Apple v FBI

[Badsmerf]

What is everyones take on this? I side with the fbi currently. If the information on that phone can lead us to terrorists... do everything possible to access it. When it comes to court ordered extraction of information, why is a cell phone exempt? I find Apple's argument weak. They build software for a business, they know how to keep it out of the wrong hands.

[Craig Arko]

It's not a cut and dried issue.

 

https://lawfareblog.com/not-slippery-slope-jump-cliff

 

http://www.computerworld.com/article/3038269/security/apple-vs-the-fbi-the-legal-arguments-explained.html

 

http://www.popsci.com/rock-stars-cryptography-debate-apple-versus-fbi-case

 

http://www.nytimes.com/2016/03/02/technology/apple-and-fbi-face-off-before-house-judiciary-committee.html?_r=0

[Craig Arko]

The precedent this could set is chilling, especially as the Internet of Things becomes pervasive.

 

Which is more valuable? Imaginary freedom, or imaginary security?

[Badsmerf]

What do you have to hide? The idea of foreign beneficiaries of this ruling is preposterous and arrogant. Countries don't fall all over US policy like that. They can make their own policy, regardless of the outcome here. The problem they will have, is

[Brock Beauchamp]

The government should not be able to compel a company to create software that does not currently exist. It's that simple.

[Brock Beauchamp]

What do you have to hide?

Oy, I dislike this question.

 

What do I have to hide? It's no one's damned business what I have to hide. That's the fuggin' point.

[Craig Arko]

What do I have to hide? Not much. Does this mean I will just piss freedom away? Nope.

 

It's a splendid bit of irony that many of the same folks who cry Second Ammendment in order to keep firearms to protect them from a government they don't trust, will trust that same government to do the right thing as long as it's to somebody else.

[TheLeviathan]

Seems like a very interesting case to follow.  I've heard about it but reading these links was interesting.

 

It seems to me that the best thing that can come from this is some specific guidelines for tech companies for how they help law enforcement deal with these situations.  Kind of like banks have to do.

 

Though I'm not sure this is the best way to go about designing those guidelines, but the alternative is Congress.  So...yeah.

[Badsmerf]

If you magnify this enough, sure you can look at it from individual freedoms. Brock, this is your area so i know this hits close to home for you.

 

Thing is, when issued a subpoena about information, i don't think privacy laws protect you any more. The only safe place anymore are encrypted cyber vaults with tricky passwords and bunches of science protecting the information. Who likes science (it's not to be trusted). Seriously though, there needs to be cooperation on this issue. I understand the stupid privacy thing, but on the other hand you have national security against terrorism. To me, you have to give up something. Just like the gun rights issue. There can be compromises and solutions, just let go of your Dicks and find common ground.

[PseudoSABR]

There's two separate issues.  Both are worth pause.

 

1) There's the issue of privacy.

 

2) There's the issue of compelling a private party to act on behalf of the government.  

 

--

 

For my part, privacy is the rockbed of freedom--scrutiny by the government, big brother's eyes, restrict a person's actions.  (Imagine living your life with your parents always watching you. Privacy is what we fought for as child, and its what we ought to continue to fight for adults; we feel most human when we believe we have privacy.)  

 

However, as soon as a person commits a crime, any privacy related to that crime can be overcome by warrants or much less.  The FBI has a right to the information in the phone at least under current constitutional law. I think everyone can accept if the FBI has probable cause and there's relevant information on the phone, they have a right to the information.

 

The disagreement is about compelling Apple to help break into the phone. The government is not asking Apple to simply testify or merely provide information that is related to the crime; the FBI is demanding that apple design software to subvert the very privacy they sold.  Such an act doesn't just implicate the single phone, it creates a model to subvert the privacy provided by the telecom industry altogether.   This matters in the same way as eminent domain matters -- people are cynical when the government starts telling people what to do with their property and their time.  

 

All that said, Apple would be smart to access the single cellphone in question without utilizing the grandiose techniques the FBI is requesting.  The government doesn't just get to demand that Apple hand over it's technical prowess, but Apple need not even make that fight and just meet the demand on their terms citing to "gross deviation of terms of service" or whatever the heck.

[Badsmerf]

Those are good points, and i agree with you about Apple making the smart choice of cooperation on their terms.

 

Where i digress is over whether the government has the power to tell a company what to do. On this particular issue, where lives were lost by such a cowardly act, i don't mind it. This is a topic we haven't had to deal with ever before. While the ramifications might.... might infringe on our personal freedoms, look at it from the other side. If the FBI is not allowed to access phones, that ruling could be expanded in the other direction. Phones could simply be off limits to any searches. Think about the potential evidence that could be locked away forever.

 

Again, Apple needs to just work with them and avoid a court ruling, because i think they will lose.

[Brock Beauchamp]

 

If you magnify this enough, sure you can look at it from individual freedoms. Brock, this is your area so i know this hits close to home for you.

Thing is, when issued a subpoena about information, i don't think privacy laws protect you any more. The only safe place anymore are encrypted cyber vaults with tricky passwords and bunches of science protecting the information. Who likes science (it's not to be trusted). Seriously though, there needs to be cooperation on this issue. I understand the stupid privacy thing, but on the other hand you have national security against terrorism. To me, you have to give up something. Just like the gun rights issue. There can be compromises and solutions, just let go of your Dicks and find common ground.

It's more than privacy, though... It's about the government being able to compel a company to create software that undermines their own product's security.

 

You mention encrypted cyber vaults with tricky passwords... Well, what do you think iOS is? That's exactly what Apple did with the operating system. They created an operating system even they could not access because it's what their users wanted and it's one of the selling points of the OS.

 

If someone creates a lock that cannot be picked (and destroys the information inside if you try), does the government have the right to compel the lock maker to create a new, more breakable, safe?

 

No. No, they do not.

 

Whether the information contained within will help someone track a terrorist cell or a shoplifting case has no relevance, in my opinion.

 

Also, Apple has helped the FBI access several phones with iOS 8-9. The FBI screwed up in this case and changed the password, which prevents Apple from helping them access the phone.

 

Maybe the FBI shouldn't screw up next time.

[Mike Sixel]

Government can't do anything about guns, but it can steal my privacy?

 

If we aren't fighting for freedom, we aren't fighting for **** anymore, just imaginary lines on maps. Whatever happened to give me liberty, or give me death?

 

What do I have to hide? Ask all the people the governments around the world illegally follow and kill.....ask all the dissidents in Africa, the middle east, and even the US. 

[Brock Beauchamp]

Apple created a rather unique security system in new iPhones using a secure enclave on a secondary chip that handles fingerprint recognition, payment information, and other highly sensitive information. No one - and I mean no one - can access the information on that chip, not even the operating system. The chip will only accept a binary yes/no request for approval/decline of information. It has worked very well, as Apple Pay and Touch ID have not been compromised in their 3+ years on the market.

 

Does the FBI get to demand that Apple access the information on that secure enclave as well? Where does this stop?

 

The only correct answer is "right now, before anyone even gets to ask that question".

[Brock Beauchamp]

To reiterate a point, the word "terrorist" should not be mentioned in this argument. This isn't about San Bernardino, terrorists, or Al Qaeda. Once the precedent is set, this fundamental shift in how we treat security will apply to any case where the FBI finds a judge willing to issue a warrant (so, in essence, any case that deals with an iOS device).

 

So stop mentioning terrorists. This is way bigger than terrorism and defining it as "we need to stop the terrorists" is how we ended up with the ****ing Patriot Act. Stop being so damned afraid of everything. 21st century America has been defined by people submitting to the will of the government on the pretense that it keeps us safe from the worst of crimes... But then the government, as it is wont to do, begins using those precedents to justify its use on a much broader scale.

 

We need to be smarter than this. We haven't chipped away at personal privacy over the past 15 years, we ran a bulldozer over it. And we were all too eager to do it because "teh al qaeda is gonna steal mah babies".

[Brock Beauchamp]

 

All that said, Apple would be smart to access the single cellphone in question without utilizing the grandiose techniques the FBI is requesting. 

Good post but I'm going to clarify something here:

 

Apple cannot access the phone without a code modification. Apple doesn't know the passcode and without the passcode, you can't bypass the device encryption. Even if you get into the data - which Apple surely can - it's a big ol' mess of code that doesn't mean anything without the encryption key. Apple has helped the FBI in the past by granting them access to iCloud information - data Apple has stored on their own servers - but the FBI buggered that option because they changed the damn password on this iPhone, which prevents Apple from getting into the data.

 

And in the case of my phone, the iPhone 6s (or the iPhone 6 or the iPhone 5s), even the "brute force method" the FBI is compelling Apple to enable will not work.

 

So what does the FBI do when they come across an iPhone 6s with critical information they want to access? Here's why this is a really bad precedent to set:

 

Let's go back to that "secure enclave" I mentioned a few posts ago. Remember how I said it was completely unhackable because it's a self-contained encrypted chip that even the operating system cannot access?

 

I'll give you one guess where your passcode is stored on new iOS devices.

[Craig Arko]

For those who like digging down and deep...

 

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

 

And this is reasonably non-technical.

[nicksaviking]

I'm not very IT inclined so someone will have to help me with this. From what I understand, it's basically the tracking of communications from the device that the FBI wants. Would they have a problem getting this stuff if it was an Android or Blackberry? Is this problem solely due to Apple's superior security?

 

If so, the privacy angle doesn't bother me much because it's not like this is new precedent on the invasion of privacy front if everybody BUT Apple owners can easily get invaded. Whether it's the Patriot Act, wire tapping, going or data mining, the government has always come out on top in the fight for privacy rights.

 

If this is unique to Apple, the only precedent being sent is that the government isn't currently winning this fight. After all, if the terrorists had been sending emails from a PC or using snail mail, they wouldn't have the same security. If the government gets their way with Apple, it's nothing new, we will basically just be where we've always been.

 

Edit: In case I'm not being clear, I'm trying to say that I take issue with the proclamation that the government is setting privacy rights back and this is a new standard of Big Brother overreach. This isn't new, it's exactly how it's always been. The government would have no more access to information than they've always had prior to the iphone.

 

Not that I'm saying that's right, just that this is the same debate we've always had. From a privacy stand point.

[Mike Sixel]

And now that we finally have technology that might allow us to have privacy, people want to give that up because they are afraid of the bogeyman.

[Brock Beauchamp]

 

I'm not very IT inclined so someone will have to help me with this. From what I understand, it's basically the tracking of communications from the device that the FBI wants. Would they have a problem getting this stuff if it was an Android or Blackberry? Is this problem solely due to Apple's superior security?

I'm not as familiar with Android security (because it's dependent on hardware, OS version, and other stuff) and haven't paid attention to BB in years (Win Phone would be a better example).

 

This is somewhat unique to all Apple devices but that's because they control both hardware and software. Depending on the device, its encryption level, and a few other things, it's possible a government agency could run into the same issue with an Android phone. Android, being quasi-open source, allows for extensive modification by hardware manufacturers; some phones are very secure, most are not.

 

Case in point, the Blackphone. It's an Android derivative OS that focuses on security above all else. It's likely the FBI would run into a similar wall with this phone, as it's probably more secure than any iOS device.

 

https://www.silentcircle.com/

[diehardtwinsfan]

I'll be honest in that I suspect there's much more to this picture than what meets the eye here.  Something isn't being said by one or both sides.  It doesn't make sense.

 

Apple devices are notoriously insecure and as it stands, Apple is already collecting data from that device.  That data is packaged and sold to the highest bidder to be used for marketing purposes and what not.  I'm pretty sure Apple already has the data, and if they don't, I really struggle with the idea that the combined power of the NSA cannot hack a frickin iPhone.  I don't buy it.

 

Beyond that, there' something else to be said about writing a back door into the device.  I don't buy the idea that one doesn't already exist, but if by chance it doesn't, compelling someone to write what would be the holy grail of hacking an iPhone is downright stupid...  not to mention that given our government's known proclivity to break the laws the currently exist (see Snowden, Edward), I'm not in the mood to give them even more access to personal data... just my 2 cents.

[Brock Beauchamp]

 

Edit: In case I'm not being clear, I'm trying to say that I take issue with the proclamation that the government is setting privacy rights back and this is a new standard of Big Brother overreach. This isn't new, it's exactly how it's always been. The government would have no more access to information than they've always had prior to the iphone.

It's a bit trickier than that... Historically, the government has/had access to all of these things because the tech industry, inexplicably, was caught with its pants around its ankles when it came to security. The internet blew up everything we understood about privacy and only now is the industry (finally) catching up and securing data on both a device level and a cloud-computing level.

 

In that regard, this isn't unique to Apple. The entire tech world is moving toward better encryption standards, Apple just happens to be the first company to draw the government's ire for it.

 

And the tech industry isn't moving into the realm of encryption to keep the government out, it's because no one trusts the tech industry any more. Public confidence in the industry reached an all-time low a few years ago and it's because we couldn't go a week without hearing about some massive new data hack that compromised millions of people.

 

And broken trust is bad for business.

[Brock Beauchamp]

 

Apple devices are notoriously insecure and as it stands, Apple is already collecting data from that device.  That data is packaged and sold to the highest bidder to be used for marketing purposes and what not.

Actually, Apple no longer data mines for external use, it's part of the pro-security movement they've been pushing the past few years, coupled with the Secure Enclave tech and encryption. They've aggressively moved out of any arena that involves mining customer data. Hell, even their own ad platform, iAds, no longer allows advertisers access to on-device information or any customer data (which is part of the reason it has been a resounding failure).

 

Google, on the other hand, data mines the **** out of everything you do.

 

Also, internal app security has little to do with external device security. iOS isn't super-secure... If you have access to the device (and thereby its operating system) and can upload information to it. A completely different argument than "the device cannot be accessed at all".

[diehardtwinsfan]

Brock Beauchamp, on 03 Mar 2016 - 11:16 AM, said:

Actually, Apple no longer data mines for external use, it's part of the pro-security movement they've been pushing the past few years, coupled with the Secure Enclave tech and encryption. They've aggressively moved out of any arena that involves mining customer data. Hell, even their own ad platform, iAds, no longer allows advertisers access to on-device information or any customer data (which is part of the reason it has been a resounding failure).

Google, on the other hand, data mines the **** out of everything you do.

Also, internal app security has little to do with external device security. iOS isn't super-secure... If you have access to the device (and thereby its operating system) and can upload information to it. A completely different argument than "the device cannot be accessed at all".

I tip my cap to them if they've moved out of that model, though I still question the idea that they don't have access to it, especially if this person was backing his stuff up to the iCloud. But I do agree wholeheartedly that they shouldn't be compelled to write a back a back door into their phone.  That's bad for business, and to your point, trust is really hard to win back.

To Pseudo's point though, if there's a subpoena, they should be providing whatever they do have... now if they don't have it, I'm in agreement that the FBI is SOL at that point...  Apple should give them whatever they have and that's pretty much the point... but yeah, I don't like that precedent.  At the end of the day, there will be a back door in every device and the government will have the key, and it won't take a subpoena to get it.  The government has a history with those types of activities... and like you said, trust is really hard to win back.   I don't trust them one bit to not abuse that right because they've shown time and time again that they will.

[Brock Beauchamp]

 

I tip my cap to them if they've moved out of that model, though I still question the idea that they don't have access to it, especially if this person was backing his stuff up to the iCloud.

I haven't read into the technical side of it but what Apple is claiming is that they can access iCloud data if it remains untouched... But the FBI reset the password for the account. Something during that process triggered a series of events that prevents Apple from accessing the data after that point (offhand, my guess is that it changes the data's encryption token, breaking the device/cloud link until the new password is verified on the device).

 

The FBI screwed up.

[Brock Beauchamp]

Okay, some clarification on the iCloud backup. I did a bit of research.

 

Some time after retrieving the phone, the FBI reset the iCloud password. This is an idiotic move, as they did not have access to the device to confirm the new password. Imagine resetting your Facebook password, except you gave Facebook a bad email address whose password you lost 10 years ago. Now you can't access Facebook (because it wants the new reset password) and you can't access the reset password because it's locked behind an email address you cannot access (in this case, an iPhone). Pretty dumb, right?

 

So Apple provided the FBI with the latest cloud backup of the device, which was weeks old (pre-password reset).

 

The FBI wanted newer data. Apple replied "You reset the iCloud password so the device cannot back up to iCloud because the device's password no longer matches the iCloud password. Here's your six week old data, you knuckleheads." Had the FBI left the iPhone alone and not changed the password, the device would have (probably) backed up to iCloud (assuming the terrorists did not disable iCloud at some point), providing the FBI with a current data set. The FBI's response to this was "Okay, so we screwed up. Now you need to write new software, potentially weaken your product security, and override your passcode limitations so we can break into the phone."

 

Apple's reply? "LOL. Jackasses."

[nicksaviking]

 

And now that we finally have technology that might allow us to have privacy, people want to give that up because they are afraid of the bogeyman.

 

Don't get me wrong, I'm not saying it's right, just that this isn't anything new.

 

This is like how an older brother always took your stuff because he was smarter than you and could find where you hid it. Now we got a safe and locked it away from him so now he has to punch is in the nose and take the key to get our stuff.

 

The method is different but the result is the same as it's always been for the last 240 years.

[Mike Sixel]

 

Don't get me wrong, I'm not saying it's right, just that this isn't anything new.

 

This is like how an older brother always took your stuff because he was smarter than you and could find where you hid it. Now we got a safe and locked it away from him so now he has to punch is in the nose and take the key to get our stuff.

 

The method is different but the result is the same as it's always been for the last 240 years.

 

this all seems a bit defeatist to me......we can't stop them so why try....

[Craig Arko]

 

Don't get me wrong, I'm not saying it's right, just that this isn't anything new.

 

This is like how an older brother always took your stuff because he was smarter than you and could find where you hid it. Now we got a safe and locked it away from him so now he has to punch is in the nose and take the key to get our stuff.

 

The method is different but the result is the same as it's always been for the last 240 years.

The difference is that big brother is asking us to create the key from scratch first before he can punch us in the nose and take it. I believe that's called 'adding injury to insult.'

[nicksaviking]

 

The difference is that big brother is asking us to create the key from scratch first before he can punch us in the nose and take it. I believe that's called 'adding injury to insult.'

 

 

this all seems a bit defeatist to me......we can't stop them so why try....

 

Not at all, by all means Apple should try. I just don't like the gloom and doom permeating from this like this is some kind of world changing event. Everything will be exactly the same. It's not like the Washington Generals don't at least TRY to win.