back to article Feds look left and right for support – and see everyone backing Apple

Public opinion over the judicial demand that Apple create a version of its mobile operating system for the FBI – dubbed FBiOS – appears to have landed firmly against the Feds. The FBI has demanded Apple assist it in breaking into the mobile phone of San Bernardino shooter Syed Farook who, along with his wife, killed 14 people …

  1. Anonymous Coward
    Meh

    I have to say that I'm a bit on the fence about this.

    On the one hand, I see Apple's point about the slippery slope. I'm also rather wary of a court being in position to order an independent entity (who has nothing whatsoever to do with the case itself) to assist.

    However, the FBI do seem to have bent over backwards to figure out a way that they can get the data off this device without it at least being obvious that it would create a precedent. They are not asking for a generic solution. They are not asking for the encryptiong to be broken. They have also gone through the correct channels to do this kind of thing, i.e. a proper public court.

    1. PleebSmasher
      Black Helicopters

      "However, the FBI do seem to have bent over backwards to figure out a way that they can get the data off this device without it at least being obvious that it would create a precedent."

      Here's the precedent: Apple and Google update their devices to make it harder if not impossible to bypass PIN security restrictions by uploading new firmware. Apple already said last year that it would require 6 digit PINs rather than 4, expect to see more of that.

      1. JeffyPoooh
        Pint

        Have they tried 7-8-5-2 yet?

        Reportedly, on devices with swipe-the-digits unlock codes, about half of everyone uses the backwards 'L' shape 7-8-5-2.

    2. This post has been deleted by its author

    3. Fred Flintstone Gold badge

      Let's help you out then :)

      I have to say that I'm a bit on the fence about this.

      Fair enough, let me help you because there is quite an important game of "things we want but are careful to omit" in play here.

      Quite simply put, although the court order imposes restrictions on the specific request, the FBI (and supporters of this idea) are very careful to avoid mentioning that this order does NOT stand on its own and the apparently imposed limits disappear once accepted, because of the way the US legal system works.

      At one point, someone in the US legal profession came up with the idea that if a certain judgement is accepted, there would be no point in arguing about it again and again, so a decision establishes "precedent" - a kind of seal of approval that because it was OK at one point, it should be OK the next time around as well. This is, in my opinion, the real goal of this FBI request: setting precedent.

      You see, as soon as this precedent exists, there is nothing to stop the FBI and anyone else with even a vague connection to government of law enforcement to ask for this again, and again. In other words, that "one off" illusion they are trying to spin publicly is worth absolutely nothing, and rather reminiscent to the "give us lots of power, just to fight this crisis" scam after 9/11, powers that have largely remained intact since.

      The next thing you will get with such a precedent is scope creep. Now it would used to access data of evil people with suspected links to terror (note that that is very carefully already one step removed from "people suspected of being terrorists themselves"), but eventually it will be worn down, precedent after precedent to "anyone we feel like investigating because, well, hey, the sun is shining and we are bored".

      To accommodate for that inevitable avalanche of court demands, manufacturers would have no choice but to indeed install the backdoors that we have been fighting for what seems forever because Backdoors Are A Really Bad Idea.

      Just in case you think that I'm exaggerating when I claim scope creep will happen (which is fair enough, always ask questions), one of the first things that happened when powerful "we will never use if for anything else" anti-terror legislation was introduced in the UK was that a council famously used it almost immediately, but to investigate the seriously nefarious crime of allowing a dog to foul the pavement. QED.

      I am personally absolutely for law enforcement having the right tools, but what is being asked here is not right because there is no way to prevent the rather grave consequences, certainly now government transparency is but a vague memory, and I suspect that setting that precedent is the real game.

      This is not really about Apple, it's about governments that want our life to be transparent whereas their activities are increasingly not rather than the reverse it ought to be. I suspect that the FBI will now attempt to bulldozer weaker players, but they've woken up the whole of Silicon Vally to the threat now. Silicon Valley has a stake in stopping that from happening because it would be game over the day that happens, Privacy Shield agreement or not.

      Does that help a bit?

      1. AndyS

        Re: Let's help you out then :)

        >anti-terror legislation was introduced in the UK was that a council famously used it almost immediately, but to investigate the seriously nefarious crime of allowing a dog to foul the pavement. QED.

        You forgot the bit where they also used anti-terror legislation to investigate parents who were trying to get their children into the schools of neighbouring catchment areas. Because heaven forbid a parent should want the best education for their children! That's only one step from sending them to Syria to fight for ISIS!

        1. ukgnome

          Re: Let's help you out then :)

          If the government said it is now the law to keep a downstairs window open just in case they couldn't get into your house then I am sure you would jump down pretty quick off that fence.

          If all you stored on your phone was dick pics and mates numbers then fine, brute crack the life out of it, but it's probably harbouring more data than your laptop.

          Now as I understand things, this device was a work device, so maybe as a compromise all work phones should be crackable. What's that feds? you don't want anyone cracking your work phones? cake and eat it springs to mind, and no you can't have the cake.

          1. Anonymous Coward
            Anonymous Coward

            Re: Let's help you out then :) @ukgnome

            Sorry that is a daft comment, the police will knock and make entry through whatever space they can find, IF THEY HAVE A WARRANT. The desire for a silly analogy simply does not stack up. This is more like a landlord saying, sorry, the tenant used a combination lock and I cannot open the door. With a real door in a real building there is no problem but because the terrorist was ever so clever in using his EMPLOYER'S chosen device the 'enforcer' will not work. So scoff law outfits like apple can continue making a mint - but NOT from me. I would not touch them with a bargepole.

            1. Doctor Syntax Silver badge

              Re: Let's help you out then :) @ukgnome

              "scoff law"

              Until this goes to the highest possible court we don't know what the law is so it's impossible to know who is scoffing at it. "We" includes the FBI. "Who" could also turn out to be the FBI.

          2. CrazyOldCatMan Silver badge

            Re: Let's help you out then :)

            > Now as I understand things, this device was a work device

            And my first thought was "don't they have a MDM system"? Ours can unlock the phones registered to it.

            1. JetSetJim
              Paris Hilton

              Re: Let's help you out then :)

              According to a USAToday article, which does foam at the mouth a bit, I admit, the phone in question was owned by the county, and the county has given permission for the Fibbies to rummage in the digital innards of it. None of the other articles I've seen mention this, though (or I skimmed past them for TLDR reasons).

              So, unless there are flaws in the "reasonable use" clauses within the contract between the county and the deceased, doesn't this boil down to the county asking (via the Fibbies and a court order) Apple for access to their phone? This, Apple has done before, according to various sources that don't cite references.

      2. SW10
        Holmes

        Re: Let's help you out then :)

        Like your post - one quick comment:

        At one point, someone in the US legal profession came up with the idea that if a certain judgement is accepted, there would be no point in arguing about it again and again, so a decision establishes "precedent" - a kind of seal of approval that because it was OK at one point, it should be OK the next time around as well.

        It wasn't someone in the US legal profession.

        That's English Common Law, the roots of the US legal system. What it also means that English court cases prior to Independence are precedent in the US.

        (In very exceptional cases, it's even possible to argue judgments in other Common Law countries, so an English solicitor may point to a US or an Australian judgment.)

        1. Anonymous Coward
          Anonymous Coward

          Re: Let's help you out then :)

          Like your post

          Thanks :).

          That's English Common Law, the roots of the US legal system. What it also means that English court cases prior to Independence are precedent in the US.

          Thanks for that. I deal with a lot of law and lawyers (but I'm not one) because I deal with the practical consequences of getting it wrong, but it does mean I sometimes don't have the history right - happy to learn something new :).

      3. Hargrove

        Re: Let's help you out then :)

        Modern information technology has inherently changed the nature of global society, including the diversity and capabilities of the diffuse threats to the members of that society. I've yammered on at some length in El Reg Fora about what I characterize as the breach of the social contract between those who govern and the governed. The essence of this contract is that the governed cede to those who govern certain rights and freedoms in return for a greater good.

        Now, I'll concede that given the radical technological and social changes of the past 50 years, changes to some of the terms and conditions of the social contract are doubtless in order. But it is critical that the result be a valid contract. That is, the parties must reach a meeting of the minds on the adequacy of the quid pro quo and there should be equity and balance regarding the consequences of violations of the terms and conditions. In the case of physical search and seizure those conducting the search had names and faces, and left physical evidence of their passing. There was, at least in theory, some possibility of holding them legal accountable for trampling a citizens rights.

        That is not the situation we face here. Over the last couple of decades, the federal government has systematically built a firewall around its activities. The terrorist threat has been used as an excuse to create a web of laws and draconian penalties pursuant to executive orders authorized by law. At the same time the government has drawn an impenetrable veil of classification around its information operations. Finally, in the US at least, the federal government, through the offices of the Justice Department have succeeded in marginalizing state and local law enforcement officers, constraining their actions, and making every act subject to intense monitoring and scrutiny.

        Before citizens cede any more authority to the federal government, the terms and conditions of the revised social contract must include some serious restraints and limits on the power of federal officials. Actions of federal officials must be closely monitored and those who overreach and abuse their authority must be held accountable and severely punished. The rights of a People are sacred. Abuses of authority should be criminal offenses, and the consequences should be dire. As an example, in addition to civil and criminal penalties, consequences should include a life-time ban on employment in any position funded in whole or in part, directly or indirectly by taxpayer money, and forfeiture of income exceeding some reasonable multiple of the established national minimum wage,

        It may be that the People will, at some point, decide to cede authority to those who govern. But first last and always that should be the People's call and not, as appear to be the current case, an extra-legal dictate of some unaccountable federal official.

        Never forget Miriam Carey. To the best of my knowledge her killers have never been identified by name. All we know is that they were federal officers and they were fully exonerated. This being an IT forum the following side note may be of interest. I just Googled Who shot Michael Brown. The query returned 259 million hits led by a photo of Officer Darren Wilson. The query Who shot Miriam Carey returned 401,000 hits, and no names. As the kiddies are wont to say: "Do the f---ing math!"

      4. partypop69

        Re: Let's help you out then :)

        Absolutely right.. 100%

    4. Mondo the Magnificent

      Collaboration?

      I worked extensively with the UK high tech crime and counter terrorism units when I was in the UK

      My position was nothing more than a consultant engineer who liaised in putting methodologies in place to speed up investigation time

      One thing I was aware of was the collaboration between the police, well know mail providers and Telcos All these companies were very cooperative when it came to the police needing info or access to a suspect's mail.

      I understand where Apple are coming from on this and reading Tim Cook's "Blog Entry" doesn't seem to match up with what the FBI are saying and visa versa..

      National security is what it is, it affects the nation, especially in relation to terrorism.

      Now this case seems to focus on a radical and his partner who are now both deceased, but playing the "BOFH's Advocate" here, I have ask what if the situation was more dire? Let's say a nuclear or chemical threat that jeopardised hundreds, thousands or even millions of lives and the Feds needed to access an encrypted iDevice, would Apple still hold the moral high ground?

      What if another event took place that could have been prevented through access to encrypted phone data, how would Tim Cook react to that? Would he wash his hands in apple juice and absolve himself and Apple from any responsibility through lack of co-operation?

      It's a nasty situation to be in, but then again, Apple don't want an "NSAKEY.DLL" situation within their OSes, they want and need to be impartial because it's good for consumers.

      Sadly this fracas which has now become a buzz of public debate doesn't resolve the issue of accessing the data of those who pose a threat to individuals or a nation. Sure the suspects may be deceased but phone records and mobile data are an absolute goldmine to investigators.

      Profits and product integrity are a goldmine to manufacturers who have shareholders and loyal customers to appease.

      To me this is a lose-lose situation irrespective of who wins the hearts and minds of the general public in this case.

      1. Stevie

        Re: Collaboration? (4 Mondo)

        Again, I cite the RICO statutes, possibly the most abused non-terrorism anti-crime measure on the books today.

        I used to have similar views to you, but over the last three decades I've seen just about every "one-off" legal tool become the go-to utility of least work for the forces of law and order. I'm with Apple when I wouldn't have been in 1985 because there's a predictable outcome far in excess of the innocent little request so carefully worded by the FBI's lawyers. You do know they have a fleet of them, right?

        Of course the FBI has a history of straight dealing and enforcement of the law ... Oh hang on. That's right. They have been a law unto themselves at whim for most of their existence, or so Leonardo de Caprio would have us believe.

        The fundamental question here is: should the law serve the intests of The People or should The People serve the interests of the law?

      2. John Sanders
        Holmes

        Re: Collaboration?

        "lawful intercept" That is why the telcos are so police friendly.

        "device lawful intercept" will happen to the Apples of the world sooner rather than later, it is inevitable, Apple and the likes will make a public disservice if they do not come up with a way to allow "lawful intercept" to happen on a device that can connect to a public network.

        Note that I'm not defending the FBI here, nor blaming Apple for anything, we live on an age where politicians poison everything we do.

        All I ask is that "device lawful intercept" when it happens has all the legal warranties expected, like a court order not made in secrecy.

      3. Anonymous Coward
        Anonymous Coward

        Re: Collaboration?

        I have ask what if the situation was more dire? Let's say a nuclear or chemical threat that jeopardised hundreds, thousands or even millions of lives and the Feds needed to access an encrypted iDevice, would Apple still hold the moral high ground?

        In that case there would have been more intelligent operatives in play who would (a) bloody well ensure the press didn't get wind of it because of the panic it would cause and who would (b) establish informal channels with Apple to get help instead of putting the only party on the planet who has the capability to assist in a position where this was no longer possible. Amazing as this may seem from what you see, there ARE actually intelligent people working in intelligence, but they usually only get to play when sh*t is about to hit the fan and the career bureaucrats become worried they may get the blame for it (in other words, when it's close to being too late to act).

        There are informal channels for this. Doing this via the court suggests that Apple has told them already to f*ck off which is not surprising because the FBI seems to hit the courts every. single. time. they come across an iPhone. They are now trying to bully Apple via the courts to get their way, but the feel I get from this is that this not even the FBI's play, it's a new play for hurting companies that don't want to bend over and present their backdoors, if you pardon the graphic image.

        Just say no.

      4. BitDr

        Re: Collaboration?

        There is a problem with this line of argument;

        "What if another event took place that could have been prevented through access to encrypted phone data, how would Tim Cook react to that?"

        The above makes the error of presuming that the encrypted data is helpful to the case. There is a thought experiment in physics that might help illustrate the dilemma, Shrodingers Cat.

        In our current situation what we "know" is that there is data in a phone (a cat in a box), but we don't know if the data is pertinent or not (cat alive or dead) and until we decrypt the phone (open the box) we have no way of knowing. The data is in two states at the same time, both helpful and non-helpful, and the box can not be opened. If someone does manage to open it , history shows that even worse acts than those carried out by the two (now dead) murderers are more likely to be perpetrated against the populace; all in the name of justice and public safety. The box , because once done it can not be undone (all that talk of precedent).

        Being able to open the box and look inside only introduces temptation into the equation, the temptation to falsify evidence, to "find the expected", to abuse the power and do wrong. Doing the wrong things for the right reasons is an all too frequent human failing and an easy path to follow. Doing the right things for the right reasons is a difficult path to follow, but it has the greater reward of citizens who will fight for those principals; so long as they are being upheld and respected. This kind of attitude can perhaps best be summed up in the following;

        "I disapprove of what you say, but I will defend to the death your right to say it" -- Evelyn Beatrice Hall

      5. Anonymous Coward
        Anonymous Coward

        Re: Collaboration?

        I worked extensively with the UK high tech crime and counter terrorism units when I was in the UK.

        My position was nothing more than a consultant engineer who liaised in putting methodologies in place to speed up investigation time

        Well, I actually built the infrastructure you must have been using, so I saw the play in the background.

        There are ways to play this without going public, yet remain firmly within ethic lines of action, but the FBI has been publicly whinging about iOS encryption for quite some time. I am not sure if the FBI is the main actor here or just a tool, but this could have been done differently that would have ensured a one-off with caveats applied as it concerns an older model iPhone.

        By going public, the FBI (or whoever is behind it) is seeking to set a precedent, which will then be used to harass Apple and others with so many orders (not requests, legally compelling orders) that the only economical choice for the victims of this attack will be to indeed establish those much wanted backdoors - that is in my opinion the real target.

    5. partypop69

      Companies that make stronger security being forced to dumb it down is counterintuitive. The public demands more privacy, tighter security and the Public outweights the Government.

      The solution for the Government to break into the iPhone is to go with a third party hacker, and they'll do some test runs on a test phone, and do the final job on the actual device.

      John Mcafee (owner of McAfee security) offered to hack it for free, with his team. FREE. No excuses now.

  2. Deltics

    "It also appears that people are taking the situation seriously enough to find out and understand the finer points of the situation: something that happens all too rarely."

    And then ignoring those finer points that don't re-inforce their own pre-formed opinion.

    If this were a case of documents in a filing cabinet, the court would have issued a warrant for the seizure of the cabinet and the FBI would have done whatever they needed to get into that cabinet including requiring the manufacturer of the cabinet to assist with opening it if the lock proved problematic or they risked destroying the contents in the process of opening it.

    In fact, although I don't have case references I would be surprised if this or an equivalent situation has NOT previously occurred already.

    But nobody would claim that this establishes a precedent for the FBI walking into everyone's home and opening their file cabinets willy nilly.

    A file cabinet is LESS unique than all other file cabinets of the same or even similar models than a phone is, with it's expressly unique identity. So why is everyone so convinced that a request to assist with accessing a specific device (faster than would otherwise be possible, NOT making the impossible possible) necessarily extends to ALL devices.

    If the FBI were to try to claim that this establishes a precedent, any court will immediately point out that the precedent is established for requiring assistance only with a specific device and that any assistance with accessing devices in general must be considered on it's own merit.

    There's a distinct lack of any application of intelligence on the part of otherwise intelligent people in this debate. To the extent that you have to question whether the most intelligent people involved are exploiting the lack of intelligence/awareness they assume in others for some proprietary gain.

    Actually, I don't think you need to question it at all.

    Either they aren't as intelligent as we thought or they are and they are deliberately misrepresenting things for their own ulterior reasons.

    1. Number6

      No, what we have here is a filing cabinet with a built-in self-destruct mechanism. The FBI know that trying to break in will burn the contents to a crisp so they're trying to find a way to disable the incendiary device.

      1. Kurt Meyer
        Thumb Down

        @Number6

        Deltics writes - "If this were a case of documents in a filing cabinet, the court would have issued a warrant for the seizure of the cabinet and the FBI would have done whatever they needed to get into that cabinet including requiring the manufacturer of the cabinet to assist with opening it if the lock proved problematic or they risked destroying the contents in the process of opening it."

        You write - "No, what we have here is a filing cabinet with a built-in self-destruct mechanism. The FBI know that trying to break in will burn the contents to a crisp so they're trying to find a way to disable the incendiary device.

        I write - You should learn how to read.

    2. Anonymous Coward
      Anonymous Coward

      Either they aren't as intelligent as we thought or they are and they are deliberately misrepresenting things for their own ulterior reasons.

      It's not very intelligent to try and declare people who disagree with you as less intelligent. That only works with, well, dumb people..

    3. Matthew 17

      Would amuse me that after all this fuss...

      There was an iCloud backup of the phone all along :)

      I think that even if Apple were given the phone, made a hack in secret to break into it, took a copy and handed the data over without the details of the hack, the software or whatever never leaves their lab then that might be a sufficient compromise. Assuming they can actually do that.

      But to hand over software to the Feds that would enable them to break into any iOS device without asking isn't really on.

      1. TRT Silver badge

        Re: Would amuse me that after all this fuss...

        This is a work phone, is it not? Owned by a government agency wasn't it? The county of wherever?

        So... it's technically not Farook's. Why wasn't it configured so that the county could access it? Is it more of a failure of their IT procurement and deployment policies? How can they tell that the setting was set to self-destruct from looking at the last backup if they can't read that backup and get most of what they want?

      2. John H Woods Silver badge

        Re: Would amuse me that after all this fuss...

        "never leaves the lab" is not possible. Even the NSA couldn't stop Snowden, the OPM couldn't stop the Chinese and remind me how long "how to build a nuke" stayed secret from the Soviets.

        The Chinese would have a copy of this tool within seconds of it compiling.

        1. Harry the Bastard

          Re: Would amuse me that after all this fuss...

          "The Chinese would have a copy of this tool within seconds of it compiling."

          the chinese do make the iphone, they probably have it already

        2. John Sanders
          Coat

          Re: Would amuse me that after all this fuss...

          """"how to build a nuke" stayed secret from the Soviets."""

          The Soviets had America infiltrated up to the arse, if you scratched your ear in these years one or two things happened, either you found several "useful idiots" (Marxists) or one or two Russian spies.

          As it was, the Manhattan project had several of both.

          Of course the left loves to distort these facts, http://www.wnd.com/2000/02/4020/ they will never let reality ruin a good narrative.

          It is the same with most serious issues to date.

          1. John H Woods Silver badge

            Re: Would amuse me that after all this fuss...

            You appear to be arguing that I'm wrong but: (1) your statement that nuke secrets leaked because of Soviet infiltration does not prove the Chinese or other non friendly states can (or have) not infiltrated Apple -- indeed it rather suggests the reverse; (2) an ad hominem about "the Left" doesn't advance your argument very much. Tell me again why you think the exploit kit won't leak.

      3. Anonymous Coward
        Anonymous Coward

        Re: Would amuse me that after all this fuss...

        Do you really believe that if Apple did as asked in their own labs that the information to do so would stay there.

        Basic spy-craft would get the information out of apple within hours.

        The act of creating the 'special' version would spell the end of any security for apple.

        The new version would be used to reverse engineer the methods and the changes made, even if the information could not be obtained from apple via spy-craft means.

        I am sure that the FBI could ask for some assistance from the NSA if the problem proved to be too difficult as the NSA would also find the security breaking methods of some use. :)

        I am not an Apple fan by any means (not owning any i-things or wanting to) but must support them in this case.

    4. Doctor Syntax Silver badge

      "But nobody would claim that this establishes a precedent for the FBI walking into everyone's home and opening their file cabinets willy nilly."

      "Would" is a big word. Can you really guarantee that neither the FBI nor some other agency of any state where Apple does business wouldn't claim a precedent? Really?

  3. Anonymous Coward
    Anonymous Coward

    "they are deliberately misrepresenting things for their own ulterior reasons."

    Bang on Sir, bang on.

    Both sides will be doing this, will have done before and will do again.

    Your comment is probably the only thing we will ever be sure of in this sorry saga.

    Have an upvote.

  4. wx666z

    FBI

    Having dealt with the FBI, decades ago, They are not particularly bright. They have history of persecuting some of our (US) best. I would not piss on an FBI agent if they were on fire.

    1. Anonymous Coward
      Joke

      Re: FBI

      Dear wx666z,

      Why not piss on one first *THEN* set him/her on fire.

      Maybe a bit harsh, but it's the only way they'll learn.

      1. Mark 85
        Devil

        @Keef -- Re: FBI

        But only if you piss petrol....

        1. jake Silver badge

          Re: @Keef -- FBI

          I kinda suspect that if you can piss petrol, and do so on a guy, and then try to set him on fire, you will have the same problem that the guy has. (Ever heard of back-splash"?)

          Logic. We've heard of it ...

        2. kmac499

          Re: @Keef -- FBI

          Pissing Petro l:- Gabriel Byrne as Satan in "End Of Days"

  5. CheesyTheClown

    FBI mishandled evidence again

    Here's the deal,

    1) Confiscate the telephone while it's still powered on and the pin code has been used at least once. When this happens, all data is able to be decrypted through the normal operating system read and write commands. Also, simply dropping or tossing the phone should leave the phone in a still stable state for reading this data.

    2) Attach an external charger to the phone immediately and leave it powered up the entire time until it has reached the forensics lab for data extraction.

    3) Open the phone carefully avoiding removing the power cable and battery cables at the same time.

    4) Ensure the power cord is securely inserted

    5) Remove the iPhone battery and the main screws supporting the system board. It is ok to remove the screen as well. This won't impact the phone operating.

    6) Reattach the battery (better yet, attach a battery that you're 100000% sure is charged). Hot glue the battery connector in place to make sure it doesn't come lose.

    7) Disconnect the power cord from the base of the phone

    8) Life the system board from the phone (gently of course)

    9) Depending on the model, there are a minimum of 5 individual exposed vias or test points for each of the 4 relevant JTAG pins on the Apple CPUs.

    10) Using the ARM ICE debuggers, connect to the CPU and switch to single step mode.

    11) Door is open... from here you can

    a) Extract the hash for the pin code to unlock the device properly. Run the has through John the Ripper to identify a 4 digit collision.

    b) Extract the finger print points used for user verification so they can be fed into the device electronically to unlock sensitive data including bank accounts.

    c) Image the flash after it's been decrypted by calling block access functions on the flash through the OS and therefore decoding the data in the process to get an unencrypted copy (will take as much as 3-4 days due to JTAG performance limitations)

    d) Upload a new program to perform the same copy but bypassing app restrictions and perform it over wireless... takes about an hour.

    e) Call system file i/o functions to read individual files... surprisingly difficult given the object oriented nature of the IOS file store.

    There are endless methods for extracting data from an iPhone.

    Alternative for powered off devices :

    1) Image the flash via flash JTAG pins (unfortunately slow but effective).

    2) Remove and copy all nvram (haven't done this yet... so would test on disposable test devices first)

    3) Solder an FPGA in place of the NVRAM devices and use Altera/Xilinx logic probe functions to capture and decode write operations to the NVRAM

    4) Follow similar steps to hijacking the kernel via ARM debugger, call the phone PIN code unlock functions and brute force, reset the phone after 3 tries.

    5) Recopy the flash and compare the input (original and changed) as well as the NVRAM changes. Change the modified blocks back to the original values.

    6) Repeat step 4 and reset only changed blocks after 3 tries. Brute force the 4 digit PIN.

    I can probably come up with 20 other ways if I needed to. The first crack on iPhone 6S Plus I did took 23 hours and 5 Red Bulls. I wasn't really even trying very hard... probably spent 2/3 of the time reading and watching TV shows.

    I really just can't see why this is such a big deal. If the phone can decrypt the data to begin with, it's going to be relatively simple to get it back. It doesn't even require someone particularly educated, I'm pretty sure more than half the guys I went to electronics class in high school with back in 1989 could do this.

    Maybe the FBI (and others) should spend less time screwing around with court orders, quit listening to idiots in suits and instead, swing by a local maker space and look for a guy with Aspergers who really likes puzzles.

    1. LaeMing

      Re: FBI mishandled evidence again

      I was wondering much the same - use memory-map comparisons to work out where the byte storing the number of password attempts is stored, then keep resetting it while walking the 10,000 possible PINs.

    2. JeffyPoooh
      Pint

      Re: FBI mishandled evidence again

      @CheesyTheClown

      Agree (at least in principle).

      Too many fall for the trivial red herring about how many billion years it would take to brute force the key. They've somehow avoided learning anything of the history of encryption, hacking and cracking. Even the clear cut lesson from WWII Enigma. It's extremely unlikely that we've *just* stepped over some magical historical boundary, and encryption implementations have just now become perfect.

      Having the device in your possession is equivalent to having a prisoner in a secret 'black ops' dungeon. He will eventually talk.

      Cheers.

    3. aaaa

      Re: FBI mishandled evidence again

      I asked this myself yesterday. And I see the same point raised on almost all articles about this. But not many responses (same here). Clearly those of us that know this, also know therefore the legal case is about the law, not about obtaining the data. i.e.: as written in the article, the FBI are trying to use the courts to bypass the legislature.

    4. Anonymous Coward
      Anonymous Coward

      That will only access certain data

      Read Apple's iOS security document. It is 60 pages long and goes into extraordinary detail about how everything related to iOS security is handled. There are different types of file protection classes. Only files protected with the "no protection" class could be read in this manner. The keys to read files in other protection classes are dropped when the phone is locked, and such files would be inaccessible using the above method.

      Text messages could be read with this method as they are in the 'no protection' class. They have to be since your phone receives them when locked, I guess to add them to whatever database format they're stored in. I would think they could add a bit more protection here by encrypting the text message store in a higher protection class and keeping newly received messages in a separate 'no protection' area - later adding them to the encrypted store when you unlock your phone. Then the above method could only access text messages received since the phone was locked but none of the older ones.

      Given that the FBI has openly requested Apple hack iOS I wouldn't be surprised if there isn't a team at Apple now looking for things like my above suggestion to further lock it down (well they probably were already doing that...but looking a lot harder now) I wouldn't be surprised if iOS 11 really tightened the screws to close up even really complex hacks like the above. I also wouldn't be surprised if iOS 11 isn't supported on phones earlier than the 5S - it may well rely on the secure element so extensively that it can't run on older phones.

      1. CheesyTheClown

        Re: That will only access certain data

        You're right, but that depends on using apps that properly implement security. Very few people read that document and as a result, most data they are looking for is in the wide open. The same code which allows e-mail messages to be received while the phone is locked is exploitable for mails store database access.

        What is possible and what generally actually happens are two different things. Unless the criminals really went all out to make sure they only used apps for storing this information that were super-secure and they also paid particularly close attention to following all security recommendations, most of the data is easily accessible.

        Also, as mentioned earlier, recovering enough information to obtain enough information to generate hash collisions should solve the rest of the problems. Fingerprint and pin codes are not a huge challenge.

      2. CheesyTheClown

        Re: That will only access certain data

        hmm... interesting. I went through the Apple security document as you mentioned. In addition, I read the system programmer's manual for the ARM TrustZone/SecureCore.

        First, as always, from my experience hacking on the platform, as always, including the core doesn't mean effectively using it. There's a huge amount that's out in the open since it was probably too difficult to have security and usability in the same device. It would kinda suck if every time you received a push message or e-mail, you'd have to type a password to let the software act on it. So to speak, while the lock is itself quite secure, they leave the keys in the door most of the time.

        I of course depended a great deal on unlocking a phone where the keypad was locked but the keys were already provided. Dealing with a phone that has been power cycled, I speculated a great deal on. I don't have any more spare phones right now, but I'm pretty sure I have some good plans for getting the phone open anyway.

        The keys used for encryption are too long to type and are fixed length so they have to be stored in a locker somewhere. The locker may be the secure core but that would suggest additional non-volatile memory for key storage as part of the secure core. I don't see this being part of the securecore. This means that the keys themselves have to be stored somewhere out in the open where anyone can play with them. I'm quite sure those keys are also encrypted, but using a 4 digit pin or 6 digit pin to release them shouldn't be overly challenging as the algorithm must be present in the OS code... single stepping that to identify the cipher generally isn't too bad. IDA pro would do most of the work for you anyway.

        If the phone is off and that doesn't work, there are more than a few other goodies in there.

        To begin with, it looks like the system is designed to use relatively run of the mill symmetric block ciphers. There should be a few hundred thousand blocks with known signatures a the block headings that can be used to identify the counters. If you're lucky enough to have a bunch of files with highly predictable and relatively long headers like JPEGs or PNGs, then factoring the encryption key should be pretty easy. AES for example can usually factor key length to 40 or 50 bits when using a large number of known headers from files. This is why things like PGP exist. Using key exchange asymmetric ciphers is always better, but even they get really weak when you have enough known/predictable data to decode on. This is why most secure protocols don't encrypt headers or if they do, they use something special for the headers.

        I've fallen asleep three times while writing this, so I'm hardly at the top of my game. But honestly, I'm tempted to go buy a bunch of iPhone 5s's today and see how many I'd have to fry before I could reliably recover the data. Too bad I have a business trip this week and can't spend evenings at the local maker space.

    5. Anonymous Coward
      Anonymous Coward

      Re: FBI mishandled evidence again

      This is a dead man's iPhone.

      The irony is, if it was using a fingerprint unlock then they could easily have applied the dead finger. Sometimes the older and simpler technology really is more secure.

      1. Dan 55 Silver badge

        Re: FBI mishandled evidence again

        If the phone has just been turned on then you have to use the PIN/password.

      2. Anonymous Coward
        Anonymous Coward

        Re: FBI mishandled evidence again

        They'd have to be quick about applying the dead finger (assuming that post mortem the finger doesn't change enough that it won't work anymore) because there's a timeout as well. If the phone hasn't been unlocked for 48 hours, it will require using the password/PIN instead of Touch ID.

        That 48 hour period is not configurable - personally I'd like to see an option to reduce that time. But you can always enforce the need for the password if you want by powering off the phone (and optionally powering it back on again)

  6. Mark 85

    It's just one device, they say.

    Right... Apple needs to write a special firmware to get around the security. FBI takes phone, pulls what it wants and hands it to....???? Even if it goes back to the county (it was their phone issued to Farook), who's to say that someone won't make a copy of the firmware and will reverse engineer it to work on other phones? I'm also wondering if maybe the NSA has already cracked it and this is just a test case.

    I've heard the arguments that Apple can have the phone on their premises during the loading and unlocking, but who gets the phone after it's unlocked? If there is incriminating evidence (real or imaginary) then the FBI needs to keep the phone in it's possession to maintain the chain of evidence.

    I'm actually on the fence here also. Evidence is one thing, but there's a trust issue involved here that puts things well onto the slippery slope. And it's a good thing that there's a court order and some double secret order involved.

    1. Anonymous Coward
      Anonymous Coward

      It doesn't matter

      Let's say Apple can load the hacked OS on premise, use it to learn the passcode, then load the previous OS on it before handing it to the FBI. That way the FBI can never get their hands on that code. Think that means there's nothing to worry about?

      1. Apple has now created a signed compromised version of iOS. If they delete it, are they sure they deleted all versions, including those on backups? This isn't something they can cook up in a weekend hackathon, so it would leave footprints all over their systems that would be incredibly hard to completely eradicate. Forget one, and if a government or criminal element (but I repeat myself) bribes or threatens an Apple employee who has access to it you got problems!

      2. Apple would have proven to the FBI they can do this, and there's no way they won't be asking again. And again. And again. Next time maybe it will be a newer model with a secure element. It is a lot more secure, but that doesn't mean there isn't a way if you have the ability to load a new OS on it. Even if they carefully delete the code and rewrite it from scratch each time, eventually it will leak out. Apple employees are well paid, but that doesn't mean Russian mobsters or Chinese government officials dangling $100 million at them, or threatening to kill their family, wouldn't result in a hacked version of iOS eventually making it out of Apple.

      3. If Apple really can't break the security of iOS on newer phones with the secure element, asking them to leave a tiny crack in the door that would allow that security to be subverted but "only with an Apple signed hacked version of iOS, so you don't have to worry about criminals using that backdoor" is going to be the next 'request' of the feds. We all know this.

      1. Fred Flintstone Gold badge

        Re: It doesn't matter

        a government or criminal element (but I repeat myself)

        And that, I dare say, is the real problem, right there. Thanks to their own efforts, we have lost trust in our law enforcement, and that trust is not going to come back in a hurry. It is certainly not returning when they continue to evade efforts to make their operation more transparent, something that would truly be in the interest of national security.

        Disappointing, really, because it makes you wonder what THEY have to hide.

      2. Blue Pumpkin

        Re: It doesn't matter

        You don't need to go that far.

        Once you've given in to one government why shouldn't other countries demand the same for their 'terrorist' or 'crimes against the state' cases ?

        On the list of national agencies you'd trust to do the right thing the FBI is (unlikely as it may seem) pretty high on the list in a relative way.

        So Mr Apple you can do this for the US but not for us ? Some nice looking market share and shops you have there, wouldn't want anything to happen to them would you ...

        1. Anonymous Coward
          Anonymous Coward

          Re: It doesn't matter

          No doubt China would be on top of the list of those insisting on being given the same ability to force Apple to help them with 'lawful' requests if they provided such aid to the FBI, given that Apple sells at least as many iPhones in China as in the US.

          I'm sure the same presidential candidates who called out Apple for not cooperating with the FBI would be equally outraged if they provided such help to China for what China considers a 'terrorist' (which would probably include the guy who stood in front of the tanks in Tianamen Square some years ago)

          The people who are calling out Apple for not cooperating with the FBI seem to have a very strong overlap with the people who have trouble realizing that the world is larger than just the US. I'm sure there's a lesson somewhere in that...

  7. Ilmarinen
    Black Helicopters

    Forced Labour

    I'm curious that one aspect of this seems to have so little traction, and that is this: the court is ordering Apple to do something, despite Apple not having broken any law, and Apple not having the right to decline. That's forced labor - slavery.

    Now, if a company breaks the law, it can rightly be forced to carry out certain tasks - for example, to pay compensation. But Apple has not broken the law; it's not even directly involved, just a third party to the FBI's investigation of some dead terrorist.

    To use the locksmith analogy: the locksmith is to be forced to make a skeleton key for a safe that he made and sold, quite legally, to someone who later did something illegal. The locksmith does not want to do this, for whatever reason - shouldn't it be his right to decline, even if we disagree?

    Seems to me that if the FBI can succeed in this, then there is nothing stopping a court from ordering any company or anyone to do anything that it deems necessary or expedient.

    I don't think that would be a wise path to follow.

    1. Anonymous Coward
      Anonymous Coward

      Re: Forced Labour

      I asked, if it were my personal use tech or I provided such tech to another, and the answer is "probably yes." Apparently there's existing case law on point.

    2. Anonymous Coward
      Anonymous Coward

      Re: Forced Labour

      > the court is ordering Apple to do something, despite Apple not having broken any law, and Apple not having the right to decline. That's forced labor - slavery

      There are laws which exist to compel people to do things, as well as prevent people doing things.

      As an example, consider the laws which compel the telephone operators to include facilities for wiretapping calls - it's not something they would do in their normal course of business, but they are forced to do it anyway.

      In the iPhone case, the law hasn't caught up with the technology, and so the courts are attempting to interpret existing laws in this new context. One of the arguments going around is, "the judiciary shouldn't be meddling in areas where the legislature should be setting new rules"

    3. quattroprorocked

      Re: Forced Labour - IS NORMAL

      People and organisations get caught up in legal issues all the time. It can be as simple as being a witness, or having some useful expertise.

      Usually you get asked nicely, and, as it gives you the chance to be a hero, most people/orgs say yes most of the time.

      But if you decline, then the courts can require that you help. The courts need to be convinced that your help is needed, and that the case is serious enough to warrant your compulsion and that the effort involved by you is reasonable.

      "Reasonable" is in fact a key word in the court judgement. In the UK you'd be hard pressed to NOT be compelled to be a witness if it just meant a day in court, but likewise you're not expected to drop everything and spend a year working on whatever it is that your expertise is relevant for.

    4. KeithR

      Re: Forced Labour

      "the court is ordering Apple to do something, despite Apple not having broken any law, and Apple not having the right to decline. That's forced labor - slavery"

      Don't be silly. Courts the world over order the disclosure of "evidence" from innocent parties every hour of every day.

      1. John H Woods Silver badge

        Re: Forced Labour

        "Don't be silly. Courts the world over order the disclosure of "evidence" from innocent parties every hour of every day."

        Don't be silly yourself; Apple is not refusing to disclose evidence. They are refusing to build an Apple-cracking machine in much the same way Chubb would probably refuse to build a safe-cracking machine, even if the government said it would pay for the work.

  8. Efros

    Issue that hasn't been raised

    This phone was a work issued one. Seems that Apple and their ilk should, if I was a customer I would insist on it, allow such phones to be accessed by a sys admin at said place of employ. I know that in our place the issued laptops are used for work, none of us use them for anything else, because we all know that anything done on them is open to examination by the laptop owners i.e. our employers.

  9. Anonymous Coward
    Anonymous Coward

    I'm sure there are some Russian and Chinese hackers laughing at this.

    Let me get this straight, Apple can brick innocent users phones because they went a cheaper way to repair (no, it absolutely was not about security) but, when it comes to helping in a case of terrorism, they refuse?

    Not that it matters, it's way to late and the terrorist did a good job of wiping data, but Apple will get that data and hand it over to the feds, no doubt in my mind.

    1. Joe Gurman

      Rem, no

      No, Apple can't brick "innocent" users' phones whose owners got dicey repairs performed by uncertified techs if those phones are running the version of the OS released yesterday.

      You are, as they say, misinformed.

      And Apple will never hand those data over absent a ruling by the US Supreme Court, which you might have known is currently short one judicial wingnut.

  10. Phil Kingston

    Oh gawd. this is a "gate" already?

    1. GrumpyKiwi
      Paris Hilton

      Yes, and Christina is its name...

      [10AlBundy characters]

    2. allthecoolshortnamesweretaken

      My thoughts exactly... This isn't a proper whatever-gate - if anything, this is more like the superbowl. Two skilled teams, strong enough to go the full distance, and both are bound to have something up their sleeves.

  11. OzBob

    I can see this from Apples point of view

    if they help make their device secure "just once", and set a precedent, then in 2 years they will not be able to give their phones away. Cue end of mobile division of apple.

    If I was tim cook, here's what I would do,...

    Drag the process through the courts as long as possible

    While tied up in legal process, offer everyone with an iphone 5C a replacement device free of change that is not vulnerable to that particular exploit the FBI are asking for (Apple have the cash for this)

    When all but the iphone 5C in question are swapped, release the cracked firmware to the FBI.

    Result: Apple have complied with the court order, customers have secure data, everyone goes home happy.

    1. Anonymous Coward
      Anonymous Coward

      Re: I can see this from Apples point of view

      Fed has already agreed to pay for expenses, so I'd just back charge the cost of the phones to the government (aka taxpayer).

    2. Anonymous Coward
      Anonymous Coward

      Re: I can see this from Apples point of view

      if they help make their device secure "just once", and set a precedent, then in 2 years they will not be able to give their phones away. Cue end of mobile division of apple.

      It certainly would put them on a par with Android, but as that is selling too I think it would damage their sales, it would not entirely kill them off. Usability matters too, and given how eager people share their data on F*ckbook I am not certain that anyone really cares about privacy as much as they pretend to..

      Overall I would agree, it will harm Apple. Maybe that is the real aim? Who in government did Tim Cook piss off? Toupee Trump? Boredom Bush? Orator Obama? Heinous Hillary?

  12. JeffyPoooh
    Pint

    Only one set of opinions matter in this, ah, matter...

    The Justices of the US Supreme Court.

    1. a_yank_lurker

      Re: Only one set of opinions matter in this, ah, matter...

      Unfortunately you are asking the Nine Seniles (minus one) to rule on a technical matter when one should have serious doubts if any of them know how to turn a computer.

      They will probably rule against Apple because the feral shysters will piss and moan about how hard this makes criminal investigations. The feral shysters are conveniently ignoring the fact that criminal investigations are often frustrating and difficult to solve.

      1. Old Used Programmer

        Re: Only one set of opinions matter in this, ah, matter...

        Two of them are only 55, so there should be some justices that can turn on a computer...and probably make effective use of it.

        On the other hand, until there is a 9th justice, any decision that comes down to a 4-4 tie will leave the decision by the next lower court in place. Given that California is covered by the 9th Circuit (probably the most liberal circuit in the system), it might be a while before SCOTUS *effectively* rules on this matter.

  13. Malcolm Weir Silver badge

    Optional

    I am frankly flabbergasted that there is anyone on the fence here.

    What the FBI has demanded is disgusting and evil.

    Of course it is right that Apple should be prepared to help, and indeed they have been. The vile and evil conduct is in the demand that Apple must help.

    Think about it: this is, on it's face, an order compelling a corporation to work for the government, even though the corporation doesn't wish to do so. If the government prevails, why would they not return at some stage requiring Apple to install, say, eavesdropping software on every phone and prohibiting them from disclosing that fact? They can wrap that up with "safeguards" like a requirement for a subsequent order to activate the software, which I'm sure the FISA court would be happy to provide...

    1. GeezaGaz

      Re: Optional

      What the fuck?

      Tell it to the families and loved ones of the 14 dead....

      I can see it now, sales of idevices to terrorists goes through the roof. They can buy one safe in the knowledge that having blown-up/shot innocent people their deepest darkest secrets will remain hidden forever.

      Couldn't make this shit up.

      1. John H Woods Silver badge

        Re: Optional

        "Tell it to the families and loved ones of the 14 dead...."

        Why are the terrorist dead so much more important than those in school shootings? In RTAs? Being poisoned by the water suppliers? Responses need to be proportionate and despite the Department of Lets Big Up the Jihadi Threat the statistics really show that to be negligible in the USA and Western Europe.

        "I can see it now, sales of idevices to terrorists goes through the roof."

        If you think serious terrorists cannot communicate in unbreakable undetectable ways, perhaps reading some John le Carre novels might help; all that cold war tradecraft is in the public domain, you know.

        1. John Sanders
          Thumb Down

          Re: Optional

          """Why are the terrorist dead so much more important than those in school shootings?"""

          I find this question intellectually dishonest, and at the very least annoying. :-(

          Because they have a network supporting them that it would be in the public's interest to dismantle?

          I'm guessing.

          1. John H Woods Silver badge

            Re: Optional

            You are suggesting that:

            A1. There is a supporting network behind terrorists (I agree with this assumption)

            A2. ?

            A3. ?

            <then some logic>

            Therefore: It is "intellectually dishonest" to question why the reaction to terrorism is disproportionate.

            I won't call it dishonesty, but the logical fuzziness here is all yours. My view is that some liberty is sacrificed for security. I'm satisfied that it is proportionate that I can be compelled to produce a DNA sample if I become a homicide suspect. Well, I'm against homicide you see, terrorist or otherwise. But, given the relatively low risk of homicide, I don't think it is proportionate for the government to track me everywhere I go and monitor everything I do. Even if I thought no harm could come of it (and I don't think that) it would be a massive waste of state resources.

            I don't think that everybody should be made more vulnerable to bad actors (criminals, terrorists, foreign spies) on the off chance that it makes it easier to catch the same. Principally because any remotely competent members of these groups cannot be caught by compromising my privacy anyway.

          2. Doctor Syntax Silver badge

            Re: Optional

            @John Sanders

            Firstly we need to consider what the terrorists are attempting to achieve. In as far as they have a coherent purpose - which isn't guaranteed for all of them - they're trying to destroy or overthrow the society in which you live. So at first sight it would seem that Apple's approach is wrong.

            But what's the nature of the society in which you live? Is it a free society? If so then a tool to intrude into citizen's live which can be wielded at will by a government agency makes that society a little less free. And by such erosions, step-by-step the society which the terrorists are attacking comes to attack itself; rather like an auto-immune disease, in fact. It might be in the public's short-term interest to dismantle any supporting network but doing so in the wrong way would be contrary to their long-term interest.

      2. Doctor Syntax Silver badge

        Re: Optional

        "I can see it now, sales of idevices to terrorists goes through the roof"

        I don't think terrorists are a large market in Apple's view. What they're more interested in is the loss of sales to everybody else.

        And the terrorists? They'll get their own cryptography apps. There are plenty criminal coders who are getting pretty good at cryptography after a few iterations of ransomware who could be commissioned to put something together. They'll not be unduly bothered in the long run. It's just everybody else who gets their kit compromised.

    2. Anonymous Coward
      Anonymous Coward

      Re: Optional

      I thought that was already covered with the phone companies keeping tabs on everyone's data while no one could sue the government because there was no admittance by the government of 'proof' of data mining causing 'harm' to parties, giving them lack of standing.

    3. Anonymous Coward
      Anonymous Coward

      Re: Optional

      What the FBI has demanded is disgusting and evil.

      No it isn't. Strip the emotions off and you can see that the FBI is trying to remove what it sees as barriers to its investigation, and that would be OK if it weren't for the manner in which they have done so. By trying to use the 900 lbs gorilla bully manner to force Apple, publicly, they have created a legal situation which does not give Apple a graceful way out, and thus ended up with the only sensible answer, which is "no, piss off".

      If they had used some tact and asked nicely (without court order) for help, I'm sure Apple techs would have tried to assist - everyone understands that law enforcement needs help. But, by asking Apple to publicly declare they can break their own kit, even in limited circumstances, they have effectively asked the court to confirm that the FBI has the power to ask a business to commit commercial suicide if they feel like it.

      What annoys me most is all the BS about this being a "limited" exercise - everyone involved - and that includes the court - knows full well that they can't just change the way the US legal system has been working for decades. This WILL set precedent, so the "one off" conditional is utter bullshit and everyone involved knows this.

    4. Neverwas

      Re: Optional

      I am unclear what is disgusting and evil about a process being played out in courts of law, open to public scrutiny, and - ultimately - subject to democratic accountability.

      But if you see it as so simple I assume you'd also back Apple if the phone contained the location - somewhere near where you live - of a dirty bomb? Or the location of the cellar you have been bricked up in by a member of the security service who has cracked up under the pressure of trying to protect the public which thinks it more important to safeguard their selfies and porn? In short, are you willing to die for your principles?

      1. John H Woods Silver badge

        Re: Optional

        "In short, are you willing to die for your principles?" -- Neverwas

        Aren't you? Maybe should have another name for them.

      2. Sir Runcible Spoon
        Mushroom

        Re: Optional

        "In short, are you willing to die for your principles?"

        I certainly am, otherwise they wouldn't be principles would they?

        If people don't wake up and fight government control, the sleeping masses will take us all with them into servile oblivion. If this is what it takes to wake people up to what is going on, then bring it on.

        Die on your feet or live on your knees. I suppose cowards survive, but we live lives of relative comfort because people who didn't know us stuck up for their principles and were prepared to die.

        If my government has the right to compel me to fight for the defence of this country, then I sure as hell have the right to fight for the defence of this country against things *I see* as a threat.

        I despise cowards almost as much as I hate willful ignorance.

        1. John G Imrie

          Re: Optional

          I'm not prepared to die for my principles, for that way leads to fanaticism. I will live by my principles every day of my life though.

  14. a_yank_lurker

    Trust

    One point overlooked here is the ferals have largely destroyed the public's trust by their unpunished criminal antics. Too many are aware of the very serious implications of the feral's last stupidity for user security and believe tha only time a feral agent is not lying is when they are 6-feet under.

    1. Anonymous Coward
      Anonymous Coward

      Re: Trust

      As I said in another rather lengthy post, I think it was Edward Snowden who destroyed that trust. Yeah it was the government's actions that were ultimately responsible, but he revealed something of far greater scope than anyone who didn't wear a tinfoil hat 24x7 even remotely suspected. Had he not done so but the situation was otherwise the same, I think few would have been coming to Apple's defense and the title of this story would have 'everyone' replaced with 'no one'.

      1. Sir Runcible Spoon

        Re: Trust

        @Doug S - please tell me that was a troll?

        If not, how do you think defending the culprit whilst shooting the messenger is going to go down here? It makes you look a bit daft/naive at best.

        1. Captain Queeg

          Re: Trust

          @ Sir R. Spoon - Agreed!

          following the logic: If I drink drive and kill some pedestrians, should my wine merchant do jail time for it?

          :o)

          1. Anonymous Coward
            Anonymous Coward

            Re: Trust

            I'm not saying what Snowden did was bad in any way, I think people are misunderstanding my point. I think Snowden did us all a great service by providing us unimpeachable proof that there is absolutely no reason to trust the US government, or those of their five eyes partners who are hip deep in the same pit of sewage.

            If Snowden hadn't opened our eyes, most people would still blindly trust that their government is acting in their best interest, at least most of the time. If everything in the world was the same as it is right now, other than Snowden never having leaked that data, Apple would be taking far more heat for not cooperating with the FBI. It is only because Snowden allowed the average person to see what is going on behind their back in their name that they are so distrustful of the government and FBI that they are backing Apple in a case that involves a known domestic terrorist!

      2. Doctor Syntax Silver badge

        Re: Trust

        @DougS

        Ever heard the term "fool's paradise"?

  15. Field Commander A9

    Meanwhile in socialist China

    You want to hide something from motherland? You must be a terrorist! Because a decent comrade won't need to hide anything from motherland! So if your company is helping someone to hide something from motherland, then that someone must be a terrorist and your company would be helping terrorism! And motherland will never tolerant a company that facilitates terrorism!

    1. frank ly

      Re: Meanwhile in socialist China

      Actually, China is now a fascinating example of a blend of crony capitalism and fascism with imperialist topping. They're really good at copying us.

      1. Anonymous Coward
        Anonymous Coward

        Re: Meanwhile in socialist China

        "a blend of crony capitalism and fascism with imperialist topping" is exactly what socialism is. I believed "Animals Farm" explained it very well long ago, but maybe not everybody read it.

        1. KeithR

          Re: Meanwhile in socialist China

          ""a blend of crony capitalism and fascism with imperialist topping" is exactly what socialism is."

          Sigh... There's no end to the peurile, uninformed Rightist bollocks some people are prepared to churn out, is there?

          Clue: works of satire (which, incidentally, mock human nature, not any particular political persuasion) are not a particularly reliable source of information about politics.

          (See? I have read Animal Farm. You clearly haven't).

  16. Anonymous Coward
    Anonymous Coward

    It's a training exercise

    Terror guy: Bad, ooh yes, very bad.

    Government: Good, they love you!

    Once we are used to giving up our security we will be MUCH safer!

    - Pollyanna

  17. JCitizen
    Coat

    I never thought I'd become an Apple fanboy.

    Thanks to Tim Cook, I now can be counted in that number!

    1. Gene Cash Silver badge

      Re: I never thought I'd become an Apple fanboy.

      Eh, even a stopped clock is right once a day. My iPad is a guarantee I'll never be an Apple fanboi. What an irritatingly condescending POS that thing is. Worse than Windows 8.

      1. TRT Silver badge

        Re: I never thought I'd become an Apple fanboy.

        You had me until you said "worse than Windows 8".

  18. The Morgan Doctrine

    Anybody can crack an iPhone, if they have I.C.E. technology

    Dear Morons (er, FBI), haven't you ever heard of I.C.E. That's an in-circuit emulator that can crack anything. Stupid judge banboozled by FBI, the same people who couldn't secure millions of federal employees' private information, including security clearance investigations. Man, what could go wrong here?

    Want to crack an iPhone? Google "The Morgan Doctrine"

    1. PT

      Re: Anybody can crack an iPhone, if they have I.C.E. technology

      Not so. There are security flags in all micros to disable memory read and verify, clearing which usually requires dissolving off the plastic and lasering a track on the IC. Without that you may be able to hook up an ICE - assuming you can somehow attach it to a BGA package with inaccessible pins - but you won't be able to dump the code. Modern micros with a JTAG interface have a non volatile flag that disables JTAG and can only be cleared by a bulk erase. Apple would be fucking incompetent if they didn't activate these hardware protections.

    2. GrumpenKraut

      Re: Anybody can crack an iPhone, if they have I.C.E. technology

      > Google "The Morgan Doctrine"

      Only found a shitty self-promoting web site www(dot)themorgandoctrine(dot)com, did you mean something else?

  19. Anonymous Coward
    Thumb Up

    I'm pleasantly surprised by the support

    When I first heard about this and then read Cook's letter, I thought this could go really bad. Divisive battle that quickly gets ugly and political, becoming a campaign issue that damages Apple's reputation. I'm pretty sure the FBI thought that was what was going to happen, and banked on Apple being afraid of that and caving.

    The FBI picked the absolute best test case for this they ever could have, using the San Bernadino terrorist as the mark. That's fresh in everyone's memory, and was an ISIS inspired terrorist act carried out on US soil. What people had been worried about and assuming would happen eventually did. There was no doubt as to the guy's guilt, and since he was dead no way to waterboard him into giving up the PIN. It was an older model phone that allows the type of exploit that wouldn't be possible in a 5S or newer. It was a perfect storm of things that couldn't have gone better for the FBI trying to get people on their side. If people aren't on the FBI's side for this, I think we can pronounce the calls for building in a "back door" for law enforcement DOA without waiting for the body to float to the surface.

    The fact that the majority supports Apple, that even politicians in congress in both aisles supported them really surprised me. They did this even though this case allows an easy way for a politician to score political points as being "tough on terror" by saying Apple must do this, or try to rally people's patriotism by calling it their duty as an American company or whatever. Yeah some of the presidential candidates jumped on this early - probably thinking incorrectly everyone else would jump on board and they'd look like leaders getting there first.

    Then it didn't happen.

    I guess I'm sometimes too cynical about my fellow man's ability to march blindly into a 1984 future, so I'm happy to be proven wrong. Hopefully it won't be the last time.

    I think we have to give ALL the credit to Edward Snowden for this. If it weren't for the release of documents that showed the extent of government spying on private citizens, I think the instinct of a lot of citizens - and especially of politicians - would be to naively trust that the US government are the good guys. Snowden showed that trust is misplaced, and I doubt it will ever return. Stunts like this which is more political theater than anything are only making that worse (c'mon, the terrorists destroyed their hard drives and both personal phones, this phone was ignored because it was a work phone used for work only, and I suspect the FBI already knew it based on what they recovered from the iCloud account linked to this phone they just figured this was the ideal test case to push their agenda)

  20. Anonymous Coward
    Anonymous Coward

    Apple aims to be the Switzerland of data...

    ... but even Switzerland had to become more transparent because its secret banking system was overused by criminals without enough controls.

    I'm quite sure this story one day will fire back at Apple. Governments may deserve flack because they obviously broke citizens' trust with truly unconstitutional behaviours, but companies consciously helping criminals for their own money interests - banks or mobe makers - are no better.

    Probably Cooks believe iPhone will see a sale boost in a market segment with deep pockets buyers - criminals.

    1. KeithR

      Re: Apple aims to be the Switzerland of data...

      "but companies consciously helping criminals for their own money interests - banks or mobe makers - are no better."

      By WHAT POSSIBLE MEASURE is this Apple "consciously helping" criminals?

    2. regadpellagru

      Re: Apple aims to be the Switzerland of data...

      "... but even Switzerland had to become more transparent because its secret banking system was overused by criminals without enough controls."

      Totally incorrect. The ONLY reason Switzerland had to relax bank transparency rules is taxes evasion, against which some european countries were mad at. France most notably.

      For crimes, never had european judges any difficulties to access bank accounts.

      1. Anonymous Coward
        Anonymous Coward

        I doubt Apple sees any sales boost from this

        They will definitely lose sales from those calling for a boycott of Apple over this. That's a minority of people, but some feel very strongly about this and it will undoubtedly cost Apple some sales. Yeah, maybe they get a boost from criminals but that's how big of a segment of the population? Probably the two cancel each other out at best.

        No matter what Apple does, there's always some hater coming out of the woodwork to post some drivel to cast everything they do in the most negative light. Even those who will never become an Apple customer can enjoy the fact that this single case just destroyed the discussion about creating a "backdoor" in encryption for law enforcement. If the FBI can't get the public or even a lot of congress behind them on this which lines up pretty perfectly to make Apple look as bad as possible, it becomes immediately clear that this fight over encryption and back doors is over.

        So thank Apple for taking this stand, even if you hate them and will never buy one of their products, they just did you a favor.

    3. Doctor Syntax Silver badge

      Re: Apple aims to be the Switzerland of data...

      "Probably Cooks[sic] believe[sic] iPhone will see a sale boost in a market segment with deep pockets buyers - criminals."

      Sigh. Could you try to exercise a little intelligent thought? One would hope that the criminal market is minuscule compared to the mass market and it's the mass market that's likely to suffer due to lack of confidence. If Apple gave in to the FBI I think there are very few people who'd think "Good for them, I'll buy an iThing." and in the meantime the free society you want to defend from terrorists crumbles a little more.

  21. Anonymous Coward
    Anonymous Coward

    Blackberry?

    They should go ask Blackberry for support! No? Well we should still question Blackberry long and hard to get their opinion on this. Given they criticized Apples "encryption all the way" stance!

    http://fedscoop.com/blackberry-taking-balanced-approach-to-encryption-lawful-intercept

    But isn't that the two-faced nature of this situation. To the Feds they say "we offer lawful intercept capabilities", but that's a backdoor even if they don't call it a backdoor. So to customers they have to say "there is no backdoor (whispers to self:it's more like a cat flap)"

    But now we have a clear issue there, so Blackberry can be quizzed at great length on this lawful intercept, whether their phones could be accessed in this situation. What stops other governments from accessing American Blackberry phones by the same method etc. etc.)

  22. jake Silver badge

    There are slippery slopes ...

    ... and then there is deliberately skiing into 2 feet of new-fallen snow sitting on 6 feet of previously fallen snow with a 1 inch ice cap from the mild weather over the prior week, thus triggering an avalanche and killing entirely too many innocents[0].

    The .fed needs to back down. They are completely wrong on this one.

    [0] Some dumb-ass will do this very thing in the Sierra this weekend, mark my words ...

  23. Anonymous Coward
    Anonymous Coward

    Where is this strange land called America? It sounds a bit backwards.

  24. John H Woods Silver badge

    Just seen on Viz Top Tips ...

    FBI. Apple not cooperating? Simply call Bono. He got into everyone’s fucking iPhone without permission.

  25. Velv
    Alert

    "Apple should not be above the law."

    Absolutely true. Nobody should be above the law.

    But when the law (or anyone) is acting like an asshole and everyone is telling them they are acting like an asshole they should take a step back and listen.

  26. Joeman

    all over the globe there are security researches and bedroom hackers trying to come up with a method of unlocking an iPhone. the first to manage it will never need to work a day in his life again as the FBI will pay big bucks for a tool like that!

    Similarly there are probably a small handful of apple employees who know how to do it and are questioning if this years bonus and share options were enough to prevent them selling the idea to the feds.

    Or maybe the FBI already have the data? but the evidence gathered isnt admissible in courts, so they need an official way to unlock the phone to make the data legit...

  27. dajames

    Conspiracy theory?

    Just what is this case all about?

    The FBI have an iPhone that belonged to a gunman. It was his work phone, and he is known to have had two other phones that he destroyed before going on his killing spree ... the implication being that he was confident that there was no incriminating information on the work phone. This phone was the property of his employers -- a government department -- who presumably have records of all his calls and text messages, from which the FBI can see whether he used the phone to communicate with anyone other than work contacts. Despite all this, the FBI are very openly applying pressure on Apple through legal channels to get them to decrypt the phone.

    So, what is the case really about?

    - Is it a test case in which the FBI are going though all the legal and above-board methods to get access to the phone, to test Apple's cooperativeness?

    - Is it a smokescreen, in which Apple and the FBI go through a public charade of refusing to decrypt the contents of the phone so that the world will not suspect that there is in fact a close relationship in which Apple often decrypts iPhones for the FBI?

    - Is it a ruse in which the FBI publicly pretend that they can't access encrypted information on an iPhone 5c because they actually can, and want to persuade other persons under surveillance who have the same phone that it is secure?

    - Is it a ruse in which the FBI publicly get Apple to explain that even they can't access encrypted information on an iPhone 5s and higher because they actually can, and want to persuade other persons under surveillance who have those phones that they are secure, even though the 5c potentially isn't?

    - Is it a ruse in which the FBI publicly attempt, and fail, to get Apple to decrypt this particular phone because, despite everything, there WAS useful information on it, and the FBI want the suspect's accomplices to believe that they don't know that.

    - Is it a ruse in which the FBI publicly attempt, and fail, to get Apple to decrypt this particular phone because, even though there may have been NO useful information on it, the FBI want the suspect's accomplices to believe that there was, and abandon whatever plans they may have been making.

    Frankly, any of these makes about as much sense as some of the other comments I'm reading here!

    Then again, it could just be that some people have committed an atrocious crime of violence and the FBI officers investigating it want to be sure that they have explored every potential source of information in tracking down any accomplices that the perpetrators may have had. I do recall that shortly after the shooting it was reported that the suspects had a huge store of weapons and ammunition in addition to those that they had on them when they were shot dead by the police. It seems unlikely that -- even in America -- they had all those arms just for fun, and one must wonder whether they had some larger-scale atrocity in mind when acquiring such an arsenal. I can see why the FBI would think that there might be further intelligence that they needed to acquire and why they might suspect that there might still be a present threat to public safety.

    1. Doctor Syntax Silver badge

      Re: Conspiracy theory?

      "I do recall that shortly after the shooting it was reported that the suspects had a huge store of weapons and ammunition in addition to those that they had on them"

      In that case if the FBI don't have knowledge of such a store they should be concentrating on whoever made the reports. Or maybe it's just some reported making stuff up to fill a news slot and hoping to get lucky by being proved right if such a stash is found.

  28. smartypants

    50 years ago...

    ...nobody thought we'd all be squabbling about the right for the police to tap our magic telephones.

    I wonder what life will be like in 50 years? (No point trying to predict... see above!)

    1. Jediben

      Re: 50 years ago...

      I'm going to have a stab @ Arguing about the right of corporations to sample your kids DNA for utilisation in a designer baby genetic splicing lab via social media internet-connected testing devices built into the latest security measure in the Apple iSkin wearable, grafted communication device on the back of their hand, so that their particular shade of blue/brown eyes/hair/skin can be replicated in a cloning lab for transplant into an embryo unit to be surrogated into a 2nd world mother on the behalf of homosexual life partners who wish to have the perfect child, which has been granted by a tiny micro-print section of the latest Facebook EULA update.

      1. allthecoolshortnamesweretaken

        Re: 50 years ago...

        Wow. That has almost amanfrommars1-like properties.

    2. Anonymous Coward
      Anonymous Coward

      Re: 50 years ago...

      I wonder what life will be like in 50 years? (No point trying to predict... see above!)

      I can tell you one thing, though, if we let this one happen we will all have less problems with bowel movement because we will get reamed time and time again. The big picture here is wanting AGAIN more power, and they are so desperate for it that they are prepared to take the whole US industry down with it.

    3. jake Silver badge

      Re: 50 years ago...

      50 years ago, Echelon/FiveEyes started ...

  29. Steve Graham
    Black Helicopters

    Skeleton Keys

    Homeland Security's TSA requires checked baggage at US airports to be locked with a padlock which has a "back door" -- a secret key that only trusted agents can have, so don't worry folks, your luggage is still perfectly secure.

    Except you can now print your own set of the keys from a file you got off the internet.

  30. MainframeBob

    US: you can buy guns but not secure phones?

    I find it weired that the us goverment wants to crack down on the phones and not the automatic guns.

    can anyone explain this to a non-US person?

    1. MachDiamond Silver badge

      Re: US: you can buy guns but not secure phones?

      Secure phones are available. They are much more expensive, they are bigger to accommodate a larger battery and they aren't an iPhone or Galaxy, therefore, not stylish. Execs in large corporations have them to discuss sensitive business matters where a bit of advance information could be worth billions of dollars.

      BTW, automatic weapons are not allowed to be purchased by the hoi poloi in the US. Regular citizens in the UK can't go into a shop and legally purchase a hand gun, but criminals are not fussed about owning a gun "legally" so a back alley transaction works just fine.

      1. Anonymous Coward
        Anonymous Coward

        Re: US: you can buy guns but not secure phones?

        Secure phones are available. They are much more expensive, they are bigger to accommodate a larger battery and they aren't an iPhone or Galaxy, therefore, not stylish.

        I am licensed to sell such secure phones and no, the new generation is not larger than an iPhone - they're actually slightly smaller but there is a physical limit because the code cards (think of it as an extra SIM card) still come in the original full credit card format.

        The phones also don't need a larger than usual battery because the voice channel is not using 3G or GPRS (which is why they also work in places without such data services). The price for that is lower voice fidelity and some lag, but it is proper secure - you won't believe how many VoIP based services and apps I've gone through which were plain rubbish.

        Such phones are not exactly cheap, though, retail prices are in excess of € 1000 for approved models.

    2. allthecoolshortnamesweretaken

      Re: US: you can buy guns but not secure phones?

      I'm not a USAsian either, but I guess it's something cultural. Like having no general speed limit on the Autobahn.

    3. jake Silver badge

      Re: US: you can buy guns but not secure phones?

      "I find it weired that the us goverment wants to crack down on the phones and not the automatic guns."

      For the uninitiated, an "automatic" means "magazine fed, one trigger press, one shot weapon". It's not a "spray&pray" machine gun.

      "can anyone explain this to a non-US person?"

      Probably not.

      “Travel is fatal to prejudice, bigotry, and narrow-mindedness ..." --SLC

      1. gazthejourno (Written by Reg staff)

        Re: Re: US: you can buy guns but not secure phones?

        No. Automatic firearms start firing when the trigger is pressed and stop firing when the trigger is released, reloading themselves automatically. Typical automatic mechanisms can include magazines but usually mean a belt feed of whatever type.

        A semi-automatic firearm (which is what you wrongly describe as an automatic) fires one round per trigger press, while reloading (or unloading) without further human input.

        1. jake Silver badge
          Pint

          Re: US: you can buy guns but not secure phones?

          Sorry, Gaz, but you are wrong (at least in the US). My Kimber .45 is properly called an "automatic". The "auto" denotes auto loading, not continuous firing.

          Machine guns, like my Thompson M1928A1, also in .45, are called "fully automatic". (Yes, it's legal for me to own it and use it. Took a while to dot the ts and cross the is ... ).

          HOWever, nomenclature around tools is fuzzy, so YMMV. Beer?

  31. Anonymous Coward
    Anonymous Coward

    rip out the SSD

    If they need the info that bad then they should just rip out the SSD and brute force it. It's common for hard disks to be examined in this way so why does this need to be anything different

    1. John H Woods Silver badge

      Re: rip out the SSD

      "If they need the info that bad then they should just rip out the SSD and brute force it. It's common for hard disks to be examined in this way so why does this need to be anything different" -- AC

      It's understandable that you don't get how it works, it's technical and complex. It is, on the other hand, utterly incredible that you can pull an idea out of your arse in 5 minutes and think that the FBI has not considered that approach in the months they have had the phone.

      1. Anonymous Coward
        Anonymous Coward

        Re: rip out the SSD

        10 minutes. Dechipping and improve forensic tools to better handle mapping of Logical to physical block translation and ask Apple and other vendors for help on compression used

        1. John H Woods Silver badge

          Re: rip out the SSD

          I do hope you are not the same AC I just flamed, I'm beginning to despair.

      2. Anonymous Coward
        Anonymous Coward

        Re: rip out the SSD

        It is, on the other hand, utterly incredible that you can pull an idea out of your arse in 5 minutes and think that the FBI has not considered that approach in the months they have had the phone.

        Well, at least that happened a lot quicker.

        :)

    2. regadpellagru

      Re: rip out the SSD

      "If they need the info that bad then they should just rip out the SSD and brute force it. It's common for hard disks to be examined in this way so why does this need to be anything different"

      Brute-forcing AES256: 2^255 iterations in average (assuming half of the total space will give the key).

      Assuming 1ns time for one iteration (very very optimistic), that's more than 10^64 * 10^-9 s, therefore 10^55 s. One billion years being around 1/3 * 10 ^ 17s, you're looking at 3 * 10^38 billion years !

      And if you have 1 billion CPUs, that only cut it to a lot longer than the univese will exist.

      Good luck, here !

      1. MachDiamond Silver badge

        Re: rip out the SSD

        It's not decrypting the data that the FBI wants, it's getting past the 4 digit access code without tripping the auto-erase function (if enabled) after 10 failed tries and being able to throw codes at the phone without have to wait an increasing amount of time between each attempt. I don't think that Apple would have any more luck than the FBI in decrypting enciphered data.

  32. DaddyHoggy

    All the heavily downvoted comments are almost exclusively Anonymous Coward posts - it's almost as if they know they're typing something completely stupid and, as some kind of last moment defence mechanism, won't post under their own name.

    Hmmm....

    1. Anonymous Coward
      Anonymous Coward

      Not all of them - I just got a worrying amount of upvotes.

      I clearly must be doing something wrong - bear with me while I quickly write a badly spelled illogical rant with caps lock enabled :).

  33. Howard Hanek
    Childcatcher

    Politics

    Some things are best done quietly. The fact that this 'conflict' is public is that there's more to it than simply unlocking one terrorist's iPhone. The US wants carte blanche and Tim Cook, if he's to protect his high end market niche, just can't do that.

  34. Joe Gurman

    Maybe greater weight

    ....than press releases from politicians who represent the Congressional district in which Apple is located, or tweets by other Silicon Valley outfits' CEOs are the editorials in today's New York Times and Washington Post — and, I expect, in news media across the US — siding with Apple.

    The FBI has to be recognized for what it is: a usually bumbling, old boy network that has been spying on US citizens since its inception, contrary to all existing statutes and Constitutional limits. They have been repeatedly guilty of, but never prosecuted for, criminal conspiracy against individuals and organizations who didn't meet the Director's or the then current Administration's political litmus tests. Kowtowing to them on the basis of an ill-informed order issued by the lowest level of federal court (most likely because the FBI knew it could never get such an order from, say, a Federal District Court) would are absurd.

    1. Kurt Meyer

      Re: Maybe greater weight

      @Joe Gurman

      "Kowtowing to them on the basis of an ill-informed order issued by the lowest level of federal court (most likely because the FBI knew it could never get such an order from, say, a Federal District Court) would are absurd."

      A little background info for you, Joe. Perhaps the next time you offer a comment on the United States District Courts, you won't look quite so ignorant.

      Because you certainly do look ignorant now.

      "A Guide to the Federal Magistrate Judge System

      Peter G. McCabe, Esq.

      A White Paper Prepared at the Request of the Federal Bar Association.

      In the United States District Courts, there are two types of federal judges: United States District Judges (confirmed by the Senate with life tenure); and United States Magistrate Judges (appointed through a merit selection process for renewable, eight year terms).

      Although their precise duties may change from district to district, Magistrate Judges often conduct mediations, resolve discovery disputes, and decide a wide variety of motions; determine whether criminal defendants will be detained or released on a bond; appoint counsel for such defendants (and, in the misdemeanor context, hold trials and sentence defendants); and make recommendations regarding whether a party should win a case on summary judgment, whether a Social Security claimant should receive a disability award, whether a habeas petitioner should prevail, and whether a case merits dismissal. When both sides to a civil case consent, Magistrate Judges hear the entire dispute, rule on all motions, and preside at trial.

      There are now 531 full-time Magistrate Judges in the United States District Courts. According to the Administrative Office of the U.S. Courts, in 2013, Magistrate Judges disposed of a total of 1,179,358 matters.

      The importance of Magistrate Judges to the day-to-day workings of the federal trial courts cannot be overstated. Many federal cases settle early in the litigation process, and fewer civil and criminal cases now proceed to trial. Although felony criminal matters are the province of District Judges, in misdemeanor matters and in civil cases, it is often the Magistrate Judge -- and, sometimes, only the Magistrate Judge -- with whom the litigants and their counsel will meet and interact as their case is litigated in the federal trial court."

      The more you know...

      The entire white paper is available for your reading pleasure at: http://www.fedbar.org/PDFs/A-Guide-to-the-Federal-Magistrate-Judge-System.aspx?FT=.pdf

  35. Brent Beach
    Alert

    "The irony ... is that ... there is nothing of value on the phone of Syed Farook anyway."

    Irony, perhaps. Certainty, more likely.

    The phone was protected a few days before the event. All his other phones have been hacked. Why would he suddenly start putting links to terrorists on his phone, password protected or not?

    Clearly this is a cheap trick by the FBI to open the backdoor pandora's box.

    Good for the world minus paranoid law enforcement that Cook shut them down.

    When the Trump-et is against you, you know you are in the right.

  36. Alistair
    Windows

    wild how the commentary here covers so much ground.

    From the least considered brain fart material to some well thought out and decently communicated responses. And this is (supposed to be) a technical website.

    I've not jumped out the gate on this one and have had my moments to think it through. (although I have to admit in a haze from a major sinus/ear infection, and having two separate major tragedies in my immediate circle of friends this week)

    1) The FBI have had this phone for a number of months since the events took place. Most of the data from the phone has been retrieved from the iCloud backups, but there are (I think I worked it out to) approximately 2 weeks worth of data that was not backed up to the iCloud.

    2) Much investigation has been conducted based on who these two had interacted with in the months leading up to the event, however no further arrests or indictments have been issued relating to the event.

    3) There is amongst the investigation team the belief that there is data on the phone, in the period of time since the last backup that might be relevant to the investigation and could lead to further arrests, or possibly link these two to additional terrorists or terrorist activities.

    4) The FBI know that if they brute force the phone the data on the phone will be deleted/wiped after 10 incorrect passcode/pin/pattern unlock attempts. They want to examine the phone data.

    5) The FBI are aware that the self destruct process is entirely functional in software, that is the firmware that runs the phone will enact the destruction of the data on the phone when the 10th failed password is executed.

    6) The FBI have dug around and used an exceptionally old, massively broad law in the american legal code, to issue a writ to Apple requiring Apple to create an 'update' to the specific phone serial number to disable the self destruct code in order to allow the FBI to (either manually or mechanically) brute force the password on the phone. This functionality is specific to iPhones with a specific processor.

    7) Quite some time has passed since the events in question. <it is relevant given some of the arguments we've seen both in this thread and on the general news>

    8) Apple has publicly responded saying that they do NOT believe that they should do this, and called for an open discussion. (and man has there been some discussion)

    My perspective is that the FBI has chosen a particularly emotionally bound legal event (Local US Muslim couple "radicalised" into jihad like actions), which will be unlikely to find any sympathy with the general US public in order to set a legal precedent to back up their demands for a disabling of effective and reliable encryption for the general public.

    They've sadly done this rather well.

    Tim Cook has responded to the request to have a one time only for this specific phone version of the firmware that does not include the self destruct code with a no. And I have to believe that this is the correct answer, Apple has no *choice* but to refuse to do this, since, in US law, this becomes a precedent that will be used in thousands, if not tens of thousands of cases in the future, and in fact will apply not just to Apple and phones but to any company that makes a device or software that uses or relies on encryption and automated data destruction functions to provide security and integrity to the users of those devices and software.

    The law used in this case is very fragile in this particular context. <note hearsay> I've seen reasonably reliable commentary that there may be precedent for this law being used in this context </hearsay note> however there are far more relevant laws that could have been used. This indicates that Apple will have a fairly decent chance of walking away from this on solid legal ground, given the chance to argue in court.

    That in itself sets a precedent.

    There are as quite a few folks have indicated, several other possible methods of getting to the data. I believe that one of those methods will be undertaken, and will result in one particular set of data/facts being found that will lead to one or more additional arrests.

    This pair of events will then become the lynch-pin of a legal framework for the legislation that will remove effective cryptography from the realm of public access in the United States.

    I have to point out that *connection* -- meta data -- information for the phone comes from the telco that the phone is registered with - that meta data covers calls, SMS texts over the telco's own network, roaming data, and possibly some internet connectivity information, IF there was a data plan attached to the phone. They do *not* need to have the phone unlocked to find out who the fellow was talking to or texting. They *may* not need to have the phone unlocked to find out which websites he visited, or mail servers he communicated through.

    Slippery slope? No my friends, this is far more than a slippery slope. No matter which way this particular sequence of events goes, there are consequences here that could be stunning human rights failures, for us and for many future generations.

  37. johnck

    Just checking to see if I understand this correctly, and swapping phone for house.

    The FBI want to get in to a house built by Apple with an Apple defence system. The FBI are not sure what's in the house but it was rented (is was a company phone) by someone nasty who destroyed the two houses they did own to stop the FBI seeing what's in them, but strangely let this one untouched so almost certainly has nothing in it.

    The FBI can get into the house as the don't have the key, Apple also don't have the key as they gave to keys to the owner when they brought the house, who then gave them to the person renting it and thy cant get the keys from them. Trying to smash the door down will activate the Apple defence and destroy everything inside.

    The FBI have a court order telling Apple to build them a batting ram that will not activate the Apple defence system so they can get inside with out it destroying everything. Apple have said no as the reason people buy Apple houses is for the Apple defence system to stop other people breaking in and taking everything. If Apple did build the batting ram, the FBI could use on any house they wanted to and crooks could get hold of it and use it to brake in to other houses, thus making the Apple defence system useless for everyone, so they might just as well leave the door open.

    I see Apples point on this, but I also understand the FBI desire to get into the house, but as others have said the FBI have the house and they haven't even thought about trying any of the windows or seeing if they could take the roof off. Have I got that right ?

    1. Alistair
      Windows

      @johnck

      You've got the right idea, but what you've got a bit wrong is that the FBI want apple to update the code that runs the house so that the action of using the battering ram will not destroy the contents.

    2. Fred Flintstone Gold badge

      Mostly right, with a few corrections:

      - there is a currently open question that Apple is even able to construct a suitable battering ram. There is some analysis that deems it possible, but that's not the same as actually making this happen, and the very act of using this improvised battering ram may trigger the alarm anyway.

      - if they manage to force Apple to build such a battering ram, they have created a template to force any other company (service provider, manufacturer, ice cream vendor - all of them) to do the same. In other words, it's not just the users of *Apple* defence systems that may as well leave the door open, the side effect of this is that the sale of any US defence systems will collapse altogether (and probably take the doors market) with as being pointless. That collapse will include any ability to sell to foreigners who were already weary of US developed defence systems, and doors..

      I find the fact that court and FBI are at pains to bamboozle the public with arguments that this is only asked once significant. IMHO, they would only bother to do that if that was explicitly NOT the aim.

  38. Anonymous Coward
    Anonymous Coward

    NOT even cloe

    The majority of the public believe that Apple must comply with the court ruling which is viewed as proper and reasonable seeing as though the phone belonged to a mass murder and could help prosecute accomplices as well as prevent further murders. Maybe The Reg needs to ask the correct people for an opinion?

    1. Doctor Syntax Silver badge

      Re: NOT even cloe

      Did you mean "NOT even clue" because that sums up your thinking.

      You've fallen hook, line & sinker for a trick. If the FBI win this they'll have a precedent to open anybody's phone on any pretext. Maybe not on any pretext immediately because they'd have to go step by step - they may have to extend the principle to a phone whose user is still living, for instance although I'm sure if that proved difficult there would be ways round the obstacle.

      The case was well selected. The user is dead, the phone is actually public property. Although there isn't a criminal trial to prove the user's guilt the coroner's verdict will suffice. And they're arguing "Just this once. Just this little once.". But just once is enough to establish a precedent to allow an extension to anybody's phone on any pretext in a few easy steps.

  39. Brian Allan

    Interesting how the discussion over this has progressed? Based on the FBI's attitude I would have to say the terrorists are winning, after all is it not their intent to inflict terror and paranoia. The FBI seems to be assisting this process.

  40. MachDiamond Silver badge

    Ask the NSA

    After the Boston bombing I read a news article that strongly implied that the two brother's phone calls were reviewed to gain evidence. I sat up an took notice since the article also stated that the two were not being actively monitored leading to my understanding that some Agency in the US had recordings of the calls. This makes me wonder if The Man® already has all the information they need from the phone in question. The FBI's pushing is to create a different way for them to "know" what data is on the phone so that other data collection isn't revealed.

    As a fan of Tom Clancy's Hunt for Red October, I remember how the CIA needed to confirm some information through alternate channels to be able to disseminate it to other people or they would risk exposing methods or moles they didn't want known. If every time one of these events takes place, law enforcement has tons of phone records and call recordings, the cat will be completely out of the bag. Consumers will also be demanding built-in strong encryption on all of their mobile devices just like large corporate executives have.

    1. We Haven't Met But You're A Great Fan Of Mine

      Re: Ask the NSA

      Yes. That would reveal the systematic colloection of all phone conversations and data transfers of US citizens, for later use.

      Another conspiracy:

      Apple already unlocked the phone like a good US company. Apple needs to save face because they make shitloads of $$$ for the US economy and dont want to endanger sales.

      So Cook and FBI put up a little show, so the public has something to get excited about....

      Pretty much the same as the US election. Idiots with lots of $$$ put up a side show with their extremist views, filtering out the most of the equal idiot voters - so eventually the guy they really want wins with the remaining votes.

      The system where the smaller parties keep the big parties in check won't work anymore, because the smaller parties are the super rich idiots.

  41. martinusher Silver badge

    Quite the Campaign

    Over here (in the US) the push is to highlight things like "Apple cares more about profit than people", its a variation on "Won't Someone Think Of The Children?". There's a bit of a campaign going on about tech arrogance -- the story about the SF homeless being a good example of the softly beating drum.

    There's a desperate need for the government to get into your pants (sorry, phone). Obviously Snowden et al caused a reaction which is making life difficult (but not impossible) for the Powers That Be. Its not that Apple hasn't been cooperative in the past, what the Feds want is open access. (The phone was a work phone and would have backed itself up to iCloud where the information would be easily obtainable; unfortunately it appears that some ill-informed Fed changed the iCloud password and they don't know what to change it back to.)

    I tend to mistrust the FBI because they're effectively our Stasi -- they go after criminals, true, but they're also very interested in political dissidents. MLK is one example that springs to mind -- they were Very Interested in the Civil Rights movement.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like