Home
Posted By: joemikeb And now for the story behind the news - 02/20/16 04:18 PM
This MacNN article puts an entirely new spin on the Justice Departments actions against Apple.
Posted By: jchuzi Re: And now for the story behind the news - 02/20/16 06:21 PM
That certainly inspires confidence that the government will be competent in respecting the Constitution... mad
Posted By: slolerner Re: And now for the story behind the news - 02/21/16 06:14 PM
Originally Posted By: joemikeb
This MacNN article puts an entirely new spin on the Justice Departments actions against Apple.

Thanks. I was going to post something to get an unbiased account of what exactly is of issue. Today on the news it was pointed out that the phone can be set to erase itself after three botched tries at the password. Are we back to the issue of whether erased flash memory can be recovered or not?

I'm still not completely getting it. I thought that if you could prove you were the owner of the phone and did not set it to erase Apple could already get into it for you, just like if you lost your password for an iPad.
Posted By: joemikeb Re: And now for the story behind the news - 02/21/16 09:38 PM
Originally Posted By: slolerner
Today on the news it was pointed out that the phone can be set to erase itself after three botched tries at the password. Are we back to the issue of whether erased flash memory can be recovered or not?

The option in iOS is to erase after ten (10) failed attempts, not three (3). The default setting is ON. If the report you read is so poorly researched that it missed something that basic I would take the rest with a lot more than a grain of salt.
Originally Posted By: slolerner
I'm still not completely getting it. I thought that if you could prove you were the owner of the phone and did not set it to erase Apple could already get into it for you, just like if you lost your password for an iPad.

Apple had been working with the FBI to use the only available recovery method which relies on iCloud backups but when the FBI or some other law enforcement expert switched iCloud accounts for the phone that recovery method went by the boards and cannot be recreated. The iPhone 5 and 6 along with iOS 9 are by design far more secure than previous ones.

If you believe what you see on the crime dramas on television when they blithely break into smart phones with a soldering gun and paperclip, I have a wonderful real estate investment you might be interested in. Its called the Brooklyn Bridge and you can get it for a song.
Posted By: grelber Re: And now for the story behind the news - 02/21/16 09:51 PM
Originally Posted By: joemikeb
... I have a wonderful real estate investment you might be interested in. [It's] called the Brooklyn Bridge and you can get it for a song.

Would that be a song penned by the fantabulous P.T. Barnum?! grin
Posted By: joemikeb Re: And now for the story behind the news - 02/21/16 10:18 PM
Originally Posted By: grelber
Originally Posted By: joemikeb
... I have a wonderful real estate investment you might be interested in. [It's] called the Brooklyn Bridge and you can get it for a song.

Would that be a song penned by the fantabulous P.T. Barnum?! grin

I can hear the strains of the calliope now grin
Posted By: slolerner Re: And now for the story behind the news - 02/21/16 11:29 PM
Take it easy. Woof. So the FBI is asking Apple to change their encryption so it is crackable, give the FBI the key, plus either make flash memory that can't be erased but looks like it is when the phone is reset or include a built in back-up that cannot be deleted? Am I close?
Posted By: jchuzi Re: And now for the story behind the news - 02/21/16 11:46 PM
Common software would have let FBI unlock shooter’s iPhone Just another instance of an official screw-up.

Question: How does an FBI agent (or any other government official) say "F*ck you"? Answer: "Trust me. I'm from the government".

Another question: If government employees are so bad at breaking into phones, why are those people called "hacks"?
Posted By: slolerner Re: And now for the story behind the news - 02/22/16 12:01 AM
What if it was his personal phone?
Posted By: jchuzi Re: And now for the story behind the news - 02/22/16 12:23 AM
Originally Posted By: slolerner
What if it was his personal phone?
That could be a problem.
Posted By: slolerner Re: And now for the story behind the news - 02/22/16 11:03 AM
AFAIK, his phone records are available with a court order. That's gives you a lot of someone's contacts. There are records of the time someone was texting. Those are used when there is a serious accident. If someone is not using something Snapchat, the content of texts are recoverable. There's no way to get his pictures unless he posted them at some time. Thats a standard investigation.
Posted By: slolerner Re: And now for the story behind the news - 02/22/16 11:14 AM
There are the same records for everyone else involved, the wife, the guy who sold him the weapon...
Posted By: joemikeb Re: And now for the story behind the news - 02/22/16 03:46 PM
Originally Posted By: slolerner
I'm still not completely getting it. I thought that if you could prove you were the owner of the phone and did not set it to erase Apple could already get into it for you, just like if you lost your password for an iPad.

Update. Apple removed that capability from iOS in the Fall of 2014 (iOS 8?) in response to customer demand. Apple can access user's iCloud data and has done so many times in response to a court order. However rumor is Apple is working on secure encryption for iCloud data perhaps along the lines of FileVault.

Originally Posted By: slolerner
What if it was his personal phone?

He destroyed his personal phone. The phone in question belonged to his employer and according to the phone records seldom, if ever, used.
Posted By: Ira L Re: And now for the story behind the news - 02/22/16 03:57 PM
Originally Posted By: joemikeb
Apple had been working with the FBI to use the only available recovery method which relies on iCloud backups but when the FBI or some other law enforcement expert switched iCloud accounts for the phone that recovery method went by the boards and cannot be recreated. The iPhone 5 and 6 along with iOS 9 are by design far more secure than previous ones.


It was reported in today's San Francisco Chronicle that the iCloud password reset was done by the FBI to prevent remote wiping of the phone data. The article said the government (at that time) did not know if someone else knew the shooter's password and would try to erase the iPhone's contents.

Remotely erasing an iDevice is something any owner (or person with the correct password) can easily do over the Internet.
Posted By: Ira L Re: And now for the story behind the news - 02/22/16 04:16 PM
There is an interesting MacWorld article that discusses the future civil rights impact of this issue. The gist of the article is "The crux of the issue is should companies be required to build security circumvention technologies to expose their own customers? Not 'assist law enforcement with existing tools,' but 'build new tools.'"

There is a rather lengthy reader comment section after the article with some interesting posts. Someone even manages to drag the Affordable Care Act into the discussion. These posts present an interesting spectrum on the matter.

There is one reader comment that I found worthwhile: "All governments are the product of a 'social contract' where freedom is balanced with security. In a democracy, this balance is under constant negotiation. Today, that process is skewed toward greater security paid for with lessened freedom. Tomorrow, we may feel and think differently but it won't be easy to reset the balance. Setting new precedents in this area should not be done without long and rigorous debate."
Posted By: slolerner Re: And now for the story behind the news - 02/22/16 04:16 PM
Originally Posted By: joemikeb
He destroyed his personal phone. The phone in question belonged to his employer and according to the phone records seldom, if ever, used.

The question was, what if he hadn't destroyed his personal phone? (I guess if he hadn't destroyed his personal phone it might be legal to waterboard it.) If he destroyed his personal phone and not his work phone, very little info could be gleaned from it anyway, I suppose.
Posted By: alternaut Re: And now for the story behind the news - 02/22/16 06:03 PM
The issue of botched data recovery isn’t just because of the fact that a San Bernardino County employee made recovery of Farook’s iPhone data impossible, but also because Farook’s employer (San Bernardino County again) neglected to enroll its phones in a device management program. This (simple and available) program would have had to include all County owned phones like Farook’s work phone, as well as any other 3rd party phone accessing data belonging to or under the access care of SBC, and would have made data recovery a cinch. ‘Big’ Brother Bernardino dropped the ball twice here.

Because of these two rather serious errors, the onus for recovery was dumped in Apple’s lap as sort of a third strike. The fact that this work phone (unlike the destroyed personal phone) is unlikely to contain any useful data for the FBI’s investigation won’t help that agency’s case, but doesn’t make much of a difference for Apple’s position either.
Posted By: slolerner Re: And now for the story behind the news - 02/22/16 11:01 PM
Another slippery slope.

The mere fact that he destroyed his personal phone is even more reason to believe there is nothing on this one.
Posted By: ryck Re: And now for the story behind the news - 02/22/16 11:09 PM
Originally Posted By: slolerner
Another slippery slope.

I don't understand.
Posted By: slolerner Re: And now for the story behind the news - 02/23/16 01:00 AM
I keep thinking about the far-reaching consequences of the Patriot Act. People were frightened. It is inconvenient that it was only his work phone but that isn't stopping the Congress from holding hearings to spin it. It's an Islamic extremist's phone, there's no way to access the contents and that's all anyone needs to hear.
Posted By: slolerner Re: And now for the story behind the news - 02/23/16 02:12 AM
On December 16, FBI Director James Comey said: "We can see from our investigation that in late 2013, before there is a physical meeting of these two people [Farook and Malik] resulting in their engagement and then journey to the United States, they are communicating online, showing signs in that communication of their joint commitment to jihadism and to martyrdom. Those communications are direct, private messages."
Posted By: ryck Re: And now for the story behind the news - 02/23/16 09:50 AM
Originally Posted By: slolerner
I keep thinking about the far-reaching consequences of the Patriot Act....

Originally Posted By: slolerner
On December 16, FBI Director James Comey....

I still don't understand what you meant by "It's a slippery slope" in response to alternaut's suggestion that there wouldn't have been a problem in acquiring the data if the San Bernardino management had been doing their job. i.e. ensuring they had proper control of taxpayer assets for which they are responsible.

Are you saying that having phones assigned to employees, to carry out their work, in a device management program is the "slippery slope"?
Posted By: slolerner Re: And now for the story behind the news - 02/23/16 11:35 AM
I wasn't clear Ryck, sorry. It wasn't directly related to Alternaut's post, it was the bigger issue, because the onnes was consequently put on Apple, a private sector company, for making a product that the public thinks needs to be changed for law enforcement reasons. A Business Week headline as recently as yesterday said a poll showed over 50% of the public still believes Apple should unlock the phone. Even if they understood what happened, I don't think that would change anything. It doesn't matter if it was his work phone and every precaution got botched, why wouldn't this "we are protecting you" attitude extend to any computer that uses an unrecoverable flash drive that was not backed up to a cloud service. That was what happened to his personal phone as far as we know.

Clearly, the FBI, much more seriously, 'botched the job' than the San Bernardino police.
Posted By: jchuzi Re: And now for the story behind the news - 02/24/16 10:49 AM
Justice Department Wants Apple to Unlock Nine More iPhones
Posted By: tacit Re: And now for the story behind the news - 02/25/16 04:34 AM
Originally Posted By: slolerner
Take it easy. Woof. So the FBI is asking Apple to change their encryption so it is crackable, give the FBI the key, plus either make flash memory that can't be erased but looks like it is when the phone is reset or include a built in back-up that cannot be deleted? Am I close?


Not really. It's a VERY complex case, and what the FBI is asking for is not at all obvious to someone who doesn't know the complex innards of the iPhone.

So here's the scoop. Bear with me, this might get long and technically complicated.

When you secure your iPhone with a passcode, the phone's contents are encrypted. But--and it's really important to understand this for reasons I'll explain in a second--the passcode you type in is not the encryption key.

The phone generates a random encryption key that is very long (256 bits). This encryption key is not stored in the phone's flash storage or RAM. It's stored in a special, high-security, tamper-resistant chip, called the iPhone Secure Enclave.

The Secure Enclave can not be accessed directly by the phone's CPU, and it does not communicate with the rest of the phone over the normal data bus. It communicates over a special, dedicated, encrypted link to the CPU.

When you type your passcode, the passcode is sent to the Secure Enclave. The Secure Enclave looks at the passcode and returns "yes" or "no". If it is correct, the Secure Enclave uses the key stored in its own tamper-resistant memory to decrypt the phone. If it is not, the Secure Enclave does not decrypt the phone.

For this reason, you can't just read the contents of flash and put them in another phone, for example. The flash contents are encrypted using military-grade 256-bit AES; there is no known way to attack this encryption, and all the world's computers combined would take more than a billion years(!) to brute-force decrypt it.

Now here's where it gets weird.

The iPhone 5C and earlier and the newer iPhones are a bit different in what happens if you enter the wrong passcode several times.

If you enter the wrong passcode in an iPhone 5C or earlier, then with each wrong attempt, iOS forces you to wait a little longer to try again. If you enter the wrong passcode 9 times, iOS forces you to wait an hour before you try the 10th and last time. If you enter it wrong the 10th time, iOS erases the phone.

On an iPhone 6 or later, the Secure Enclave chip handles all these functions. When you enter the wrong passcode, the Secure Enclave starts a hardware timer and will not permit you to enter the passcode again for a longer and longer time. If you enter the passcode wrong on the 10th time, the Secure Enclave wipes its special high-security memory containing the decryption key, forever and irreversibly vaporizing the key and making the phone's contents forever unreadable.

Nobody, not even Apple, has a realistic means of getting the encryption key off the Secure Enclave chip. It is theoretically possible to do, maybe, but the process would involve taking the phone apart in a cleanroom, using acid to dissolve the top casing of the Secure Enclave chip, turning on power, and then attempting to read the Secure Enclave's memory using something like an atomic force microscope. This might work, but it has a very high likelihood of destroying the Secure Enclave chip and if you do that, it's adios, muchachos--the key is gone forever and you're done.

The difference between how the iPhone 5C and the iPhone 6 works is important. In the iPhone 6, all the security is handled by that special chip. In the 5C, it's handled by iOS.

What the FBI is asking Apple to do is write a special version of iOS and put it on the phone. The special version of iOS would be different from "normal" iOS in two regards: it would not make you wait longer and longer times to enter the passcode, and it would not wipe the phone after 10 wrong tries.

On the iPhone 6, iOS does not do this, the security chip does, so nobody, not even Apple, can change that. On this phone, the FBI hopes that installing an altered version of iOS on the phone will let them try all 10,000 possible passcode combinations until they get the right one.

Why doesn't Apple want to do this?

Lots of reasons.

First, it's not clear that it matters. This phone didn't belong to the terrorist, the terrorist stopped using it before the attacks, and he destroyed all his other phones, which means there's almost certainly nothing interesting or important on it.

Second, the FBI already has the iCloud backup and the contact list and call record from the phone, and there was nothing interesting or important in it. Again, that means there's almost certainly nothing interesting or important on the phone.

Third, it would set a precedent: with any older iPhone, any government anywhere in the world could issue a subpoena to Apple saying "load your special rigged software on this phone, because we told you to." That's potentially scary. There's no way to stuff the genie back into the bottle. (In fact, it was precisely to head off this possibility that Apple changed how the Secure Enclave works in later phone models.)

Fourth, if Apple capitulates on this, it will make it that much easier for the FBI to strong-arm other companies (Google? Facebook?) into weakening the encryption they use on their devices. Weakening encryption is potentially a big problem. The thing about encryption is it's just math. Math does not know about good guys or bad guys. Math is math. If there's a mathematical way for the FBI to break encryption or use a back door, there's a mathematical way for anyone--cybercriminals, virus writers, Eastern European organized crime, hostile governments--to do it. Math is math. If it's mathematically possible to break encryption, it can be done. The whole point of encryption is it works because it's NOT mathematically possible to break.

The law under which the FBI is asking Apple to do this is an old one. It's the All Writs Act of 1789. The All Writs Act requires citizens and companies to take any measures "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." The FBI is saying that means Apple has to create a new version of iOS just for them, because creating this new version of iOS is necessary and appropriate in aid of this investigation.

What's not clear is, can the government force private citizens to work for it? That's a key part of the debate that I feel is being glossed over. Can the government require that a private company like Apple or private citizens like Apple employees do work on its behalf if they don't want to? Is that "necessary and appropriate"?

There would be a lot more work involved than just changing some lines of code and hitting Compile. Forensics laws are specific about what has to happen with any forensic software used to extract data from a digital device in evidence. The software must be regression-tested, every part of it must be documented, it must be evaluated by peer review, and it must be tested on hardware identical to that of the target device. This is necessary to preserve the chain of evidence and make sure the forensic software isn't inadvertently modifying the data.

And you can't just clone this iPhone and use the new iOS build on the clone, because cloning the phone does not clone the encryption key locked away inside the Secure Enclave chip.

So they're asking Apple to do a great deal of work and to document all that work under legal procedures, and submit the new version of iOS for peer review, in order to get at the contents of the phone. Is this "necessary and appropriate" to do when the people you're ordering to do it are private citizens and not government employees? The All Writs Act of 1789 was clearly never intended to apply to a situation like this; how could it be?
Posted By: artie505 Re: And now for the story behind the news - 02/25/16 07:50 AM
Thanks for clarifying what's actually going on...what's at stake, tacit...excellent post!

It puts an interesting spin on the thought of more than a year of a 4 - 4 Supreme Court.

Quote:
The All Writs Act requires citizens and companies to take any measures "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." (Emphasis added)

Quote:
Is this "necessary and appropriate" to do when the people you're ordering to do it are private citizens and not government employees?

Unfortunately, the quoted language seems to extend to private citizens.

Quote:
The All Writs Act of 1789 was clearly never intended to apply to a situation like this; how could it be?

Nor was the Constitution (and that's not unique to the present situation), which has got some rough times ahead of it, and the Court's politicization is not going to help in the least! frown
Posted By: alternaut Re: And now for the story behind the news - 02/25/16 02:53 PM
Originally Posted By: tacit
Forensics laws are specific about what has to happen with any forensic software used to extract data from a digital device in evidence. The software must be regression-tested, every part of it must be documented, it must be evaluated by peer review, and it must be tested on hardware identical to that of the target device. This is necessary to preserve the chain of evidence and make sure the forensic software isn't inadvertently modifying the data.
A small but important consequence of the legal requirements regarding forensics tools (including software) merits special mention. It makes the FBI’s ‘reassuring’ comment that Apple could produce and keep the required software in-house and under wraps inherently impossible, rendering the agency’s suggestion disingenuous and arguably beyond ludricous.

That said, one can see the Government’s reasoning where it feels it has to make a stance somewhere and shoehorn its longstanding surveillance habits re privacy rights into a new and essentially incompatible circumstance. And since we all know where that has led in recent years, this particular development doesn't bode much good. The only way to safeguard privacy may have to be based on the physical impossibility to compromise it, and that is a tough standard to meet.
Posted By: Virtual1 Re: And now for the story behind the news - 02/25/16 04:01 PM
Originally Posted By: tacit
So here's the scoop. Bear with me, this might get long and technically complicated.

Thank you for that very informative post!
Posted By: Ira L Re: And now for the story behind the news - 02/25/16 06:29 PM
Nice explanation. Your diverse knowledge and experiences are always "entertaining". Thank you.

"Atomic force microscope"—nice touch, but really? wink
Posted By: joemikeb Re: And now for the story behind the news - 02/25/16 08:25 PM
More fuel for the fire from the New York Times and this from MacNN
Posted By: slolerner Re: And now for the story behind the news - 02/25/16 11:16 PM
Originally Posted By: jcuzi
That certainly inspires confidence that the government will be competent in respecting the Constitution...

Well, say what you will about the late Antonin Scalia, but he was a strict Constitutional Originalist and won't be here when this one makes its way to the Supreme Court and it looks like Apple will end up there if they choose to fight this fight, IMHO.

Then there is every other country they do business in...
Posted By: artie505 Re: And now for the story behind the news - 02/25/16 11:33 PM
Originally Posted By: slolerner
Well, say what you will about the late Antonin Scalia, but he was a strict Constitutional Originalist and won't be here when this one makes its way to the Supreme Court and it looks like Apple will end up there if they choose to fight this fight, IMHO.

If this winds up expediting its way to an 8 Justice Court I certainly hope it's the Gov't that's appealing.
Posted By: joemikeb Re: And now for the story behind the news - 02/26/16 02:12 PM
I don't think there is any question this will end up in the Supreme Court, but if the court splits 4 to 4 then the decision will be that of the last appeals court to hear the case — or the argument will have been delayed beyond the point of any possible usefulness to anyone other than historians. Unless, of course the reactionaries in the senate will agree to hold hearings on the president's nominees.

IMHO their stated refusal to hold hearings should be taken to the Supreme Court as a failure to do their constitutional duty.
Posted By: slolerner Re: And now for the story behind the news - 02/26/16 02:17 PM
IMHO, It's going to take a long time to get from the Circuit Courts to the Supreme Court. My only point is that the Writ will have to be decided whether it violates the Constitution.

For the time being, this phone is not the so-called ticking time bomb everyone is making it out to be, it is merely part of an investigation and as tacit and many others have pointed out, it doesn't seem there is enough to be gained from this particular phone. By the time it gets to the Supreme court, chances are Google and Microsoft will be on on board.
Posted By: slolerner Re: And now for the story behind the news - 02/26/16 02:49 PM
There is a lot here to look at, Apple has developed propritary technology that adds to the usefulness of the product. The public perceives this competitive advantage, and not complying to the FBI"s request, as greed on the part of Apple. As someone much smarter than me once said, people prefer to believe a simple explanation that makes sense to a more complex one that is true.
Posted By: Virtual1 Re: And now for the story behind the news - 02/29/16 03:31 PM
Originally Posted By: slolerner
There is a lot here to look at, Apple has developed propritary technology that adds to the usefulness of the product. The public perceives this competitive advantage, and not complying to the FBI"s request, as greed on the part of Apple. As someone much smarter than me once said, people prefer to believe a simple explanation that makes sense to a more complex one that is true.

Occam's Razor
"Non sunt multiplicanda entia sine necessitate"
Posted By: slolerner Re: And now for the story behind the news - 03/06/16 11:20 AM
Microsoft, Google Join Rivals to Back Apple in FBI Fight

http://www.bloomberg.com/news/articles/2...a-terror-victim

This could also be decided legislatively and then appealed to The Supreme court like The Affordable Care Act.
Posted By: slolerner Re: And now for the story behind the news - 03/13/16 04:12 AM
Is it possible that the firmware update I didn't want that created a link to the Apple cloud is used to monitor certain computers, to help law enforcement already?

That way, Apple gets to control what info they disclose.
Posted By: jchuzi Re: And now for the story behind the news - 03/14/16 03:58 PM
WhatsApp Encryption Said to Stymie Wiretap Order.

Florida sheriff vows to arrest Tim Cook if Apple won't comply with court orders

The controversy gets more interesting...
Posted By: ryck Re: And now for the story behind the news - 03/14/16 04:05 PM

I assume the Sheriff is an elected officer, in which case he seems to have taken a page from the Donald Trump playbook: "Issue a threat I can't actually follow through on in order to raise my profile".
Posted By: slolerner Re: And now for the story behind the news - 03/14/16 04:27 PM
Well, I guess Tim Cook won't be going to Florida any time soon...

Can't help thinking "What Would Steve Jobs Do?"
Posted By: joemikeb Re: And now for the story behind the news - 03/14/16 07:20 PM
Originally Posted By: slolerner
Well, I guess Tim Cook won't be going to Florida any time soon…

I seriously doubt Time Cook would be deterred by a glory hunting right wing nut in Florida.
Originally Posted By: slolerner
Can't help thinking "What Would Steve Jobs Do?"

Pretty much what he darn well pleased and in this case I'll bet he would have been first in line to tell the DoJ, "Not only NO but H____ NO!" Remember Steve's favorite sound on the Mac is called "sosumi".
Posted By: slolerner Re: And now for the story behind the news - 03/15/16 01:48 AM
Originally Posted By: JoeMikeB
Pretty much what he darn well pleased and in this case I'll bet he would have been first in line to tell the DoJ, "Not only NO but H____ NO!" Remember Steve's favorite sound on the Mac is called "sosumi".

"soarrestmi."
Posted By: Virtual1 Re: And now for the story behind the news - 03/15/16 02:10 PM
Originally Posted By: slolerner
Originally Posted By: JoeMikeB
Pretty much what he darn well pleased and in this case I'll bet he would have been first in line to tell the DoJ, "Not only NO but H____ NO!" Remember Steve's favorite sound on the Mac is called "sosumi".

"soarrestmi."

and here I thought it was "hahyousofunny"
Posted By: joemikeb Re: Why Tim Cook Won't back Down - 03/18/16 03:08 PM
The battle between Apple and many other major players in the computer industry versus the DoJ rages on in the press as seen in this MacNN article
Posted By: grelber Re: Why Tim Cook Won't back Down - 03/18/16 03:17 PM
Originally Posted By: joemikeb
The battle between Apple and many other major players in the computer industry versus the DoJ rages on in the press as seen in this MacNN article

And check the slew of articles in today's New York Times.
Posted By: Virtual1 Re: Why Tim Cook Won't back Down - 03/21/16 12:02 PM
Quote:
Cook also defended Apple's stance on the issue (which is that the government does not have this authority, as the Brooklyn case judge ruled), but brought up a previous piece of legislation to support his stand -- CALEA, the "regulatory arm for the telecommunications area," which was written to cover exactly this sort of "clash" of government and private interests. Apple's lawyers have argued that the original ex parte order from Judge Sheri Pym that kicked off the controversy was invalid under CALEA, along with numerous constitutional reasons.

Quote:
The court that initially ordered Apple to comply with the FBI's demands is holding a hearing for oral arguments on whether to rescind the order or not on March 22.

Apple isn't failing to obey the law or a legal order, they're resisting obeying an illegal order. So the fight right now is to get this illegal order vacated. It looks like CALEA was created specifically to limit the (incredibly broad) reach of the All Writs Act, and that Pam failed to consider CALEA in her decision.

I for one think that CALEA is a hack, and the correct fix is to strike down the AWA itself, remove it from the books. Why?

Quote:
the DOJ looks at the AWA as a sort of "magic wand" that removes all legal concerns.

Couldn't have said it better myself. AWA basically functions like a "You can ignore the law if it's limiting your ability to enforce the law." And that's arguably the worst sort of law you can have on the books. With that, you can just neatly throw away the rest of the laws because they don't matter anymore, LEA does whatever it wants to do, and you are obligated to cooperate fully. (but if you did that, it would be easier to recognize the police state)

I think the only difference at this point is whether the government chooses to follow the will of the people. The laws are set up in such a way that they can, if they want to, ignore the laws and the rights of the people. People should be able to rely on the laws to protect them, not pray for the legal system to be generous enough to interpret them in a beneficial way most of the time. Otherwise life is rather scary.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/21/16 12:34 PM
I just heard that a security vulnerability has been found that may lead to hackers being able to crack one, unbelievably. Now the plot thickens.
Posted By: joemikeb Re: Why Tim Cook Won't back Down - 03/21/16 02:52 PM
The latest word is Apple's engineers are considering refusing to work on a so-called DoJ OS even if Apple loses. Apparently they would rather quit their jobs than subvert the security of iOS.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/21/16 03:00 PM
That's great. They should not because if they do it, there is really no way to keep something as valuable as that vulnerability a secret. It would make the phone hackable.
Posted By: joemikeb Re: Why Tim Cook Won't back Down - 03/21/16 03:45 PM
Originally Posted By: slolerner
That's great. They should not because if they do it, there is really no way to keep something as valuable as that vulnerability a secret. It would make the phone hackable.

Which is the basis for Apple's resistance to what is an arguably illegal order from the DoJ.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/21/16 07:19 PM
But, even if the engineers quit, the All Rits Act still applies. confused
Posted By: grelber Re: Why Tim Cook Won't back Down - 03/21/16 08:08 PM
Originally Posted By: slolerner
But, even if the engineers quit, the All [Writs] Act still applies. confused

That's in the same display case as Washington's wooden teeth. tongue smirk
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/21/16 09:47 PM
Just saying... The Act is so ill-defined and far-reaching the consequences of bringing it up at this time is a disaster.
Posted By: jchuzi Re: Why Tim Cook Won't back Down - 03/22/16 12:05 AM
FBI 'may be able to unlock San Bernardino iPhone'
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/22/16 12:33 AM
Nice, Apple can use that exploit to develop stronger encrytion. Cook played Tom Perry's "Won't back down" when he exited today's new product launch.
Posted By: artie505 Re: Why Tim Cook Won't back Down - 03/22/16 12:48 AM
That's Tom Petty & The Heartbreakers...GREAT band!
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/22/16 02:43 AM
Damn autocorrect.
Posted By: grelber Re: Why Tim Cook Won't back Down - 03/22/16 09:33 AM
Originally Posted By: slolerner
Damn autocorrect.

Everybody should turn autocorrect off. The best it can do is make its users seem illiterate/preliterate.
I'd rather see legitimate mistakes = human errors than robotic ones.
(And yes, I know that the robots were created by humans, but their algorithms are soulless.)
Posted By: artie505 Re: Why Tim Cook Won't back Down - 03/22/16 09:52 AM
Why does autocorrect even bother with proper names? Once a word begins with a cap letter all bets are off. (Or did slolerner accidentally hit the key next to the "t"?)
Posted By: Virtual1 Re: Why Tim Cook Won't back Down - 03/22/16 12:24 PM
Originally Posted By: slolerner
I just heard that a security vulnerability has been found that may lead to hackers being able to crack one, unbelievably. Now the plot thickens.

Considering all the recent reports of the FBI and CIA using previously unknown zero-days, I think it's foolish to believe that they haven't already cracked it, and this is just public show to lull the terrorists into believing they are still safe using iPhones to do their business. The day it comes out they can crack an iPhone will be the day they stop using them, so it only makes sense. Enigma was this way in WW2, the british did everything in their power (including sacrificing entire cities!) to keep hitler convinced they hadn't broken enigma, because it was just too valuable of a source of intelligence to lose.
Posted By: ryck Re: Why Tim Cook Won't back Down - 03/22/16 01:13 PM

Originally Posted By: slolerner
Nice, Apple can use that exploit to develop stronger encrytion.

Hmmmm. That would assume the FBI will be cooperative with Apple and let them know how they broke into the phone. Why do I have this niggling feeling that the FBI is not likely to help Apple?
Posted By: grelber Re: Why Tim Cook Won't back Down - 03/22/16 01:59 PM
Originally Posted By: ryck

Originally Posted By: slolerner
Nice, Apple can use that exploit to develop stronger encrytion.

Hmmmm. That would assume the FBI will be cooperative with Apple and let them know how they broke into the phone. Why do I have this niggling feeling that the FBI is not likely to help Apple?

Clearly you don't know about the mole(s) among the ranks. smirk
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/22/16 02:48 PM
Or it's disinformation.

BTW, it's an android phone and slolerner needs autocorrect on this tiny keyboard because the old phone was a slider with a 'chicklet' keyboard. It is annoying that it does correct capitalized words.
Posted By: ryck Re: Why Tim Cook Won't back Down - 03/22/16 03:08 PM
Originally Posted By: grelber
Clearly you don't know about the mole(s) among the ranks. smirk

Considering that moles are spies usually planted well in advance of a need for information, so they can work their way deep into an organization, I think it's unlikely that Apple has ever planted such agents in the FBI. I'm not an expert in such intrigue but I'd assume that the opposite (FBI into Apple) is more probable.
Posted By: grelber Re: Why Tim Cook Won't back Down - 03/22/16 03:23 PM
Originally Posted By: ryck
Originally Posted By: grelber
Clearly you don't know about the mole(s) among the ranks. smirk

Considering that moles are spies usually planted well in advance of a need for information, so they can work their way deep into an organization, I think it's unlikely that Apple has ever planted such agents in the FBI. I'm not an expert in such intrigue but I'd assume that the opposite (FBI into Apple) is more probable.

Either way, ain't we got fun?! grin
Posted By: Virtual1 Re: Why Tim Cook Won't back Down - 03/23/16 01:09 PM
Originally Posted By: grelber
Clearly you don't know about the mole(s) among the ranks. smirk

Proper encryption isn't vulnerable to moles. If it's designed correctly there's no back door or shortcuts in existence, there's nothing to steal and give out.

The only thing right now that qualifies with that is the private key to their software signing certificate that tells the iPad the firmware you just uploaded to it is genuine and to allow the installation to take place. Pretty sure Apple keeps really tight control over that particular key, and will aggressively bar-b-qua anyone they catch copying it.

That sort of data exists in only there or four places in the world, inside very secure safes with singularly limited physical access, and only comes out when the GM firmware update needs to be signed.
Posted By: grelber Re: Why Tim Cook Won't back Down - 03/23/16 03:24 PM
Quote:
Proper encryption isn't vulnerable to moles.

Somewhere at least one someone has access (key to the ark of the covenant). So somewhere a vulnerability exists. And moles exploit that.
Posted By: Virtual1 Re: Why Tim Cook Won't back Down - 03/23/16 05:29 PM
Originally Posted By: grelber
Quote:
Proper encryption isn't vulnerable to moles.

Somewhere at least one someone has access (key to the ark of the covenant). So somewhere a vulnerability exists. And moles exploit that.

Like I said, in a locked safe, on an air-gapped flash drive

At that point if you still have a security problem, it's a physical security problem. Keycard accessed doors, alarms, and good safes are generally good protection against that. Don't give the combo to the safe to the janitor and you should be ok.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/23/16 06:18 PM
Or, it's disinformation and a way for FBI to step down without losing face. They now know how many companies they are up against. Tim Cook is not going to budge and they know that. Given tacit's explanation, I am somewhat dubious what the FBI is saying is true. There are many good hackers out there, the info on iPhones is valuable to every one of them, and I'm certain they have tried everything possible to get it.

Virtual1 is right about not revealing code breaking in times of war. If they knew how to crack the phone, then no doubt they would have been using it for some time previously to this, not to unlock a work phone when the personal phone was destroyed. This was a high profile case where they could rally public pressure. Let's wait and see if the Sheriff in Florida gets the FBI to unlock that phone...

It could also be a way to retaliate against Tim Cook and hurt sales. Now the pressure is on him to make an iphone even more secure and there will be even more public pressure against that.
Posted By: joemikeb Re: Why Tim Cook Won't back Down - 03/23/16 08:39 PM
This MacNN article reveals how deeply embedded customer privacy is embedded in Apple's corporate structure. Even to the point of killing or nearly killing some technologies due to privacy concerns.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/25/16 07:08 PM
Interesting reader comment at the end of the article:
Quote:
Apple hasn't learned the lesson it should have learned from its now-failed ebook dispute. If you trash-talk about courts or federal agencies, it may look good with your fans, but the courts and agencies have ways to get back at you.

I still don't believe the phone was unlocked, sorry.
Posted By: jchuzi Re: Why Tim Cook Won't back Down - 03/27/16 10:11 AM
FBI's "Outside Party" Revealed as Bureau Angles to Keep New Hack Secret An interesting irony is the following statement in that article:

Apple's attorneys said Monday they would request the FBI inform them of the security flaw they discovered and how they were able to exploit it.

As Bloomberg explains, the FBI may in fact be subject to a little-known process called the "equities review," which was created by the Obama administration to determine if security flaws should be disclosed.

"I do think it should be subjected to an equities review," Chris Inglis, former National Security Agency (NSA) deputy director, told Bloomberg. "The government cannot choose sides in the tension between individual and collective security so the equities process should be run to put both on a level playing field."

Nate Cardozo, staff attorney at the digital rights group Electronic Frontier Foundation, added, "The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind. If it's anything where they're attacking the phone in software, it would be subject to the equities review."


Will Apple now sue the FBI to force it to reveal its secrets?
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/27/16 02:30 PM
I take it back, if the source was an Israeli sofware engineer, the chances of unlocking the phone have greatly improved. Their engineers took down an off-the-grid nuclear power plant. The good news is if there is something in the interest of their own security they will unlock the phone but probably never tell the FBI how they did it. The FBI will be sending them any phone connected with a terrorist act.

IMHO, if the FBI had ever really valued the content of the phone we never would have heard about any of this.
Posted By: joemikeb Re: Why Tim Cook Won't back Down - 03/27/16 08:50 PM
Originally Posted By: slolerner
IMHO, if the FBI had ever really valued the content of the phone we never would have heard about any of this.

You aren't by any chance implying the FBI would attempt to distract the public as well as the bad guys from its incompetence in electronic criminology are you? smile
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/27/16 09:47 PM
Tim Cook was very clear about the consequences, the scariest scenario he spoke of was giving someone the means to take down a power grid, that hits people hard. Law enforcement may have lost round one but this issue is far from over. One thing I know for sure, the Israelis are very good at keeping secrets. Now, will they tell Apple what the vulnerability is or will they act in their own interest?

The incompetence of the San Bernardino police created the opportunity to rally the public for code-breaking techniques. Like I stated earlier, the failure of the FBI was not following through when they became aware of the overseas internet chat sessions of these two people before they even met in person.

It's a very interesting game of chess.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/27/16 10:23 PM
The way the Israelis took down the off the grid nuclear power plant in Iran only became known when the worm was subsequently introduced to the internet at large. When Sophos figured out what it was, "their jaws literally dropped."
Posted By: jchuzi Re: Why Tim Cook Won't back Down - 03/28/16 10:47 AM
How FBI vs. Apple could cripple corporate and government security. I think that the government's efforts to force Apple's hand may be a classic case of biting your nose to spite your face.
Posted By: jchuzi Re: Why Tim Cook Won't back Down - 03/28/16 11:29 PM
And here's the latest: DOJ confirms successful iPhone data extraction, withdraws encryption case against Apple
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/29/16 02:36 AM
Supposedly the hack was released to the media.

"It was done through NAND memory duplication. Easy way to think about this is like this: Virtual machine, or in this case, virtual phone. Once they were able to duplicate the memory, they were able to run a simple password hack algorithm until they got the correct password. Whenever it reached the limit where the content would be deleted, they would just reset the virtual phone and continue right where tHey left off until they went through all combinations. Note this was reported in the news a few days back."

Now Apple fixes the security and everyone buys new phones.
Posted By: artie505 Re: Why Tim Cook Won't back Down - 03/29/16 02:54 AM
Unless NAND memory duplication is something new, the "hack" sounds like something that should have been figured out ages ago. (Actually, Arthur C. Clarke more or less anticipated this problem and its solution in Against The Fall Of Night, The City and the Stars, or both [The latter was a rewrite of the former.] back in the '50s.)
Posted By: ryck Re: Why Tim Cook Won't back Down - 03/29/16 12:52 PM
Originally Posted By: artie505
Actually, Arthur C. Clarke more or less anticipated this problem and its solution….. back in the '50s.

Wow.
Posted By: artie505 Re: Why Tim Cook Won't back Down - 03/29/16 02:36 PM
Originally Posted By: ryck
Originally Posted By: artie505
Actually, Arthur C. Clarke more or less anticipated this problem and its solution….. back in the '50s.

Wow.

I should have explained.

The book's/books' protagonist was given custody of a robot that had been "locked" by its master many centuries before.

It followed him around, but wouldn't communicate, act, or interact, so he took it to the computer that ran the city (The "City Fathers") which couldn't unlock it but was able to create a duplicate without the lock.

Close enough?
Posted By: ryck Re: Why Tim Cook Won't back Down - 03/29/16 02:38 PM
Originally Posted By: artie505
Close enough?

Yup. Thanks.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/29/16 03:20 PM
Was it the Master's work robot or home robot? crazy
Posted By: grelber Re: Why Tim Cook Won't back Down - 03/29/16 04:46 PM
Originally Posted By: slolerner
Was it the Master's work robot or home robot? crazy

Doesn't matter.

Arthur C. Clarke has proven prescient in many things.

One devoutly wishes to come to Childhood's End.
(If you aren't familiar with that one, read the original or latest edition. Do not watch the SyFy 3-part series which came out a while ago; it well and truly sucks, with only 5-6 plot points which are commensurate with the book.)
Posted By: jchuzi Re: Why Tim Cook Won't back Down - 03/29/16 07:32 PM
Childhood's End is one of my favorite sci-fi novels. I first read it when I was about 10 and have re-read it a few times.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 03/29/16 09:48 PM
Please be patient, back to this because I am trying to understand.
Originally Posted By: artie505
Unless NAND memory duplication is something new, the "hack" sounds like something that should have been figured out ages ago.

Does this make more sense:
Originally Posted By: AppleInsider reader comment
..I'd be willing to lay odds that this involved copying the data and replicating it many times over, then "tricking" the iPhone into thinking the replicated data is the original data. Basically, an assembly line process. Bump the number up to, say, an 8 digit code, and the cost of this approach starts to become excessive.

Is this a viable solution?
Originally Posted By: AppleInsider reader comment
Apple will move the delay between passcode attempts from iOS into the secure enclave of the chip.

I wonder if tacit believes the phone was hacked... For whatever reason, this story intrigues me.
Posted By: tacit Re: Why Tim Cook Won't back Down - 04/01/16 01:53 AM
NAND duplication is what all the folks I follow who do computer security work think was the most likely attack. If this is true, the ability to do this has already been closed off in the iPhone 6 and later models. The information in the Secure Enclave cant be replicated this way.
Posted By: slolerner Re: Why Tim Cook Won't back Down - 04/01/16 02:41 AM
Thanks.
Posted By: Virtual1 Re: Why Tim Cook Won't back Down - 04/07/16 02:41 PM
Originally Posted By: tacit
NAND duplication is what all the folks I follow who do computer security work think was the most likely attack. If this is true, the ability to do this has already been closed off in the iPhone 6 and later models. The information in the Secure Enclave cant be replicated this way.

well, they'd need to duplicate the nand that's inside the SE where the key is, and then duplicate the device's memory. But the SE is physically designed to be hardened against this specific attack.

Bullets work great against enemy soldiers, until they're inside a tank. The bullet will still be effective, but you've just got a problem getting the bullet into the tank.
Posted By: alternaut Re: Why Tim Cook Won't back Down - 04/08/16 01:57 AM
If you’re to believe the FBI, ‘tanks’ other than the 5C model are impervious to their current hack, at least for now:
- FBI says hack tool only works on iPhone 5c

Likewise, the (current) political side of things will also impede legislative easing of government sanctioned phone hacking:
- White House won't support encryption unlocking legislation
Posted By: Virtual1 Re: Why Tim Cook Won't back Down - 04/08/16 11:47 AM
Originally Posted By: alternaut
If you’re to believe the FBI, ‘tanks’ other than the 5C model are impervious to their current hack, at least for now:
- FBI says hack tool only works on iPhone 5c

What I personally believe is that the majority of the FBI/CIA/NSA's public statements are composed not for my benefit, but for the benefit of others, to deceive them as to their capabilities. So I really don't trust much of anything they have to say. They're in the business of lying.

Who in their right mind would believe that the FBI didn't bother to covertly ask around if anyone could help them break into this phone before creating a huge public spectacle over it? If someone has to call up the FBI and say "oh hey did you know we offer this public service that might help you?" before they figure out it's an option, somebody's not doing their job. Federal Bureau of Investigation needs to learn some investigation skills maybe? I'm not buying it.

As to the 5C, it was the last Apple iPhone that lacked the Secure Enclave chip, and that's why this process of siphoning off the NAND was as easy as it is. They just sucked all the data off the naked undefended NAND chips and quickly brute-forced the 10,00 combination key. Enter the SE and it's a whole new world of hurt, changing from software obfuscation into actively physically protecting the key. It's certainly still not impossible to do, it just becomes several degrees more difficult. It's still just 10,000 combinations to brute force, but the key is being physically defended against extraction.

Posted By: joemikeb Re: Why Tim Cook Won't back Down - 04/08/16 10:14 PM
Originally Posted By: Virtual1
It's still just 10,000 combinations to brute force, but the key is being physically defended against extraction.

IPhone 6 and later require a six digit key thus upping the number of combinations to 1,000,000 instead of the previous 4 digit key.

I agree the FBI, as well as a number of other government agencies are in the business of -- if not outright lying -- obfuscation of facts. But their comment about being pretty good about keeping secrets is downright stupid. If they have such a key it is dead certain it will be given to other agencies and inevitably it will be leaked and the bad guys will get it. If they are so sanguine about their ability to keep a secret are they willing to underwrite any and all losses attendant to such a leak? Is there enough money in the government to cover the potential losses?
Posted By: slolerner Re: Why Tim Cook Won't back Down - 04/08/16 10:42 PM
Originally Posted By: joemikeb
Is there enough money in the government to cover potential losses?

The last I heard, they were broke. shocked
Posted By: Virtual1 Re: Why Tim Cook Won't back Down - 04/11/16 11:26 AM
Originally Posted By: slolerner
Originally Posted By: joemikeb
Is there enough money in the government to cover potential losses?

The last I heard, they were broke. shocked

Just like any irresponsible spender, they're not worried, they have credit cards. (that's us)
Posted By: tacit Re: And now for the story behind the news - 04/14/16 09:16 PM
So it turns out there was, as suspected, nothing interesting on that iPhone:

http://www.theregister.co.uk/2016/04/14/nothing_useful_on_farook_iphone/

FBI has some egg on face over this.
Posted By: slolerner Re: And now for the story behind the news - 04/15/16 05:36 AM
Originally Posted By: The Register.com
It also claims that the method only works for a "narrow slice" of phones – implying that it only works with an iPhone 5C running iOS 9 – and continues to pursue Apple in court over different phones running different operating system versions.

It ain't over 'till it's over, and not anytime soon...
Posted By: jchuzi Re: And now for the story behind the news - 04/23/16 11:54 AM
And it continues to get more interesting: On Encryption Battle, Apple Has Advocates in Ex-National Security Officials
Posted By: ryck Re: And now for the story behind the news - 04/24/16 01:39 PM
Originally Posted By: jchuzi
And it continues to get more interesting….

And, it appears extraction of data from phones does not always get a "no" answer as happened in a Canadian murder case.
© FineTunedMac