Apple v FBI

Badsmerf · March 4, 2016

Brock you're acting like the tech world will forever be compromised. I don't think that is the case. You can't just "stop saying terrorist" when that is what this is actually about. Seriously, this is about terrorism and not the government getting as back door into your phone.

I like my personal freedoms. I dwell like i have a bunch of freedom in this country, even with the damned patriot act. Which i do hate. And I'm not scared. I also don't do shady ****, and if the government wants to know what kind of shemale porn i watch they are wasting their time on me. I don't think my personal information is ever supposed to be private when faced with a subpoena. Why do you?

It's rather problematic that we handcuff ourselves with the notion about privacy and freedom while at the same time want to be safe. Maybe this isn't even possible for Apple to do and it will drag annoyingly on forever. Maybe Apple and the FBI figure out a way to avoid this in the future. No matter what happens, I'm not going to fear the government wants to hack my phone because of this, you shouldn't either.... That doesn't mean they don't want to, or they won't try.... I'm just not wasting my time worrying about it.

Craig Arko · March 4, 2016

Like I said originally, the issue is not cut and dried; there are arguments on both sides that are worth considering.

My question to y'all is, let's say Apple agrees and creates an insecure version of iOS so the FBI can get into this phone. How exactly does that make you, and me, and your kids, any safer?

Badsmerf · March 4, 2016

I think it comes down to if the FBI has probable cause. If there is information that can allow them to find groups in the world that would make us safer. If they have no reason to think they will gain anything ity of this it isn't worth it. From what Brock is describing, i don't even know if it will be possible.

Brock Beauchamp · March 4, 2016

Brock you're acting like the tech world will forever be compromised. I don't think that is the case. You can't just "stop saying terrorist" when that is what this is actually about. Seriously, this is about terrorism and not the government getting as back door into your phone.

I like my personal freedoms. I dwell like i have a bunch of freedom in this country, even with the damned patriot act. Which i do hate. And I'm not scared. I also don't do shady ****, and if the government wants to know what kind of shemale porn i watch they are wasting their time on me. I don't think my personal information is ever supposed to be private when faced with a subpoena. Why do you?

It's rather problematic that we handcuff ourselves with the notion about privacy and freedom while at the same time want to be safe. Maybe this isn't even possible for Apple to do and it will drag annoyingly on forever. Maybe Apple and the FBI figure out a way to avoid this in the future. No matter what happens, I'm not going to fear the government wants to hack my phone because of this, you shouldn't either.... That doesn't mean they don't want to, or they won't try.... I'm just not wasting my time worrying about it.

My argument isn't entirely about the government and access to devices, though that is certainly part of the conversation. Due to the nature of law enforcement, I believe it is our job to construct road blocks, not ease their path. Law enforcement will take every inch you give them and ask for more. It's my belief we should deny them more, they already have more than enough to do their jobs.

But that's only half the argument. What the FBI is asking to do may seem not so bad but it does two things and I'm afraid the government is too incompetent about tech to realize the dangers of the requests:

1. The precedent. What the FBI is asking is not super-dangerous but the precedent it sets is extremely dangerous. If the government can compel a company to create software to undermine their own tech, where does that stop? What happens when Apple only builds iOS devices with the Secure Enclave (this happened last Sept, actually) and the FBI wants into that enclave? That's no longer a "well, we just want into this phone and maybe a few other phones" issue. That's a request for complete destruction of Apple's on-device security and the precedent is there for the FBI to do it.

2. The super bad guys, hackers and terrorists. What happens when these people find out that Apple has found a way to compromise their own operating system? They all go nuts and work furiously to replicate the work. Someone probably posts a $100k+ bounty for the first working solution. A large part of tech security is anonymity. It's damned near impossible to write 50 million lines of code that are 100% secure and part of the safety element is that no one knows what is possible or where to look for flaws. Well, we just gave them a big clue where to look and how to do it. Chances are, they figure out a way to replicate Apple's work within a year, probably within six months. And now we've compromised the roughly one billion iOS devices in use around the world.

Security doors are only intended for "good guys" but in tech, they rarely stay that way. That's why companies are starting to lock themselves out of their own tech; it's the best way to keep your software/hardware secure.

TheLeviathan · March 4, 2016

We're going to have to find something though and it's going to have to be a very living, breathing way of cooperating. We ask companies (phones and banks) to allow law enforcement to gather information, tech will have to do that too.

This particular request from the FBI is silly. It's also silly to think Apple is really planting it's flag here in "freedom" so much as using that angle to further their own image. What needs to happen is a cooperative effort by the tech industries and law enforcement to set the parameters of what they need and how to get it.

Brock Beauchamp · March 4, 2016

We're going to have to find something though and it's going to have to be a very living, breathing way of cooperating. We ask companies (phones and banks) to allow law enforcement to gather information, tech will have to do that too.

It's possible they can find a way to cooperate but it's much tougher for the tech industry to comply than it is a bank or phone company.

You don't carry your bank or phone company around with you in your pocket. There aren't billions of banks watching porn, downloading malware, being stolen, and generally being treated with the utmost disregard, weakening their security in the process.

It's much easier to create a secure environment when you're the only person with access to the hardware. Build a concrete bunker around the device. Instant security.

TheLeviathan · March 4, 2016

But it still has to be done. Law enforcement still needs some form of access. Online banking systems still have algorithms that can track fraud and other abuse.

Will the parameters be hard? Sure. Will it be tough to keep up with technology? Sure. But we shouldn't throw our hands up in the air either. We still want law enforcement to be able to do what it needs to, when it needs to.

Brock Beauchamp · March 4, 2016

But it still has to be done. Law enforcement still needs some form of access. Online banking systems still have algorithms that can track fraud and other abuse.

But what kind of access? For example, many modern phones store fingerprint records. Tomorrow, they may store retinal scans.

There is an expectation of privacy with some of the data stored on phones and I don't trust government to keep up with tech and deny law enforcement access to the various aspects of these devices.

Sure, law enforcement should be able to access call data, email, etc. on a phone but under no circumstances should they have access to fingerprint or retinal data (which is part of the reason Apple put that data on its Secret Black Voodoo Hidden Chip).

TheLeviathan · March 4, 2016

Like I said, the parameters have to be discussed. I don't know enough about the law enforcement process to speculate on what would all be valuable for them to have access to. But we ask companies to intrude on personal information for law enforcement reasons in many facets of our lives, if the proper steps have been taken.

Apple and others should be part of setting those parameters and working to keep them up to date. It's a necessary part of our changing technology landscape. I don't want Apple to have to open their encryption to hacks, I find that request absurd. But I do expect their to be significant cooperation when needed.

diehardtwinsfan · March 4, 2016

Okay, some clarification on the iCloud backup. I did a bit of research.

Some time after retrieving the phone, the FBI reset the iCloud password. This is an idiotic move, as they did not have access to the device to confirm the new password. Imagine resetting your Facebook password, except you gave Facebook a bad email address whose password you lost 10 years ago. Now you can't access Facebook (because it wants the new reset password) and you can't access the reset password because it's locked behind an email address you cannot access (in this case, an iPhone). Pretty dumb, right?

So Apple provided the FBI with the latest cloud backup of the device, which was weeks old (pre-password reset).

The FBI wanted newer data. Apple replied "You reset the iCloud password so the device cannot back up to iCloud because the device's password no longer matches the iCloud password. Here's your six week old data, you knuckleheads." Had the FBI left the iPhone alone and not changed the password, the device would have (probably) backed up to iCloud (assuming the terrorists did not disable iCloud at some point), providing the FBI with a current data set. The FBI's response to this was "Okay, so we screwed up. Now you need to write new software, potentially weaken your product security, and override your passcode limitations so we can break into the phone."

Apple's reply? "LOL. Jackasses."

So the government investigators were incompetent... makes sense. They should have approached Apple prior to resetting it. That's a no-brainer... So to ask a question, is there no cloning technology for phones? Even encrypted you could keep an image of the phone OS and just keep trying it offline until you brute force it.

Brock Beauchamp · March 4, 2016

So the government investigators were incompetent... makes sense. They should have approached Apple prior to resetting it. That's a no-brainer... So to ask a question, is there no cloning technology for phones? Even encrypted you could keep an image of the phone OS and just keep trying it offline until you brute force it.

Cloning tech exists but I'm not sure how useful it is at this point. If the encryption key is separate from the OS and cannot be copied, cloning is pretty useless. Once again, you end up with a worthless pile of encrypted data.

The important thing is to keep that encryption key and the data tethered but I don't know enough about the limits of security to give a real opinion on the viability of cloning.

One of the most frustrating aspects of conversations such as this is that everyone wants to weigh in but only 0.5% of the population (at most) are qualified to even talk about this topic. I know a lot about tech but even I'm skating on the edge of the ice when talking about encryption and security. I know the general concepts and am familiar with some of the tech but I certainly don't know the nuts and bolts.

diehardtwinsfan · March 4, 2016

My argument isn't entirely about the government and access to devices, though that is certainly part of the conversation. Due to the nature of law enforcement, I believe it is our job to construct road blocks, not ease their path. Law enforcement will take every inch you give them and ask for more. It's my belief we should deny them more, they already have more than enough to do their jobs.

But that's only half the argument. What the FBI is asking to do may seem not so bad but it does two things and I'm afraid the government is too incompetent about tech to realize the dangers of the requests:

1. The precedent. What the FBI is asking is not super-dangerous but the precedent it sets is extremely dangerous. If the government can compel a company to create software to undermine their own tech, where does that stop? What happens when Apple only builds iOS devices with the Secure Enclave (this happened last Sept, actually) and the FBI wants into that enclave? That's no longer a "well, we just want into this phone and maybe a few other phones" issue. That's a request for complete destruction of Apple's on-device security and the precedent is there for the FBI to do it.

2. The super bad guys, hackers and terrorists. What happens when these people find out that Apple has found a way to compromise their own operating system? They all go nuts and work furiously to replicate the work. Someone probably posts a $100k+ bounty for the first working solution. A large part of tech security is anonymity. It's damned near impossible to write 50 million lines of code that are 100% secure and part of the safety element is that no one knows what is possible or where to look for flaws. Well, we just gave them a big clue where to look and how to do it. Chances are, they figure out a way to replicate Apple's work within a year, probably within six months. And now we've compromised the roughly one billion iOS devices in use around the world.

Security doors are only intended for "good guys" but in tech, they rarely stay that way. That's why companies are starting to lock themselves out of their own tech; it's the best way to keep your software/hardware secure.

Very well said. It's one thing to have the ability to report certain types of transactions to the government, but this is something else altogether. The government is in this issue due to incompetence (at least assuming Brock's other posts are correct). If that key were made, point 2 WOULD happen. No question about it. And then none of your devices are secure.

Full disclosure, I work in Tech. This is not an area I'm unfamiliar with. I still think there are solutions to this problem that don't require building a back door.

diehardtwinsfan · March 4, 2016

Cloning tech exists but I'm not sure how useful it is at this point. If the encryption key is separate from the OS and cannot be copied, cloning is pretty useless. Once again, you end up with a worthless pile of encrypted data.

The important thing is to keep that encryption key and the data tethered but I don't know enough about the limits of security to give a real opinion on the viability of cloning.

true, but you can now brute force it. That password is what, a 4 digit pin? That's 10k combinations. Sure it's going to take someone some time, but you aren't talking about something that would be too difficult to do. To me, that's certainly a price that can be paid for screwing up in the first place.

Brock Beauchamp · March 4, 2016

true, but you can now brute force it. That password is what, a 4 digit pin? That's 10k combinations. Sure it's going to take someone some time, but you aren't talking about something that would be too difficult to do. To me, that's certainly a price that can be paid for screwing up in the first place.

If the passcode is a four digit pin, yes, it should be relatively easy to crack.

But the passcode could be a six digit pin. Or maybe it's a fully alpha-numeric 12 digit code.

But yeah, I generally agree the FBI should be forced to jump through hoops for screwing up in the first place.

Mike Sixel · March 4, 2016

Where does it stop? "we should give up privacy and secure devices, to protect ourselves."........I know this is a slippery slope arguement, but where does it stop? Detainment of possible terrorists w/o trial? Torture? Where does it stop?

I am a bit of a fanatic when it comes to freedom......but then, imo, we are supposedly fighting for freedom.

Brock Beauchamp · March 4, 2016

If that key were made, point 2 WOULD happen. No question about it. And then none of your devices are secure.

Absolutely, if a key exists, hackers will find a way to exploit it for their own use. It's what they do and there's literally billions of dollars to be made by doing it.

nicksaviking · March 4, 2016

Sure, law enforcement should be able to access call data, email, etc. on a phone but under no circumstances should they have access to fingerprint or retinal data (which is part of the reason Apple put that data on its Secret Black Voodoo Hidden Chip).

Just playing Devil's Advocate, because I am cheering for Apple on this one, but the government isn't forcing anyone to give Apple their fingerprints or retinal scans.

Frankly before all this stuff happened, I had no clue what things in my phone Apple could or couldn't access; I assumed all of it was open to them.* I'm wondering what would happen if Apple announced right now that they would be complying with the government and their customers had two choices:

A ) They can keep their iphones and know that the government has access to their stuff should the government choose to look

or

B ) They can returns their phone at full refund and their prior data will never be made available to the government

I wonder how many non-criminals would actually go with B. And again, just playing Devil's Advocate, I'm team Apple.

*I don't read the fine print.

TheLeviathan · March 4, 2016

Where does it stop? "we should give up privacy and secure devices, to protect ourselves."........I know this is a slippery slope arguement, but where does it stop? Detainment of possible terrorists w/o trial? Torture? Where does it stop?

I am a bit of a fanatic when it comes to freedom......but then, imo, we are supposedly fighting for freedom.

Well, I would hope it starts and stops with an appropriate acquisition by law enforcement to intrude via a warrant. There are laws on the books that allow for surrendered freedom if the belief that a crime has been committed and there is ample enough evidence to obtain a warrant.

What doesn't exist is a process for going about acquiring information from some of the more advanced technologies. That should be something figured out by Congress, but therein lies the problem.

PseudoSABR · March 4, 2016

Here's an analogy that might make what the government wants Apple to do more objectionable.

Say there's Person A who has information the government could use in pursuit of a criminal case against Person B - say that it's terrorist related. Person A has been subpoena, but won't cooperate (not because it would incriminate that Person A, just that Person A values his privacy), so Person A would rather be held in contempt of court and face those consequences than tell the government what he knows.

Should government be able to force, say Pfizer, to develop a truth-serum to get Person A to talk? This kind of reasoning inevitably invites us to ask are there some things we are unwilling to do in order to get information that would help us prosecute the worse among us. For my part, compelling a third party who has no criminal culpability to act on the behalf the government is the same kind of no-limits reasoning that justifies the use of torture. As a civil society, we must accept there are some methods that we will not take in pursuit of justice/retribution, to do otherwise undermines the very fabric of what makes us part of a just society.

Badsmerf · March 4, 2016

It will be fun to follow this case. I'm almost positive it ends up in the supreme court. If course, by then it might be too late to use any of the information (if there is any).

Craig Arko · March 4, 2016

This should come as no surprise.

http://www.computerworld.com/article/3040798/apple-ios/serious-risk-that-apple-made-iphone-cracking-code-will-leak.html

Craig Arko · March 5, 2016

Beware those dormant cyber pathogens.

http://arstechnica.com/tech-policy/2016/03/what-is-a-lying-dormant-cyber-pathogen-san-bernardino-da-wont-say/

Brock Beauchamp · March 5, 2016

Beware those dormant cyber pathogens.

http://arstechnica.com/tech-policy/2016/03/what-is-a-lying-dormant-cyber-pathogen-san-bernardino-da-wont-say/

Holy ****ing ****.

This is why the government shouldn't be allowed free rein over tech. Most don't understand tech enough to comment, much less legislate.

Badsmerf · March 5, 2016

Lol getting weird.

Craig Arko · March 22, 2016

Maybe the end of this trip into Bizzaro World.

http://arstechnica.com/tech-policy/2016/03/fbi-says-it-might-be-able-to-break-into-seized-iphone-wants-hearing-vacated/

Though right now I'm skeptical of the FBI's ability to break into a paper bag without fouling it up.

Badsmerf · March 22, 2016

I wonder if there was some cooperation behind the scenes. Either way, it's better there wasn't a decision by the court.

glunn · March 22, 2016

I still use a flip phone, and keep a spare in case they ever stop making flip phones. And I charge it once a week whether it needs it or not.

That said, it seems to me that most terrorists probably use more secure ways to communicate. Or maybe they buy the disposable phones at the supermarket.

It also seems to me that we would be a lot safer if we had not invaded Iraq and destabilized most of the Middle East. Maybe we will be safer in the long run of we can ease our way out of an unwinnable position there?

diehardtwinsfan · March 22, 2016

It also seems to me that we would be a lot safer if we had not invaded Iraq and destabilized most of the Middle East. Maybe we will be safer in the long run of we can ease our way out of an unwinnable position there?

Exactly, blowback sucks. That's what all of this is.

Craig Arko · March 22, 2016

Yeah, it's usually better to think first, and get involved in a land war in Asia second.

Craig Arko · March 28, 2016

And the final chapter. Until the sequel.

http://arstechnica.com/tech-policy/2016/03/feds-break-through-seized-iphone-stand-down-in-legal-battle-with-apple/

Sign In

Apple v FBI

Recommended Posts

Archived

Member Statistics

Prospect News & Highlights

Recent News

Notes & Rumors

Recent Blog Entries

Recent Status Updates