Apple vs the FBI

[maarsen]

1 hour ago, Swordfish said:

Ugh.  Quote feature.

He's crazy and not dumb, but I doubt he could crack apples encryption.

According to the article he does not plan to crack the encryption but to figure out the password using social engineering. To put it bluntly, go through the detritus of the phone owner's life and make an educated guess as to the password. 

[Ser Scot A Ellison]

Fez,

The difference is that the feds want the ability to open any and all iPhones in the future as well as this one opened.

[James Arryn]

17 minutes ago, Fez said:

Then there's the fact that Apple has unlocked 70 phones for the FBI over the past couple years. Its unclear what makes this phone different from those 70, other than Apple deciding this would be good publicity.

Well, that's interesting.

On the one hand, it would seem to significantly reduce the concern of precedent re: this particular situation. On the other hand, the fact that it has that effect kind of proves the point about how precedents work. I'm of two minds. Like if we'd had this situation 70 phones ago, I'm sure the FBI would be claiming it was an exception, too.

Moreover, I think most are of the opinion that Apple's stand need not be entirely based on principle for that principle to be valid. Like, if they had the same concerns but this choice was one that was potentially rewarding rather than costly, I'd expect them to make the opposite choice. They're a corporation. 

 

But, for good or ill, the fact that there's a lot of precedent (didn't check link, unsure how much they align) certainly undermines Apple's position.

[Fez]

4 minutes ago, Ser Scot A Ellison said:

Fez,

The difference is that the feds want the ability to open any and all iPhones in the future as well as this one opened.

I've not seen any evidence that that's the case. What the FBI wants is for Apple to have the ability to unlock phones for the FBI when the FBI has a court-ordered search warrant. Which is no different from the previous 70 cases. 

[The Anti-Targ]

37 minutes ago, Swordfish said:

This is nonsensical.  Apple has key information available to it that a random hacker does not have.

This is why the FBI cannot simply load it's own firmware on the device.  They don't have the keys.

 

That only makes it easier. Not having the keys simply makes it harder not impossible. If someone wants to do it, they will, provided they have the time and the talent.

If McAfee thinks he and his buddies can hack the phone without needing Apple to be involved then either he's full of shit or it's not as hard as Apple likes to make out. I'm more inclined to believe Apple is talking shit, because they have a good track record of talking shit.

29 minutes ago, James Arryn said:

The technological aspect is only one. Legally, this is now the bar. Sure, the situation is exceptional...but you can bet that if this goes through, there will be many more exceptions to come. 

 

Again, if people think that's worth it, fine. But I think it's a sham to buy into the exceptional case argument.

I don't buy the exceptional case argument. Because I have no doubt the police / FBI will need to do something similar in future whether it's an iPone, Windows phone, Android or something else. But I don't think that invalidates the FBI's demand. The FBI was perhaps stupid to claim that it would be a one off never to be repeated thing.

Also I don't see the legal bar as having been changed. Access to encrypted electronic storage devices has always been something the FBI has had a right to access if appropriately warranted according to legal due process. If a company makes it harder for the FBI/police to access the device that does not alter the legal bar. Apple placed the burden on themselves by putting in place security features on devices to which the appropriate authorities can legally demand access. If a bank deliberately does not hold any keys to its safe deposit boxes, and the criminal has destroyed their key in order to prevent access, then it's totally legit for the police to demand and obtain access to the safe deposit box in a way that does not destroy the contents of the box. If the bank has such high security around access to safe deposit boxes that it would take a month and $1million to gain access then, assuming the demands of the case are sufficiently serious that's what will have to happen. The bank can pursue compensation for the burden, but they still have to give the legally warranted access.

Cybersecurity means preventing illegal unauthorised access AND permitting legal unauthorised access. It requires both. What needs to happen now is that Apple, Google, Microsoft, Facebook etc need to configure their device security so as to be able to deliver on both aspects of cybersecurity. It might be a hard thing to do, but it is necessary. If we believe in the rule of law, which I assume 99% of sane people on this board believe in, then the law needs to have the tools that allow it to do what is lawful.

Does anyone disagree that the FBI should obtain the information that is stored on this phone? I assume everyone in this thread thinks its acceptable and even probably desireable for the FBI to get that information. So the question is to what lengths is it OK for the FBI to go to obtain that information? We are allegedly talking about a terrorist act that was perhaps carried out with the cooperation, or at least guidance, of co-conspirators who remain at large and unidentified in the USA and the contents of the phone may be able to help identify the co-conspirators. This would be a good thing, and it warrants the FBI going to great lengths to obtain access to the information on the phone. Is the case serious enough for the FBI to go to extraordinary lengths? If this was a shoplifting case you'd say no, right? The cost-benefit isn't there. If this was a case of a lone nutjob pissed off at life and wanting to commit suicide by cop, you'd probably also say no. But as possibly/probably part of a wider terrorist conspiracy, you might start to think that extra-ordinary measures are justified.

There might be a red line beyond which it is unacceptable to cross no matter what the crime, like torture perhaps, though I guess even that's up for debate, but I don't think what the FBI wants is over that red line. There need to be some orange and yellow lines that normally can't be crossed but under the right conditions it's fair and reasonable to cross them. This is, IMO, and orange line situation, and I think it's reasonable for the courts to decide whether the orange line can be crossed. And it's also worth considering whether legislation should put some criteria around those lines.

[The Anti-Targ]

1 hour ago, Fez said:

Then there's the fact that Apple has unlocked 70 phones for the FBI over the past couple years. Its unclear what makes this phone different from those 70, other than Apple deciding this would be good publicity.

I thought this statement from an Apple lawyer was interesting 'In defending its refusal, Apple said unlocking a secure phone would undermine its customers’ trust. “Apple is saying it does not want to do this. It does not want to be in the business of being a method by which customer data is disclosed,” an Apple lawyer said.'

Essentially they don;t see it as a matter of principle. They see it as a matter of potentially losing market share. And they will do and say anything, as we've seen in the past, to preserve and grow market share.

What's also interesting is why Apple made iOS8 impossible for Apple to open without having to write new code / create a custom OS. It doesn't seem like there had been wholesale abuse of inbuilt security exploit in iOS7, so Apple only did this for marketing purposes, not for actual necessary improved phone security. For your average law abiding customer using iOS7 there is actually no concern at all over the FBI getting in to your phone. And there is also no concern about people getting in to your phone remotely (Apple had to plug something physically into your phone to comply with court warrants to unlock a phone).

So what does your average law-abiding citizen have to worry about with the lower security of iOS7? Their phone being stolen. There are two reasons for a phone to be stolen: the thief wants to sell the phone, in which case they will wipe the phone so they can sell it clean; or they want to use the information on the phone. If they want to used the information on the phone Apple has the ability to kill the phone at the flick of a switch, handily called "error 53' but really a way to brick your phone if you get it fixed / serviced by a 3rd party repairer. So if your phone is stolen, call Apple and tell them to kill the phone. Data gone, problem solved.

The security features of iOS8 were neither requested not needful, they are just a way of making iPhone seem better than the competition. I think demanding that a phone be effectively set back to ther level of security in iOS7, so that Apple can do what it has done several times in the past, borders on being a non-issue.  

[Astromech]

42 minutes ago, The Anti-Targ said:

I thought this statement from an Apple lawyer was interesting 'In defending its refusal, Apple said unlocking a secure phone would undermine its customers’ trust. “Apple is saying it does not want to do this. It does not want to be in the business of being a method by which customer data is disclosed,” an Apple lawyer said.'

Essentially they don;t see it as a matter of principle. They see it as a matter of potentially losing market share. And they will do and say anything, as we've seen in the past, to preserve and grow market share.

 

This is really my take on the issue. Cook and Apple are engaged in PR bluster to assuage their customers' concerns. I have no issue with the FBI being granted access to the contents of Farook's phone via a valid narrowly tailored search warrant.

[The Anti-Targ]

27 minutes ago, Astromech said:

This is really my take on the issue. Cook and Apple are engaged in PR bluster to assuage their customers' concerns. I have no issue with the FBI being granted access to the contents of Farook's phone via a valid narrowly tailored search warrant.

You know what's worse? This is the second time in a week that I find myself agreeing with Donald Trump. I'm sure we disagree on some of the specifics, but damn it seems we're in agreement on the broad strokes.

[Shryke]

3 hours ago, Ser Scot A Ellison said:

Fez,

The difference is that the feds want the ability to open any and all iPhones in the future as well as this one opened.

As far as I can tell this is not at all correct. The FBI, according to what I can gather from the order and the BBC article on it, does not care how it's done and is more then willing to let Apple do it however they want with whatever security they want. They just want to be able to brute-force the passcode on this phone. Apple doesn't have to tell them shit about how it happens or give them the ability to do it independent of Apple itself.

[Shryke]

1 hour ago, Astromech said:

This is really my take on the issue. Cook and Apple are engaged in PR bluster to assuage their customers' concerns. I have no issue with the FBI being granted access to the contents of Farook's phone via a valid narrowly tailored search warrant.

Yes, this seems to be nothing more then Apple trying to cover it's ass because searches and electronic security are big things right now and they wanna be seen as having fought this tooth and nail despite it seeming to just be the government demanding they help them execute a search warrant.

[The Anti-Targ]

3 hours ago, Ser Scot A Ellison said:

Fez,

The difference is that the feds want the ability to open any and all iPhones in the future as well as this one opened.

Well the Feds already have the legal right to open any iPhone they want, as long as they obtain a duly issued warrant. But no court will ever grant the FBI a warrant to open all iPhones. Methinks you, and lots of others, are being too paranoid about the implications of Apple complying. Which is exactly the koolaid Apple wants us all to drink.

 

 

[Dez]

13 hours ago, Inigima said:

Yeah. That'll stop 'em.

You cannot possibly be this naïve.

From a technical standpoint, Apple is 100% correct. This would be absolutely disastrous. I understand why the government is concerned about encryption, but they lack the basic competence to understand why this would be bad.

From a legal perspective, I don't know. This isn't just the government requesting information. It's the government demanding that the company's software engineers affirmatively design and create a piece of software. Can they actually do that? That would be horrifying.

 

From the legal perspective:

One of the problems I see in this controversy is the uninformed scoffing at legal protections like search warrants.

Legal authority clearly exists for the government to access this phone. In future cases, warrants would be required to access other suspect's phones. This is not the the kind of mass gathering of data that was subject to the NSA spying controversy, though its spooky ghost is informing this debate, clearly. 

The government would lack the authority to possess whatever yet to be developed software on an ongoing basis for future cases. I have yet to see evidence they are demanding this and I would be shocked if any court ever did- it would be like ordering a storage facility to give up all their keys to all their units. Apple seems to be complaining that the mere existence of such a program- even one they would keep secret- would put their customers at risk. And sure it's an elevated risk- but one they need to accept and its one they are responsible for.  

The logical extension of the position of some privacy advocates seems to be that if your technology is good enough, you have the right to hide your information from legitimate government authority. It contends that some information is above the law. This is unprecedented and ridiculous. And think about it, who benefits most from that sort of rule? Sounds like the people with the most access to technology. Corporations, rich people, the usual bugaboos of the same people who tend to bleat about privacy. 

[Shryke]

1 minute ago, Dez said:

 

From the legal perspective:

One of the problems I see in this controversy is the uninformed scoffing at legal protections like search warrants.

Legal authority clearly exists for the government to access this phone. In future cases, warrants would be required to access other suspect's phones. This is not the the kind of mass gathering of data that was subject to the NSA spying controversy, though its spooky ghost is informing this debate, clearly. 

The government would lack the authority to possess whatever yet to be developed software on an ongoing basis for future cases. I have yet to see evidence they are demanding this and I would be shocked if any court ever did- it would be like ordering a storage facility to give up all their keys to all their units. Apple seems to be complaining that the mere existence of such a program- even one they would keep secret- would put their customers at risk. And sure it's an elevated risk- but one they need to accept and its one they are responsible for.  

The logical extension of the position of some privacy advocates seems to be that if your technology is good enough, you have the right to hide your information from legitimate government authority. It contends that some information is above the law. This is unprecedented and ridiculous. And think about it, who benefits most from that sort of rule? Sounds like the people with the most access to technology. Corporations, rich people, the usual bugaboos of the same people who tend to bleat about privacy. 

You forgot government officials covering shit up.

[Centrist Simon Steele]

19 hours ago, Ser Arthur Hightower said:

So what do you guys think of Apple's refusal to cooperate with the FBI?

Initially I was fairly strongly against what Apple was doing, largely because I didn't really understand what it was the FBI was asking for, then I read this: https://www.apple.com/customer-letter/, and I've seen a few convincing arguments for why Apple is in the right. Which has made me far more sympathetic to Apple, though I'm still not entirely convinced that there isn't some middle ground that can't be found.

I don't agree with Apple on much, but on this one they are right. The FBI can get warrants for want they need. We are not in so much danger as the our institutions would like us to believe. Good for Apple.

[all swedes are racist]

5 minutes ago, Simon Steele said:

I don't agree with Apple on much, but on this one they are right. The FBI can get warrants for want they need. We are not in so much danger as the our institutions would like us to believe. Good for Apple.

But, they did get a warrant, no?

[Centrist Simon Steele]

43 minutes ago, R'hllors Red Lobster said:

But, they did get a warrant, no?

I'll admit--a lot of this can be tricky/trickery, but I thought they had a warrant for the case in San Bernadino which Apple complied with. What Apple won't comply with is an unlimited, open backdoor into user data. I guess I meant to say if the FBI wants access to user data, then they should get a warrant a proper way.

[Shryke]

16 minutes ago, Simon Steele said:

I'll admit--a lot of this can be tricky/trickery, but I thought they had a warrant for the case in San Bernadino which Apple complied with. What Apple won't comply with is an unlimited, open backdoor into user data. I guess I meant to say if the FBI wants access to user data, then they should get a warrant a proper way.

They do have a warrant for the phone afaik. The problem is they can't access the phone. They want Apple to make that happen. They don't want access to all phones or a backdoor.

[baxus]

16 hours ago, Fez said:

I don't see the two situations as remotely comparable. There's a world of difference between a company losing value because they decided to stake their reputation on refusing to obey the law and a company losing value because the government seized assets of theirs.

Apple is encrypting their users data that could be abused. There's ABSOLUTELY NOTHING illegal about it and Apple's far from being first to do it. Blackberry even had their own networks for transmitting sensitive data between their users and I don't remember US government going after them. Do you?

14 hours ago, Fez said:

How is it different? What makes unlocking electronic property different from unlocking physical property? Looking at emails different from looking at manilla files? A way to break encryption from a skeleton key?

Because I truly don't see how the former in all of those aren't logical extensions of the later.

It is different because you can't enter someone's apartment by force and not have anyone know about it like you could do with a phone that had this feature installed.

And let's get back to the part of my post you conveniently skipped where it said that this feature would require a software "update" without user's consent.

If we're going to use the analogy of apartment search warrant, imagine you come home from work one day and see an additional door installed on your apartment with a lock that you had no key for and had no say in whether it could be installed or not. Would it comfort you one bit to know that it MIGHT never really get used and is there "just in case"?

[baxus]

12 hours ago, The Anti-Targ said:

Nothing is unhackable, so Apple pretending that their device is impossible to access is talking complete shit. The only question is how long will it take for the FBI to hack into the phone.

<snip>

Questions of the legality and morality of mass data sweeps aside, every dangerous precedent Tim Cook talks about is actually legit police surveillance of suspects when an appropriate warrant has been issued.

<snip>

 If this "iOS with a back door" was to fall into the wrong hands what do people think will be done with it? If criminal organisations wanted to use it for mass access to iPhones they would need to find a way to force an OS update of millions of people's iPhones. And if Apple can't stop or detect the unauthorised update of millions of people's iPhones then they have bigger security problems than making a custom OS with a back door. Indeed if it is possible to make a custom OS with a back door, then someone has probably already thought about and even worked up a way to do it, but probably decided it has limited criminally profitable possibilities. Unless you physically get your hands on a phone so you can update that specific phone then a custom OS is pretty useless for hacking in to someone's phone. It's better to make a malware trojan horse app that sneaks onto someone's phone and unlocks it from the inside without tinkering with the OS.

Personally I don't trust this corporate PR to be a legitimate voice of concern for the people. The only person Apple cares about is the corporate person called Apple.

Nothing is unhackable, including Apple's devices. That's why this talk of an iOS backdoor is total crap. FBI could've hacked this phone by now if they really wanted to, no doubt about that. What they want is an easy way to hack into any phone out there and that's a no-no. Especially if they could do that at a whim and without anyone knowing, which this feature would allow them.

Appropriate warrant is one thing - access to any device out there running a certain OS is another. As stated in their announcement, Apple complies with subpoenas and search warrants and has done everything requested from them by the authorities investigating San Bernardino case. Here's what they say in the letter:

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

 

Do you think that FBI would take the data, and then destroy the phone or hand it over to Apple to remove any trace of the software? Or would they "keep it as evidence" and reverse engineer it? Would you gamble on it?

Like every other company out there, Apple does what is in its best interest. I don't expect them to do otherwise, since it's not their job to be "the good guys" but to do their job and turn a profit. On the other hand, we have government whose job it actually IS to be THE good guys and they want a tool that would allow them to spy on their people with no one knowing about it.

12 hours ago, The Anti-Targ said:

 

But it's still impossible for the FBI, or anyone, to deploy this custom OS on a mass scale without Apple's cooperation. They might have a mechanism to be able to access every safe deposit box ever made. But they completely lack the ability to actually access every safe deposit box ever made. Hence they can only deploy this tool in a limited fashion. 

I would say that creating a custom OS in order to access a phone has the lowest privacy breaching risk of any method that could be devised to access somene's phone. There is no suggestion here that the FBI is demanding or will demand or could demand that all future commercial versions of iOS have a back door. If the FBI knows that it can force a custom OS onto a phone to make it hackable for any phone it obtains through a legitimate warrant, or probable cause, then it seems to me a lot less likely that the FBI would start to make demands about pushing malware onto all phones.

Once again, could we just stop with the notion that there would be no abuse of this software even by the government agencies, let alone what would happen if it fell into the even wronger hands.

Creating such a software would be a dangerous precedent, and while there is no suggestion that FBI would demand its addition to future iOS versions, there is no guarantee they wouldn't, is there?

Quote

 

[Mladen]

2 hours ago, Shryke said:

They do have a warrant for the phone afaik. The problem is they can't access the phone. They want Apple to make that happen. They don't want access to all phones or a backdoor.

OK, I have read the article on BBC about this yesterday, but isn't the FBI's demand practically that Apple should design two software: One for encryption that bypass the security measures and the second for automatic testing of the passwords. So, the way I understand it, they do want a tool that would help them in the future.