Not sure if this deserves its own thread, but it seems like it might be a pretty interesting precedent, depending on the outcome of this argument.

A state judge has ordered Apple, as a company, to decipher the encryption locking Syed Farook's phone, and Apple/Tim Cook is refusing. I'm not sure where I stand personally. I'm certainly against our government's encroachment on civil liberties going all the way back to the Patriot Act, but for some reason, I feel like this is something that Apple needs to do.

What if down the road someone uses an iPhone to rig a bomb, and the only way to defuse it is to get into it...would Apple refuse then? Sure, that's a Mission Impossible type scenario, but not much different from the real-life argument going on currently.

http://us.cnn.com/2016/02/16/us/san-bernardino-shooter-phone-apple/index.html?iid=hp-stack-dom

2/17/2016 8:17:06 AM

If the judge is ordering it, isn't that essentially a warrant, or has a warrant been issued? If they have a warrant I don't see the issue.

2/17/2016 8:52:39 AM

It's not about simply unlocking the phone:

Quote :

"Apple said that the FBI had requested that the tech giant produce a new version of the iPhone operating system which circumvented key security features to install on Farook's phone. "In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone's physical possession," Cook's letter said. While the FBI did not describe this as a backdoor into the iPhone, complying with the request would "undeniably" create one, and limiting its use to the Farook case could not be guaranteed, it said. "The government suggests this tool could only be used once, on one phone. But that's simply not true. Once created, the technique could be used over and over again, on any number of devices," it said. "The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe," the letter continued, adding it could find "no precedent for an American company being forced to expose its customers to a greater risk of attack.""

[Edited on February 17, 2016 at 9:18 AM. Reason : re: thread title]

2/17/2016 8:54:58 AM

Oic

2/17/2016 9:06:49 AM

I don't see how the requests are any different though. They say the FBI wants a new OS to install on Farook's phone, but how is that really any different that ordering them to simply come up with an app or something that circumvents the encryption/password? Same thing, just different paths to get there.

2/17/2016 9:20:25 AM

Or you could read the article.

2/17/2016 10:10:58 AM

Yeh, this is a tough one. Once the door is opened to one phone, it's opened to all phones, defeating the entire purpose of their security measures. It's not as simple as, just do it on this phone.

2/17/2016 10:28:43 AM

Trump is giving his opinion on this. He thinks Apple should comply. Foreshadowing for what kind of president he would be.

2/17/2016 11:45:04 AM

He's probably pandering to the morons who think, "OMG, TURRISTS. FUCK THEIR CIVIL LIBERTIES!" because they don't have the capacity to consider the ramifications of such actions, nor that their own liberties very well may be impacted. But if they did, they still would want Apple to do this, 'cause, "IF U AIN' GOT NUTHIN' TAH HIDE, THEN U AIN' GOT NUTHIN TO WORRY 'BOUT".

2/17/2016 11:47:27 AM

My understanding is that the fbi is asking for a way to brute force the passcode, they're not asking for a way to get the encryption keys for anything.

this isn't really a backdoor and is probably something the iPhone hackers already know how to do. But maybe I'm not understanding something here...

2/17/2016 12:38:52 PM

Apple has been fairly outspoken about security and encryption issues. This is about preventing a precedent that will be used to force built-in backdoors.

2/17/2016 12:55:54 PM

This one is nasty. I'm not sure this is a slope i would be willing to put my footing on.

In terms of the precedence being set here, a tech company isn't worth its weight in buttholes if it can't ensure the protection of user data.

2/17/2016 12:56:17 PM

Quote :

"My understanding is that the fbi is asking for a way to brute force the passcode, they're not asking for a way to get the encryption keys for anything. "

Apple provided engineers to help try to get in, but what the FBI is asking for is a revised OS that circumvents the encryption

2/17/2016 1:23:53 PM

We mist unlock this phone so we cam find plans for an attack that already took place

2/17/2016 2:19:38 PM

Quote :

"this isn't really a backdoor and is probably something the iPhone hackers already know how to do."

It is 100% a backdoor, and I don't think your second assertion is correct.

2/17/2016 2:27:31 PM

This is something the national security/intelligence complex has been pushing for a while now. This San Bernadino thing is the first convenient excuse they've had to trot this shit into court and hope that the idiotic public jumps on their side without thinking it through.

Building a back door into encryption makes encryption worthless, and opens phones up to all kinds of intrusions by people other than just government. How long before financial data is stolen right off your phone, or your employer plants child porn on your phone because you're threatening to sue over some kind of discrimination, or unscrupulous cops plant some kind of evidence directly onto your phone.

It has all kinds of massive, far reaching and irreversible negative consequences with virtually zero actual benefit in terms of national security.

This is a horrible idea, and I hope apple is able to show that they not only can't do this, but they will continue to refuse the idea of building in a back door.

2/17/2016 2:49:28 PM

^seconded

2/17/2016 2:52:49 PM

Quote :

"From the court order, we even know what kind of backdoor the US government wants: Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware. "

Quote :

"Apple provided engineers to help try to get in, but what the FBI is asking for is a revised OS that circumvents the encryption "

To me, encryption is the mathematical process of encoding data with public and private keys per the RSA algorithm (and its derivatives).

How a device uses this encryption process isn't a backdoor to encryption. It is a backdoor to security features, but it doesn't violate the mathematical principles of encryption to allow any hacker to crack their way in.

I'm completely against Apple being required to have a separate set of encryption keys to bypass user encryption or something else along those lines, because this is a Pandora's box.

I don't have anything against Apple creating a narrow, case-by-case basis technique for bypassing programmatic security features. I do agree with Apple that this is an issue that needs more clarification than "this 200 year old court order says you have to do this" because the world has changed.

But what the FBI is asking for isn't unreasonable, and why they're asking for it isn't even unreasonable, it's just how they are asking for it that sets a dangerous precedent.

Quote :

" Once the door is opened to one phone, it's opened to all phones, defeating the entire purpose of their security measures. It's not as simple as, just do it on this phone. "

This isn't true, I don't think, based on what i've read. FBI isn't asking for a means to access the private keys, or a root or master key.

[Edited on February 17, 2016 at 3:04 PM. Reason : ]

2/17/2016 3:02:08 PM

Quote :

"This isn't true, I don't think, based on what i've read. FBI isn't asking for a means to access the private keys, or a root or master key."

This isn't about keys. It's about creating an OS which can circumvent security features on the phones.

Quote :

"Apple said that the FBI had requested that the tech giant produce a new version of the iPhone operating system which circumvented key security features to install on Farook's phone. "In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone's physical possession," Cook's letter said. While the FBI did not describe this as a backdoor into the iPhone, complying with the request would "undeniably" create one, and limiting its use to the Farook case could not be guaranteed, it said. "The government suggests this tool could only be used once, on one phone. But that's simply not true. Once created, the technique could be used over and over again, on any number of devices," it said. "The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe," the letter continued, adding it could find "no precedent for an American company being forced to expose its customers to a greater risk of attack."

2/17/2016 3:49:51 PM

They don't want Apple to "create an OS" with this, they want a special firmware revision for the iPhone 5C model the San Bernadino attacker has for them to load on that single specific phone (allegedly) to bypass the lock code.

They're not asking apple to change iOS they ship to consumers with this back door. They're not asking apple to disallow this backdoor in future phones either.

2/17/2016 3:54:49 PM

let's not be pedantic about OS vs firmware

once it's created they can not uncreate it

2/17/2016 4:06:03 PM

I don't like the fact that the government is asking for this, and I don't like the fact that Apple is refusing. I'm torn.

But, I feel like Apple is using this as a publicity stunt to tout their security.

2/17/2016 4:09:15 PM

Quote :

"let's not be pedantic about OS vs firmware once it's created they can not uncreate it"

Why is moron being such a moron about this?

Quote :

"But, I feel like Apple is using this as a publicity stunt to tout their security."

Then you obviously pay zero fucking attention to the news, primarily as it relates to the history of the US government vs tech companies in the realm of user privacy and data security. How could you be this clueless?

[Edited on February 17, 2016 at 4:45 PM. Reason : V yeah that was a particularly moronic passage from that post,hard to pick just one tho]

2/17/2016 4:39:28 PM

Quote :

"How a device uses this encryption process isn't a backdoor to encryption. "

you're trying way too hard here.
encryption is intended to protect data. the keys are absolutely pointless if you have the data by any other means. it really doesn't matter if the FBI is asking for encryption keys, passwords, "backdoors", or any other security measure.

this case will be huge for data provacy and security.

2/17/2016 4:42:32 PM

Quote :

"let's not be pedantic about OS vs firmware once it's created they can not uncreate it "

It's not pedantic. Saying "create a new OS" implies Apple is making a new iOS point revision, when that's not what's happening. If I load an app on my phone that changes some native ability, i haven't "created a new OS". People who create jailbreaks aren't "creating a new OS" in a meaningful sense.

Quote :

"encryption is intended to protect data. the keys are absolutely pointless if you have the data by any other means. it really doesn't matter if the FBI is asking for encryption keys, passwords, "backdoors", or any other security measure. "

This is kinda silly... By your reasoning here, Apple has already broken the encryption by giving the FBI the iCloud data. Encryption is encryption, it doesn't have more than 1 definition in the technical sense.

Encryption is not being broken here nor is Apple even making this claim.

Apple is not being asked to break encryption, they're being asked to bypass the retry delay and erase-after-fail of entering your passcode. They're being asked to help brute force a password.

2/17/2016 6:29:06 PM

in the words of Apple themselves:
http://www.apple.com/customer-letter/

Quote :

"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession. The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."

stop being fucking pedantic

2/17/2016 6:32:16 PM

^ lol, Tim Cook isn't going to say "firmware variant" in an email for the masses. That wording is for your mom and dad, not you and i.

You and I both know that the task at hand isn't to "Create a new OS" and the intention isn't to deploy this to shipping iPhones.

2/17/2016 6:34:53 PM

http://lmgtfy.com/?q=definition+of+pedantic

changing those security features does in fact require changing the OS. once apple creates that, they can't uncreate it, and they have no guarantee how it will be used

[Edited on February 17, 2016 at 6:38 PM. Reason : stop being a moran]

2/17/2016 6:36:55 PM

Quote :

"and the intention isn't to deploy this to shipping iPhones."

Yup obviously not, and no one here said that was the case, but don't let me slow down your strawman train.

As we keep copy pasting for you to hopefully read, this is clearly a Pandora's Box situation.

2/17/2016 6:52:21 PM

Great job Apple. I don't see how anyone thinks they should do this.

2/17/2016 7:18:16 PM

LOL, it looks to me like most of you are conflating this "encryption backdoor" issue with the one a few weeks ago, when congress et al was calling for literal encryption backdoors (separate "secret" passwords or keys or whatnot).

This issue is different than that issue. Note that Apple's complaint isn't even that they have to create this security bypass, their complaint is that they they are being ordered to do so by a court order that they don't view as applicable, and are asking congress to clarify the condition where they must perform these bypasses (and congress might come back and say "anytime any law enforcement wants it-- and while youre at it, bake it into the shipping product"). Apple is fine doing the bypass, they probably just don't want to have to do it for every local department and government agency that asks-- because that's obviously a huge problem.

I hope you all realize by now this is not an "encryption backdoor" issue, but an issue with legal procedure.

No one is asking for an encryption backdoor, an encryption backdoor that's secure is impossible to begin with, and it wouldn't be possible to implement retroactively anyway (which is good... because no one is asking for this).

2/17/2016 7:19:26 PM

switch your argument... good call

2/17/2016 7:24:21 PM

[Edited on February 17, 2016 at 7:39 PM. Reason : eff it]

2/17/2016 7:33:48 PM

lol wtf dude

2/17/2016 7:43:49 PM

Quote :

"What if down the road someone uses an iPhone to rig a bomb, and the only way to defuse it is to get into it...would Apple refuse then? Sure, that's a Mission Impossible type scenario, but not much different from the real-life argument going on currently."

Any time you're basing your opinion on the "ticking time bomb" scenario, you aren't being rational at all and should take a step back and reconsider your opinion.

2/17/2016 8:07:25 PM

Richard Burr (R-NC) came out against Apple: http://www.usatoday.com/story/opinion/2016/02/17/apple-san-bernardino-terror-attack-court-order-iphone-richard-burr/80525170/

Just FYI he's up for re-election this year, and the leading Democratic candidate is Deborah K. Ross, a former long-time state ACLU leader; I think she's on the right side of this issue: http://www.deborahross.com/#bio

2/17/2016 8:16:59 PM

Great to see moron and Burr in the same camp

2/17/2016 10:06:57 PM

One of these terrorists would not be dumb enough to save important contacts in their phone, or send damning emails. But in the government's mind, they have to be sure.

But this can't be the first case where law enforcement has needed to get into an iPhone for evidence, so I'm not understanding why the FBI just can't use whatever has been used in the past. Or is this really the first case in which law enforcement has needed to get into an iPhone and can't?

What the FBI is asking for is unreasonable.

2/17/2016 10:35:34 PM

http://gizmodo.com/why-you-should-care-about-apple-s-fight-with-the-fbi-1759639200

[Edited on February 17, 2016 at 10:38 PM. Reason : h/t to TGD]

[Edited on February 17, 2016 at 10:40 PM. Reason : V he sadly knows nothing about what he types]

2/17/2016 10:37:35 PM

Quote :

"This is kinda silly... By your reasoning here, Apple has already broken the encryption by giving the FBI the iCloud data. Encryption is encryption, it doesn't have more than 1 definition in the technical sense. "

whoosh

pretty sure several ppl already posting in this thread know what encryption is, and that it isn't being directly broken in a purely technical sense. you're too deep in your own semantic argument

apple shouldn't be giving any private data, be that from icloud or directly from a personal device.

[Edited on February 17, 2016 at 10:41 PM. Reason : ]

2/17/2016 10:37:45 PM

If Apple has private data in iCloud, they should be giving that to the authorities, subject to a warrant or court order. That's just how that ish should be. I've got absolutely no problem with that. But providing a hack for their own device? Hell no.


Honestly, if you look at this, it really is uncharted territory to me. Warrants, as envisioned at the time of the writing of the Constitution, are premised on the notion that the authorities could always get at the subject of the warrant. If a guy kept some shit in a safe, the police could get into that safe, with or without that guy's help. This is frankly different. At the same time, if Apple complies with this request, it instantly makes every other device vulnerable, both to the government and to outside agencies. You won't here me say this often, but it's something which was largely unforeseeable by the drafters of the Constitution, and I think it's something which isn't covered. There's clearly a compelling government interest in gaining access to the phone's data, but no good way for them to d so. By the 10th Amendment, you would argue that whatever power would be necessary to compel Apple to act isn't granted to the Federal government, so the Federal government can't do it. But that still leaves us at the question of how to provide the government such a power, but how to also reign it in, while at the same time not also making devices vulnerable.

[Edited on February 17, 2016 at 10:52 PM. Reason : ]

2/17/2016 10:52:38 PM

Quote :

"apple shouldn't be giving any private data, be that from icloud or directly from a personal device. "

Well, Apple has happily crossed this bridge in the former sense (and has been doing so for years now actually-- even for local law enforcement), and are willing to do so for the latter, once congress clarifies the ruling.

I honestly don't know if you all are for or against Apple, you're saying youre supporting Apple, but youre against what Apple has already done, and has not expressed disdain about doing in the future.

I'm the only one who has a consistent position supporting what Apple is actually asking for, which is clarification on the laws and reaffirming the need not to impinge on the encryption algorithms.

Quote :

" At the same time, if Apple complies with this request, it instantly makes every other device vulnerable"

I doubt this. The only reason Apple is in this situation is because they do have a very tight integration between iOS's security and the hardware. If this were another phone, they could likely use existing commercially or publicly available tools to brute force the passcodes, or just directly extract the data. Depending on the phone, the sourcecode of the bootloader or firmware might even be opensourced completely.

I also see no reason Apple couldn't go further and tie the delay and erasure-on-failed-attempts to hardware on future devices, making it impossible to comply with the FBI's orders to allow a brute force attack in software.

This is an interesting case, because it's not exactly like breaking into a lock or a safe, and there's no good way to structure a law that couldn't be engineered around, unless the law mandated these engineering practices not be followed, which i'm hoping won't happen (but could see happening and probably every presidential candidate except maybe Bernie would sign that law, with many of them advocating it).

Apple is in a tough spot... they can either work with the FBI and be compelled to help access customer data at the drop of a hat, or they can ask congress to clarify and force all electronics manufacturers to put these bypasses into every shipping product.

[Edited on February 18, 2016 at 3:30 AM. Reason : ]

2/18/2016 3:22:05 AM

Quote :

"http://gizmodo.com/why-you-should-care-about-apple-s-fight-with-the-fbi-1759639200"

This is a good article that's mostly saying what i've been saying all along. She gets 1 crucial piece of information wrong though when she says:

Quote :

"especially a tool that would make other safes completely useless as secure storage. ... There is more than one person’s privacy at stake here!"

In light of the fact that the FBI might be able to brute force the passcode, iOS currently has the capability to set a full password as the unlock, making a brute force attack of the nature the FBI wants untenable, if you choose a good password. A brute force tool doesn't affect other iPhones, it just makes security conscious people have to remember a longer password to unlock their phones.

2/18/2016 3:39:16 AM

Well, that article also makes it sound like the iPhone 6's have a completely different security architecture, and it didn't go into details but kind of alluded to it being "unhackable." I hate that word because nothing is unhackable, but it sounds like it would be a lot harder for the government to get into a newer iPhone.

2/18/2016 7:13:01 AM

^ that's referring to apples new secure enclave chip:
Secure Enclave
The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even
if the kernel has been compromised.
The Secure Enclave uses encrypted memory and includes a hardware random number generator. Its microkernel is based on the L4 family, with modi cations by Apple. Communication between the Secure Enclave and the application processor is isolated to an interrupt-driven mailbox and shared memory data bu ers.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the le system by the Secure Enclave is encrypted with a key entangled with the UID and an anti-replay counter.
The Secure Enclave is responsible for processing ngerprint data from the Touch
ID sensor, determining if there is a match against registered ngerprints, and then enabling access or purchases on behalf of the user. Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface
bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

[Edited on February 18, 2016 at 9:34 AM. Reason : ]

2/18/2016 9:33:50 AM

Quote :

"I honestly don't know if you all are for or against Apple, you're saying youre supporting Apple, but youre against what Apple has already done, and has not expressed disdain about doing in the future."

hold on lemme go make a new thread

2/18/2016 12:38:58 PM

I find it interesting, and terrifying, that a court can compel and uninvolved third party to undertake what I'm sure is a hefty amount of expense in equipment and personnel. Is this really any different than a judge issuing an order that I go spend weeks digging up a field where a killer may have buried bodies just because I happen to own a shovel? Granted, Apple has a unique skill set but the idea stands. Suppose Apple can't defy the order. Do they get compensation?

2/18/2016 2:05:07 PM

http://arstechnica.com/tech-policy/2016/02/nsas-director-says-paris-attacks-would-not-have-happened-without-crypto

2/18/2016 2:17:46 PM

did they not try 6-9-6-9 or 1-2-3-4?

2/18/2016 2:18:33 PM

From all the stories I hear about No Such Agency, I would assume if Apple can do this, so can they. Why don't they just have the NSA do it?

2/18/2016 2:32:15 PM