UBB.classicTM 6.5.0
quote:Currently is the key word. If Apple successfully break into the phone, there would effectively would be even if we argue the technical correctness of using the term backdoor.
Originally posted by Doublethink.:
The way it was reported on BBC radio was that Apple was saying it could not currently accesss the data - and that to write software to do so would create a security problem.
So effectively claiming there currently isn't a back door.
quote:This is nonsense. If software can be written to circumvent the security, there is already a security problem. Whether or not Apple has chosen to write the software yet isn't terribly relevant.
Originally posted by lilBuddha:
and that to write software to do so would create a security problem.
quote:Not necessarily. Apple may have access to parts of the code that are not accessible to other developers, and knowledge and understanding of how to access key parts of the system. There is a possibility that Apple could produce something that others couldn't. Because of how restrictive Apple are, it may be a possibility.
Originally posted by Leorning Cniht:
quote:This is nonsense. If software can be written to circumvent the security, there is already a security problem.
Originally posted by lilBuddha:
and that to write software to do so would create a security problem.
quote:
Cook said that to comply with the ruling, Apple will have to rewrite its iOS operating system.
quote:I am too, but the extensive damage this could do to Apple's business seems like an important consideration. How many people will opt for Samsung if Apple complies with this order? Especially given that more than half of all iPhones are sold outside the US.
Originally posted by Beeswax Altar:
I dislike Apple, the federal government, and jihadists.
I'm torn.
quote:Why are you asking me this question? My response had nothing to do with trust in the government (as if) and everything to do with the technical aspects of the situation. A backdoor is a name for a software programmer's deliberately designed way of getting past the security on a software program without having to go through the usual hoops, and by definition exists since before it was released to the public. Backdoors are supposed to be closed before public release, as they are obvious security risks, but you can easily imagine all the reasons a company might NOT actually close all the backdoors, leading to users' indignation.
Originally posted by lilBuddha:
Lamb chopped, how much do you trust your government? Not only the current, but future. Google the FISA court battles.
quote:Should your self-assessment make you immune to a court order?
Originally posted by Schroedinger's cat:
I suppose I want total security and total privacy, because I am not a security risk.
quote:To which the routine response should be: "get a court order".
Originally posted by Lamb Chopped:
If Apple does this, it'll quickly become a routine request to all sorts of software providers.
quote:I would guess because Apple staff don't have the FBI's trust to delve into the data on jihadist networks and pass it on untampered-with to the FBI. Personally if I was an Apple member of staff I would be quite concerned for my safety in doing that and I doubt that Apple would want to put its employees in that position.
Originally posted by Macrina:
Is there any reason why the FBI can't just give the phone to Apple under secure conditions and let them crack it then give it back?
![[Smile]](smile.gif)
I really don't know enough about the technology hence my question. quote:Actually that's exactly what they've asked for.
Originally posted by Macrina:
Is there any reason why the FBI can't just give the phone to Apple under secure conditions and let them crack it then give it back? That way Apple doesn't have to let the FBI have the code to tempt them to use it again and no one will know how the code works except Apple?
quote:But it's not contempt of court to appeal, which AIUI is what Apple plan to do. And I assume one of the first steps in the appeal process would be to seek some sort of order which allows them to delay following the original order until the appeal is ruled on.
Originally posted by orfeo:
This is the thing that bothers me more than anything else. Frankly, it doesn't matter two hoots whether Apple thinks it's a good idea or not. I'm sure they argued in court that it wasn't a good idea.
But a judge weighed all that up, and made a decision. And unless someone can show that that decision was outside the judge's powers, it's contempt of court to not obey.
quote:Absolutely true.
Originally posted by Paul.:
quote:But it's not contempt of court to appeal, which AIUI is what Apple plan to do. And I assume one of the first steps in the appeal process would be to seek some sort of order which allows them to delay following the original order until the appeal is ruled on.
Originally posted by orfeo:
This is the thing that bothers me more than anything else. Frankly, it doesn't matter two hoots whether Apple thinks it's a good idea or not. I'm sure they argued in court that it wasn't a good idea.
But a judge weighed all that up, and made a decision. And unless someone can show that that decision was outside the judge's powers, it's contempt of court to not obey.
quote:Thanks for putting this in black and white.
Originally posted by orfeo:
quote:Absolutely true.
Originally posted by Paul.:
quote:But it's not contempt of court to appeal, which AIUI is what Apple plan to do. And I assume one of the first steps in the appeal process would be to seek some sort of order which allows them to delay following the original order until the appeal is ruled on.
Originally posted by orfeo:
This is the thing that bothers me more than anything else. Frankly, it doesn't matter two hoots whether Apple thinks it's a good idea or not. I'm sure they argued in court that it wasn't a good idea.
But a judge weighed all that up, and made a decision. And unless someone can show that that decision was outside the judge's powers, it's contempt of court to not obey.
Meanwhile, though, they're deciding to try the case in the court of public opinion, with an open letter to their users. THAT is most definitely not one of the steps in appealing. It's a PR stunt designed to create sympathy and/or pressure. And as a person dedicated to the rule of law, it's exactly the kind of stunt that I hate.
quote:But, those are examples of a manufacturer providing a replacement key to the legitimate owner of the safe/car. The FBI is not the legitimate owner of the phone - though they are in possession of it legally (assuming all due processes for collecting evidence were followed).
Originally posted by lowlands_boy:
As to the question of whether they should be made to participate, and Alan's analogy about safes. I'm pretty sure that if you buy a safe, it has some serial number that allows the vendor to produce a replacement key. I recently had a lock replaced on a car that was more than 15 years old, and the original car vendor was able to send me (or rather, an approved repairer), a matching barrel to be installed in the door lock so the key didn't need to be changed.
quote:More to the point, the state is asking the safe manufacturer (to extend the metaphor) to make it a master key to open all their safes. This not only completely obliterates the selling point AC mentioned, it seems prone to abuse.
Originally posted by Alan Cresswell:
quote:The question is, should the safe manufacturer be forced to assist in the safe breaking? At their own expense and thereby undermining their "no one has ever broken into our safes" advertising campaign.
Originally posted by Jane R:
If the owner refuses to give you the key you have the authority to break open the safe, and the safe manufacturer doesn't get to say 'You can't do that, it will encourage criminals to break into other safes made by us'.
quote:Depends on the government, doesn't it? Would you be as sanguine about the Chinese or Egyptian state demanding a way decrypt any of Apple's products? Because once such a tool exists you can be fairly certain other states will also demand its use. "Sorry, but you're not a democratic government" isn't an argument that's likely to fly in the courts of those countries.
Originally posted by deano:
I'm not torn on this at all. I believe you can all guess where my sympathies lie.
I trust the government. They can be voted out. Jihadis can't.
quote:Well, I think the first point is moot. Syed Farook is dead, so presumably he's not very interested in what happens next to his phone. Plus which the phone was owned by the San Bernardino County Department of Public Health, where Farook worked. It wasn't actually his, and the owner has given the FBI permission to search the phone.
Originally posted by Alan Cresswell:
quote:But, those are examples of a manufacturer providing a replacement key to the legitimate owner of the safe/car. The FBI is not the legitimate owner of the phone - though they are in possession of it legally (assuming all due processes for collecting evidence were followed).
Originally posted by lowlands_boy:
As to the question of whether they should be made to participate, and Alan's analogy about safes. I'm pretty sure that if you buy a safe, it has some serial number that allows the vendor to produce a replacement key. I recently had a lock replaced on a car that was more than 15 years old, and the original car vendor was able to send me (or rather, an approved repairer), a matching barrel to be installed in the door lock so the key didn't need to be changed.
The analogous service would be for Apple to provide a means for people to access their phone if they have forgotten their PIN. Do they have such a service? I assume not, otherwise the FBI wouldn't be asking Apple to provide such a convoluted route to get into the phone.
quote:But are they? According to the link I posted earlier the FBI requested the "key" (SIF) "be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE" i.e they're asking for a key specific to that safe.
Originally posted by Crœsos:
More to the point, the state is asking the safe manufacturer (to extend the metaphor) to make it a master key to open all their safes.
quote:Which implies that either they can't make it for a single phone (unlikely as the encryption is already based on a per-phone unique key) or that they believe that such a single-phone insecure version of the OS could be hacked and turned into a general purpose tool.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
quote:Does anybody actually believe their claim that their phones are impossible to hack anyway? Given enough time and computing power, nothing is completely secure. The only security lies in making it very, very difficult for anyone who wants to hack in and hoping that they'll go after easier targets. Same principle as preventing a burglary, in fact; window locks and burglar alarms are all very well, but anyone who really wants to get in will manage it somehow.
Which implies that either they can't make it for a single phone (unlikely as the encryption is already based on a per-phone unique key) or that they believe that such a single-phone insecure version of the OS could be hacked and turned into a general purpose tool.
quote:Yes - in this case, the "encryption" is linked explicitly to the pin code, which is only 4 digits long. By any measure, this is extremely weak and would be crackable in a fraction of a second. The issue is the "self destruct" that is built in after ten attempts.
Originally posted by Lamb Chopped:
Just to clarify if anybody's confused--the FBI aren't asking them to break the encryption, they intend to do that themselves if it can be done. (There are forms of encryption out there that are so far unbreakable, as far as we know.)What they are doing is asking them to disable secondary security features that prevent a brute force attack on the encryption issue.
quote:Bing, Bing, Bing, we have a winner!
Originally posted by Paul.:
or that they believe that such a single-phone insecure version of the OS could be hacked and turned into a general purpose tool.
quote:No, they are asking for a version of the OS in which that security feature has been disabled. Which wiil make hacking any other phone that much easier.
Originally posted by Lamb Chopped:
Just to clarify if anybody's confused--the FBI aren't asking them to break the encryption, they intend to do that themselves if it can be done. (There are forms of encryption out there that are so far unbreakable, as far as we know.)What they are doing is asking them to disable secondary security features that prevent a brute force attack on the encryption issue.
quote:Since all these phones are essentially the same (with minor variations), there isn't really any issue for Apple to keep doing it. Realistically, they wouldn't destroy such a "feature" version anywhere. They'd just keep the details stored in a branch of code somewhere with steps to make sure that they don't accidentally install it on the next release of their handsets. That's not at all difficult.
Originally posted by Alan Cresswell:
But, there is no suggestion that the revised OS (should it ever be developed) will ever exist anywhere other than on a small number of computers at Apple (or, potentially one laptop that someone from Apple takes with them to wherever the FBI have the phone to install it). Apple aren't going to make this a free download from their website for anyone who wants to bypass a security feature on their phone (or, someone elses phone). So, unless the security at Apple is so bad that someone obtains that code illegally that isn't an issue.
There is an outside chance that by making it known that there is a way of bypassing the 10 attempt limit on the PIN that someone else might create a piece of code capable of doing the same thing, but it won't be a version of whatever Apple produce. However, the chatter about this has already let that cat out of the bag.
For Apple (and, presumably, other producers) the issue is that if they do this it won't be long before the FBI, or some other organisation, comes along with another phone they need access to, and another, and another ... either they fight each one through the courts or some of their talented software engineers spend a large amount of their time opening up phones for the law enforcement community. How long can Apple, or anyone else, afford to keep on doing that?
quote:This isn't a plausible scenario. Even were it, the FBI would have a copy of the disabled iOS in their hands when Apple left.
Originally posted by Alan Cresswell:
But, there is no suggestion that the revised OS (should it ever be developed) will ever exist anywhere other than on a small number of computers at Apple
quote:This was hardly a secret even before the shootings.
Originally posted by Alan Cresswell:
There is an outside chance that by making it known that there is a way of bypassing the 10 attempt limit on the PIN that someone else might create a piece of code capable of doing the same thing, but it won't be a version of whatever Apple produce. However, the chatter about this has already let that cat out of the bag.
quote:The iOS will still be property of Apple, and the FBI won't be able to do anything with it without either permission from Apple or by breaking the law (which I would hope would make anything gained inadmissible in court). Even if they can bypass Apple's property rights, will the FBI be able to copy the revised iOS off the phone, and if they could would they be able to install it on a different phone without some input from Apple? What I've read suggests that anything Apple can produce will include components specific to the phone they are working with (access codes and the like). If so, then even with the iOS the FBI (or anyone else) will still need to ask each time they want to snoop.
Originally posted by lilBuddha:
quote:This isn't a plausible scenario. Even were it, the FBI would have a copy of the disabled iOS in their hands when Apple left.
Originally posted by Alan Cresswell:
But, there is no suggestion that the revised OS (should it ever be developed) will ever exist anywhere other than on a small number of computers at Apple
The intelligence community don't like encryption and they don't like having to ask each time they wish to snoop.
They want the tools, that is what this is about.
quote:The FBI court submission already specifies that the modified version of the phone operating system should only operate on the specified handset, and once Apple digitally sign the software, it wouldn't be transferable to another handset anyway.
Originally posted by lilBuddha:
You are suggesting that the FBI would respect rights?
I do not believe this would be the case. Even allowing for the best intentions, power will be abused.
quote:There exists no intelligence agency in the world in which all its members operate completely within the rules. None.
Originally posted by Alan Cresswell:
I'm suggesting that if they fail to respect Apple's property rights then they will only be able to do that with the collusion of other parts of the criminal justice system. They can't conduct what would effectively be an illegal search and still use that evidence within a criminal prosecution, so they would need a warrant of some form from the courts (as they have obtained in the current case). If the FBI can ride rough shod over the law then you have very significant problems, and the ability to access the contents of some phones isn't going to make any real difference to that.
quote:And how would that be done? The OS on that mobile is not unique.
Originally posted by lowlands_boy:
The FBI court submission already specifies that the modified version of the phone operating system should only operate on the specified handset, and once Apple digitally sign the software, it wouldn't be transferable to another handset anyway
quote:might sound a bit paranoid, it is based on those I know within the community, the selection processes, human nature and historical examples.
There exists no intelligence agency in the world in which all its members operate completely within the rules. None.
quote:The entire basis of the request is that a new version of the OS be created. This version of the OS should remove the self destruct function, remove the time delay between allowed attempts, and allow the submission of passcodes via a USB connection or similar.
Originally posted by lilBuddha:
quote:There exists no intelligence agency in the world in which all its members operate completely within the rules. None.
Originally posted by Alan Cresswell:
I'm suggesting that if they fail to respect Apple's property rights then they will only be able to do that with the collusion of other parts of the criminal justice system. They can't conduct what would effectively be an illegal search and still use that evidence within a criminal prosecution, so they would need a warrant of some form from the courts (as they have obtained in the current case). If the FBI can ride rough shod over the law then you have very significant problems, and the ability to access the contents of some phones isn't going to make any real difference to that.
Once again, it is about encryption in general, not this just this one mobile, not just Apple.
quote:And how would that be done? The OS on that mobile is not unique.
Originally posted by lowlands_boy:
The FBI court submission already specifies that the modified version of the phone operating system should only operate on the specified handset, and once Apple digitally sign the software, it wouldn't be transferable to another handset anyway
quote:Even our printer knows when we have used a non-Canon cartridge and won't work
Originally posted by lowlands_boy:
If you then tamper with it to try and change the forensic identification code (or indeed, any other code) and then put the tampered with version on another phone, the other phone would be able to detect the tampering and refuse to run the software.
![[Roll Eyes]](rolleyes.gif)
quote:Yeah, and Google support them because it is all about Apple and nothing else.
Someone has now called bullshit on that (quite rightly) and Apple don't like it.
quote:Why shouldn't they do this?
Originally posted by orfeo:
Meanwhile, though, they're deciding to try the case in the court of public opinion, with an open letter to their users. THAT is most definitely not one of the steps in appealing. It's a PR stunt designed to create sympathy and/or pressure.
quote:I don't believe the only problem with the FBI breaking the law is that it might secure convictions that would otherwise be illegal. This is the organisation that tried to blackmail Martin Luther King into giving up.
Originally posted by Alan Cresswell:
If the FBI can ride rough shod over the law then you have very significant problems, and the ability to access the contents of some phones isn't going to make any real difference to that.
quote:Google didn't like being told in Europe to remove selected listings from search engines. Microsoft didn't want to produce "unbundled" versions of Windows that had to allow people to select other browsers by default. Etc Etc. And in all cases, they're all taking the piss over their tax arrangements, as we have another thread about.
Originally posted by lilBuddha:
Originally posted by lowlands_boy:
quote:Yeah, and Google support them because it is all about Apple and nothing else.
Someone has now called bullshit on that (quite rightly) and Apple don't like it.
quote:Yes.
Originally posted by Alan Cresswell:
The question is, should the safe manufacturer be forced to assist in the safe breaking? At their own expense and thereby undermining their "no one has ever broken into our safes" advertising campaign.
quote:They're not looking for public debate. They're looking for an emotive push-button where all the people who are paranoid about government gasp in horror at the prospect that the government might get into their phone. They're sending out a letter to every customer that the FBI has shown zero interest in, with a subliminal message of "if we don't fight this, you could be next!"
Originally posted by Ricardus:
quote:Why shouldn't they do this?
Originally posted by orfeo:
Meanwhile, though, they're deciding to try the case in the court of public opinion, with an open letter to their users. THAT is most definitely not one of the steps in appealing. It's a PR stunt designed to create sympathy and/or pressure.
The issues raised by the court order are matters of public interest. Consequently, it is good for there to be a public debate on them.
(Note: I am under no illusions that Apple actually care about the public interest, but if Apple's concerns happen to coincide with public concerns, I don't think those concerns suddenly become invalid just because it's Apple.)
quote:There are two points here (correct me if I caricature you):
Originally posted by orfeo:
They're not looking for public debate. They're looking for an emotive push-button where all the people who are paranoid about government gasp in horror at the prospect that the government might get into their phone.
quote:There is a certain irony in claiming that one side is probably making an emotive argument, whilst making one of your own.
Originally posted by orfeo:
They're looking for an emotive push-button where all the people who are paranoid ...
If your iPhone is believed to contain a copy of plans to fly a plane into the World Trade Center, they'll fight for your right not to have that divulged.
quote:Which is largely besides the point; As a consumer you have to take your allies where you find them - and in this particular case Apple's interests line most closely with that of the consumer (who not coincidentally is the end customer for their services).
Originally posted by Honest Ron Bacardi:
Its nice to think that Apple is acting on the highest principles here. Get a grip! It's a commercial decision. Apple is not a high-principles company.
quote:It would be ironic if I didn't know I was doing it. I'm illustrating how the emotion that is evoked changes a great deal depending on whose phone you're talking about, and that this is exactly why it's a poor basis for argument.
Originally posted by chris stiles:
quote:There is a certain irony in claiming that one side is probably making an emotive argument, whilst making one of your own.
Originally posted by orfeo:
They're looking for an emotive push-button where all the people who are paranoid ...
If your iPhone is believed to contain a copy of plans to fly a plane into the World Trade Center, they'll fight for your right not to have that divulged.
quote:Sure. But this in fact neatly illustrates the difference between individual cases and systemic issues.
Originally posted by Ricardus:
Last year I wrote to the taxman saying I should have some money back because I had been over-taxed due to someone misunderstanding information I had given them. My concern was for my own filthy lucre, not for the abstract fairness of the tax system, but that doesn't mean I wasn't right.
quote:This is a terrible argument -- it's like saying if you have nothing to hide, you have nothing to worry about when they violate your fourth amendment rights and search your home.
Originally posted by orfeo:
My response would be "dear nice person, if you stay nice and don't, say, murder a large number of your colleagues, the chances of this ever happening to you are quite remote".
quote:Their reasoning isn't clear to me, though. According to their security white paper, Apple routinely makes software upgrades encrypted for use on unique devices, so the copy used on this phone wouldn't run on another. It's true that the "technique" could be used again - by someone with access to the source code and Apple's signature keys. But if the modification to the iOS is relatively minor, then practically the same danger already exists, since Apple currently has the unmodified source code and its signature keys. If Apple is currently able to ensure their secure possession of the elements required to create the iOS, I don't see why they can't take the same steps to limit access to the "technique" the FBI is asking for.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.
quote:Bingo. "If you're not a bad person you have nothing to fear from this wee little trampling of your rights" is not a good argument.
Originally posted by RuthW:
quote:This is a terrible argument -- it's like saying if you have nothing to hide, you have nothing to worry about when they violate your fourth amendment rights and search your home.
Originally posted by orfeo:
My response would be "dear nice person, if you stay nice and don't, say, murder a large number of your colleagues, the chances of this ever happening to you are quite remote".
quote:This doesn't seem like a great analogy, but I think I see his point -- better that the thing doesn't exist at all.
Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
quote:Look, we need a widget that does this, that, and the other, and we know your company is capable of inventing and producing one. Cough up the goods or go to jail.
Originally posted by RuthW:
And another ... this is an unusual court order in that it doesn't require Apple to turn over information it already has -- it requires Apple to write code that (presumably) does not exist. If Apple can be compelled to do this, what can other companies be compelled to do to assist government investigations?
quote:Of course it's not a good argument.
Originally posted by mousethief:
quote:Bingo. "If you're not a bad person you have nothing to fear from this wee little trampling of your rights" is not a good argument.
Originally posted by RuthW:
quote:This is a terrible argument -- it's like saying if you have nothing to hide, you have nothing to worry about when they violate your fourth amendment rights and search your home.
Originally posted by orfeo:
My response would be "dear nice person, if you stay nice and don't, say, murder a large number of your colleagues, the chances of this ever happening to you are quite remote".
quote:Well, presumably the judge believes it's in the public interest and the law allows it.
Originally posted by orfeo:
Apple are trying to invoke a systemic agenda because they've lost an individual court decision. To which part of my response is to actually talk about the systemic issue: about why we allow judges to make these kinds of orders to access data, or access properties.
quote:Tell that to Khaled El-Masri.
My response would be "dear nice person, if you stay nice and don't, say, murder a large number of your colleagues, the chances of this ever happening to you are quite remote".
quote:The fear is more that the court will start awarding warrants to every tom dick and harry law enforcement brigade who want to decrypt our private information.
Originally posted by orfeo:
In short: how does the fact that the FBI followed legal process justify dark predictions that if they get their way, the FBI will start doing illegal things?
quote:Because it raises the question: "Do the American security services have sufficient checks to protect the innocent from molestation for them to be entrusted with the powers that, according to this judge, the law entitles them to?" and "If not, should the public lobby for additional legal safeguards?"
Originally posted by orfeo:
Again: how the hell does Khalid El-Masri have any relevance to a situation where a law enforcement agency has gone to a court and obtained an entirely non-secret court order?
quote:It is not a fear, but a reality.
Originally posted by mousethief:
The fear is more that the court will start awarding warrants to every tom dick and harry law enforcement brigade who want to decrypt our private information.
quote:Which would have merit if they had actually made the argument you claim they made, if they had been the first to do so, and if this had been their first and only contribution to this debate.
Originally posted by orfeo:
It would be ironic if I didn't know I was doing it. I'm illustrating how the emotion that is evoked changes a great deal depending on whose phone you're talking about, and that this is exactly why it's a poor basis for argument.
quote:I'd say it raises the question "why on earth would additional legal safeguards make you feel any safer"?
Originally posted by Ricardus:
quote:Because it raises the question: "Do the American security services have sufficient checks to protect the innocent from molestation for them to be entrusted with the powers that, according to this judge, the law entitles them to?" and "If not, should the public lobby for additional legal safeguards?"
Originally posted by orfeo:
Again: how the hell does Khalid El-Masri have any relevance to a situation where a law enforcement agency has gone to a court and obtained an entirely non-secret court order?
quote:Yeah, okay. I give you permission to be frightened.
Originally posted by lilBuddha:
quote:It is not a fear, but a reality.
Originally posted by mousethief:
The fear is more that the court will start awarding warrants to every tom dick and harry law enforcement brigade who want to decrypt our private information.
Here is a longer article. This link is to a preface, there is an 83 page report linked therein.
quote:Indeed, another good question of public interest.
Originally posted by orfeo:
I'd say it raises the question "why on earth would additional legal safeguards make you feel any safer"?
quote:I don't think anyone is arguing that the contents of the phone, should the FBI be able to recover them, are or should be inadmissable.
Originally posted by Leorning Cniht:
Now, the court is ordering Apple Safe Co. to help defeat the bomb in the safe. The court knows that Apple Safe Co. has the plans for the safe, believes that it is capable of building a tool that will prevent the bomb from going off, and so orders it to do so.
We're still in the same scenario. If the court orders the safe opened, it gets opened. It's not reasonable for people to claim that documents shouldn't be admitted as evidence against them because those documents were stamped "private". It's equally and identically unreasonable for someone to claim that the court shouldn't be able to order their locks unlocked.
quote:I don't think one necessarily has to believe I an absolute right of privacy in order to be cautiously supportive of Apple in this particular scenario given the wider context.
Originally posted by lowlands_boy:
So - should there be some absolute right to privacy then?
quote:Absolute privacy is not a practical right. But expecting a level of privacy is. And trusting the government completely is foolish. At its best intention, government is composed of people, people who will fail, people who will abuse authority, people who will bend or suspend rules for the 'greater good'. Time and again they get it wrong. Guantanamo, the NSA and MI5 phone spying, Kincora*, the Computer Misuse Act amendments, etc.
Originally posted by chris stiles:
quote:I don't think one necessarily has to believe I an absolute right of privacy in order to be cautiously supportive of Apple in this particular scenario given the wider context.
Originally posted by lowlands_boy:
So - should there be some absolute right to privacy then?
quote:But couldn't you make the same argument about all of Apple's software? If they're unable to control this one copy of iOS, why should anything they do be considered secure?
Originally posted by Doublethink.:
I think the biggest risk is more basic, once the software is written and available in a large organisation - sooner or later it will be leaked. Not because either Apple or the FBI want that - but just because it is worth a huge amount of money.
quote:...with the point being that if you can walk up to a safe, install new software on it, and it opens, then it's not a safe at all. It's a box designed to mislead you into thinking that it's a safe.
Originally posted by W Hyatt:
With regard to the safe analogy, it seems to me that it's not so much like the government asking for a master key, it's more like they're asking for software that could be loaded into any safe to make it possible for anyone to open it.
quote:Actually, I was more thinking of the FBI, given its very large.
Originally posted by Dave W.:
quote:But couldn't you make the same argument about all of Apple's software? If they're unable to control this one copy of iOS, why should anything they do be considered secure?
Originally posted by Doublethink.:
I think the biggest risk is more basic, once the software is written and available in a large organisation - sooner or later it will be leaked. Not because either Apple or the FBI want that - but just because it is worth a huge amount of money.
quote:Only Apple isn't the landlord because I own my home. And Apple not only doesn't have a key, they sold me the home with the lock based on the fact that there can be no such key for them to have.
Originally posted by Leorning Cniht:
quote:...with the point being that if you can walk up to a safe, install new software on it, and it opens, then it's not a safe at all. It's a box designed to mislead you into thinking that it's a safe.
Originally posted by W Hyatt:
With regard to the safe analogy, it seems to me that it's not so much like the government asking for a master key, it's more like they're asking for software that could be loaded into any safe to make it possible for anyone to open it.
Your stuff is n your apartment, Apple is your landlord, and has the key. The FBI have a court order to look through your stuff. It's flat-out unreasonable for Apple to say "no, that's his apartment - it's private. I', not going to let you in there."
Apple should say exactly that right up to the point that the FBI or whoever present a search warrant, and then say "certainly, officer - I'll open the door for you." That's how search warrants are supposed to work.
Can this be abused? Yes. But that's not a reason to ban the searching of someone's home.
quote:According to the writ, the FBI only requires access to the phone to brute force the password; the software package is to be made loadable and executable on this phone only, and the phone itself can remain at an Apple facility.
Originally posted by Doublethink.:
quote:Actually, I was more thinking of the FBI, given its very large.
Originally posted by Dave W.:
quote:But couldn't you make the same argument about all of Apple's software? If they're unable to control this one copy of iOS, why should anything they do be considered secure?
Originally posted by Doublethink.:
I think the biggest risk is more basic, once the software is written and available in a large organisation - sooner or later it will be leaked. Not because either Apple or the FBI want that - but just because it is worth a huge amount of money.
quote:And they lied. It is technically possible for them to defeat the security mechanisms on your lock.
Originally posted by W Hyatt:
Only Apple isn't the landlord because I own my home. And Apple not only doesn't have a key, they sold me the home with the lock based on the fact that there can be no such key for them to have.
quote:Yes, that's what this is about. Apple made a promise, which was a lie. They represented their new security feature as being effective, whereas it can be defeated by loading new code on to the phone.
it's that they don't want to be forced into breaking their promise to their entire customer base.
quote:And the problem with talking about the "unique issues presented by software" is that they're really not unique. Privacy doesn't look different just because there's a computer involved.
The problem with a physical analogy is that it can't adequately represent the unique issues presented by software.
quote:And in case it wasn't clear, why should a software lock be treated differently from a physical lock?
Originally posted by Leorning Cniht:
Why should the computer in your pocket be different?
quote:Yes. This. exactly this. They are using this case as a wedge to destroy our right to privacy via non-government-crackable cybersecurity. As I said above, the government has been in apoplexy since large-prime keys were invented. How dare anybody in the world not have a back door that the government -- who will of course always get a warrant and never use it for, say, political gain -- can use.
Originally posted by Belle Ringer:
Anyway, I doubt FBI believes national security shattering data is on that one phone and nowhere else; more likely they see this situation as a great gift yto exploit for getting the public to agree that FBI should have backdoor access to everything.
quote:The lock analogy is ridiculous.
Originally posted by Leorning Cniht:
quote:And in case it wasn't clear, why should a software lock be treated differently from a physical lock?
Originally posted by Leorning Cniht:
Why should the computer in your pocket be different?
quote:The privacy issues have lots of legal precedents and are pretty well understood, but the uniqueness of this case is not about an individual's privacy, it's about the what tools our society is willing to allow law enforcement to use.
Originally posted by Leorning Cniht:
quote:And the problem with talking about the "unique issues presented by software" is that they're really not unique. Privacy doesn't look different just because there's a computer involved.
The problem with a physical analogy is that it can't adequately represent the unique issues presented by software.
quote:Sure, but as I said, it's not the privacy aspect with regard to a single individual that makes this case of such interest to the public, it's the ramifications of mass searches.
The big difference is that computers and electronic records make data analytics and mass searches possible that would take far too long to be practicable by hand. But this is a feature of electronic records, not a feature of phone encryption.
quote:For the same reason the NSA digitally collecting massive amounts of phone records is different than getting a warrant for an old-style wire-tap.
Why should the phone in your pocket have more legal protection than the PC locked in your house. Suppose you have a home computer full of all kinds of personal information (like most people) and it's stored in your locked house, but doesn't have password protection. Everybody agrees that, with a warrant, the police can enter your locked home, take your computer, and search through all your personal data for incriminating records. Why should the computer in your pocket be different?
quote:and:
Over time, authority will be a used. It is not a question of if, but of when and how far.
quote:Note that in theory, if the FBI was allowed to operate that way, I could become the target of an investigation just for posting this because they decided I fit the profile of someone who poses a danger to the country.
It is not a fear, but a reality.
quote:But don't worry, they're the good guys so we should trust them to be scrupulous in their use of mass searches.
Khan gained asylum in the United States in 1998 and was a legal resident of Baltimore, Maryland, where he had attended high school and worked for his father. Khan has made repeated offers to submit to a polygraph test to prove his innocence, but been denied.[4] The Director of National Intelligence has asserted that Khan's experience working in his father's gas station "...made Khan highly qualified to assist Mohammad with the research and planning to blow up gas stations."
quote:The "wider context" is full of bogeymen. The actual case involves access to a phone.
Originally posted by chris stiles:
quote:I don't think one necessarily has to believe I an absolute right of privacy in order to be cautiously supportive of Apple in this particular scenario given the wider context.
Originally posted by lowlands_boy:
So - should there be some absolute right to privacy then?
quote:Ding! Ding! Ding! We have a winner. All of these terrible things will apparently only happen with software that Apple doesn't want to write. Not with all the software that Apple wants you to trust.
Originally posted by Dave W.:
quote:But couldn't you make the same argument about all of Apple's software? If they're unable to control this one copy of iOS, why should anything they do be considered secure?
Originally posted by Doublethink.:
I think the biggest risk is more basic, once the software is written and available in a large organisation - sooner or later it will be leaked. Not because either Apple or the FBI want that - but just because it is worth a huge amount of money.
quote:Declarations that they are attacking civil liberty are equally ridiculous. They are investigating a crime. They are going to a judge to get a court order, which is exactly what law enforcement authorities are supposed to do.
Originally posted by lilBuddha:
quote:The lock analogy is ridiculous.
Originally posted by Leorning Cniht:
quote:And in case it wasn't clear, why should a software lock be treated differently from a physical lock?
Originally posted by Leorning Cniht:
Why should the computer in your pocket be different?
The FBI are attacking civil liberty. That is what this is about.
quote:Overzealous law enforcement can't be completely eliminated, but it's prudent for society to take it seriously.
In the course of these events, Aleynikov has spent a year in prison for crimes he didn't commit. Aleynikov has divorced, lost his savings,[12] and, according to his lawyer, "[his] life has been all but ruined".
quote:One doesn't need any vast government conspiracy. All that is necessary is that a power be available and someone will use it, someone will abuse it. Often with the best intention. It is inevitable.
Originally posted by orfeo:
The other thing that is freaking ridiculous is talking about the FBI and the NSA and people abducted from other countries all in the same breath, as if "The Government" is just one big monolithic thing. No, as someone who works in "The Government", let me tell you all that it isn't some big fucking monolith of people conspiring in black vans.
quote:The FBI is a police force, not a spying agency.
Originally posted by lilBuddha:
The problem with governmental intelligence is not that they do not already have enough, but that they do not use it properly.
quote:Wow, so that caused a traffic jam of responses.
Originally posted by orfeo:
quote:The FBI is a police force, not a spying agency.
Originally posted by lilBuddha:
The problem with governmental intelligence is not that they do not already have enough, but that they do not use it properly.
quote:The proposal being discussed is a modification to the phone's operating system that requires physical access to the phone. This isn't the same as a mass NSA data sieve.
Originally posted by W Hyatt:
For the same reason the NSA digitally collecting massive amounts of phone records is different than getting a warrant for an old-style wire-tap.
quote:Yes, it is. This isn't a mass wiretap program, and doesn't do anything to enable a mass wiretap program.
This is not a simple case of a search warrant overriding someone's privacy.
quote:It's the same precedent as looking through someone's computer.
Originally posted by lilBuddha:
It creates a precedent and moves the line further down the road.
quote:It very likely would, but probably not in the way most people think.
Originally posted by lilBuddha:
It creates a precedent and moves the line further down the road.
quote:In a very literal and limited way, obviously that is true, but I hope nobody really believes it is either ethically or existentially true.
Originally posted by Alisdair:
The police have the right to do whatever the law allows them to do. ...
quote:And clearly they've been successful at safeguarding the Apple signature software that has to be used to get the phone to accept a new iOS, or else the FBI wouldn't need to get Apple to help -- they'd just have their own people write the code.
Originally posted by Dave W.:
quote:But couldn't you make the same argument about all of Apple's software? If they're unable to control this one copy of iOS, why should anything they do be considered secure?
Originally posted by Doublethink.:
I think the biggest risk is more basic, once the software is written and available in a large organisation - sooner or later it will be leaked. Not because either Apple or the FBI want that - but just because it is worth a huge amount of money.
quote:I agree with almost all of this. I do think they want the info on this one phone, and I believe them when they say they think it might tell them whether other people helped the San Bernardino terrorists carry out this attack.
Originally posted by Belle Ringer:
I doubt FBI believes national security shattering data is on that one phone and nowhere else; more likely they see this situation as a great gift yto exploit for getting the public to agree that FBI should have backdoor access to everything.
It's not about one phone end of topic. It's about one phone used as a strategic tool to push, phone by phone at first, then collect multiple incidents to prove FBI needs access to all communications "to keep us safe."
Possessing a phone they don't have backdoor access to will become a crime. Duh, if they have right of access you have no right to possess unaccessible, obviously you'd be a terrorist.
FBI aren't stupid, they've always wanted total access, here's a bloody incident and a locked phone to milk for public persuasion towards their goal.
The only question is do you agree with their goal or not?
quote:This (or perhaps something like it) is pretty much where I am at too. It's actually been stated publicly by the security community, post the Snowden revelations, since when Apple and Google are reported to have stopped playing ball so nicely. So there are bigger issues at play here on both sides without any doubt.
But I think this is also a great case for them to try to advance the goal of access to people's data. The US security agencies have tried and failed to get Congress to pass legislation requiring companies like Apple and Google to build backdoors for government access into their systems. The FBI could have done this all quietly -- they usually do. But they sought this court order very publicly because they're hoping that the elements of the case -- terrorism, a dead suspect whose privacy we're not likely to care about, and the phone being owned by a local government agency which has given permission for it to be hacked -- will help shift the public debate of privacy vs security in the direction of security.
quote:Well, it's not exactly goodness that I'm relying on, but I do think the FBI for all its shortcomings is probably more subject to legal restraint than its Chinese counterpart.
Originally posted by RuthW:
If Apple is compelled by the US government to write code to break into someone's phone, they're going to have a hell of a time trying to tell the Chinese government that they won't do the same thing when the Chinese government demands it. Do folks here with faith in the goodness of US security agencies have the same faith in the goodness of Chinese security agencies? Somehow I doubt it.
quote:That's so cute.
Originally posted by orfeo:
quote:The FBI is a police force, not a spying agency.
Originally posted by lilBuddha:
The problem with governmental intelligence is not that they do not already have enough, but that they do not use it properly.
quote:
Originally posted by mousethief:
quote:That's so cute.
Originally posted by orfeo:
quote:The FBI is a police force, not a spying agency.
Originally posted by lilBuddha:
The problem with governmental intelligence is not that they do not already have enough, but that they do not use it properly.
![[Overused]](graemlins/notworthy.gif)
quote:Why? Apple have admitted that their new security, which they claimed was failsafe, is in fact "trust us, we're Apple".
Originally posted by The Rogue:
anyone who wants absolute phone security (I don't particularly) will be more interested in their products now.
quote:No, they really aren't. If you can't tell the difference between the FBI and the CIA and the NSA, this conversation is never going to get anywhere.
Originally posted by lilBuddha:
quote:Wow, so that caused a traffic jam of responses.
Originally posted by orfeo:
quote:The FBI is a police force, not a spying agency.
Originally posted by lilBuddha:
The problem with governmental intelligence is not that they do not already have enough, but that they do not use it properly.
First was someone should tell them that. Followed by aren't they the equivilant of MI5? And there is nothing that mandates a wall between police force and spying.
They are a domestic intelligence agency like MI5 and ASIO.
quote:Well, let's look at that again shall we
Originally posted by orfeo:
More to the point, this conversation is useless so long as everyone can just mention big, dark bogeymen and mutter darkly about the possibilities. How can anyone disprove these theories?
I just saw one astounding post where a person simultaneously asserted that (1) The FBI has already access to the phone, (2) hacking a phone is easy, (3) the FBI wants this for these wider nefarious purposes.
Again, how can anyone disprove such nonsensical, internally inconsistent theories? This is a guy proposing that Apple's security isn't actually worth anything, and that the FBI already knows how to break it, yet the FBI is asking for the tool to break Apple's security.
quote:(1) The FBI has already access to the phone
I'm quite sure that the FBI do have other mechanisms by which they can do this, given the resources at their disposal. I think it's reasonable to assume that they(and other intelligence agencies), do actually go out and acquire large quantities of phones, tablets etc etc, and study them in forensic detail at both the software and hardware level.
I'm sure they have already cracked this mechanism before as an exercise and could do so in this case. No harm in them asking Apple to do it, from their point of view.
quote:Um the CIA is not a domestic intelligence service, (and would be like MI6/ASIS and not MI5/ASIO).
Originally posted by orfeo:
quote:No, they really aren't. If you can't tell the difference between the FBI and the CIA and the NSA, this conversation is never going to get anywhere.
Originally posted by lilBuddha:
quote:Wow, so that caused a traffic jam of responses.
Originally posted by orfeo:
quote:The FBI is a police force, not a spying agency.
Originally posted by lilBuddha:
The problem with governmental intelligence is not that they do not already have enough, but that they do not use it properly.
First was someone should tell them that. Followed by aren't they the equivilant of MI5? And there is nothing that mandates a wall between police force and spying.
They are a domestic intelligence agency like MI5 and ASIO.
quote:The iphone model in question is not using their new security implementation.
Originally posted by Leorning Cniht:
quote:Why? Apple have admitted that their new security, which they claimed was failsafe, is in fact "trust us, we're Apple".
Originally posted by The Rogue:
anyone who wants absolute phone security (I don't particularly) will be more interested in their products now.
quote:Do you seriously think that the organization of government agencies always makes perfect sense, and never has any redundancy? Many voices said, and are still saying, that the NSA was completely unnecessary because we have the FBI. Do you think there was no domestic spying in the US before Dubya created the NSA? Or that the FBI just willingly relinquished all such activities when the NSA was created?
Originally posted by orfeo:
I know that the systems between different countries aren't exactly parallel, but the fact is the FBI is not the CIA or the NSA, otherwise there'd be no reason for each of them to have a separate existence.
quote:Not all of us are making these claims. You can't refute one person's claims and thereby dismiss the rest of us. That's a variant of the straw man fallacy.
Originally posted by orfeo:
More to the point, this conversation is useless so long as everyone can just mention big, dark bogeymen and mutter darkly about the possibilities. How can anyone disprove these theories?
I just saw one astounding post where a person simultaneously asserted that (1) The FBI has already access to the phone, (2) hacking a phone is easy, (3) the FBI wants this for these wider nefarious purposes.
Again, how can anyone disprove such nonsensical, internally inconsistent theories? This is a guy proposing that Apple's security isn't actually worth anything, and that the FBI already knows how to break it, yet the FBI is asking for the tool to break Apple's security.
quote:That's also pretty much how the FBI describes itself:
The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States, which simultaneously serves as the nation's prime Federal law enforcement organization.
quote:I think the FBI should be investigating the San Bernardino terrorist attack, and they'd be remiss if they didn't try to find out what's on that phone. If Apple has a good reason why they shouldn't be required to do what the FBI wants, they'll have a chance to explain it this week to the judge who issued the writ.
What is the FBI?
The FBI is an intelligence-driven and threat-focused national security organization with both intelligence and law enforcement responsibilities—the principal investigative arm of the U.S. Department of Justice and a full member of the U.S. Intelligence Community. It has the authority and responsibility to investigate specific crimes assigned to it and to provide other law enforcement agencies with cooperative services, such as fingerprint identification, laboratory examinations, and training. The FBI also gathers, shares, and analyzes intelligence—both to support its own investigations and those of its partners and to better understand and combat the security threats facing the United States.
quote:Perhaps this protection doesn't apply to the firmware update the FBI is asking for, but so far Apple hasn't provided enough detail publicly to explain why.
The boot-time chain-of-trust evaluation verifies that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature.
These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another.
quote:I don't think one needs evidence or even a suggestion of any specific conspiracy to be concerned about the limits of power. I have no evidence at all of any crimes the Queen would have committed had she come to the throne with absolute power, but that's not a reason for thinking this democracy idea might be a bit excessive. To put it another way, if one waits to see if a power is abused before putting limits on it, one is usually too late.
Originally posted by orfeo:
More to the point, this conversation is useless so long as everyone can just mention big, dark bogeymen and mutter darkly about the possibilities. How can anyone disprove these theories?
quote:It would apply to this individual version. The reason Apple are opposing is it is that if they manage to set the precedent that they can't be asked to do it, then they have that to cite in the future. If they lose this time, they can be asked to do it again and again.
Originally posted by Dave W.:
I don't think it's necessary to invoke turf battles or the FBI's checkered past to justify characterizing it as a domestic intelligence agency - that view is sufficiently mainstream to make it into the first sentence of the FBI's wiki page:
quote:That's also pretty much how the FBI describes itself:
The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States, which simultaneously serves as the nation's prime Federal law enforcement organization.
quote:I think the FBI should be investigating the San Bernardino terrorist attack, and they'd be remiss if they didn't try to find out what's on that phone. If Apple has a good reason why they shouldn't be required to do what the FBI wants, they'll have a chance to explain it this week to the judge who issued the writ.
What is the FBI?
The FBI is an intelligence-driven and threat-focused national security organization with both intelligence and law enforcement responsibilities—the principal investigative arm of the U.S. Department of Justice and a full member of the U.S. Intelligence Community. It has the authority and responsibility to investigate specific crimes assigned to it and to provide other law enforcement agencies with cooperative services, such as fingerprint identification, laboratory examinations, and training. The FBI also gathers, shares, and analyzes intelligence—both to support its own investigations and those of its partners and to better understand and combat the security threats facing the United States.
So far I don't think their public statements are too convincing. The FBI seems to be making a request narrowly targeted at this one particular phone and in its own iOS Security Guide, Apple describes how it makes sure that update packages are linked to individual phones:
quote:Perhaps this protection doesn't apply to the firmware update the FBI is asking for, but so far Apple hasn't provided enough detail publicly to explain why.
The boot-time chain-of-trust evaluation verifies that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature.
These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another.
quote:I used only publicly available sources, honest! I swear on the grave of Efrem Zimbalist, Jr.
Originally posted by mousethief:
Dave W. -- good job investigating.
quote:Terrorist groups and organized criminals tend to avoid revealing their plans; some amount of secret information gathering seems necessary.
"The FBI also gathers, shares, and analyzes intelligence...."
IOW, spying.
quote:But what's wrong with the limits proposed? They got a warrant from a judge and they're asking for Apple to do something to one specific phone. If this request on its own is reasonable, I don't think it makes sense to deny it just because they might make an unreasonable request in the future. (That view seems to provide grounds for arguing that no judge should grant any warrant or writ, ever, no matter how justified.)
I don't think one needs evidence or even a suggestion of any specific conspiracy to be concerned about the limits of power. [...] To put it another way, if one waits to see if a power is abused before putting limits on it, one is usually too late.
quote:I would imagine so! But it's not like Apple doesn't already have policies and guidelines for responding to government entities. Unless they can show that it's an unreasonable burden, they can't refuse just because they don't want to.
It would apply to this individual version. The reason Apple are opposing is it is that if they manage to set the precedent that they can't be asked to do it, then they have that to cite in the future. If they lose this time, they can be asked to do it again and again.
quote:This is the strawest of men. It's not because they "don't want to." It's because it would open the door to all manner of abuses of power. A road it's best not to take the first step on.
Originally posted by Dave W.:
Unless they can show that it's an unreasonable burden, they can't refuse just because they don't want to.
quote:And we have all heard tales of the FBI's use of this power to shut down groups that have nothing to do with terrorism or the mob. "Legalize marijuana" advocates being one that comes to mind immediately.
Terrorist groups and organized criminals tend to avoid revealing their plans; some amount of secret information gathering seems necessary.
quote:"If they lose this time, they can be asked to do it again and again." was exactly the argument I was responding to; I don't think this is obviously the same as "all manner of abuses of power," so I plead not guilty to strawman assassination on this point
Originally posted by mousethief:
quote:This is the strawest of men. It's not because they "don't want to." It's because it would open the door to all manner of abuses of power. A road it's best not to take the first step on.
Originally posted by Dave W.:
Unless they can show that it's an unreasonable burden, they can't refuse just because they don't want to.
quote:Enoch expressed my concerns very well a few posts ago - a warrant that explicitly requires Apple to do stuff seems to me qualitatively different from a warrant that merely requires Apple not to resist while the FBI take stuff away.
Originally posted by Dave W.:
But what's wrong with the limits proposed? They got a warrant from a judge and they're asking for Apple to do something to one specific phone. If this request on its own is reasonable, I don't think it makes sense to deny it just because they might make an unreasonable request in the future. (That view seems to provide grounds for arguing that no judge should grant any warrant or writ, ever, no matter how justified.)
quote:I'm pretty sure a longer passcode was already possible with the 5C; and in any case, from what I've read people are still likely to choose passcodes which are easy to remember - i.e. short, bad passcodes - so brute force attacks usually don't have to try anywhere near all the possible combinations. Even if they make 6-digits the default instead of 4, that would still take only the FBI's proposed method just under a day at most instead of just under 15 minutes.
Originally posted by lowlands_boy:
This particular case will cease to matter in due course, because the specific technology is already obsolete. Later versions that allow much longer alphanumeric passwords already exist. Apple can't decrypt the current phone - only make it easier for agencies to cycle through the 10,000 possible passwords. With a longer character based password, the number of permutations is enormous.
So, they should comply in this case because it won't matter much longer.
quote:Digits is different to characters. 0-9 for digits, but for characters, you have 52 upper and lower case letters, plus the 0-9, plus punctuation.
Originally posted by Dave W.:
quote:I'm pretty sure a longer passcode was already possible with the 5C; and in any case, from what I've read people are still likely to choose passcodes which are easy to remember - i.e. short, bad passcodes - so brute force attacks usually don't have to try anywhere near all the possible combinations. Even if they make 6-digits the default instead of 4, that would still take only the FBI's proposed method just under a day at most instead of just under 15 minutes.
Originally posted by lowlands_boy:
This particular case will cease to matter in due course, because the specific technology is already obsolete. Later versions that allow much longer alphanumeric passwords already exist. Apple can't decrypt the current phone - only make it easier for agencies to cycle through the 10,000 possible passwords. With a longer character based password, the number of permutations is enormous.
So, they should comply in this case because it won't matter much longer.
quote:I see the distinction you're making, but I think that you're mistaken that there's no precedent for this. One example the government gives in its application for the writ is a case from 1977 in which the Supreme Court ruled that a telephone company was properly compelled under the All Writs Act to assist the FBI in setting up a pen register (a method for recording numbers dialed) in an investigation of illegal gambling.
Originally posted by Ricardus:
My concern is that a 'do stuff for us' warrant constitutes an entirely new kind of warrant for which no guidelines have ever been laid down. This is what I mean by a lack of limits.
quote:Thank you, I'm quite aware of the distinction - but it's irrelevant to my point. Since the ability to enter strong passwords is already available, I don't agree that "it won't matter much longer."
Originally posted by lowlands_boy:
Digits is different to characters. 0-9 for digits, but for characters, you have 52 upper and lower case letters, plus the 0-9, plus punctuation.
quote:Because as I have said above and nobody seems to have paid any attention to, the government is in apoplexy because there is no back door to cybersecurity, despite the government throwing a hissy fit in court prior to this. This creates the possibility of a back door. It's unprecedented in the cyber world, and something cybersecurity people have been fighting since large-prime encryption was invented.
Originally posted by Dave W.:
But as to opening the door to abuses of power - presumably you'd consider the government's power to execute other kinds of searches to be legitimate, and not necessarily a harbinger of abuse. Assuming you do, what exactly makes this attempt so much more dangerous?
quote:I'm not sure what you mean by "creating the possibility of a back door." Not quite the same as creating a back door, apparently. But doesn't Apple's tacit admission that the FBI's request is feasible imply that the possibility (at least) already exists? If Apple wants to make more secure phones, let them do so.
Originally posted by mousethief:
quote:Because as I have said above and nobody seems to have paid any attention to, the government is in apoplexy because there is no back door to cybersecurity, despite the government throwing a hissy fit in court prior to this. This creates the possibility of a back door. It's unprecedented in the cyber world, and something cybersecurity people have been fighting since large-prime encryption was invented.
Originally posted by Dave W.:
But as to opening the door to abuses of power - presumably you'd consider the government's power to execute other kinds of searches to be legitimate, and not necessarily a harbinger of abuse. Assuming you do, what exactly makes this attempt so much more dangerous?
quote:Yes, I'll get right on that. At the appropriate juncture. In due course. In the fullness of time. Until then, I'd be open to any attempt you'd care to make at explaining more fully at a level somewhere between "Because as I have said above and nobody seems to have paid any attention to" and "go read a 370 page book so you can be as enlightened as me."
For God's sake, all you "what's the harm?" types, read Crypto by Steven Levy, so you'll know what you're talking about.
quote:Actually, per Wikipedia,
Do you think there was no domestic spying in the US before Dubya created the NSA?
quote:FYI.
The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman's memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as "No Such Agency".[29]
quote:This does no such thing. The possibility of a back door already exists, and you only have Apple's word for it that there isn't one.
Originally posted by mousethief:
This creates the possibility of a back door.
quote:In which case, should I assume that Microsoft and Apple are constantly offering me security updates for some nefarious purpose? They keep suggesting they're closing unforeseen back doors for me, but if there are no back doors...
Originally posted by mousethief:
there is no back door to cybersecurity
quote:Sorry I got it mixed up with TSA & Homeland Security.
Originally posted by Golden Key:
MT said:
quote:Actually, per Wikipedia,
Do you think there was no domestic spying in the US before Dubya created the NSA?
quote:FYI.
The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman's memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as "No Such Agency".[29]
quote:...assuming your friendly client isn't stashing a copy of your private key somewhere for you, or choosing deliberately weak keys or something. The math is sound, but how much do you trust the tool to be doing what it says it's doing?
Originally posted by mousethief:
Orfeo: There is no back door to a large-prime-based public/private key system.
quote:If you are afraid that "someone" (whether that's the FBI, the NSA, the Chinese government or whoever) might have a back door installed in your phone's operating system, but don't think that there's any chance that they'll install a back door in your encryption software, which you probably obtained from the same source, then I think you're a bit confused.
Originally posted by mousethief:
NOW who's spinning conspiracy theories?
quote:Ah, the ol' deflect-and-dodge. Nice.
Originally posted by Leorning Cniht:
quote:If you are afraid that "someone" (whether that's the FBI, the NSA, the Chinese government or whoever) might have a back door installed in your phone's operating system, but don't think that there's any chance that they'll install a back door in your encryption software, which you probably obtained from the same source, then I think you're a bit confused.
Originally posted by mousethief:
NOW who's spinning conspiracy theories?
quote:No, it's an entirely serious thought. I'm not spinning conspiracy theories - I'm pointing out that if your conspiracy theory centers around a potential back door in your phone software, and merrily assumes that there can't be a back door in another bit of your phone's software, then your theory is a trifle lacking in internal consistency.
Originally posted by mousethief:
Ah, the ol' deflect-and-dodge. Nice.
quote:The first step is access to a specific phone. Everything past that - every assertion that this will lead to access to other phones - IS a slippery slope argument. Whether you recognise it or not.
Originally posted by lilBuddha:
No one, as far as I recall, is saying this is a first/further step down a slippery slope. We* are saying that this step, in and of itself, is a problem.
quote:It would be if they did not already have a record of abusing the legal limits of their authority
Originally posted by orfeo:
quote:The first step is access to a specific phone. Everything past that - every assertion that this will lead to access to other phones - IS a slippery slope argument. Whether you recognise it or not.
Originally posted by lilBuddha:
No one, as far as I recall, is saying this is a first/further step down a slippery slope. We* are saying that this step, in and of itself, is a problem.
There have been several references to things such as mass surveillance programs. Which would be relevant if the FBI was seeking authorisation of a mass surveillance program. They're not. They're asking for access to the data on one phone, and every single statement about what that might lead to is a slippery slope argument.
quote:It's still a slippery slope argument. The difference is that you assert a history of lubrication.
Originally posted by lilBuddha:
quote:It would be if they did not already have a record of abusing the legal limits of their authority
Originally posted by orfeo:
quote:The first step is access to a specific phone. Everything past that - every assertion that this will lead to access to other phones - IS a slippery slope argument. Whether you recognise it or not.
Originally posted by lilBuddha:
No one, as far as I recall, is saying this is a first/further step down a slippery slope. We* are saying that this step, in and of itself, is a problem.
There have been several references to things such as mass surveillance programs. Which would be relevant if the FBI was seeking authorisation of a mass surveillance program. They're not. They're asking for access to the data on one phone, and every single statement about what that might lead to is a slippery slope argument.
quote:This step, in and of itself, is the FBI wanting to examine the contents of a phone, and having a court order Apple to assist them.
Originally posted by lilBuddha:
We* are saying that this step, in and of itself, is a problem.
quote:Good thing that's not the actual criterion, then.
Originally posted by W Hyatt:
For example, if the precedent becomes "the only criterion for demanding new software is that its development is determined not to be an undue burden," that sounds to me like a very dangerous precedent.
quote:Your entire question is premised on the notions that whatever Apple writes to unlock this particular phone will inevitably be (1) in the possession of the FBI thereafter, and (2) will be useful to unlock any other phone.
Originally posted by W Hyatt:
Theoretically, is there any software the FBI should not be allowed to have in its arsenal for collecting information?
I understand what you're saying up until you refer to new software. When information is on a physical medium (e.g. paper), it's clear when a warrant is needed. But when information is digital, it's won't necessarily be obvious when the FBI ignores the need for a warrant. If they have a software tool that's supposed to be used only in combination with a warrant, what's to stop them from using it without a warrant? Any evidence they gather won't be admissable, but once they have it, figuring out how to obtain the same information legally becomes much easier so it will always be a temptation to skip the warrant.
It seems to me to be somewhat parallel with devices police departments use to identify everyone's cell phone in a specific area. It's a form of mass search that some judges seem to think is perfectly fine, but from an information point of view, it's the same as stopping everyone at that location and demanding to see their identification. Maybe that's actually legal, but it seems to me that software has a tendency to blur lines that used to be distinct, and I'm not at all sure that judges generally recognize that to be the case.
quote:For the record:
Originally posted by W Hyatt:
I think it was Eutychus who told us about an inmate (probably in France?) who was incarcerated at least in part because the police determined that the "suspect" was in a particular area but had his cell phone turned off, which they knew because they couldn't identify him with the kind of device I mentioned above. The court was apparently willing to accept that as evidence of guilt
quote:Probably. Maybe. It's hypothetical, and I'm not going to claim I can read the mind of every judge (and every police officer for that matter) from here until the end of time.
Originally posted by W Hyatt:
Can we count on the courts to only demand new software that targets individuals? What if the only way for the FBI to get some pertinent information it knows exists is by doing a mass search and then filtering the results? Will the courts prevent them from demanding that a manufacturer supply new software to do such a search?
quote:It's not a conspiracy to expect spy agencies will continue spying. It's not naive to expect that companies whose very existence depends on the security of their security systems will work to make and keep them secure.
Originally posted by Leorning Cniht:
quote:No, it's an entirely serious thought. I'm not spinning conspiracy theories - I'm pointing out that if your conspiracy theory centers around a potential back door in your phone software, and merrily assumes that there can't be a back door in another bit of your phone's software, then your theory is a trifle lacking in internal consistency.
Originally posted by mousethief:
Ah, the ol' deflect-and-dodge. Nice.
This particular case is nothing to do with back doors of any kind, so the whole back-door tangent is pretty much irrelevant except as the end-game to a slippery-slope argument.
quote:Apple are not, as far as I know, the government (although they have more money than lots of governments). Apple do not dispute that they can produce the modified software for one phone.
Originally posted by mousethief:
quote:It's not a conspiracy to expect spy agencies will continue spying. It's not naive to expect that companies whose very existence depends on the security of their security systems will work to make and keep them secure.
Originally posted by Leorning Cniht:
quote:No, it's an entirely serious thought. I'm not spinning conspiracy theories - I'm pointing out that if your conspiracy theory centers around a potential back door in your phone software, and merrily assumes that there can't be a back door in another bit of your phone's software, then your theory is a trifle lacking in internal consistency.
Originally posted by mousethief:
Ah, the ol' deflect-and-dodge. Nice.
This particular case is nothing to do with back doors of any kind, so the whole back-door tangent is pretty much irrelevant except as the end-game to a slippery-slope argument.
What is naive is to accept at face value the government's assurance that it's "just this one phone." What a crock of shit.
quote:A precedent is "an example or guide to be used in similar circumstances", but you seem to be arguing that the danger is that a ruling for the FBI would embolden it in other circumstances; this is different from a bad precedent, which is something that shouldn't be repeated even under similar circumstances.
Originally posted by mousethief:
As for the "slippery slope" phrasing, if that's bad I suppose you will have to throw out forever the argument that "this sets a bad precedent." Because that's just another way of saying "this is the first step down a slippery slope."
Therefore there is no such thing as a bad precedent, and that should never be a consideration for judging the advisability of any action.
quote:I'm pretty sure it would come as cold comfort to any "terrorism suspect" locked up without trial in Guantanamo Bay that the evidence that put him there was unlawfully obtained and thus would not be admissible in court.
Originally posted by orfeo:
We have laws, for example, about the exclusion of evidence that is unlawfully obtained.
quote:If that's what you're worried about, I think you're well beyond caring whether this judge is correctly applying the All Writs Act.
Originally posted by Marvin the Martian:
quote:I'm pretty sure it would come as cold comfort to any "terrorism suspect" locked up without trial in Guantanamo Bay that the evidence that put him there was unlawfully obtained and thus would not be admissible in court.
Originally posted by orfeo:
We have laws, for example, about the exclusion of evidence that is unlawfully obtained.
quote:The FBI wants Apple to break into 12 other iPhones, and the Manhattan DA wants Apple to break into 175 phones - article in The Atlantic. So the slope looks pretty slippery to me.
Originally posted by Dave W.:
quote:A precedent is "an example or guide to be used in similar circumstances", but you seem to be arguing that the danger is that a ruling for the FBI would embolden it in other circumstances; this is different from a bad precedent, which is something that shouldn't be repeated even under similar circumstances.
Originally posted by mousethief:
As for the "slippery slope" phrasing, if that's bad I suppose you will have to throw out forever the argument that "this sets a bad precedent." Because that's just another way of saying "this is the first step down a slippery slope."
Therefore there is no such thing as a bad precedent, and that should never be a consideration for judging the advisability of any action.
quote:All of which appear to be in front of a judge, in the normal way, who can evaluate and approve or deny them.
Originally posted by RuthW:
quote:The FBI wants Apple to break into 12 other iPhones, and the Manhattan DA wants Apple to break into 175 phones - article in The Atlantic. So the slope looks pretty slippery to me.
Originally posted by Dave W.:
quote:A precedent is "an example or guide to be used in similar circumstances", but you seem to be arguing that the danger is that a ruling for the FBI would embolden it in other circumstances; this is different from a bad precedent, which is something that shouldn't be repeated even under similar circumstances.
Originally posted by mousethief:
As for the "slippery slope" phrasing, if that's bad I suppose you will have to throw out forever the argument that "this sets a bad precedent." Because that's just another way of saying "this is the first step down a slippery slope."
Therefore there is no such thing as a bad precedent, and that should never be a consideration for judging the advisability of any action.
quote:Yes.
Originally posted by Marvin the Martian:
quote:I'm pretty sure it would come as cold comfort to any "terrorism suspect" locked up without trial in Guantanamo Bay that the evidence that put him there was unlawfully obtained and thus would not be admissible in court.
Originally posted by orfeo:
We have laws, for example, about the exclusion of evidence that is unlawfully obtained.
quote:They elected one black man as President, now there are others who want the job.
Originally posted by RuthW:
quote:The FBI wants Apple to break into 12 other iPhones, and the Manhattan DA wants Apple to break into 175 phones - article in The Atlantic. So the slope looks pretty slippery to me.
Originally posted by Dave W.:
quote:A precedent is "an example or guide to be used in similar circumstances", but you seem to be arguing that the danger is that a ruling for the FBI would embolden it in other circumstances; this is different from a bad precedent, which is something that shouldn't be repeated even under similar circumstances.
Originally posted by mousethief:
As for the "slippery slope" phrasing, if that's bad I suppose you will have to throw out forever the argument that "this sets a bad precedent." Because that's just another way of saying "this is the first step down a slippery slope."
Therefore there is no such thing as a bad precedent, and that should never be a consideration for judging the advisability of any action.
quote:I didn't expect this to be a unique case, never to be repeated. I'm not sure how to judge whether the number of phones cited by The Atlantic is large or small - according to the US Federal Courts 3,554 wiretap orders were reported in 2014.* Smartphones are pretty much ubiquitous, so it's not surprising that other warrants will have been issued in similar circumstances - but if the circumstances really are similar, these additional warrants will leave us at the same spot on the slope as with the San Bernardino case.
Originally posted by RuthW:
quote:The FBI wants Apple to break into 12 other iPhones, and the Manhattan DA wants Apple to break into 175 phones - article in The Atlantic. So the slope looks pretty slippery to me.
Originally posted by Dave W.:
quote:A precedent is "an example or guide to be used in similar circumstances", but you seem to be arguing that the danger is that a ruling for the FBI would embolden it in other circumstances; this is different from a bad precedent, which is something that shouldn't be repeated even under similar circumstances.
Originally posted by mousethief:
As for the "slippery slope" phrasing, if that's bad I suppose you will have to throw out forever the argument that "this sets a bad precedent." Because that's just another way of saying "this is the first step down a slippery slope."
Therefore there is no such thing as a bad precedent, and that should never be a consideration for judging the advisability of any action.
quote:
The number of state wiretaps in which encryption was encountered decreased from 41 in 2013 to 22 in 2014. In two of these wiretaps, officials were unable to decipher the plain text of the messages. Three federal wiretaps were reported as being encrypted in 2014, of which two could not be decrypted. Encryption was also reported for five federal wiretaps that were conducted during previous years, but reported to the AO for the first time in 2014. Officials were able to decipher the plain text of the communications in four of the five intercepts.
quote:But it's not secure. They can write software to defeat the self-destruct feature. Whether they actually have or not is completely irrelevant to the actual security of the phone.
Originally posted by mousethief:
It's not naive to expect that companies whose very existence depends on the security of their security systems will work to make and keep them secure.
quote:This court order is about one phone. Of course there will be other phones, each with their own court order, and I still don't see why searching through someone's phone is magically worse than searching through their filing cabinet.
What is naive is to accept at face value the government's assurance that it's "just this one phone." What a crock of shit.
quote:How about this: nobody expects that filing cabinets will be secure against government intrusion. The filing cabinet industry was not created to keep filing cabinets secure from snooping, and did not create a filing cabinet security system that has the government shitting its fucking pants because there is no way through it. The ignorance on this thread about the actual history of this issue is choking. Absofuckinglutely CHOKING.
Originally posted by Leorning Cniht:
I still don't see why searching through someone's phone is magically worse than searching through their filing cabinet.
quote:Children, gather around. Who can tell me if this is a straw man fallacy, or a false analogy? Suzie?
Originally posted by orfeo:
The FBI making a dozen more individual applications for unlocking an iPhone after the one application has been granted is precedent. A slippery slope would be the FBI not having to make individual applications any more, or never being knocked back by a judge.
quote:You bought a phone expecting it would be secure against a search warrant? And you think the smartphone industry was created to keep smartphones secure from snooping?
Originally posted by mousethief:
quote:How about this: nobody expects that filing cabinets will be secure against government intrusion. The filing cabinet industry was not created to keep filing cabinets secure from snooping, and did not create a filing cabinet security system that has the government shitting its fucking pants because there is no way through it.
Originally posted by Leorning Cniht:
I still don't see why searching through someone's phone is magically worse than searching through their filing cabinet.
quote:Oh right, right - I seem to recall you once read a book on it, didn't you? That's really very impressive!
The ignorance on this thread about the actual history of this issue is choking. Absofuckinglutely CHOKING.
quote:Unlikely, especially for participants like me who aren't in the US. Perhaps you could try explaining your points of view, rather than just constantly expressing your sympathy/contempt for people who don't already hold it?
Originally posted by mousethief:
I was unaware that knowledge is risible. This must be the all-Republican Ship of Fools thread.
quote:This seems like an adept way of trying to cast doubt upon my statement without going to the effort of actually articulating what's wrong with it.
Originally posted by mousethief:
Children, gather around. Who can tell me if this is a straw man fallacy, or a false analogy? Suzie?
quote:I was talking about purpose. When you think about information that you need to keep secure, where do you think about putting it?
Originally posted by Golden Key:
ISTM:
--Filing cabinets are generally kept in an area over which you have some control. (E.g., locked room.) Thieves generally aren't going to haul a whole filing cabinet away. So a basic, visible lock on a cabinet may be enough to deter a thief--unless they know how to pick a lick, or they're determined enough to use a pry bar or small explosives to forcibly open it.
--Cell phones are purposely portable, which makes them much easier to steal. They're not only communication devices, but storage devices. Even a basic pre-paid, non-smart phone stores contacts, logs, messages, photos, and maybe ID and credit info. So it needs at least security options. And, since it broadcasts, rather than using a wire, it needs security on that level, too.
So yes, cell phones should be very secure.
quote:Well, as the post you are responding to points out, at least some information that you are likely to want to keep secure is created on the phone itself. Secondly, regardless of where it is stored the phone itself needs to be secure - unless the user never accesses personal information from their phone. The need for security is driven by access - not necessarily storage itself.
Originally posted by orfeo:
I was talking about purpose. When you think about information that you need to keep secure, where do you think about putting it?
I strongly suspect the answer is not an iPhone, although apparently Apple wants you to start thinking that. You put data in your iPhone for the purpose of portability and convenience. The need for some security flows from that
quote:It's not knowledge I'm mocking. And I'm sure that, if asked, Donald Trump would assure us that's read plenty of books, too.
Originally posted by mousethief:
I was unaware that knowledge is risible. This must be the all-Republican Ship of Fools thread.
quote:You bought a phone expecting it would be secure against a search warrant? And you think the smartphone industry was created to keep smartphones secure from snooping?
Originally posted by mousethief:
quote:How about this: nobody expects that filing cabinets will be secure against government intrusion. The filing cabinet industry was not created to keep filing cabinets secure from snooping, and did not create a filing cabinet security system that has the government shitting its fucking pants because there is no way through it.
Originally posted by Leorning Cniht:
I still don't see why searching through someone's phone is magically worse than searching through their filing cabinet.
quote:Why should I? When I try, what I say is fed back to me in a garbled state, such as this:
Originally posted by Dave W.:
But don't hide your lamp under a bushel, mousethief - how about digging into that deep reserve of knowledge and responding to questions about statements you made?
quote:This entire thread is one colossal straw man.
You bought a phone expecting it would be secure against a search warrant? And you think the smartphone industry was created to keep smartphones secure from snooping?
quote:Because at least three of us have made points that we're really interested in continuing to discuss? You just don't seem to be able to stay on the same topic as the rest of the us though.
Originally posted by mousethief:
quote:Why should I? When I try, what I say is fed back to me in a garbled state, such as this:
Originally posted by Dave W.:
But don't hide your lamp under a bushel, mousethief - how about digging into that deep reserve of knowledge and responding to questions about statements you made?
quote:This entire thread is one colossal straw man.
You bought a phone expecting it would be secure against a search warrant? And you think the smartphone industry was created to keep smartphones secure from snooping?
quote:So your argument is that the law should treat your phone differently from your filing cabinet because your phone comes with a "government, don't look in here" sticker?
Originally posted by mousethief:
How about this: nobody expects that filing cabinets will be secure against government intrusion.
quote:Again, the computer aspect is a red herring here. Some police force needs something to pursue an investigation, and you are the only person who knows how to make that thing. Can you be forced to help?
what can other companies be compelled to do to assist government investigations?
quote:Asked why X is different from Y, you answer that Y doesn't have properties A and B. It is neither garbling your words nor creating a straw man to suggest that you have just implied that X does have those properties.
Originally posted by mousethief:
quote:Why should I? When I try, what I say is fed back to me in a garbled state, such as this:
Originally posted by Dave W.:
But don't hide your lamp under a bushel, mousethief - how about digging into that deep reserve of knowledge and responding to questions about statements you made?
quote:This entire thread is one colossal straw man.
You bought a phone expecting it would be secure against a search warrant? And you think the smartphone industry was created to keep smartphones secure from snooping?
quote:If the judge can potentially dismiss Apple's argument based on the "many instances in which Apple has unlocked phones previously" doesn't that pretty much prove that precedent is a real & valid concern and not just a "slippery slope" argument?
Originally posted by Dave W.:
Interestingly, the Apple rep doesn't say anything about a threat to privacy on other phones; he seems to rely on arguments that Apple doesn't have a close connection and that acquiescing to this order would damage consumer trust. The judge seems skeptical in light of the many instances in which Apple has unlocked phones previously...
quote:A precedent for what, though? It's a precedent for Apple's capability to unlock a phone when asked.
Originally posted by cliffdweller:
quote:If the judge can potentially dismiss Apple's argument based on the "many instances in which Apple has unlocked phones previously" doesn't that pretty much prove that precedent is a real & valid concern and not just a "slippery slope" argument?
Originally posted by Dave W.:
Interestingly, the Apple rep doesn't say anything about a threat to privacy on other phones; he seems to rely on arguments that Apple doesn't have a close connection and that acquiescing to this order would damage consumer trust. The judge seems skeptical in light of the many instances in which Apple has unlocked phones previously...
quote:Again, I'm not sure this is relevant. Most of the wider IT industry is moving in this direction - and in many ways the behaviour of government is only a small factor in driving this change - a larger factor is the escalation in technical capabilities to crack systems as well as various data breaches and the associated fallout.
Originally posted by orfeo:
The idea that absolute security is a key principle of smartphones ignores that the current problem only arose in the last 18 months.
quote:It's highly relevant, though. We're not merely talking about technology, we're talking about legal principles.
Originally posted by chris stiles:
quote:Again, I'm not sure this is relevant. Most of the wider IT industry is moving in this direction - and in many ways the behaviour of government is only a small factor in driving this change - a larger factor is the escalation in technical capabilities to crack systems as well as various data breaches and the associated fallout.
Originally posted by orfeo:
The idea that absolute security is a key principle of smartphones ignores that the current problem only arose in the last 18 months.
Apple is just able to move slightly faster as they control their own ecosystem from end to end, and have slightly more incentive to do so as their end customers are the people buying their devices.
quote:There are several strands here:
Originally posted by orfeo:
It's highly relevant, though. We're not merely talking about technology, we're talking about legal principles.
I fail to see why a principle of sanctity of data should appear now just because sanctity of data might have become a technical possibility.
quote:From what I've seen Apple are not saying it's a terrible idea to unlock a single phone, they've mentioned their objection to providing a "back door" to phones in general. Now we know that's not what the FBI have asked for, but the fact that Apple framed it that way is either spin or it implies something about the technical details that mean a single-phone solution would easily become a more general purpose back door.
Originally posted by orfeo:
Whether Apple ought to be required to help is a distinct legal argument, and while it might be one Apple is running in court, in the land of public opinion they're running the argument that the FBI accessing a phone is a terrible idea. It didn't suddenly become a terrible idea just because access has become difficult. All the the change in technology did was create a situation where Apple could combine it's supposed "principles" on the issue with a practical situation.
quote:No, this still not persuading me in the slightest.
Originally posted by chris stiles:
quote:There are several strands here:
Originally posted by orfeo:
It's highly relevant, though. We're not merely talking about technology, we're talking about legal principles.
I fail to see why a principle of sanctity of data should appear now just because sanctity of data might have become a technical possibility.
It has always been possible to encrypt (place a mathematical level lock) a piece of information in such a way that it could not be broken, that's not merely a technical capability.
At the same time, the volume of information people generate just by virtue of having smart phones etc. is far greater than in the past. There are information flows available these days that were not available at any practical level in the past. Search engine query for an uncommon disease is traceable in a way that a trip to a reference library isn't. Legal guidelines written with the past in mind give current access to far more information than was necessarily intended when the legislation itself was drawn up. So to punt it one level up, we aren't talking about legal capabilities but philosophical principles.
If people's personal data is going to stored in anything other than offline storage to which only they have access to (which in itself has got harder and harder) then it has to be protected in some way [for our purposes, transmitting this data is equivalent to storage]. There is no way of doing this in a way that would allow only the 'good guys' access to this information whilst simultaneously preventing 'bad guys' from accessing it.
Given the ability to retain large quantities of data over time, any form of protection has to be capable of defeating not just present, but also future attacks, so the protection can't just be based on cost of capability required to break it.
quote:The main thing it implies to me is that Apple actually lacks the technical competence to devise an appropriate single-phone solution, and wants to blame the FBI for asking for a single-phone solution.
Originally posted by Paul.:
quote:From what I've seen Apple are not saying it's a terrible idea to unlock a single phone, they've mentioned their objection to providing a "back door" to phones in general. Now we know that's not what the FBI have asked for, but the fact that Apple framed it that way is either spin or it implies something about the technical details that mean a single-phone solution would easily become a more general purpose back door.
Originally posted by orfeo:
Whether Apple ought to be required to help is a distinct legal argument, and while it might be one Apple is running in court, in the land of public opinion they're running the argument that the FBI accessing a phone is a terrible idea. It didn't suddenly become a terrible idea just because access has become difficult. All the the change in technology did was create a situation where Apple could combine it's supposed "principles" on the issue with a practical situation.
quote:The notion that its purely 'theoretical' is largely incorrect and irrelevant. There are systems that implement similar levels of protection - it just so happens that at this particular moment in time, a consumer electronics company is rolling out similar protection at the level of a mass market device.
Originally posted by orfeo:
Whatever theoretical notion there might have been of it being possible to make information impregnable
quote:Because the volume of specific information each of us produces has expanded exponentially, including activities which would have been previously transacted in a largely untraceable manner, and that this in itself changes the implications of laws drawn decades ago. I do not think that it is illogical that the massive increase in powers thus implied should be the subject of public debate. It's not just an issue about volume of information created, but the types of information collected.
I fail to see what the volume of information has to do with anything. Let me emphasise yet again, we aren't talking about general licenses to collect information, we're talking about specific permission to collect specific information relating to specific persons.
quote:There's a quandary embedded in your use of this principle. The next generation of this technology could well be implemented in such a way that it was impossible for Apple - even in principle - to do what the FBI want them to do now.
It only makes sense to ban a technology on this basis if you can show that the bad uses actually outweigh the good. The mere existence of potential bad use is not enough.
quote:You cannot safely draw this conclusion - it could also imply that it is not possible to create a single-phone solution because of the manner in which the system is or has to be constructed.
Originally posted by orfeo:
The main thing it implies to me is that Apple actually lacks the technical competence to devise an appropriate single-phone solution, and wants to blame the FBI for asking for a single-phone solution.
quote:Only if Apple not just asserts that a master key is required, but if Apple asserts that they can't hold onto the master key themselves after unlocking one phone as requested.
Originally posted by Paul.:
In which case the courts will need to decide whether Apple are duty bound to give away a master key to unlock one safe.
quote:Similarly, the notion that it is "not possible" says something about Apple. It'd be one thing for a person to tell you that they can't possibly create a one-off solution for a system designed by someone else, but here it's the actual creator of the system that is telling you they designed the system in such a way as to make it impossible.
Originally posted by chris stiles:
quote:You cannot safely draw this conclusion - it could also imply that it is not possible to create a single-phone solution because of the manner in which the system is or has to be constructed.
Originally posted by orfeo:
The main thing it implies to me is that Apple actually lacks the technical competence to devise an appropriate single-phone solution, and wants to blame the FBI for asking for a single-phone solution.
quote:Indeed and they did this deliberately precisely because they didn't want to be placed in this position.
Originally posted by orfeo:
quote:Similarly, the notion that it is "not possible" says something about Apple. It'd be one thing for a person to tell you that they can't possibly create a one-off solution for a system designed by someone else, but here it's the actual creator of the system that is telling you they designed the system in such a way as to make it impossible.
Originally posted by chris stiles:
quote:You cannot safely draw this conclusion - it could also imply that it is not possible to create a single-phone solution because of the manner in which the system is or has to be constructed.
Originally posted by orfeo:
The main thing it implies to me is that Apple actually lacks the technical competence to devise an appropriate single-phone solution, and wants to blame the FBI for asking for a single-phone solution.
quote:Based on what Apple itself says in its white paper on iOS security it does have the ability to write software that is uniquely signed for a specific phone - they use this when sending out software update packages to ensure that a package meant for one phone can't be used on another (see page 6.)
Originally posted by Paul.:
quote:Indeed and they did this deliberately precisely because they didn't want to be placed in this position.
Originally posted by orfeo:
quote:Similarly, the notion that it is "not possible" says something about Apple. It'd be one thing for a person to tell you that they can't possibly create a one-off solution for a system designed by someone else, but here it's the actual creator of the system that is telling you they designed the system in such a way as to make it impossible.
Originally posted by chris stiles:
quote:You cannot safely draw this conclusion - it could also imply that it is not possible to create a single-phone solution because of the manner in which the system is or has to be constructed.
Originally posted by orfeo:
The main thing it implies to me is that Apple actually lacks the technical competence to devise an appropriate single-phone solution, and wants to blame the FBI for asking for a single-phone solution.
quote:
Originally posted by lowlands_boy:
What statements have Apple actually made?
quote:From Apple's 'letter' to its customers
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
quote:I'm aware of that. I'm also aware Tim Cook says "any phone" above. He's also (prior to this case) talked about a "master key" not being a good thing.
Originally posted by Dave W.:
Based on what Apple itself says in its white paper on iOS security it does have the ability to write software that is uniquely signed for a specific phone - they use this when sending out software update packages to ensure that a package meant for one phone can't be used on another (see page 6.)
quote:Yes, it could. It would be possible to design a system that would be very difficult indeed to break in to. Imagining a system that requires drilling in to a chip package to break into is trivial. It's quite possible that one could build something that was protected against even that level of physical intrusion. And if the data's on a device that is actually impregnable, the only hope law enforcement have of reading it is to persuade the device owner to decrypt it for them.
Originally posted by chris stiles:
The next generation of this technology could well be implemented in such a way that it was impossible for Apple - even in principle - to do what the FBI want them to do now.
quote:They're arguing against the precedent. Because they know, as do we all, that once they are required to do this once, they will start getting weekly boxes of iPhones shipped to them by law enforcement all across the country.
Originally posted by Dave W.:
As you say, they may reveal a technical explanation that justifies their talk of "master keys" and "cancer" in their response to the judge; but they also could have already given it in one of their public statements.
quote:And I can't help thinking he might not be being precisely accurate or honest.
Originally posted by Paul.:
quote:I'm aware of that. I'm also aware Tim Cook says "any phone" above. He's also (prior to this case) talked about a "master key" not being a good thing.
Originally posted by Dave W.:
Based on what Apple itself says in its white paper on iOS security it does have the ability to write software that is uniquely signed for a specific phone - they use this when sending out software update packages to ensure that a package meant for one phone can't be used on another (see page 6.)
So I'm not sure why he would say that if the signing by Apple of updates is so secure that it can't be abused. Unless there's some other loophole. But it's such a blanket statement, as part of announcing why they're going to court to refuse the FBI request, that I can't help but think Apple have some answer to it which they are willing to present in court.
quote:Oh look, it's the fallacious form of slippery slope argument again that treats this as the first phone access that's ever been sought and ignores the involvement of a court in assessing the merits of a request based on other factors besides 'can it be done'.
Originally posted by Leorning Cniht:
quote:They're arguing against the precedent. Because they know, as do we all, that once they are required to do this once, they will start getting weekly boxes of iPhones shipped to them by law enforcement all across the country.
Originally posted by Dave W.:
As you say, they may reveal a technical explanation that justifies their talk of "master keys" and "cancer" in their response to the judge; but they also could have already given it in one of their public statements.
It's not a technical argument at all.
quote:No, it's no that at all. Of course the courts will be involved, and will assess the merits.
Originally posted by orfeo:
Oh look, it's the fallacious form of slippery slope argument again that treats this as the first phone access that's ever been sought and ignores the involvement of a court in assessing the merits of a request based on other factors besides 'can it be done'.
quote:Rather a good point. I mean, think about all the things that Apple tells developers so that they can develop apps.
Originally posted by Dave W.:
Apple repeats that the software would be too tempting a target for criminals and hackers to keep around (but doesn't say why it its regular source code and keys aren't already in similar danger.)
quote:Thanks for the link. Well worth the read. Especially the engineer's part which explains well why it's not a trivial amount of work.
Originally posted by Dave W.:
Christmas has come a day early - Apple's response is now out:
Apple Inc's motion to vacate order compelling Apple Inc. to assist agents in search, and opposition to government's motion to compel assistance
quote:A commendable balls up there...
Unfortunately, the FBI, without consulting Apple or reviewing its public
guidance regarding iOS, changed the iCloud password associated with one of the
attacker’s accounts, foreclosing the possibility of the phone initiating an automatic
iCloud back-up of its data to a known Wi-Fi network, see Hanna Decl. Ex. X [Apple
Inc., iCloud: Back up your iOS device to iCloud], which could have obviated the need
to unlock the phone and thus for the extraordinary order the government now seeks.21
Had the FBI consulted Apple first, this litigation may not have been necessary
quote:There is also a conflict between ensuring the security of your data and ensuring the continued existence of your data (in general - not specific to phones).
Originally posted by Honest Ron Bacardi:
Extreme security as a concept is all very well, but legitimate users (and here the endpoint user is surely uncontroversial) do have to be able to circumvent its misuse, erratic behaviour and so on.
quote:So I hadn't understood that the request was also for an electronic password input. That's more work - that's entirely new functionality. I think Apple are padding their estimates a bit, but it's unquestionably a much bigger deal than "disable the self-destruct" (which is trivial).
Originally posted by Paul.:
Especially the engineer's part which explains well why it's not a trivial amount of work.
quote:Any fuckwit who only has one copy of his family photos, or has them all stored with the same password, deserves to lose them.
Originally posted by Leorning Cniht:
quote:There is also a conflict between ensuring the security of your data and ensuring the continued existence of your data (in general - not specific to phones).
Originally posted by Honest Ron Bacardi:
Extreme security as a concept is all very well, but legitimate users (and here the endpoint user is surely uncontroversial) do have to be able to circumvent its misuse, erratic behaviour and so on.
You can encrypt your data securely, so that it is uncrackable in practical time. That has been possible for quite a while. But if you do that, and you forget your password, you've lost your data. Do you really want to do that to a decade of family photos? Probably not.
Do you want to do it to your banking transaction request? Yes.
quote:The what?
Originally posted by orfeo:
Yes, for God's sake keep the negatives!
quote:Isn't this exactly what Apple is wanting you to do? And not just your photos, but your music, your contacts, your financial transactions (Apple pay) and who knows what in the future? All on the one device with one password. Of course they will point you in the direction of backing up to the iCloud ($$$), but the downside of that is neatly illustrated above - see under FBI cockups.
Any fuckwit who only has one copy of his family photos, or has them all stored with the same password, deserves to lose them
quote:It really isn't. Yeah, Apple are about that, (and Google and Microsoft) but their concerns overlap the public's rights.
Originally posted by Honest Ron Bacardi:
This thread is about the big beasts positioning for ownership of Big Data, where they see the future is, and they don't want any other big beasts intruding on their turf.
quote:Oh yes. It is another ascect of relinquishing your life to others without proper consideration.
but wariness about who and what you share with big business is always a worthwhile consideration.
quote:And on the question of burden, the judge is looking beyond the issue of financial costs, referring to the government's inability to answer his death penalty hypothetical:
It is also clear that the government has made the considered decision that it is better off securing such crypto-legislative authority from the courts (in proceedings that had always been, at the time it filed the instant Application, shielded from public scrutiny) rather than taking the chance that open legislative debate might produce a result less to its liking.
quote:In conclusion, the judge says this kind of balancing between security and privacy interests is really a job for Congress:
If the government cannot explain why the authority it seeks here cannot be used, based on the same arguments before this court, to force private citizens to commit what they believe to be the moral equivalent of murder at the government's behest, that in itself suggests a reason to conclude that the government cannot establish a lack of unreasonable burden.
quote:So now all we have to do is find "legislators who are equipped to consider the technological and cultural realities ... oh never mind.
In deciding this motion, I offer no opinion as to whether, in the circumstances of this case or others, the government's legitimate interest in ensuring that no door is too strong to resist lawful entry should prevail against the equally legitimate societal interests arrayed against it here. Those competing values extend beyond the individual's interest in vindicating reasonable expectations of privacy – which is not directly implicated where, as here, it must give way to the mandate of a lawful warrant. They include the commercial interest in conducting a lawful business as its owners deem most productive, free of potentially harmful government intrusion; and the far more fundamental and universal interest – important to individuals as a matter of safety, to businesses as a matter of competitive fairness, and to society as a whole as a matter of national security – in shielding sensitive electronically stored data from the myriad harms, great and small, that unauthorized access and misuse can cause.
How best to balance those interests is a matter of critical importance to our society, and the need for an answer becomes more pressing daily, as the tide of technological advance flows ever farther past the boundaries of what seemed possible even a few decades ago. But that debate must happen today, and it must take place among legislators who are equipped to consider the technological and cultural realities of a world their predecessors could not begin to conceive. It would betray our constitutional heritage and our people's claim to democratic governance for a judge to pretend that our Founders already had that debate, and ended it, in 1789.
quote:Well, that strikes me as rather important.
Originally posted by Dave W.:
Anyway, there's no gap because relevant statute law already exists (1994 Communications Assistance Law Enforcement Act, CALEA) which exempts "information services" companies like Apple
quote:CALEA is the act that requires phone companies and the like to support duly authorised wiretaps. I don't see how CALEA is remotely relevant to this case. It's not Apple's services as an "information services" company that are being sought - it's Apple's services as the manufacturer of a pocket computer.
Originally posted by orfeo:
quote:Well, that strikes me as rather important.
Originally posted by Dave W.:
Anyway, there's no gap because relevant statute law already exists (1994 Communications Assistance Law Enforcement Act, CALEA) which exempts "information services" companies like Apple
quote:
Under CALEA "information services" means the "offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications," and "includes a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities; electronic publishing; and electronic messaging services."
quote:I think he is in error. Those are indeed services that Apple offers, and if the court were considering imposing an obligation on Apple qua operator of the iCloud facility, then I think he'd be correct.
Originally posted by Dave W.:
He agrees that Apple falls into the latter category; on p. 20 he quotes Apple quoting CALEA:quote:
Under CALEA "information services" means the "offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications," and "includes a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities; electronic publishing; and electronic messaging services."
quote:I think you've misread something.
Originally posted by Leorning Cniht:
quote:I think he is in error. Those are indeed services that Apple offers, and if the court were considering imposing an obligation on Apple qua operator of the iCloud facility, then I think he'd be correct.
Originally posted by Dave W.:
He agrees that Apple falls into the latter category; on p. 20 he quotes Apple quoting CALEA:quote:
Under CALEA "information services" means the "offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications," and "includes a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities; electronic publishing; and electronic messaging services."
That's not what's at stake here - what's at stake here is the storage on the local phone/computer device, and it's Apple's assistance qua computer manufacturer that is desired.
quote:The claim was that Congress had considered the matter and chosen to not apply CALEA to "information services", and therefore Congress had actively chosen not to apply legislation to Apple.
Originally posted by RuthW:
I think you've misread something.
Yes, those are services Apple offers, and which is why the judge puts Apple in the category of information service companies which are not subject to the assistance requirements of CALEA, nad not in the category of telecommunications companies, i.e. Verizon, AT&T, T-Mobile, etc., which are required to assist per CALEA.
quote:Yes. The CALEA thing is nonsense, AFAICS, but the question of how broad the AWA is is fundamental. If you're a particularly skilled locksmith who doesn't like the police, does the government have the power to compel you to open a lock for it? That's basically the question here.
Originally posted by Dave W.:
From what I can tell the judge's order has a number of components, any one of which would be fatal to the governments application.
quote:The sense of my claim is that this story (which refers to the "StingRay" device used to intercept cellphone communications) isn't relevant to the case at hand.
Originally posted by lilBuddha:
Relevant and related story.
quote:I expect they successfully copied the phone and did brute force on the copy, then copied again, again and again etc. Brute force 10 times each copy/clone. They could have brute forced millions of copies. Lots of resources means lots of goes at it. Nothing really to share with any company if that's the case.
Originally posted by lowlands_boy:
Well well well, they suddenly managed to do it without Apple after all. Why doesn't that surprise me.
Any bets on whether they'll be sharing their solution with Apple so they can patch it?
quote:The FBI got pulled up on that in front of some congressional hearing, where they were repeatedly asked why they weren't doing that. It would be pretty time consuming, unless you could then resurrect the data in an emulator or virtual machine environment, in which case you could do it much more quickly.
Originally posted by no prophet's flag is set so...:
quote:I expect they successfully copied the phone and did brute force on the copy, then copied again, again and again etc. Brute force 10 times each copy/clone. They could have brute forced millions of copies. Lots of resources means lots of goes at it. Nothing really to share with any company if that's the case.
Originally posted by lowlands_boy:
Well well well, they suddenly managed to do it without Apple after all. Why doesn't that surprise me.
Any bets on whether they'll be sharing their solution with Apple so they can patch it?
quote:The cloud option went very early on. Apple did say that against Apple's advice, the FBI changed the password on a cloud account associated with the phone. Apple said that had the cloud password not been changed, the phone would likely have backed up to that, and the rest of the saga wouldn't have arisen...
Originally posted by Honest Ron Bacardi:
I doubt if it was done in exactly that way - what the FBI was pulled up on was why they did not back it up to the cloud, where presumably someone could do a brute-force sequence of attempts as no prophet suggests. Whilst they didn't say explicitly, I imagine they let the phone charge die, so on restarting, the option was no longer available. But that's me guessing.
quote:Yeah. The FBI only doing this when legally justified. Right.
Originally posted by orfeo:
Good news for all. Apple can continue to tell its customers that it will never, ever help break their phones, and the authorities can continue to go ahead and do it anyway when legally justified.
quote:I have put Android phone operating systems in VirtualBox on to computer. Easy to do. It's also easy to copy flash memory. Would it be so different? I don't / won't own any Apple products so don't know, but it is just a flavour of unix/BSD according to web.
Originally posted by lowlands_boy:
The FBI got pulled up on that in front of some congressional hearing, where they were repeatedly asked why they weren't doing that. It would be pretty time consuming, unless you could then resurrect the data in an emulator or virtual machine environment, in which case you could do it much more quickly.
quote:I'm hoping the FBI threatened one of the programmers that they would plant a kilo of cocaine on their little brother unless they gave them the algorithms.
Originally posted by no prophet's flag is set so...:
quote:I have put Android phone operating systems in VirtualBox on to computer. Easy to do. It's also easy to copy flash memory. Would it be so different? I don't / won't own any Apple products so don't know, but it is just a flavour of unix/BSD according to web.
Originally posted by lowlands_boy:
The FBI got pulled up on that in front of some congressional hearing, where they were repeatedly asked why they weren't doing that. It would be pretty time consuming, unless you could then resurrect the data in an emulator or virtual machine environment, in which case you could do it much more quickly.
![[Snigger]](graemlins/snigger.gif)
quote:It's the banality of authoritarian viciousness - the tactic is always one of threatened sexual violence - often at several removes.
Originally posted by lilBuddha:
Jesus would be so proud of that sentiment.