FBI v Apple spat latest: Bill Gates is really upset that you all thought he was on the Feds' side Bill Gates says reports of him backing the FBI in the ongoing saga with Apple over the unlocking of a killer's iPhone are inaccurate. Asked about widespread reports that the former Microsoft CEO and the world's richest man was taking the Feds' side, Gates told Bloomberg News on Tuesday that he was "disappointed" with the …
Comey, as a lawyer, should know that whether a precedent is set or not is not under the control of any of the parties to a case, and there is no way any of them can tailor their submissions to change this. Also I am troubled by the fact he claims he is only interested in unlocking this single iPhone 5c, because if that is really true he is not doing his job properly [1]. And if it's not really true, he's not really telling the truth.
---
[1] Don't get me wrong, I'd like the FBI etc. to have boundaries on what they can do, but in a sensible society these boundaries should be set by legislation and the courts, not by some voluntary backing off by the organisations when they think they have sufficient powers.
“I’m asking Apple to return to September ’14, a time when Apple made no complaints that the operating system it was using, iOS 7, was insecure,” said Cyrus Vance, district attorney for Manhattan during an interview last week with Charlie Rose on PBS. Vance also said that he had 175 iPhones waiting to be unlocked should the DoJ prevail in this case.
I strongly suspect the government (the FBI in this case) are already in possession of the information, but are after a legal cover in which to use this in a court of law. So the "ticking bomb" scenario of Gates and others imagination isn't even pertinent, never mind that Shami Chakrabart debunked it not so long ago.
"The law cannot always make it easy to do the right thing, but should never make it easy to do the wrong thing."
To Mr Gates, our richest asperger on Earth, ENTJ-type personality and alleged genius IQ...
The US government isn't goingly blindly when dealing with terrorist attacks. They are already monitoring data pipes, cell communications, the internet and it's "dark" recesses. Intelligence knows what they are doing, most of the time. They already siphon all data to and from cell phones, so what's the point of decrypting one?
Mr Gates you are naive to believe that the US government is "blind".
If anything all of this "publicity" could be a design to lull terrorists into a false sense of security. Good. Let them believe their communications are "safe".
This post has been deleted by its author
During the discussions on the UK security bill, it was also pointed out by a former NSA director (I believe) that the amount of data they're getting is so much it's actually making their jobs *harder*, not easier, because there's no way for them to parse through all of it. So even if they can't access some phones directly, doesn't mean they're not getting an absolute ton of information, and even if they *could* access that data, doesn't mean they'd be able to use it
Just reported as saying that A) Apple should help the FBI, B) that the request in question was pretty specific and didn't create a precedent and C) he likened Apple's refusal to having a ribbon tied around a hard drive, and Apple saying "We could cut that ribbon, but we don't want to"?
If that isn't taking the government's side, what is? "Yeah, Apple should totally provide the iPhone security crack to the FBI, on a solid gold flash drive delivered on a silk pillow, and have that group of pretty interns give the FBI guys some hummers on their way out the door."
That's the problem with a lot of reporting. Just because it was REPORTED that he said something, doesn't mean that what was said was ACCURATELY reported. As someone who has been quoted many times in the press, I can tell you that in my experience they get it wrong far more often than they get it right.
And as someone who's worked in "the press", I can wholeheartedly concur with that. To make matters worse, the story that one journalist writes will be read and further misinterpreted by other journalists who think they've seen something sensational that the previous writer missed, whereas in fact they've just spectacularly missed some glaring detail or nuance or context that completely changes the meaning.
(Journalists call it "burying the lede", when another journalist seems to have missed the most sensational aspect of their own story. But in my experience, two times out of three, journalists making that accusation have themselves missed the point of the story they're criticising.)
It's like Chinese whispers, except that it gets systematically louder with every iteration.
Remember, Microsoft is currently fighting a very similar battle against the Feds over access to its customers' data (on that server in Ireland).
I use a term which I don't if it's mine or someone else's. I call it "Journalizing".
Journalizing is when a journalist performs and interview or "research" and digs up enough information to create an article. They will for the purpose of "integrity" ensure that decent journalists will always be able to identify references and provide proof that they aren't actually lieing that someone said something. But they don't need to say the whole thing.
As proof that my daughter has an excellent future in journalism, when she was three, she told the nannys at the day care that "Pappa drinks a lot". She was quoting her mother who told her that "Pappa drinks a lot of coffee". This meant we had to spend an hour in a meeting/counseling because I, a person who drinks approximately 5 liters (little more than 1 bottle a month) of beer annually was being accused of alcoholism. And of course, when a 3 year old accuses you of drinking a lot, you can't ever argue against this because then it's just denial.
I've worked with journalists over the years and I've learned that you should pretty much never take anything the say on face value because 99% of what you find interesting about them is journalizing. You always have to ask yourself "Was this the whole quote or a partial quote which sounds more fantastic when presented this way?"
>"Journalizing"
I think there is an astounding thing going on in France on this.
Rocard, as parti socialiste PM (nothing to do with socialism, communism or whatever, just a neo-lib, basically) said something like this:
"France cannot accept all the impoverished immigrants on this planet, however, it must take its share."
Le Figaro, a French newspaper, on the same journalistic level as the Daily Fail, loves to leave out the second part of the quote.
Well, yes. For this phone, as will the next and the next and the next... ad infinitum ad nauseam. The first one is the hardest battle. Ideally, they all should be hard battles with each case on it's own merit. Unfortunately, that doesn't seem to be the way the system works.
The old saying applies: Give a mouse a cookie and soon, he'll want a glass of milk.
There is nothing wrong with supporting your own country's law enforcement. I do however get a little upset that Mr Gates might advocate destroying fundamental privacy rights by attempting to equate circumventing useful encryption of plain text with cutting a ribbon around a hard disc.
Dinosaurs from IT's former days should be seen and not heard.
The ribbon analogy is actually very apt.
Apple did not create an iOS they can't decrypt. They could have, they probably should have, but they didn't.
That's the ribbon analogy. Apple can let the FBI in trivially, just like cutting a ribbon. They're refusing to, but tomorrow they could decide to. If they lose this court battle they will have to.
Why should it be a problem if the FBI want to use the same technique on multiple iPhones? As long as they get warrants from judges authorising it, as would appear to be the cases here, it's just treating an iPhone the same as any other source of evidence. I don't care if they unlock 1 or 10 or 1000 iPhones each year, as long as they're evidence in criminal investigations that have received judicial oversight.
Apple (and other tech firms) need to realise that, if they don't want to be compelled to unlock or backdoor or unencrypt their products, they need to make it technically impossible for themselves to comply, rather than just stamping their feet and saying NO DON'T WANNA. It's not a hard concept to grasp.
And don't believe for a second that a genuine concern for customer privacy is at the heart of Apple's refusal. They've happily complied in the past when the order to unlock the phone was kept sealed and secret. It's only now that it was made public, with the calculus of reputational damage (and hence loss of precious money flows to their offshore havens) that has entered their minds, that they're making such a massive fuss about it.
Well said. This isn't the police or a politician it is a judge who has ordered access. All our laws come back to having this person look at the case on its merits and then make a judgement. We have been doing it this way for 100's of years. I can't believe Apple want to protect the rights of someone suspected of multiple murders when a judge has looked at the balance of evidence available and believed that this request is a valid one.
And all this crap about Skeleton keys and weakening the IOS is rubbish. Apple sign each version of IOS on each handset individually as anyone who has jailbroken their iPhone will know. They could load their modified IOS on the said phone, sign it with a short expiry time and recover the passcode in their own offices (the same place the damn source code is accessible) and give the FBI 6 digits. No need to let anything out of their sight or share any code/keys.
"Gates' larger point is that, in future, terrorist acts may be larger and scarier than random shootings and could include nuclear or biological threats. Under these scenarios, the government "shouldn't be completely blind," he argued, but there should be "safeguards" to prevent abuse."
I understand this point of view because exceptional circumstances can justify exceptional measures.
The problem is that law enforcement and government not only do not draw the lines where common sense would put them - they don't seem to accept any lines at all.
They argue for exceptional powers to prevent exceptional threats but then, once they have them, they become part of the day-to-day operations and any restrictions on their use - whether through narrow conditions laid out in law or requirements for court-orders or even just approval and oversight - are shot down as preventing law enforcement from having access to the tools they need to do their jobs and therefore responsible for putting lives at risk.
In short, law enforcement demand access to exception powers but refuse to be bound by any limitations on the use of those powers.
So, while the solution Gates discusses seems at least somewhat reasonable, it is simply not going to happen because the other side aren't willing to compromise.
"he argued, but there should be "safeguards" to prevent abuse"
We tried that and Edward Snowden proved it doesn't work.
As there's been no apologies by anyone from any US government agency - not like they would anyway - there's no reason for anyone to trust the FBI or any other organisation to just let this special version of IOS be used just for this one device or the NSA to get a copy and reverse engineer it all, so as far as I am concerned, they can all get stuffed.
But, let's not talk about guns at all for a while. Let's call it technology. The US constitution gives citizens the right to acquire, posses and use technology that can be used in mass killings- either by terrorists or even toddlers. There is a massive lobby that supports this technology. This technology is also a big income stream for the US. Unfortunately - this technology kills more people in the US - than any other country in the world.
Some people say that this technology only kills people if it falls into the wrong hands, but unfortunately the technology is so abundant that there's no way of stopping this from happening.
Instead of exploring - what seems to be a cultural problem - let's put a quick stop to the unnecessary killings - either by terrorists - or toddlers.
Let's present two options:
1) Restrict access to this technology immediately. It'll take a few generations, but eventually there will be a decline of this technology being used against innocent people. Reward people to hand in this technology for destruction - like they do in war zones.
2) Keep selling the technology to potential terrorists or people that let toddlers access it. Then install a surveillance system that gives law enforcement agencies the power to persecute terrorists - AFTER - they've committed mass killing. I say after, because -BEFORE- would imply total surveilance of all citizens a.k.a the movie Minority Report, which is of course illegal.
So - AFTER - the mass killings the FBI will somehow crack open the killers phone and say - "hey look, the bad guy called another bad guy somewhere overseas". Let's order a drone strike, shall we ?
What a load of shit!
The FBI and Government should crack down on Gun manufacturers to ensure their guns either don't end up in terrorist hands or are unusable to be used by terrorists. Too hard ? Well, so is cracking the encryption of an iPhone.
It should be no surprise to anyone that there already are quite a few similar cases, or that they do not involve terrorism. It irritates me quite a bit that the FBI, Apple, and probably at least 95% of the commentariat, here and elsewhere, seem not to recognize that for the BS it is. There are many more than 12 such cases in some stage that might follow on this one; the New York Times mentions 9 (probably included in those mentioned here) and the district attorney for Manhattan (NYC) has said he has 175, not one of them reported connected to terrorism as far as I know. Search warrants have been a standard tool of US law enforcement agencies for more than 200 years and will continue to be, hopefully, far into the future. It is immaterial whether the crime being investigated is terrorism.
The fundamental question is whether and on what basis the government can compel non-government actors to assist in ways that they can, to carry out proper warrants. The government thinks they can, and that absent authority specific to the case, they can use the All Writs Act as authority for it. Apple opposes this for reasons they shortly will be producing in court and makes a number of alarming claims publicly that collectively suggest they think the US is seriously at risk of becoming a tyranny and is using an old and possibly obsolete law to move toward that. Orin Kerr, who probably understands the legal issues at least as well as any of them and has no skin in the game, isn't sure.
The government needs to come clean and confess that this is not about terrorism but the whole range of criminal investigation, where in a world where digital data is increasingly the norm they have a reasonable need to be able to execute search warrants, sometimes with outside help. Along with that, they need to point out that procedures and rules are in place intended to see that warrant requests are reviewed before being granted and that improperly obtained evidence is subject to challenge and dismissal if the prosecutor tries to use it; and that the system is imperfect because people are imperfect and sometimes venal. Those of us in the US were supposed to learn those things in high school Civics and US History classes, but a lot of that knowledge seems to have been lost since.
Apple needs to come clean as well, tune down their overwrought alarmist rhetoric, and admit that making the OS modification the government wants will not put untargeted iPhones at measurably more risk than they are now as long as the government has to come to Apple for help to use it. That the software, which the FBI, NSA, and some thousands of other actors, government and non-government, domestic and foreign probably could develop but not use (we certainly hope) without Apple's help, is not the equivalent of a master key; that Apple already has and will retain the real master key that they use to sign the software they distribute. That Apple will continue (we should hope) to make their products as secure as they can consistent with the national laws under which they and their customers must operate, and will continue efforts against government abuses wherever they operate.
The question wether a phone targeted by a search warrant is running a cloud based backup is not relevant if there are things that the backup system overlooks or if the backup was not done. The apparent fact that the FBI and San Bernardino County committed an error that might have disabled backup may or may not apply to any other of the phones in the warrant queue.
Maybe Apple and other tech companies would help the government and law enforcement agencies if they hadn't such a bad track record?
The bad track record in that there appears to be no accountability for law enforcement agencies, including inntelligence agancies.
Once a technology (say surveilance) becomes available - it will be used. Not only against foreign citizens or nations, but US citizens, too.
Ontop of that - they actively undermine security standards. There's also hypocricy where other countries ( say china) gets accused of all sort of crimes against freedom/privacy, just to find out it is the US thats the biggest offender.
All in all, the US government and associated agencies have a serious image problem. They need a man on Mars right now ! - because people are sick and tired of the whole post 9/11 FUD.
People WANT to associate something positive with their government. But they not gettng what they want.An iPhone instead can bring a lot of joy.
And when seach warrants where invented 200 years ago - they probably had 'searching someones premises' in mind. Not reverse engineering phone encryption.
If that iphone was a house - the FBI would love to kick in that door, scream at people and pin them on the floor.... Here's that image problem again.
They must hate asking Apple for help....
Right now no back door vulnerability exists. The FBI want Apple to make one.
There are two major problems with this, one technical and the other legal.
1) Once a back door vulnerability has been created, it will become a target for malicious actors to steal and other Governments to demand access to (making it easier to steal). Eventually they will succeed, and then all iPhones of that hardware are pwned.
2) If a US technology company can be coerced into created a back door vulnerability in one product, all US companies can be coerced into making a back door vulnerability in all their products.
Which then exposes all US products to (1)
Thus if the FBI get what they want, nobody can ever trust any US product ever again.
The 'back door vulnerability', as such, already exists. The FBI, in this case, are asking Apple to circumvent a particular basic, timing-related security mechanism to reduce the time taken to exploit it, in their own building, using their own equipment, under their own control, to access this under a warrant obtained through judicial review. I'm depressingly unsurprised that the nature of the request seems beyond a few on here, but even i'm taken a-back in the Daily Mail level of ignorance displayed in much of this thread. I wouldn't trust the FBI as far as I could throw their headquarters, but that's not the issue here.
If it's a "particular basic, timing-related security mechanism to reduce the time taken to exploit it" then why can't the FBI do it themselves or maybe it's not so "basic" !
Maybe the FBI have used up 9 attempts of the 10 allowed !
Maybe the FBI want to create a precedent for Phone manufacturers, so forcing Apple etc to have to unlock Phones in the future - maybe thousands of them !
Or maybe the FBI want the Tech for themselves in their own phones but don't wanna pay iPhone prices !
I think if the NSA/FBI are allowed to have encrypted phones then why can't everyone, unless you are saying that the NSA/FBI phones have a back door already !
Why doesn't the Government make whatever local government department in San Bernardino that owns the bloody phone make a request (and maybe also file an amicus brief or whatever lawyers call it with the court) to Apple to help them unlock their phone.
I may be naive, but it seems to me that Apple would lose the privacy argument if the legal owner of the phone asked them to unlock what, IIRC, the FBI locked - and the FBI would not object.
[I don't know who the other 12 phones belong to.]
You're right, you don't get it.
The issue is not that Apple are unwilling to hand over personal information with the proper authority. What they are unwilling to do is write software that deliberately breaks their own security. It might be a theoretical risk that such a break could get into the wild, but it's still a risk to all of us, even with 'comforting' safeguards like it will only work on one phone. There's no comfort in knowing that a template for hacking into zillions of phones is lying around somewhere.
Stipulating that this is correct, because it almost certainly is, there are a few things those who argue this position should explain in some detail.
How does someone who has a copy install it on a stock iPhone? There appears to be difficulty involving code signing.
What prevents someone able to install such a break from creating it right now? It is likely there are thousands in the world with the necessary knowledge, skills, and maybe equipment. Hundreds of them will be in the US, and some of them will be on payrolls at the FBI, NSA, or a similar organization in another country.
If someone (not Apple) can create a package like what the US court has demanded, and someone else (also not Apple) can install it, is there a significant probability that they will get together?
Given plausible answers and corresponding success probability numbers, does the presumptive fact that the details of what Apple is supposed to provide will become known increase the total risk to iPhone security by a meaningful amount?
Re: There's no comfort in knowing that a template for hacking into zillions of phones is lying around somewhere.
Sleep easy children; no one knew for decades that Bletchley Park had compromised Enigma and had the equipment necessary to hack it, so people happily purchased it and used it for secret communications. Remember practically everything we now know about Bletchley Park and it's role in WWII has only been disclosed in the last 20 years.
So it will not surprise me if we discover that a team in Apple already have such a template and have been using it against Apple company phones that get handed in when employees leave...
No, Apple are not asked to write software that "breaks their own security". They are asked to write software that will exploit a weakness on a single device (an older model, newer models plug the hole) and will be useless for exploiting the same weakness of any other device, even if it gets into the wild.
Incorrect.
They are being asked to create a toolkit that can be used to unlock all iPhones of that model, on demand.
Consider the following question:
How could Apple test that this software works?
Can't test it on the target device without risking wiping it by mistake.
So the software can be applied to any and all iPhones. By definition.
On top of that, we already know of over one hundred other petitions for this.
So no, you are simply completely wrong in broad and in detail.
Frankly, did anyone really expect private encryption that is safe from government scrutiny under court order? That is just a bit naive. And a bit pointless too. Unless you plan som major crime, in which case you would be a fool anyway to rely on any mass-market off the shelf solution only.
"Frankly, did anyone really expect private encryption that is safe from government scrutiny under court order? That is just a bit naive. "
If that killer had used 8 random digits and letters as the passcode instead of just 4 digits, nobody would be able to crack it. The FBI's problem is that this phone will erase itself after ten wrong passcode attempts, and that is what they ask Apple to prevent. Typing in 10,000 passcodes is just a day or two work. 8 digits and letters is impossible to crack.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
