Apple vs the FBI

[CryptofCthulhu]

Apple trying to act like they have integrity is laughable.

The FBI is making it public so they don't have to circumvent Apple's approval, hack the phone, and risk having those shenanigans become public knowledge.

[Mladen]

2 minutes ago, CryptofCthulhu said:

Apple trying to act like they have integrity is laughable.

It is not about integrity, it's about profit. They are aware that their customers are not thrilled about FBI having unlimited access to their private data. 

[CryptofCthulhu]

1 minute ago, Risto said:

It is not about integrity, it's about profit. They are aware that their customers are not thrilled about FBI having unlimited access to their private data. 

Legality has never kept the FBI from doing what they want. If they think their private information is safe then they are a bit naive. Whether it's the FBI or a hacker, access to their data is always possible if the culprit is determined enough. 

[baxus]

11 hours ago, Swordfish said:

Ugh.  Quote feature.

He's crazy and not dumb, but I doubt he could crack apples encryption.

I'm completely sure he could crack it, or his team could crack it, given time. That's the main reason for this mess - FBI wants an easy fix instead of changing their ways and getting things done properly.

McAfee makes a valid point - extremely smart people are not being hired by the FBI because of idiots that would want to make them wear a suit and tie when they have absolutely no reason to wear a suit and tie and other stupid reasons like that.

10 hours ago, The Anti-Targ said:

I don't know the details of what the court ordered Apple to do, but basically if Apple can get the FBI into this phone without creating and boogey man evil malware that will destroy the planet (according to Tim Cook), then why wouldn't Apple just do that, instead of writing an all high and mighty we look after the people open letter? Which, by the way, has just told every hacker in the world that it is indeed possible to hack any and every iPhone, because Apple didn't say they couldn't do it, they said they won't / don't want to do it. Ergo, it's just a matter of time before someone actually does it, and posts their hack on the appropriate message boards.

The only legal right of access the FBI has is to that specific phone. The FBI doesn't get to dictate the method. As long as they get full access to to what they want from that phone the method is for Apple to determine and all legal obligations will be met. The fact that the FBI had to get a court to order Apple to do something that could be used on any and every iPhone suggests Apple isn't able to do something to unlock just this phone without creating some software that can be used as a key to get into other phones. But the issue is still, how can a custom OS be used as a tool for massive crime or massive surveillance? It can't, because no one can push an OS update onto hundreds of millions of phones without Apple's cooperation, or incompetence. And the FBI cannot legally demand that a future commercially distributed OS has the back door code. Or rather if the FBI can legally demand it the USA and the world is screwed because the USA has authoritarian laws as bad as China that has a global reach, not because of the possibility of a custom OS with a back door existing. 

One would not need to push this to all the phones.

No one could be THAT naive to think that US or any other government agencies (or companies like Apple, for that matter) are made up of 100% good guys, 100% resistant to corruption/threats/whatever and that there would be no abuse and that this software would be 100% secure.

This could make each and every stolen phone subject to unlocking. There is no way to guarantee that this software would be kept safe, nor that it wouldn't be used again, nor that if it were used again it would only be used with court order.

10 hours ago, The Anti-Targ said:

Complete hyperbole. If iPhones are hackable without Apple helping the FBI, then they are only somewhat more hackable if Apple does help the FBI. The world, the internet and even electronic security is not going to collapse and send us back to the 1980s if Apple builds the FBI a custom OS that can be forced onto a phone. And Apple won't stop selling 100s of millions of phones every year.

Once again - every single electronic device is hackable. Period. Every single one, no exception!

The difference being that hacking a phone without this tool would take longer, and would be more difficult.

With this out there, if your phone got stolen it would take a couple of minutes or so to unlock it and gain access to all your data. Wouldn't you rather have 10-20 minutes or longer, to manage to erase the data?

4 hours ago, Dez said:

From the legal perspective:

One of the problems I see in this controversy is the uninformed scoffing at legal protections like search warrants.

Legal authority clearly exists for the government to access this phone. In future cases, warrants would be required to access other suspect's phones. This is not the the kind of mass gathering of data that was subject to the NSA spying controversy, though its spooky ghost is informing this debate, clearly. 

The government would lack the authority to possess whatever yet to be developed software on an ongoing basis for future cases. I have yet to see evidence they are demanding this and I would be shocked if any court ever did- it would be like ordering a storage facility to give up all their keys to all their units. Apple seems to be complaining that the mere existence of such a program- even one they would keep secret- would put their customers at risk. And sure it's an elevated risk- but one they need to accept and its one they are responsible for.  

The logical extension of the position of some privacy advocates seems to be that if your technology is good enough, you have the right to hide your information from legitimate government authority. It contends that some information is above the law. This is unprecedented and ridiculous. And think about it, who benefits most from that sort of rule? Sounds like the people with the most access to technology. Corporations, rich people, the usual bugaboos of the same people who tend to bleat about privacy. 

Your trust in your government and your legal system is admirable.

Still, the potential for abuse is off the charts with this one and it's much better to let sleeping dogs lie on this one.

Of course that the government does not have the right to see your information by default. Why would the government have the right to know the content of one's emails, credit card numbers or vacation photos? Would one even be obliged to cooperate with the government if under investigation? Everyone who's ever seen an American movie knows about the right to remain silent and the Fifth amendment and all that. And it's neither suspect's job nor Apple's to make government's job easier. Apple must protect their users' privacy because that's part of the service they provide at the prices they do. As I said earlier, they are hardly the first ones in that business.

15 minutes ago, Risto said:

It is not about integrity, it's about profit. They are aware that their customers are not thrilled about FBI having unlimited access to their private data. 

And it should be about profit. Apple is a company whose purpose is to make a profit. It is in their best interest to protect their users since, like so many other companies, their profit is tightly coupled to their users satisfaction.

[Lordsteve666]

Does this all not raise an interesting point with regards to the so called surveillance of citizens that the likes of the CIA, NSA have allegedly been carrying out already? 

I mean we've got the likes of Snowden saying they are watching us all and monitoring every byte of data we send or receive. But yet at the same time we have the same people effectively saying they need a new tool from the manufacturer to be able to get info off the phone.

So why do they now need to publicly ask for a way to access our data if they've already been doing it for years? Makes me wonder if all the hype over them spying on citizens is really the true story here, seeing as now they seem so utterly stumped by a single iPhone. I find it hard to believe they wouldn't already have everything from monitoring this guy for years (which is what we are told is happening right now), or even if they only had his data stored on a hard drive in some secret spy facility but without the resources to look at. 

Have all the paranoid conspiracy theorists been wrong all this time?

[DireWolfSpirit]

As usual Democracy Now has done a nice report on this issue. This is a little under 15 minutes but it's very helpful and answers a lot of questions mentioned in the threads posts. - 

I support Apples stance against being forced to create a backdoor for this encryption. It was also pointed out that if they were forced to do this for the U.S. government , many other nations where Apple does business , will follow suit with the same demands for this backdoor and it will be a virtual Pandora's Box. 

Watch the Democracy Now report above, it's very good.

[Curious Rorge]

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this counter.

But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be unfeasible until computers are built from something other than matter and occupy something other than space.

For anyone who thinks anyone,McAfee or otherwise can brute force crack 256-bit encryption.

The 4 digit password of course is a different story.

[Fez]

4 hours ago, baxus said:

Of course that the government does not have the right to see your information by default

By default? No. But by a duly obtained search warrant? Yes, absolutely they do.

[baxus]

1 hour ago, Fez said:

By default? No. But by a duly obtained search warrant? Yes, absolutely they do.

FBI could take the phone in question with a warrant, true.

That still doesn't mean Apple is under any obligation to do FBI's job and decrypt the phone.

The same way the lock manufacturer would not be under any obligation to open the lock on the apartment FBI has a search warrant for.

[Fez]

4 minutes ago, baxus said:

FBI could take the phone in question with a warrant, true.

That still doesn't mean Apple is under any obligation to do FBI's job and decrypt the phone.

The same way the lock manufacturer would not be under any obligation to open the lock on the apartment FBI has a search warrant for.

But that's not true. Both Apple and the lock manufacturer are under obligation to open the lock.

The lock manufacturer never comes into play because its never been a situation where the building management or owner isn't able to open the lock; or where the FBI can't break open the door.

The All Writs Act specifically says:

Spoiler

(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.

A court may grant the FBI a writ allowing them to appropriate any aid from Apple or another company.

[Shryke]

7 hours ago, Risto said:

OK, I have read the article on BBC about this yesterday, but isn't the FBI's demand practically that Apple should design two software: One for encryption that bypass the security measures and the second for automatic testing of the passwords. So, the way I understand it, they do want a tool that would help them in the future. 

No. You are misunderstanding what the second bit is.

They are asking for Apple to lift the limit on the number of attempts you can make at the passkey so you can brute-force the code for the phone.

They are then asking them to make a piece of software that inputs said passcode attempts automatically so they don't have to pay people to sit there for ~11 days typing in passcode after passcode into the phone till they get it.

The second piece of code is stupidly simple. It's like an input emulator and a for loop. A semi-competent half-drunk IOS developer should be able to shit that kind fo thing out in an afternoon.

It's a tool for helping them not have to manually input every attempt. There's nothing sinister.

[Mladen]

15 minutes ago, Shryke said:

No. You are misunderstanding what the second bit is.

They are asking for Apple to lift the limit on the number of attempts you can make at the passkey so you can brute-force the code for the phone.

They are then asking them to make a piece of software that inputs said passcode attempts automatically so they don't have to pay people to sit there for ~11 days typing in passcode after passcode into the phone till they get it.

The second piece of code is stupidly simple. It's like an input emulator and a for loop. A semi-competent half-drunk IOS developer should be able to shit that kind fo thing out in an afternoon.

It's a tool for helping them not have to manually input every attempt. There's nothing sinister.

But, isn't the lifting of the number of attempts you can make at passkey literally lifting one of the major security measures of any iPhone? I am far from being an expert, but with those two pieces of software they can literally crack into any iPhone out there without much time or effort spent. Or at least, that is the conclusion I came to.

[Jon AS]

1 minute ago, Risto said:

But, isn't the lifting of the number of attempts you can make at passkey literally lifting one of the major security measures of any iPhone? I am far from being an expert, but with those two pieces of software they can literally crack into any iPhone out there without much time or effort spent. Or at least, that is the conclusion I came to.

Yes. What the FBI wants Apple to do is create an iOS version that can

 

a. be forcefully installed on any iPhone

b. does not have the limitations for putting in the passcode

c. does not have the feature of deleting the user data after X amount of failed attempts to enter the passcode

 

On top of that they'd like it if Apple could give them a software that can be used to speed up the brute force cracking of the code. As Shryke says, that one is relatively trivial and only useful if you have the specialised iOS in the first place.

[Swordfish]

4 hours ago, Curious Rorge said:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this counter.

But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be unfeasible until computers are built from something other than matter and occupy something other than space.

For anyone who thinks anyone,McAfee or otherwise can brute force crack 256-bit encryption.

The 4 digit password of course is a different story.

exactly.

 

Anyone who is putting forth the notion that this encrytion is hackable by anyone, so what's the big deal....  Doesn't understand how encryption works.

I don't think even McAfee is claiming he can do this.  I thought what he was claiming was that he could use social media to basically guess the password?  Which is...  COnsistent with the level of meglomaniacal craziness he's displayed for years.

[Lordsteve666]

Would this iPhone not have been backing itself up to a cloud storage continuously (assuming it was set up to do so)? So I theory a lot of data they want might be accessible outside of the phone anyway?

There's no way it's getting cracked though. The FBI is going to have to do it themselves, that's what their budget is for after all. 

I think Apple is right on principle about why this is a bad idea and would open a can of worms. I mean even if this software was used only once it would be sitting there tempting so many people. It would be too tempting to some players I'd imagine. Ignore the leggal uses of it and think of the potential for misuse. Not just "the man" misusing it but criminals or other hostile nations. Imagine if some North Korean hacker steals it and it gets used to unlock foreign phones, they'd have access to all manner of stuff from sensitive info down to bank details. 

This sort of backdoor software is like a cyber equivalent of nuclear weapons. Once it's in existence you can't un-invent it and put it back in Pandora's box. You've gotta deal with its existence. 

[DireWolfSpirit]

I'm neither a legal scholar nor a tech guru so I'm mostly forming my opinion on this issue based on the notion of opposition to this "All Writs Act" and on the idea that the governments order here, however unintentional, poses a grave threat to consumers and commerce. It strikes me as unreasonable that Apple or anyone else should be compelled to create something that doesn't exist at this point. Should the government be able to force a Picasso to make a painting? Why cannot a person simply have the liberty to not do anything, why is it Picasso's job ( or anyones) to be compelled to create anything against their wishes? Can we force people out of retirement as well? What limitations are there to this "All Writs Act" and has it been challenged all the way to the SCOTUS? 

I just don't like the idea that the FBI can force private sector to do it's ( the FBI's) job against it's wishes, seems a fundamental infringement on liberty, not to mention a dangerous abuse potential as well in this instance.

[Mlle. Zabzie]

1 hour ago, Lordsteve666 said:

Would this iPhone not have been backing itself up to a cloud storage continuously (assuming it was set up to do so)? So I theory a lot of data they want might be accessible outside of the phone anyway?

There's no way it's getting cracked though. The FBI is going to have to do it themselves, that's what their budget is for after all. 

I think Apple is right on principle about why this is a bad idea and would open a can of worms. I mean even if this software was used only once it would be sitting there tempting so many people. It would be too tempting to some players I'd imagine. Ignore the leggal uses of it and think of the potential for misuse. Not just "the man" misusing it but criminals or other hostile nations. Imagine if some North Korean hacker steals it and it gets used to unlock foreign phones, they'd have access to all manner of stuff from sensitive info down to bank details. 

This sort of backdoor software is like a cyber equivalent of nuclear weapons. Once it's in existence you can't un-invent it and put it back in Pandora's box. You've gotta deal with its existence. 

I personally have the cloud turned off (required for work).  Not sure if these folks were smart enough to do that.  

[Guest]

I find it hard to believe that, with all the US government's access to internet data and metadata, there's actually anything on that phone they don't already know. What they're trying to do is use this terrorist attack to get a universal tool to access any iPhone's encrypted data.

So good on Apple for not cooperating (yet...), even though obviously as a corporation they're mostly doing it to protect future profits.

Agree. What could be on the phone that they cannot get from the carrier? It looks to me that the FBI is just making a statement here.

[Tywin et al.]

Has a court ever ordered a person or corporation to build something?

[Astromech]

25 minutes ago, GrapefruitPerrier said:

Agree. What could be on the phone that they cannot get from the carrier? It looks to me that the FBI is just making a statement here.

I am assuming stored data. The same reason law enforcement wants hard drives from computers.