back to article Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors

On December 2, 2015 Syed Farook and his wife Tashfeen Malik attended his employer's holiday party in San Bernardino, California – and without warning started indiscriminately shooting at fellow employees. Four minutes and 75 bullets later, 14 people were dead and 17 injured. Farook and Malik fled the scene but were located by …

  1. Doctor Syntax Silver badge

    "It should be noted, however, that the FBI has not given up its efforts to be granted access to every phone. It appears to be simply bidding its time until the next San Bernardino tragedy."

    This should make it a bit more difficult to pull this trick. And not just the FBI.

    But as you say, full marks to someone near the top of the FBI for showing some integrity.

  2. Gene Cash Silver badge
    Pint

    This is journalism

    Excellent reporting and explanation! Cheers!

  3. Franco

    Not shocked that they were chancing their arm, but pleasantly shocked that they did the internal investigation and admitted to what happened.

    Given the current fight between POTUS and the FBI over neutrality (or lack thereof) this is unlikely to be the last of it though.

  4. Anonymous Coward
    Anonymous Coward

    Does the cloud act not make this a moot point?

    1. Sir Runcible Spoon

      Not really. If the company can show that they don't have access to the data (ie the keys are only known to the two people in the conversation) then they can't be compelled to crack the encryption.

      However, if someone has stored files (encrypted or otherwise) on systems owned by a US company, anywhere in the World, then they can get those now. Well, according to US global law anyways :/

  5. GrumpyKiwi

    Let's just take a moment to remind ourselves...

    ...what events it was that kicked off the whole 'going dark' thing. The FIB's attempts to portray themselves as the innocent victims here don't wash. They were compicit in the bulk surveillence schemes that led to the Snowden revelations and the subsequent enhancement of personal security carried out by various software/hardware vendors.

    My sympathy for them can be contained in a box of matches with the matches still within.

  6. elDog

    I know some of the actors and I did try to understand the actions

    But I might wait until the timeline/flowchart of who know what/when is developed.

    So we have a bunch of fairly independent (and need-to-know) groups within the departments and also within the sections. And I'm sure there's a bit of fiefdoms involved.

    This within a government that is teetering from crisis to crisis, the FBI under attack from its supposed supporter, the fux-news/etc. trying to undercut any legitimacy.

    I'll wait for Gibbons History to come out, but I fear that there won't be anybody left that can read (dump and spawn.)

  7. Anonymous Coward
    Anonymous Coward

    No right to conceal information

    A suspected criminal has no God given right to conceal information on their cellphone. Authorities should be allowed to access this info. in an investigation and prosecution. The Constitution protects against unreasonable search and this is certainly not unreasonable.

    1. Nathar Leichoz

      Re: No right to conceal information

      No one is claiming that the criminal has that right. We're claiming that just because that criminal doesn't have the right, doesn't mean everyone else shouldn't have the right too.

      That's the nature with software. When you force the creator to invent a universal skeleton key (like the TSA locks on luggage), someone will steal and duplicate that key and make it widely available on the Internet. In fact, from the article, that independent Israel company sounds like the prime type of person who will be able to steal such skeleton key.

      If Apple is forced to create that skeleton key, the criminal suffers but so do all other law abiding citizens.

      1. tom dial Silver badge

        Re: No right to conceal information

        Apple was not asked to create a "skeleton key." They were asked to develop and implement a breach specific to the Farook iPhone, identified by both IMEI and serial number if I recall correctly, and required that it not be usable on any other device. There is no way to read the original court order to imply that it asked for anything remotely resembling a "universal skeleton key (like the TSA locks on luggage)."

        Presumably the uniqueness of the solution Apple might have developed would involve them incorporating the iPhone's unique ID information in the software and signing it using the same method they use normally for signing. The software would, of course, be convertible to a universal breach tool, at least for the particular model, if Apple's software signing key were leaked. But such a leak would likely enough let any or all of quite a large number of people develop their own break-in software, independent of what Apple might have produced if they had cooperated with the FBI.

        1. Anonymous Coward
          Anonymous Coward

          Re: No right to conceal information

          Doing it once would be a slippery slope. This time its terrorism, next time it would be a pedophile. Then a murderer. Then a mafia guy. Eventually the FBI will tell them "hey I know you guys are getting buried with all these requests coming in for special tailored versions, why don't you give us a master version that works on them all. We promise we won't abuse it." Anyone who watches law enforcement constantly pushing the boundaries, and how they've abused laws that were originally narrowed targeted like RICO and civil seizure knows that's EXACTLY what they would do.

          That's why I suggested and still maintain that not only was Apple right to stand up to the FBI, they should go further and make it impossible to install firmware in DFU mode without providing the PIN/password via iTunes (all phones supported by iOS 11 have a secure element, so a corrupted OS isn't a barrier to entering the PIN this way) and require the iTunes device be one that the phone has previously trusted. That wouldn't hinder the device's true owner from reinstalling the OS in DFU mode but would prevent exactly the sort of crap the FBI wanted Apple to do.

          1. tom dial Silver badge

            Re: No right to conceal information

            Doing it once certainly would have been the first of many. The FBI and various state prosecutors had several hundred such requests already in the queue. It is not obvious why that is a problem, since they had fourth amendment warrants for them all, including the Farouk iPhone, for which they also had the owner's permission. In fact, Apple had previously been guided toward its action in the Farouk case by a judge in the Eastern district of New York, I think in connection, with a drug case. With a proper warrant in hand, the government is authorized to seize and search for what the warrant specifies, and the subject US person has lost the presumptive right of privacy to that extent.

            Reference to RICO and civil forfeiture expansion, which certainly are abused in major ways, are nonetheless not comparable to either the individual warrant approach that law enforcement agencies actually have taken or a hypothetical demand for a general purpose iPhone cracker. There is no legal basis for the FBI to demand such a thing, and Apple could simply refuse to do so if they didn't want to; the courts would not enforce such a demand. Apple also are at liberty under current law make the suggested product changes which, if I understand correctly, would make them unable to comply with such warrants, a plainly valid justification for refusal; the law cannot require the impossible. But when the Farouk and other similar warrants were issued they had not done that, and certainly had the capability to assist the FBI with a single iPhone, repeated as necessary for warrants on other iPhones, all within the limits of the Constitutional restrictions.

        2. nijam Silver badge

          Re: No right to conceal information

          > There is no way to read the original court order to imply that it asked for anything remotely resembling a "universal skeleton key..."

          And yet, as should be evident to all readers of this august journal, the court order was based on a request from the FIB that they knew full well could only be done in such a way as to be a universal lockpick. I'm surprised that even needs to be pointed out.

          .

          1. tom dial Silver badge

            Re: No right to conceal information

            "the court order was based on a request from the FIB that they knew full well could only be done in such a way as to be a universal lockpick."

            If Apple's code signing process actually is effective, that seems to be a bit of a misdirection. The court order did not require code turnover to the government, or even that the unlocking be done on government premises. It seems likely enough that any of a few thousand people in the world would be able to write and compile the code necessary to do what the subpoena required, and it certainly could be done in a way that would be generic, at least to the combination of iOS version and hardware type. However, under the order, Apple would have had full control of the code, and the presumption at the time was that Apple had to sign the executable code in order to install and run it/

        3. tim292stro

          Re: No right to conceal information

          "...There is no way to read the original court order to imply that it asked for anything remotely resembling a "universal skeleton key (like the TSA locks on luggage)..."

          The problem with this viewpoint is the lack of understanding of how technology is made - the phone does not have a UNIQUE encryption technology and implementation on it, every phone of that model with the same software has the same encryption. It is merely the unique information the USER possesses in their head which makes the local data inaccessible to anyone else. Thus "breaking" one so that you no longer require the unique information which blocks access to the data, means you have broken all as a result. And a single key which accesses all locks is: a Skeleton Key.

          The proposed technical control of locking it to an IMEI or serial number is not effective, as the encryption does not rely on the IMEI or serial number to access the data. The control is like proposing that in order to smash a neighbor's front window with a hammer, you first have to buy a flower pot to put in you own front yard. We rational people people understand that the flower pot being there or not has no effect on your ability to pick up a hammer and smash a window - you merely need access to the hammer and the window...

          This is shown by Apple stating that the encryption system they implemented was designed around the user having the correct key/pass-code at the time of data access. Apple's argument was simply that by authoring a piece of software that would generate the correct key without the memory/information contained in the user - would require circumventing the fundamental test that a user of the encryption scheme be the exclusive holder of the knowledge - which would EFFECTIVELY be a skeleton key, as user(s) and their unique knowledge would no longer be required. This would also mean that once that tool was generated, its USE would be solely constrained by the integrity/honesty of the possessor of the tool. So, writing a piece of software which relies on the integrity of the end-user is in itself a hazard to all users. Apple went on record to say even that they didn't want the responsibility to state that their own employees were 100% honest in its use, when the government suggested that Apple write and then keep charge of the tool. One trust failure would result in that control/trust being rendered permanently useless. Anecdotally, the NSA can't even keep track of their own tools, so how could one presume to think that an overworked, underappreciated tech employee who can move companies several times a decade wouldn't EVER make an error?

          We are intellectually honest in understanding that 100% of people are not 100% honest 100% of the time, so the correct decision in the case of this question is to not make that tool. In fact, this report by the FBI suggest that even within the FBI there is a concern that certain invested parties may be suffering from a, let's call it a "deficiency", of necessary integrity to ask for the very tool requested.

          This is the very argument against the politicians asking for putting in a back door to start with - one cannot guarantee that the end use of such a backdoor will be either honest or lawful, but once it's available, there can no longer be any such external control. Thus once the tool is even written, the system it circumvents MUST be presumed insecure by definition. Criminals already break laws, so why would we expect them to be honest with the use of this "vulnerability"? Since there would no longer be a publicly-auditable need to sue for or ask for assistance from the manufacturer, and access with the tool or backdoor would not leave a public trace, what incentive would governments have to constrain their use of the tool for honest lawful purposes? 100% of all people are not 100% honest 100% of all time, so why would one be so naive to attempt write a backdoor/tool for use by people?

          If one still think that a backdoor in an encryption algorithm is possible for a system designed to have one way for data to get in an out, then one simply hasn't thought it all the way through...

    2. Tigra 07
      FAIL

      Re: AC

      You said it yourself - a "suspected criminal" has no right to privacy.

      And who is a suspected criminal to a police state? Everyone

      1. Sir Runcible Spoon

        Re: AC

        Apple didn't refuse to hand over data to the FBI, they refused to create specific code to hack into that iPhone - something Apple complained that they could not be compelled to do (it being tantamount to slavery or soemthing).

    3. deadlockvictim

      Re: No right to conceal information

      AC» A suspected criminal has no God given right to conceal information on their cellphone.

      So, mere suspicion is enough then, is it?

      What happened to getting warrants?

      When did the concept of 'innocent until proven guilty' become 'guilty unless proven innocent'?

      1. DuncanLarge Silver badge

        Re: No right to conceal information

        "A suspected criminal has no God given right to conceal information on their cellphone."

        True. As god (should one exist) never gave any rights, ever. People gave people rights as they fought for freedom and the like and pressured Kings and Queens to sign documents stating they cant do this or that anymore etc.

        So a suspected criminal does have a right to due process as given by the development of a (ideally) just system created over many years sometimes involving bloodshed and revolt.

        This reminds me of the Stop and Search "powers" the UK police got. Where basically they can stop you and search you in the street. To do so they technically MUST be able to state WHY they suspect YOU as being a criminal (specifically a terrorist) or in posession of something that would be an offence, yet the UK police went ahead and stopped just about anyone they liked, wanking themselves off with their new power.

        They would stop photographers taking photos on public land, where you are legally allowed to take such photos no matter who may also be in them (although commercial use requires a release form). They would search the cameras and sometimes DELETE the photos. This was a criminal act in itself. The reason you were stopped and had your photos criminally deleted? "You are male and there are kids about","You look like you are from another country and could be a terrorist".

        Imagine if they could do this to your phone on the street? Devices are currently marketed to the police that can be plugged into your phone and if successful make a backup of your devices contents, on the street. How much easier it would be if they could have Apple give out a universal cracker tool, to be used on the street, for any reason by a cop that has had a bad day and dont like your accent.

        Why not let them do it on a whim?

        Here is why we should make it harder. Criminals exist even in the highest places and if they can crack your phone, especially on the street when they fancy, we will see more of this:

        http://www.dailymail.co.uk/news/article-5406637/Inside-story-blackmail-cops-caught-one-own.html

        1. tom dial Silver badge

          Re: No right to conceal information

          Whether the US government has honored the natural, constitutional, or legal rights in all cases has nothing to do with the case in question or any of the hundreds of other similar cases where the government has lawful possession of iPhones and warrants authorizing them to be searched for specified information. In these cases, a law enforcement officer submitted an affidavit to a court describing the reason the owner was a suspect and the information sought on the target iPhone, and a judge of the court had approved the warrant as the US Constitution requires.

      2. Pascal Monett Silver badge
        Big Brother

        Re: When did the concept of 'innocent until proven guilty' become 'guilty unless proven innocent'?

        Well that happened at the latest when Gitmo was established and the US condoned waterboarding suspected terrorists for information.

        Might have happened before that, though, the details are a bit hazy given that most of them are classified.

        By the time those details are released, History will have been rewritten anyway, so the question becomes useless.

    4. Graham Cobb Silver badge

      Re: No right to conceal information

      The Constitution protects against unreasonable search and this is certainly not unreasonable.

      But the Constitution failed to be applied for many years (see Snowden). US spooks and law enforcement trampled all over both the Constitution and international human rights. The people will not grant them anything near those powers again for at least a generation.

      If you (FBI & CEO) can't do the time (without intrusive powers), don't do the crime (violating the Constitution and international law). Come back when you can demonstrate some trust.

      A good first step would be shutting up about the fake "going dark": they have much, much, much more data than a few years ago, including enough electronic capability to put a continuous automatic "tail" on every person at least as good as the tails that used to require teams of people just for one target. What would the founding fathers say about a police force that can track everyone in the whole country all the time?

  8. dan1980

    We might not live in police states yet but we live in countries where our governments don't see anything inherently wrong with the concept.

    1. TonyJ

      "...

      We might not live in police states yet but we live in countries where our governments don't see anything inherently wrong with the concept...."

      You beat me to it Dan. Might not be there yet, but the key here being the yet.

      Certainly fees here in the UK like our government is doing its best to head that way piece by piece, all the while under a "think of the children" or "we need to stop terrorists" mantra.

      1. Sir Runcible Spoon
        Joke

        #thinkofthesneakypoliticians

  9. StargateSg7

    Regarding the question WHY it was asked by external parties to the FBI about questioning and ensuring that an iPhone had NOT been cracked by anyone within the FBI itself, I can assure you that was a request by the NSA or DIA whichever intel agency OTHER than the FBI to SQUASH any publicity about such an ability. The FBI leaks like a sieve to foreign agencies such as the GRU/SVR/CHINA, etc and ANYONE who such ability would be a ripe target for a honeytrap or rubber hose side-channel attack to get that ability for themselves!

    This means ALREADY that the NSA/DIA/CIA have just such an ability to break ANY iPhone encryption and unlocking and wante dto ensure NO ONE ELSE but themselves have that capability. So they used other agencies to enquire IF otehrs had that capability!

    So Here is how to break iPhone locking!

    1) Burn custom version of ARM processor with register re-direction so that all values and instructions put into local CPU registers and instruction queues get exported out to an accessible memory location!

    2) desolder original phone chip!

    3) resolder new arm chip into socket.

    4a) Copy all data registers and instruction in the CPU instruction pipeline, the keyboard PIC chip, to an external memory location for slurping by custom software.

    ...or...

    4b) Read and Modify all registers and cpu instructions used to unlock phone and put in a

    bypass (JMP code) to bypass any found the phone lock or data destruction routines.

    (you may need to brick a few phones to get such information!)

    5) Simply put in keycode after keycode until OS is unlocked since the password entry and data destroy or OS lock commands will ALWAYS be bypassed by the new ARM chip instructions which use a JMP command to bypass such routines.

    NOW! See how simple that is....I do it myself --- works great!

    Trust me on this! I can tell you the NSA especially has already burned EACH VERSION of the Apple Axx series chips (and x86, AMD, Qualcomm, TI cpus etc) and inserted a NEW instruction set and CPU register copy, re-direct and modify pipeline so they can simply desolder the old chip and put in a new one bypassing ANY phone, tablet or desktop security.

    To get the CPU die schematics, all they need to do is SHAVE EACH APPLE A-series CPU CHIP LAYER BY LAYER and scan the line traces layer by layer into a microcircuit layout program and insert a new instruction set and make a few yourself more CPU's on another wafer. The new CPU doesn't even have to be the same size or manufacturing process cuz you can just put in a direct patch of wires into the socket.

    That's what we did in the old days of Spook-Space on 286/386/468/Pentium/SPARC/MIPS days !!!! (i.e. 1980's/1990's/2000's) so I would expect that low level CPU modification work would continue!

    1. Crypto Monad Silver badge

      Simply put in keycode after keycode until OS is unlocked since the password entry and data destroy or OS lock commands will ALWAYS be bypassed by the new ARM chip instructions which use a JMP command to bypass such routines

      Fail. Go read about "secure enclave". Hint: it's completely separate from the CPU.

      The CPU does not enforce the lockout limit, the secure enclave does. And the secure enclave holds the device decryption keys: so if you can't persuade the secure enclave to unlock, you have no data.

      1. Anonymous Coward
        Anonymous Coward

        Fail. Go read about "secure enclave".

        Let's just say that the USE of TOO much CAPITAL letters already suggested a low signal to noise ratio (or a very likely mismatch between data presented and actual facts)..

      2. StargateSg7

        Do I have to explain EVERYTHING? --- Secure Enclave is an ARM chip in itself!

        You duplicate the Enclave processor by shaving it layer by layer, scanning the circuit traces and then making a new version of the chip, with newly added data registers and instruction set copy, redirect and modify circuits so you can learn how and where the processor stores data and instructions when it presents or retrieves a key from its internal storage locations. Then you apply that newly learned ability to an older phone so you can figure out HOW to call and retrieve the encrypted fingerprint and/or pin data which can then be passed to the MODIFIED A10 or other Axx series ARM CPU. And that command is likely to be a single or series of hash codes and/or series of digital signals telling the Enclave processor to compare, set, give or otherwise present the authorization/decryption credentials.

        Again, the NSA/CIA, etc, ALREADY HAVE versions of the A10x and accompanying ARM-BASED Enclave chips which they shaved layer by layer in order to get the original circuit traces so their MScEE's could then insert NEW circuits that copy, redirect and/or modify registers and instruction queues.

        SEE??? NOT THAT HARD!!!! The NSA has their OWN chip-fab to make the new chips!

        And ARM chips are NOT the only ones! all x86's, MIPS, SUN SPARC, DEC ALPHA, IBM POWER, 6502's, 68000 series, various DSP and embedded chips and other RISC/CISC chips had the SAME technique applied so that retrieved/stolen desktop, laptop and smartphone devices could be broken to retrieve/decrypt data. This technique has been used SINCE THE MID-1980'S !!!!

        This is OLD HAT Spook-Space Craft! Get With It People! NO SYSTEM IS SAFE AGAINST WELL-SPENT MONEY AND A TEAM OF MSsEE's WITH TIME TO SPARE !!!!

        1. tim292stro

          "...The NSA has their OWN chip-fab to make the new chips!..."

          You do know that you don't need a fab to be able to plug something in which you control... In the commercial design space, Cadence has an entire business unit dedicated to producing retail emulation devices (https://www.cadence.com/content/cadence-www/global/en_US/home/tools/system-design-and-verification/acceleration-and-emulation.html). When I worked at a Silicon Valley GPU company, they had a Cadence emulator about the size of a minivan which would plug into PCIe slot and emulate the fully code complete GPU (albeit at a reduced clock rate). Simply changing the connector and the code loaded would emulate something completely new on the same hardware.

          Once you reverse the design into RTL, you can pwn it in physical. And BTW, reversing IP is the first step in figuring our the applicable vulns, so it's a necessary step they would be doing already.

    2. Anonymous Coward
      Anonymous Coward

      OS lock commands will ALWAYS be bypassed by the new ARM chip instructions which use a JMP command to bypass such routines

      ... would this be a case of Dijkstra's "Go To Statement Considered Harmful"?

  10. Anonymous Coward
    Anonymous Coward

    FBI had paid approximately $1m for the crack

    I think you mean only $15,278.02 [source1, source2]. It's hard to trust anything from those agency.

    1. kierenmccarthy

      Re: FBI had paid approximately $1m for the crack

      Maybe.

      That could have been a single payment for them to carry out a specific job - like flying to DC and demonstrating the hack.

      It could have been a fee for preparing the paperwork for the court.

      It could have been the fee for that single instance of Farook's phone.

      $15,000 for hacking an operating system that even someone like the FBI can't get into is ridiculously low.

      Kieren

      1. Claptrap314 Silver badge
        Black Helicopters

        Re: FBI had paid approximately $1m for the crack

        None of the above. The company had done a previous favor for the US Govt, but hadn't been paid yet for various reasons. That's the simplest explanation, so I'm calling it the most likely.

  11. lglethal Silver badge
    Go

    No good deed goes unpunsihed?

    I notice that you wrote former Executive Assistant Director (EAD) Amy Hess. I take it her honesty led to her needing to find a new career path outside of the FBI?

    1. AndyMulhearn

      Re: No good deed goes unpunsihed?

      I believe the Amy Hess in question may be this one:

      https://engineering.purdue.edu/Engr/People/Awards/Institutional/DEA/DEA_2017/Hess

      Interesting background and I would be stretching a point if I suggested her integrity could have anything to do with her educational background and possibly her aspiration to be an astronaut, with role models such as Buzz Aldrin.

      According to her Linkedin profile - https://www.linkedin.com/in/amy-hess-76aab1116/ - her career would appear to my eyes to have taken a step backwards. Looks like integrity is it's own reward...

  12. }{amis}{
    Thumb Down

    No way for the plods to win

    I cant see how anyone with any knowledge thinks they can win this.

    I've never seen an encryption algorithm that i cant print on a tee shirt, and even though i am primarily a database tech given a few weeks work i would be able to write a (Probably not great) opensource implementation.

    The UK produced 87K STEM grads in 2016 alone, that is a lot of people with the popper maths / computing background to do a much better job than i can.

    In short the horse bolted in the nineties and no amount of wingeing will turn the clock back.

    https://en.wikipedia.org/wiki/Crypto_Wars

    https://www.wisecampaign.org.uk/resources/2017/02/higher-education-statistics-2016

    1. Milton

      Re: No way for the plods to win

      "I've never seen an encryption algorithm that i cant print on a tee shirt, and even though i am primarily a database tech given a few weeks work i would be able to write a (Probably not great) opensource implementation. ... In short the horse bolted in the nineties and no amount of wingeing will turn the clock back."

      You might be using some small text that's hard to read printed on cotton ;-) but your basic points are precisely right. Any competent programmer—preferably a paranoid and perfectionist one—could use any of the excellent open-sourced algorithms to produce yet another encryption utility to run on any platform. Add to that some exceptional care ("paranoid and perfectionist") in how keys are generated and stored, how memory is freed, an implementation that is conscious of the risks of subtle attacks, and you have something which can encrypt arbitrary amounts of data and make it inaccessible in any remotely useful amount of time.

      NSA have computing power to boggle the mind, and will still take a million years to unpick a properly implemented, sensibly-keyed 256-b AES cyphertext (or Twofish, or many other sound algorithms).

      Call it a bolted horse or an unbottled genie, it remains astonishing to see law enforcement/security types still banging on about backdoors and forcible decryption of people's devices: if someone reasonably competent has something important to hide, they will do this, beyond the reach even of mighty NSA.

      Ultimately, the approach of western governments to encryption makes sense only if they are really focused on ordinary not-much-to-hide citizens—because the real bad guys left them in the dust a decade ago. Beyond the useful idiots in politics (who perhaps do still believe π=3.000) there are those who know how encryption really works, and one can only conclude that they do, in fact, want to be able to read everybody's data, just Because. The only "because" that makes sense is social control: what else?

      Governments are perpetually frightened of citizens (which they should be: it's called accountability), but Knowledge is Power. Those who would have power want to use information for control. So perhaps we should not be remotely surprised that two major inexplicable electoral upsets in supposedly strong democracies have been powerfully contaminated by interference exploiting personal data.

      Possibly this is a great example of "Be careful what you wish for".

      1. Paul Crawford Silver badge
        Joke

        Re: useful idiots in politics

        Come now! All good politicians know that π=22/7

  13. Anonymous Coward
    Anonymous Coward

    As much ..

    As much as the FBI wants to solve crimes, they should keep in mind for what reason: so that people can live free. The FBI should make a yearly reading of the Constitution and the Bill of Rights a requirement for the job.

    1. Jeffrey Nonken

      Re: As much ..

      And the Declaration of Independence.

  14. Joe Gurman

    Excellent article, but one (important) niggle

    The iPhone in question was owned by the county, not the perpetrator. His (their?) iPhone was crackable by the FBI without external help.

    1. tim292stro

      Re: Excellent article, but one (important) niggle

      "...The iPhone in question was owned by the county, not the perpetrator..."

      Indeed, >>almost<< every issue the government had either before or after a "tragedy" reported in the last few years, could be traced back to someone in government not doing their job effectively even with the extensive tools they currently had at their disposal. In this case, the local government's I.T. hadn't set up the phone correctly before they issued it, so they didn't have their own access path to the data.

      Texas Church shooter got guns because an Air Force paper pusher didn't push all their papers, Florida school shooter wasn't investigated by the FBI or the local Sheriff after recommendation by the the School Resource Officer who noted the troubled kid...

  15. Richard Parkin

    Clumsy attempts

    If I recall correctly it was the FBI’s clumsy attempts to guess the password that resulted in the phone locking up and that if they had first applied to Apple (with a warrant) the iCloud backup could and would have been accessible under the phone/iOS version of the time.

  16. GrumpyKiwi
    Black Helicopters

    It's not illegal when the FBI does it

    So here's a question. You're the FBI's main man and you step up in front of the Judge asking for a decrypt order as "sob sob, there is no other way we can get into this phone" and you're aware that other parts of the FBI are saying "yeah we can just get this third party to do it". So, are you comitting perjury? Because it sure as hell sounds a lot like it.

    1. Jeffrey Nonken

      Re: It's not illegal when the FBI does it

      If you mean Hess, I thought the article made it clear she didn't know at the time she testified.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like