and I'm not arguing this is reasonable, just assuming arguendo that the court's ruling stands) in the Farook won't necessarily change anything in other pending cases (if it can be done as was initially presented).  Once Apple has created the back-door they will certainly be directed to use it again in other cases, as they've already done most of the work to provide the assistance.  But, again, each of these cases would require physical possession of the device and two court orders (one to seize the phone, and one directing Apple to provide assistance). 

56 minutes ago, iacas said:

And, though it may not really "matter" legally, the FBI likely has no real probability of finding anything at all helpful on the guy's work phone when he took care to destroy all of his other phones. Why would his super-secret terrorist master-mind plans and contacts be on his work phone?

It is absolutely relevant to the court's decision.  The likelihood that the evidence requested will be found in the place where the FBI wants to look is the central question of the analysis.  The likelihood it will be found, and the importance of that information, is what the government's argument rests on, and the court will weigh that against any burden to Apple.

[newtogolf]

13 minutes ago, saevel25 said:

http://www.wired.com/2016/02/apple-fbi-privacy-security/

Pretty much. Security needs to be absolute. There is no compromise. There is no such thing as an opening for only one group of people. If someone can open it, then any good hacker will find the same opening and exploit it. It's a pipe dream that the FBI thinks that only them or Apple would have this ability. 

Here are some more legal implications, 

http://www.wired.com/2016/02/encrypt-act-2016/

There is another big issue in terms of globalization and would Apple just up and leave the US if push comes to shove? How does that look to those who support keeping jobs in the US? 

 

Apple already has one foot out of the US door given the tax implications and regulations a company the size of Apple has to deal with.  

Sadly people, including Trump, don't understand that you just can't create a back door and not expect people to exploit it or the government to abuse it.  

[saevel25]

5 minutes ago, k-troop said:

If this were possible, it seems that the "backdoor" would only work with physical possession of the phone.  Physical possession of the phone would necessarily require a warrant--there's no way around that (excepting maybe some FISA authorities which aren't really relevant in this discussion).

Not entirely sure about that. You do need to enter your passcode to install apps as well. So I could see the phone getting hacked to install an unauthorized app on your phone which could be problematic. 

3 minutes ago, newtogolf said:

Sadly people, including Trump, don't understand that you just can't create a back door and not expect people to exploit it or the government to abuse it.  

This is the FBI versus Apple not Trump. If you want to discuss Apple versus Trump then take it to the Donald Trump Thread. I am sure you would get 20 responses in the next hour if you do so ;) 

 

[k-troop]

1 minute ago, saevel25 said:

Not entirely sure about that. You do need to enter your passcode to install apps as well. So I could see the phone getting hacked to install an unauthorized app on your phone which could be problematic.

Not sure whether it's feasible, or not sure that's what the FBI wants?  Again, I don't know how feasible it is.  But from what I gather below, physical possession of the phone would be necessary to go through the door the FBI is requesting in THIS CASE. 

22 minutes ago, saevel25 said:

http://www.wired.com/2016/02/apple-fbi-privacy-security/

Pretty much. Security needs to be absolute. There is no compromise. There is no such thing as an opening for only one group of people. If someone can open it, then any good hacker will find the same opening and exploit it. It's a pipe dream that the FBI thinks that only them or Apple would have this ability.

 

Quote

The current Apple case doesn’t involve a backdoor in the traditional sense. The FBI is asking Apple to create a tool that would circumvent a feature that deletes all of the information on the phone after 10 failed password attempts.

 

[14ledo81]

26 minutes ago, pganapathy said:

As far as I am concerned, all companies should build as strong encryptions as possible into all electronic devices.  Yes, the downside is that bad elements (criminals, terrorists etc) can use this, but for me INDIVIDUAL liberties are far more important than the risk of a few people misusing it.  Of course this comes with a cost, but there is no such thing as a free lunch in anything

I agree with this as well.  IMO it is very similar to gun control issues.

[saevel25]

7 minutes ago, k-troop said:

Not sure whether it's feasible, or not sure that's what the FBI wants?  Again, I don't know how feasible it is.  But from what I gather below, physical possession of the phone would be necessary to go through the door the FBI is requesting in THIS CASE. 

That is at least what the FBI tells you. If there is a connection to the phone, given wi-fi and mobile are probably more secure than directly connecting to the lighting port. Not really that secure. 

[iacas]

Kevin, the "slippery slope" argument only fails to hold water if you think subsequent requests will be reviewed with the same scrutiny as this one. I think that's foolish to think so. And I'm not just talking about here in the US.

I realize you're just talking about the legal perspective but there are far-reaching technological and geopolitical ramifications here too.

Plus, once the backdoor OS is developed who will guarantee its absolute security? Nobody can. It's impossible.

The request is unreasonable and dangerous. Not to mention unlikely to yield anything useful.

[ghalfaire]

1 hour ago, iacas said:

They want a new version of iOS to bypass all sorts of security measures, not just a simple key.

That is the short version of the elaboration.

Plus, the FBI has more than just this case pending. So it's not just this "one time" thing already. We're already traveling down that slippery slope.

And, though it may not really "matter" legally, the FBI likely has no real probability of finding anything at all helpful on the guy's work phone when he took care to destroy all of his other phones. Why would his super-secret terrorist master-mind plans and contacts be on his work phone?

This is exactly correct.  The FBI and other LE organizations have been complaining that with the modern encryption techniques their job has become more difficult for a few years now. But with this horrific event they feel the courts and the population will support forcing a manufacture to "open" the system to intrusion by the Government.  I sill remember GW telling us after the Snowden revelations how they "always got a warrant" before intercepting any communications with a US citizen on US soil.  It was a lie and now again they want you to believe that they won't abuse a back door into every Iphone in this and other countries.  

The last paragraph is telling in that the Government isn't telling the entire truth to the populations.  This was the man's work phone issued by his employer.  He destroyed his personal phone so if anything of value was on this work phone wouldn't he have destroyed it too?  These guys aren't stupid, just crazy.

Old Ben Franklin was correct.  Stated differently a Government that can keep you 100% safe all the time is a Government that can also enslave you.  Giving up freedoms for the sense of increasing your personal security is bad idea and if you don't believe that you need more history books.

[k-troop]

4 minutes ago, iacas said:

Kevin, the "slippery slope" argument only fails to hold water if you think subsequent requests will be reviewed with the same scrutiny as this one. I think that's foolish to think so. And I'm not just talking about here in the US.

I realize you're just talking about the legal perspective but there are far-reaching technological and geopolitical ramifications here too.

Plus, once the backdoor OS is developed who will guarantee its absolute security? Nobody can. It's impossible.

The legal and technological issues are inextricably linked here, because the technological issue is being argued in the context of a court case.

The court is considering the issuance of a writ under the All Writs Act (AWA) to compel Apple to assist the FBI in unlocking Syed Farook's government-issued iPhone.  I know this is somewhat redundant information, but it's important to understand that the Court cannot decide the issue of cybersecurity vs. national security--that's Congress's issue.  The Court can only decide what to do with Farook's phone.

There are two ways the outcome of this litigation can impact other cases (as far as I see it).

--Apple develops the software code.  That specific code is applicable in other cases, and therefore Apple has a more difficult time proving "burden" in future cases involving an iPhone 5 running iOS 8.

It's worth noting that the DOJ's brief to the trial court did not request that Apple maintain the software code, at least according to some folks on the leading national security law blog. 

https://www.lawfareblog.com/we-enter-lions-den-join-us-we-get-flayed-reddit-ama-apple-and-fbi

Spoiler

Quote

I'm reading over the recent DoJ motion to compel Apple's compliance in the matter, and I'm noting that I can't find any provisions in it that preclude a strategy that Apple could be employing to fulfill the order and stanch any bleeding it may do on the business front-- nowhere in the order does it say that Apple must leave any and all vulnerabilities used in the defeat of the auto-erase function unpatched for future use in filling law enforcement requests. In fact, page 20 of the motion, while not explicitly listing such, seems to encourage actions that would definitely go along those lines (paraphrasing: "feel free to destroy your work after it's been used").

Which I guess brings me to my question: could Apple not simply leverage these vulnerabilities after careful (and I mean careful) study, and then using that same knowledge, immediately issue a patch for all iOS 8 devices, thereby creating the situation the DoJ purports this is-- a request for just one device and one device only, making any further requests for iOS device data that are rumored to be out there an impossibility to fulfill and kicking the public perception burden back into the government's corner

 

--Apple appeals to the 9th Circuit, and the 9th issues an opinion that validates this particular use of the All Writs Act.  Note that requiring a software company to design and issue signed software to support an FBI investigation is (I believe) a novel application of the AWA.

Legal experts don't believe the precedent will be that broad.

Spoiler

Quote

1) Do you think as a legal matter that the All Writs Act could be construed as giving a court the authority to instruct a US technology company to distribute malware to suspected criminals or intelligence targets via the technology company's "automatic security updates" mechanism?

No, the most it could create in terms of relevant precedent is the precedent that All Writs can be used to compel a company to issue “signed” software. This isn’t irrelevant moving forward, but a court would need to take on the question of malware updates on its own terms.

3) Do you think that it if the FBI were to win this case it would set a precedent that extends beyond unlocking phones to distributing malware, or do you think this claim is over-hyped?

Certainly not actual precedent, because courts decide narrow issues. But the idea that a company could be lawfully compelled under AWA to create and issue “signed software” would be relevant to the larger analysis the court would undertake.

 

 

 

5 minutes ago, iacas said:

The request is unreasonable and dangerous. Not to mention unlikely to yield anything useful.

Again, I agree that what they're likely to find is relevant to the discussion.  The FBI is taking a stance that the phone is relevant, therefore they should be able to exploit it.  I don't know whether bare relevance is enough for the Court or the FBI has demonstrated some specific information they believe is on the phone.  I will say that you'd be surprised what is "useful" to a trained investigator in the broad context of an investigation.  It certainly goes beyond the "List of terrorist contacts" folder in her e-mail.  The phone might store data about cell towers it has had contact with.  Times the phone has been turned on or off could be relevant.  There's all kinds of information on a phone that could fill small gaps for an investigator.

 

Let me conclude by saying that I don't know what the right answer is here, either under the law or the technology.  I do, however, trust the courts and the process, and I have a firm belief in the warrant system.

[iacas]

http://arstechnica.com/tech-policy/2016/02/snowden-lawyer-bill-of-rights-was-meant-to-make-governments-job-more-difficult/

Quote

 

Ars: Unlike prior cases, I feel like what’s different about the case in San Bernardino touches on the population as a whole, simply because a lot of people inherently understand: I have a smartphone, and I may or may not want the government to be able to have access to my stuff.

Ben Wizner: I’m not surprised when I see polls that say that Apple should turn over the information to the FBI. What our community has failed to do effectively is to change the framing, so that people understand that security isn’t on one side and rights on the other in this kind of dispute. But that actually security is on both sides—different kinds of security.

The reason why Apple mainly objects to this kind of order is not because of the constitutional rights of its customers but because it is going to make vulnerable their systems in ways that will be exploited by others. I have been urging colleagues to respond any time anybody asks about FBI and San Bernardino to say: the real conversation is about China wanting to unlock the phone of a US Embassy employee who they suspect is a CIA agent and don’t we want Apple to be able to say they can’t do that.

Don’t we want Apple to be able to say that they can’t help China track the communications of dissidents or other repressive regimes? And it’s exactly the same question if you move it from one place to another—I think people’s intuitions might flip. So long as the focus is on a terrorism investigation in the US, I think it’s going to be hard to get high levels of support for what Apple is doing.

I think that’s true.

But what’s amazing to watch is how much the government is essentially contriving test case litigation. This is the kind of thing that, candidly, groups like the ACLU do. We pick our ideal plaintiffs, we find our moment, and we present the case in a way that is most advantageous to the right we’re trying to uphold. But I don’t know that I’ve ever seen the government be this transparent.

It was reported this week that a week before the dispute went public the government recruited amicuscounsel for the San Bernardino victims so that they could participate in this litigation. And if you see the short piece that FBI Director Comey wrote on Lawfare, which is basically about looking the victims in the eye, it’s so emotional and manipulative, and it doesn’t address any of the core arguments against what the FBI is saying.

 

 

[k-troop]

46 minutes ago, saevel25 said:

That is at least what the FBI tells you. If there is a connection to the phone, given wi-fi and mobile are probably more secure than directly connecting to the lighting port. Not really that secure. 

To me it seems physical connection through the lightning port would be necessary, but I'm not a tech expert.  Is there a way the FBI can use the brute force method remotely?

[iacas]

14 minutes ago, k-troop said:

The court is considering the issuance of a writ under the All Writs Act (AWA) to compel Apple to assist the FBI in unlocking Syed Farook's government-issued iPhone.  I know this is somewhat redundant information, but it's important to understand that the Court cannot decide the issue of cybersecurity vs. national security--that's Congress's issue.  The Court can only decide what to do with Farook's phone.

It doesn't have to be Congress's issue. The Supreme Court and lower courts can effectively define the limits of laws, and the applications of laws, which then become the way things are done by precedent.

14 minutes ago, k-troop said:

There are two ways the outcome of this litigation can impact other cases (as far as I see it).

And I think you're being short-sighted in determining what matters to the court case. IANAL and you are, but still, the court has to consider the ramifications outside of this single case, both to Apple as a business and to security nationally and internationally. That stuff absolutely matters, because part of the "burden" being placed on Apple, and part of the "cost," involves those same things.

As for your hidden comment, as I understand it:

• The FBI would still own the phone and could copy the OS from the phone.
• It doesn't matter what version of iOS is running for this particular thing - The FBI is attempting to make Apple create a new "fbiOS" that would be loaded onto the phone.

14 minutes ago, k-troop said:

Apple appeals to the 9th Circuit, and the 9th issues an opinion that validates this particular use of the All Writs Act.  Note that requiring a software company to design and issue signed software to support an FBI investigation is (I believe) a novel application of the AWA.

The law was not written at a time when electricity was widespread, let alone powerful computers in people's pockets.

14 minutes ago, k-troop said:

Legal experts don't believe the precedent will be that broad.

I've read differently. And, you pre-suppose that the "precedent" will be adhered to, and again, that it doesn't matter at all internationally.

14 minutes ago, k-troop said:

Let me conclude by saying that I don't know what the right answer is here, either under the law or the technology.  I do, however, trust the courts and the process, and I have a firm belief in the warrant system.

I do not.

I believe the government has shown, particularly lately and particularly in regards to or beneath the umbrella of "terrorism," that it will massively overstep its bounds and intrude on our privacy and security.

8 minutes ago, k-troop said:

To me it seems physical connection through the lightning port would be necessary, but I'm not a tech expert.  Is there a way the FBI can use the brute force method remotely?

They asked Apple to build a new version of iOS that not only removed the "delete after 10 failed attempts" thing but which would also work over Bluetooth and WiFi (which also means it would have to accept a forced pairing without being unlocked first).

[k-troop]

5 minutes ago, iacas said:

They asked Apple to build a new version of iOS that not only removed the "delete after 10 failed attempts" thing but which would also work over Bluetooth and WiFi (which also means it would have to accept a forced pairing without being unlocked first).

I'm only going to respond to this part, because frankly I don't have anything else to add.  Good discussion but we see it different ways.

As for the above, the FBI certainly can ask for whatever they want.  But the Court will definitely want to narrow their ruling to only what will help unlock this specific phone.  If a physical connection will do the trick, I'd be shocked if any Court orders Apple to do more than that.

The 9th Circuit will decide this case, but Congress will most likely strike the overall balance on this issue.  If/when Congress does act, any precedent set by the 9th Circuit WRT the AWA will be nullified as the AWA only applies where Congress has not provided another more specific tool.

[Ernest Jones]

Pardon my ignorance, but how would Apple install a new iOS on a locked phone? Wouldn't they need the pass phrase to install the new software in the first place?