News topic: Apple & FBI

@narfcake

Pretty good run-down here:

http://daringfireball.net

Obviously pro-apple biased, but still a good job covering the bases.

Ben Thompson of Stratechery nailed it. Constitutionally, morally, free market wise, and just about every other philosophical way of looking at it, Apple is in the right

Except for the optics of looking like you're siding with a terrorist

I no longer have SIPR access, not in the loop on what the Intel community is saying these days. But conventional wisdom just a couple of years ago was that none of the bad guys are dumb enough to store anything significant on a handheld device that could easily be left on a diner table or subway bench

The list of contacts would be about the only interesting thing, and that is easily obtained with counterintelligence basics

GPS data could be interesting, but again, that's basic police work

A bad guy who's dumb enough to keep a file in his email inbox that's labeled "top secret terrorist plot information" is probably also dumb enough to do a bunch of other things that make them easy to track

@FroodyFrog

When the patriot act was passed, marketing guys tried to dissect public opinion, and the bottom line is, most Americans don't give a shit about privacy anymore

Take identity theft, four instance. Somebody asked into your credit card account, you just call MasterCard and tell them that your card was stolen on such and such date, and they forgive the charges

Granted, it's more complicated than that, but not in the eyes of most people

Most folks have been operating under the assumption that everything is being monitored anyway.

@hallmike And you don't think China might request this capability for every phone sold in China?

@joe43wv But they arent creating a back door. They are (or should be) creating a one time use tool to break into one terrorist's phone. It would only be a "back door" if it was built into the standard software on every one of their phones.

@hallmike It doesn't work that way. If the FBI can demand a back door now, they can reference this instance next time and say "but you did it then" and set the precedence that it's okay do do this all the time. It is NOT okay to do this now, or ever.

@hallmike It's like if someone created an indestructible plastic material and the government asked them to create a solvent that can only melt one particular item wrapped in this plastic... it's just not possible.

@hallmike That's the problem, if they do it once the government will step in and strong arm Apple into making it part of the iOS software and at that point the encryption is useless.

@joe43wv They could make that law whether Apple does this once or not. This is not like leaving the key in your door's lock - it is more like losing your key to avoid a court ordered warrant to search your house, and the lock company refusing to unlock your door with a skeleton key. I think the precedent was set long ago allowing law enforcement to search your property with the court's permission.

@hallmike

Unfortunately, there is no such thing as "one time use" in our legal system or constitution. Jurisprudentially, it doesn't exist.

@MehnofLaMehncha I'm OK with that too. If doing this helps stop even one terrorist act it's worth it. Courts have been allowing searches of all your other property with probable cause so why would your phone be any different?

@hallmike The problem is for the FBI to search this one device they have to give up the keys to the kingdom that can put the security of all iPhones users at risk of being monitored more than we are now. Like @Mehrocco_Mole said the FBI can obtain 95% of the information they need by obtaining information from the carrier. If they want to know what was being talked about on the phone conversations I thought the NSA was recording all phone conversations. So even with just that server if any phone calls were made they can retrieve the recordings without giving up the security of everyone.

@hallmike The phone is not different, and presumably the carrier has already given the FBI all of the metadata available for the phone and Apple has given them everything they have on the phone as well. They have cooperated fully with the court orders. Apple can't give the FBI the password to unlock the phone because Apple doesn't have that, nor does it have software that can get the password.

What the FBI is asking Apple to give them is a rewrite of the operating software leaving out the safeguards on the encryption. They want Apple to create an alternate operating system for the phone that deliberately compromises its security. That goes beyond a court ordered search and creates a dangerous precedent - and all for stuff on a phone that is mostly available by other means and is unlikely to give any new information to the FBI.

@hallmike It's not something simple as black and white of giving up the password of one users password. The FBI is asking Apple to give up the "keys to the castle". So why should we all have to give up our personal security on our devices because of one person. The whole point of security is to only allow authorized users access, so why should all of us give up our security just because the playground bully is telling us we should?

@joe43wv I understand that they supposedly have to create a new version of iOS, but that can all be done privately within Apple's headquarters, and the software can stay locked in Apple's "vaults" along with the original source code. They aren't giving anyone this software and it has as much chance of being released to the wild as their original source code.

I also appreciate you having this discussion without it degenerating into name calling. No matter the outcome, the discussion needs to happen.

@hallmike said: " It would only be a 'back door' if it was built into the standard software on every one of their phones."

Effectively, that is what the FBI is asking for. The phone is locked with a password. If Apple were to create modified software with compromised encryption, they would still have to get that software on to the locked phone to replace the existing software. They would need a program to force an update to software without the knowledge or permission of the owner/user of the phone. And this would not/could not be a one-time use thing with the software then destroyed, because it would create a precedent. Once created, the "forced update to op system" software could, and would, be required for use any time the FBI got a search warrant for an Apple phone.

@joe43wv Also, they probably already have the phone call logs and text data from the carrier. But there is potentially a ton of info on the phone that never crossed the carrier's pipes. There could be photos from the last terrorist pool party showing possible accomplices and supporters. I don't know if the iphone has the capability, but I can create PDFs and text documents locally, as well as hand written notes with the S-pen. All of this is potential evidence that could help stop the next terrorist attack, and for me that is worth it.

@rockblossom I'd be willing to bet Apple already has methods of putting software on their phones without user intervention, which. And I'm OK with creating new precedent. If Apple gets away with blocking this court order, they will see a surge in sales of iphones to every terrorist and criminal in the world because their illegal data would be safe. THAT would be a worse precedent in my mind.

@hallmike Thanks for the compliment. I'm always up for a good debate and this topic is an important one, regardless of which side you are on. I'm all for the FBI doing their job, but I'm also for a fair balance between personal privacy and government invasion and I think that the FBI is conveniently using platform as an excuse to further their grasp of sticking their nose where it doesn't belong.

@hallmike and how is that any different than the burner phones they have currently other than the higher investment in the phone.

@sohmageek my friend said that quote in English class when someone brought up the topic in our morning news segments

@rockblossom so reading more into it. The fbi want apple to create the software and sign it. If you were to put a device into dfu mode you could install signed software onto it upgrading but only if it accepts it. It may delete all data in the process(I've successfully upgraded from dfu both ways destructive and constructive when jailbreaking and/or removing jailbreak or upgrading to beta pre-public beta.) the fbi want apple to sign it to allow the software to be installed. They also want to remove the delay and wipe feature of the phone. Thus bypassing the encryption's fail safe of wiping if it's not answered properly.

@joe43wv "the software may contain unfixed security issues, and that development of TrueCrypt was ended in May 2014, following Windows XP's end of support."

There are still 3 supported forks that you can use as alternatives.

@cengland0 I seen Veracrypt as one of the forks. Has anyone used this to verify that it is as secure as TrueCrypt use to be?

@joe43wv No idea of the technical security of it (nothing is perfect!) but it seems to have good track record with people who are more technical than I am and I use it with no issues. I personally trust it more than Bitlocker which is a Microsoft product.

@uwacn

@uwacn Pay no attention to the man behind the curtain. Just remember that the funding for the jailbreak will not come from a visible appropriation.

@Kidsandliz very true. However if you sell something with this level of security and have drilled it into the customer base that not even you have access, no matter what. Then you break that promise, even though you were ordered to do so under duress. Your security has been compromised and you now aren't worth a grain of salt.
Do I wish there was a way one time without compromising the integrity of Apple/iphone. Yes. However... The needs of the many outweigh the needs of the few. Or the one. 🖖
One phone a tool to undermine the security of encryption. Not worth it. It's not just iPhone here also folks. If apple does it, then there is a precedent set for any encryption to require a backdoor for federal warrants. When there is a backdoor, no matter how few know of it, it gets out somehow someway. Ask Sony. Remember George hotz (geohot.)

@Mehrocco_Mole pretty sure texts are captured by the carriers/nsa. iMessage however doesn't go that route and I believe is stuck behind the security. I remember there were ways around it, but the fbi doesn't want to force a backup and try to crack it for 20+ years.

@awk I agree encryption is the key. Now what would be awesome (and bad at the same time) is if someone that was "in" on this logged into iCloud and remote wiped the phone. Granted it's probably in a lead box to prevent that but if someone were to do that Apple would get IP info on where the request came from and a new lead for the fbi, then Apple could say it's gone no need to worry about them making a backdoor, and the fbi gets something. Win-win?

@sohmageek have you been watching tv again ?

@ceagee what do ou mean by that? I didn't see the news yesterday, did I miss something that happened? Or toward weird plot line joke?

@sohmageek weird plot line joke. It obviously fell flat. Oh well. I don't make my living as a comic. : )

@thismyusername

Come on, where's your faith in humanity?
/s

@thismyusername you forgot that the universal key was this but needed a court order to obtain it.

@tmwest87
Sorry, but no, there's not. Either the govt wins and all those "dire, overblown" comments that Cook makes come true, or Apple wins. Technically, this is an either/or.

@dashcloud The other side of that coin would set a precedent so that every terrorist and criminal could lock their illegal data away forever on an iphone and not have to worry that law enforcement could ever see it. Corporations would start keeping their cooked books on an iphone. Politicians could keep track of their bribe lists. To allow phones to be untouchable safe havens for crime and corruption would be far worse in my opinion.

@hallmike

This is an iPhone which is not a primary method for storing information for corporations. Companies have much better security protocols in place to encrypt their data already. If my laptop got lost or stolen now, nobody would be able to retrieve any of the data on it including the NSA, FBI, or CIA unless they had a couple thousand years to work out the encryption. The data is double encrypted so even if you worked out one of them, you wouldn't know you got it because the data would still be encrypted and you would still only see garbage data.

There are so many open source applications that can encrypt your data that the iPhone storage method would be considered so minor that it's not even worth bothering with as a storage method for corporations.

You also seem to be one of those paranoid citizens that think corporations don't pay their fair share of taxes and all politicians are corrupt.

^ basically this. the argument that iPhones are going to open up some brand new form of data destruction in a world full of encryption methods and burner phones and hammers is flimsy.

@cengland0 None of my devices are double encrypted like yours so who exactly is the paranoid one? Also, nowhere did I say all politicians are corrupt. You lost all credibility with me when you came into a civil discussion and started name calling.

@hallmike I work for a large corporation and have access to data elements like social security numbers. I also work from home. You wouldn't want that information to get stolen no matter who you are. It's not that it would impact my company as much as it would impact individual people so we are very careful to make sure that never happens.

To answer your question about where you said politicians are corrupt, that would be in this statement:

Politicians could keep track of their bribe lists.

@hallmike Let's consider that even organizations that are or should be highly motivated to keep stuff secret can't even do it.
Also, there's a lot of ways you can get at the data on an iPhone if you're not careful, despite the device being encrypted. If you don't need to worry about legality (at least in the sense of a court case), there's even more ways to attack the device depending on your resource & skill level.
Also remember- you have to be perfect at every level to keep something a secret- your adversaries only need to find a mistake or oversight.

@Lotsofgoats I'm just happy someone with a big bankroll is taking this to the courts.

@Lotsofgoats There's no issue with them handing over the information, it's giving the FBI a backdoor into the device. Apple should take the phone extract the contents and give it to the FBI under specific court order. Snooping any phone any time is another matter.

@joelmw The BBC has been referring to the software the government wants as the "FBiOS" - so they get it even if a lot of Americans don't.

@somf69
Why is this phone so much more important than every other iPhone that has come before it?
What should (or could) Apple do if this comes up again if they say Yes this time?
Where do you draw the line?
What do you do if a less-than-friendly or hostile nation asks for the same treatment Apple gives to the FBI?
Can you refuse state law enforcement if they come with a request?
What about local law enforcement?
Should privacy & security be selling points for a device?

@dashcloud ask the families of those killed why this phone is so important. I'm not a crazy Republican and I'm not a crazy tea bagger. I believe in privacy, but I also believe in reality. If this means helping us answering questions to what was a very dark day in American history, then Apple should stop this point they are trying to make and help.

@Kleineleh How's it working out for all those private bakers that want to not make cakes for gay weddings? (obviously my comment is somewhat flippant and rhetorical - it was just the first thing that came to mind when you played the cake card)

@MrsPavlov I thought of a bakery because I really wanted cake when I wrote it. I don't have any cake. I still want cake.

@Kleineleh Now I want the cake too.

@MrsPavlov but the cake is lethal!

@Kleineleh even if we don't look into the ever important realm of cakes, the precedent this sets in regards to warrants on phones for anybody considered a potential terrorist or a dissident or any other nebulously defined term that the gov't applies however the fuck they want day to day has TERRIBLE implications. the fact that this is a very high profile, emotional, and seemingly clear case is entirely the point. it's a strategic play.

@MrsPavlov Sorry about that. I forgot to get butter today so I'm still cakeless

@Lotsofgoats I get all that. I just didn't have anything new to say about it that hadn't already been covered. The cake thing was just a thought I had that hadn't really been touched on

@Kleineleh I'd make a trip for butter if it meant cake.

@MrsPavlov I really have no excuse, the grocery store is really easy walking distance from my house. I'm really bad about never wanting to leave once I get home in the evenings

@Kleineleh having to walk v. having a cake is a tough decision tbh

@Kleineleh I can see the door to a huge grocery store from my husband's office, and when I'm there I still drive over to their parking lot and walk in, even though it might be faster to walk there after I try to find a place to park - so I get it.

@MrsPavlov I'm glad it's not just me. I tell myself that I have to drive to carry all the groceries home. I usually put off grocery shopping until I am almost completely out of edible things in the house.

@Kleineleh all this talk about cake made me hungry..."let" my elder minion make cinnamon rolls....yummmmmy..

@mikibell Ooh, good call. I could use a minion of my own. But one that's old enough to bake already. And probably not until I'm responsible enough to buy groceries when I need them.

@MrsPavlov What if that wasn't going to happen, but now that you've mentioned it, it's inevitable?

@MrsPavlov Mrs Pavlov is a Nazi.

@cranky1950 Source?

@sohmageek Self fulfilling prophecy

@cranky1950 more credible source?

@dashcloud Shhhh. Nothing to see here, run along and play.

@MrsPavlov

@f00l And note: Apple could have downloaded all of the files on the phone to the cloud and handed that over to the FBI. But without telling Apple or asking for help, the FBI and the owners of the phone chose to change the password access to the cloud files, making it impossible to upload more files without the cloud password being entered on the locked phone. That leads me to one of two possibilities:
1. The FBI agents were really that dumb and had no clue about technology. Now they want Apple to compromise the iOS security to make up for their own idiocy. That doesn't instill any confidence in the proficiency of the FBI.
2. They deliberately changed the cloud access knowing that would cause exactly the problem it did, setting up a court order exactly as it did. This doesn't exactly make me trust the FBI.
See any other possibility?

@rockblossom
I dont use icloud, am not familiar w its ways. I did read about the password change that happened while the phone was in LEO custody. Quite possible that was done in order to set up a confrontation with Apple on this particular phone. So either of your scenarios seems possible to me.

No question this case was picked because the govt wanted an inflammatory situation to use as a test case to set a legal precedent.

Other prosecutors have been wanting to force Apple for some time, but held back (i have a prosecutor in my family). No one wanted to take Apple to court on a case that would create less of an emotional storm, because if the case is argued in court based on technical, privacy, security, and legal issues, Apple stands a huge chance of winning. If Apple wins a few routine court challenges, they own the precedent.

So they govt has to go with a terrorist case in the hope of creating a groundswell of public emotion in support ("why doesn't Apple just help fight terrorism?") while Apple argues the less emotionally accessible and attractive technical and legal issues which have the moral high ground but aren't easy and obvious.

People who think Apple is arrogant and "in the wrong" have about the same level of understanding as i do of neurosurgery. (Note, i have no medical training, and am no sort of computer security wonk either, i just know a little, and a little of what happens when security holes and backdoors are known to exist.) I dont mean to insult non-tech people here, all voices matter. Also, a little education can pay big.

This is a legal, moral, and technical issue with implications far beyond Apple helping with this case. If Apple caves to the court request, masses of US court orders will follow, and some of them will be accompanied by court ordered secrecy. And courts in other countries, friendly and otherwise (Canada, China, Russia, Iran, Syria, the EU countries, the former Soviet states, and everywhere else) will follow. They will try to tie Apple doing business in those countries to Apple cracking privacy on demand. So China and Syria could follow the activites of dissidents, and the Russian govt could go after political enemies.

That's just the start. Everywhere there is a competent tech industry or tech underground, everyone will be trying to steal, copy, reverse engineer, or get intelligence on what Apple did, now they know it's possible. The sums of money in play on this for intelligence and bribery will make prev corp and technical espionage look like mere training exercises. (Have heard gossip re the $ sums offered for technical info 30 years ago, on a less sensitive and now long-dead project.) At some point soneone will succeed in getting good intelligence and whoever wins that race wont be a good guy.

The long term implications of an Apple loss include a loss of power belonging to citizens vs the power taken by governments. An Apple loss may also be taken by US courts and courts elsewhere to imply the precedent that fewer personal rights in general belonging to individuals. (This is not paranoia, this is how legal systems sometimes work.)

Technology is moving so fast that non-tech people (including the courts) often seem to have a Disney-film level of understanding of issues, i don't mean to imply that technically sophisticated and experienced people have all answers or can see the future. No one can. We are in a very dangerous place, in that our technical achievements offer the opportunity to undermine or destroy the common sense we have of what is a just and decent society to live in, and to change things so fast the game and the world have changed before anyone looks around, and no going back, and you can't even know or measure what happened.

Perhaps the best illumination would come from a great new SF novel: something like William Gibson 2.0 or 3.0. Perhaps someone's wriiten the book, and i just haven't found it yet.

"May you live in interesting times."

@f00l There's just as much chance that criminals, hackers, and foreign governments could obtain the source code of the new, "cracked" version of ios that the court order is asking for, as there is of any of them getting their hands on the original source code of ios. If they were able to get the original source code they could compile a version of the OS with as many built-in back doors as they wanted, yet no one is freaking out over that scenario, and it is just as plausible.

@f00l not only to protect themselves with encryption, but can the government require a company to create new code (The Government isn't paying anything for this remember, but there is a cost for the employee(s) to make the new code) to comply with a court order. IT seems like the government wants a free ride on this also... but the company must pay the employee for their time...

@sohmageek I may have to reconsider my position now that Donald Trump agrees with me. Never thought that would happen.

@Lotsofgoats Yup. But this time it was only one phone, honest! A one-time thing on one phone. Because - terrorists!

http://www.wsj.com/article_email/justice-department-seeks-to-force-apple-to-extract-data-from-about-12-other-iphones-1456202213-lMyQjAxMTI2MjIzMzMyMTMwWj

@BigBalzac The NSA probably can, but it's rather unlikely the NSA is going to lend a hand here.
Also, the FBI doesn't really care about this phone- they care about setting a precedent.

@dashcloud of course their act is all about stomping on civil rights. John McAfee offered to crack THIS ONE PHONE for the FBI, for FREE. They won't take the offer because that wouldn't let them get the camel's nose under the tent. And violating the rights of Americans is what the enemies of America love to do. There's a reason "and domestic" is part of that oath, although many are quick to forget or ignore.

@narfcake And Congress is planning to pass a law
to force compliance. Are they trying to force tech companies to leave the country, or are they just so stupid that they don't see that as a possible result?

@rockblossom Both, probably. :(