Forum adverts like this one are shown to any user who is not logged in. Join us by filling out a tiny 3 field form and you will get your own, free, dakka user account which gives a good range of benefits to you: No adverts like this in the forums anymore. Times and dates in your local timezone. Full tracking of what you have read so you can skip to your first unread post, easily see what has changed since you last logged in, and easily see what is new at a glance. Email notifications for threads you want to watch closely. Being a part of the oldest wargaming community on the net. If you are already a member then feel free to login now.

In that case, to compel Apple to cripple their OS would be an unfair burden.

 Manchu wrote:
Besides privacy/security, a couple other issues have been bugging me: (1) writing software is work and not incidental work; it's troubling that a corporation can be forced to create something (in this case, something quite expensive) without compensation; and (2) if Apple wrote the software in question, I imagine that could negatively affect its brand and therefore the value of the business generally; should the government be able to leverage courts to force businesses to undermine themselves in this way? I think not.

In this instance? I don't think it's warranted. In general, however, you appear to be arguing that the pursuit of profit is paramount, that the government should not be able to legislate in a way that would reduce corporate profits and would put business interests above the law. What you've said would equally apply to workers' rights, employment legislation, consumer protection, truth in advertising, environmental protection, national security and all sorts of things.

Any point can be overextended but I hope you realize that allowing corporations to do anything at all is not even close to what I had in mind. If the Congress were to enact a law that gives law enforcement agencies the explicit authority to force Apple to hack its own product and undermine its competitiveness, that would be one thing. And of course I would expect Apple to lobby hard against such a law, as is its right. But what we're talking about here is a court order relying on a statute enacted in the 18th Century. This is a very thin premise upon which to rest a drastic burden.

This case perhaps can be likened to a law to prevent companies from selling vital technology to potential enemies for example, weapons, equipment like uranium purifying centrifuges, or high capacity computing devices and software.

(The US government did try to prevent Pretty Good Privacy from being supplied overseas, but this was stymied by the inventor publishing the code in a book, whereupon it became free speech.)

I think the key thing is that everyone who owns an iOS device is put at risk by enforcement of an insecure operating system, so it is an attack on all customers, not just the company or the bad guys.

 Kilkrazy wrote:
This case perhaps can be likened to a law to prevent companies from selling vital technology to potential enemies for example, weapons, equipment like uranium purifying centrifuges, or high capacity computing devices and software.

(The US government did try to prevent Pretty Good Privacy from being supplied overseas, but this was stymied by the inventor publishing the code in a book, whereupon it became free speech.)

I think the key thing is that everyone who owns an iOS device is put at risk by enforcement of an insecure operating system, so it is an attack on all customers, not just the company or the bad guys.

IIRC a number of years back apple ran into trouble with export laws. Computers had gotten fast enough that desktop models were hitting benchmarks for exporting “sensitive” supercomputers. Obvious case of technology advancing faster then the laws.

Seems indicative of lazy police/intel work to be honest.

And why for this particular case? Did they plan on prosecuting the corpse and need evidence they hoped could be gathered from the phone?

No, of course not. In part they are hoping the phone can lead them to other bad guys. HINT: even without the content of calls and texts there should be enough they can gather which would allow them to get warrants (probably FISA type) and start tracking other bad guys, but it will be harder. The feds already know the phone numbers for calls/texts coming into the phone and from this phone.

Of course the other part is (as has been mentioned) if they can coerce Apple to give up this tool, they can use the tool at will whenever they want.

Sucks that the feds need to abide by the Constitution and US code and can't trump individual rights to make their jobs easier.

 Manchu wrote:
As I understand it, those platforms do not have the kind of security Apple has created. That is to say, what's at stake for Apple is the result of expensive R&D and marketing. The iPhone's security features are not some kind of coincidence or industry standard; they are a competitive edge into which the company has invested God knows how much money. My firm, for example, uses iPhones because of this feature. So the court order is really shocking in terms of negatively impacting Apple as a business.

Apple's security is the reason why my Healthcare institution is using them.

That's a lot of iPhone business...


Automatically Appended Next Post:

 Kilkrazy wrote:
In that case, to compel Apple to cripple their OS would be an unfair burden.

Agreed, and it's a shame that this judge didn't see it that way.

Michael Hayden weighs in:

http://theweek.com/speedreads/606641/exnsa-cia-chief-michael-hayden-sides-apple-fbi-iphone-encryption-fight

 Manchu wrote:
Any point can be overextended but I hope you realize that allowing corporations to do anything at all is not even close to what I had in mind.

Well, I do now, but I've spent too long reading threads in here and other places to assume it.

http://edition.cnn.com/2016/02/19/politics/donald-trump-apple-boycott/index.html


... hmm ..


not sure he's thought this through really.


.... * lack of surprise face *

EDIT: can't quote red post for some reason... :/
I'm sick of Trump... can't wait for him to come down to earth...

Back to the OP, here's a nice roundup of this event:
http://tonylimaassociates.com/2016/02/apple-vs-fbi/

I personally think that the First Bunch of Idiots is asking for too much.


Wanting the data from an individual phone, for an investigation, is one thing. A "back door" into an entire operating system is a completely different animal altogether. I wouldn't trust the Federal Government to use such responsibly, regardless of who's running the show.

 reds8n wrote:
not sure he's thought this through really

Another example of how Trump does not have his finger on the pulse of conservatism. His constituents are just angry morons, I guess.

Lucius Fox does not approve of this course of action.

 reds8n wrote:
http://edition.cnn.com/2016/02/19/politics/donald-trump-apple-boycott/index.html

... hmm ..

not sure he's thought this through really.

.... * lack of surprise face *

You heard it here first: Trump is in favour of forcibly nationalising profitable companies.

Here's what I don't understand. Why can't the FBI make an image of the iPhone's SSD and then save it as an .iso or whatever the equivalent is for iPhones? This would allow the FBI to load the file into a VM and then brute force the pin that way. After ten failures, just reload the image and do the next ten in sequence. Sure it would take time for one person but 10 - 20 techs with a range of 100 numbers each should be doable in a few days at most.

You know, the conspiracy theorist in me thinks this so-called "back door" already exists, and has existed for some time now, and that this is all just some sort of elaborate cover up.

 Breotan wrote:
Here's what I don't understand. Why can't the FBI make an image of the iPhone's SSD and then save it as an .iso or whatever the equivalent is for iPhones? This would allow the FBI to load the file into a VM and then brute force the pin that way. After ten failures, just reload the image and do the next ten in sequence. Sure it would take time for one person but 10 - 20 techs with a range of 100 numbers each should be doable in a few days at most.

How can you access storage if the phone is locked? I think the only way what you are suggesting would work would be to remove the flash chip from the board and dropping it onto a custom emulator, which is presumably a feat beyond the FBI. Even then, presumably there is some kind of key protection baked into the encryption on the storage that would prevent this since this hypothetical emulator won't match.

 Ouze wrote:
How can you access storage if the phone is locked?

Use a bootloader. We used them all the time at Microsoft to put the latest OS onto a device. Apple uses them too, they just don't share it outside the company.

 Ouze wrote:
Even then, presumably there is some kind of key protection baked into the encryption on the storage that would prevent this since this hypothetical emulator won't match.

Hmmm. That's probably the back door everyone is talking about.

 Breotan wrote:
Here's what I don't understand. Why can't the FBI make an image of the iPhone's SSD and then save it as an .iso or whatever the equivalent is for iPhones? This would allow the FBI to load the file into a VM and then brute force the pin that way. After ten failures, just reload the image and do the next ten in sequence. Sure it would take time for one person but 10 - 20 techs with a range of 100 numbers each should be doable in a few days at most.

The FBI cannot make a virtual machine that emulates the iPhone's security system because they cannot read the part of the phone that hashes the PIN to copy it. The part that converts your PIN of 1234 into an encryption key of 28605723017340991275 is basically a black box - unless you manage to cut the chip apart nanometre by nanometre to look at its insides, you're not going to know the process by which the PIN is converted on this particular phone.

 Tannhauser42 wrote:
You know, the conspiracy theorist in me thinks this so-called "back door" already exists, and has existed for some time now, and that this is all just some sort of elaborate cover up.

does make one wonder

Imho, Apple already have all the backdoors they need.
They are just unwilling to share them, and use this to appear as the "good guys". Spoiler : they aren't.

 Breotan wrote:
Here's what I don't understand. Why can't the FBI make an image of the iPhone's SSD and then save it as an .iso or whatever the equivalent is for iPhones? This would allow the FBI to load the file into a VM and then brute force the pin that way. After ten failures, just reload the image and do the next ten in sequence. Sure it would take time for one person but 10 - 20 techs with a range of 100 numbers each should be doable in a few days at most.

I was wondering that. Actually I imagined you could clone the phone's storage and load it into a new phone. Make 100 cloned phones, each one operated by a little button tapping machine. Reinstall the cloned storage when your tapping machine does 10 bad PIN codes and wipes it.

Perhaps there is no way to clone the data out of the original phone.

 Kilkrazy wrote:

Perhaps there is no way to clone the data out of the original phone.

Just connecting it to a computer won't help since you can't tell the iPhone to trust the computer without first entering the PIN, thus you can't copy the data easily. They'd need some physical way of getting at the storage to clone it which is probably costly, if possible at all.

Spetulhu wrote:
Just connecting it to a computer won't help since you can't tell the iPhone to trust the computer without first entering the PIN, thus you can't copy the data easily. They'd need some physical way of getting at the storage to clone it which is probably costly, if possible at all.

Cloning the storage does not work, because the storage is still encrypted. Breaking the PIN by brute force to find the right encryption key requires a mere 10,000 to 1,000,000 attempts (but they can only use 10 of those 10,000-1,000,000 attempts without Apple sabotaging their OS for them); breaking the encryption key in the same way takes approximately 1,000,000,000,000,000,000,000,000,000,000,000,000,000 attempts.

 LethalShade wrote:
Imho, Apple already have all the backdoors they need.
They are just unwilling to share them, and use this to appear as the "good guys". Spoiler : they aren't.

You cant really paint people as good guys and bad guys like that. In this case, they are doing the right thing. I still disagree with Apple on a lot of things, but I support their stance on this.

The whole issue appears to be being spun heavily both sides.

Apple creating a new form of OS that can be loaded without unlocking the phone to permit access does not automatically build a backdoor into every device as they're saying. It's not a general security risk unless the FBI upload it to the internet. And it is problematic for the security services if they literally cannot access devices used by terrorists and criminals any more.

But there's no way the FBI will just delete it once it's been created. They will hang onto it. I doubt any power on earth could remove it from them once it's been created. Not to mention the dubious ethics of forcing Apple (who have no relation to the case) to spend money and man hours developing software not in existence. It also means that once it is known the FBI can do that, you're effectively shooting Apple's sales in the foot.

I (personally) believe that whilst companies should help state security where appropriate, it is not necessary for them to be assuming the technical and financial responsibility of counter-intelligence services, especially to the detriment of their own market advantage. If the software already existed, I would advocate them letting the FBI use it (just this once, and on a case by case future basis), but building it?

No. The way this should have been handled is with Apple privately contracting (for an appropriately sum of money) to build a piece of software that does what is asked by the FBI, for the FBI, under very strict contract conditions (namely the usage on a single phone), with it being written into the contract explicitly that this was for one use. Have that one use be in an Apple building somewhere under Apple oversight and control, and then let them bury it in a vault somewhere in Switzerland after the data has been retrieved from the one device. That keeps it secure and means the Government has to go through them again if it needs to unlock more phones, on a case by case basis.

That would have been the logical thing for both sides to agree on here. Instead we have Apple trying to play Guardians of Justice and abdicate their moral responsibility, and the FBI trying to pass the buck for doing their job. Not impressed with either.

 AlexHolker wrote:

Spetulhu wrote:
Just connecting it to a computer won't help since you can't tell the iPhone to trust the computer without first entering the PIN, thus you can't copy the data easily. They'd need some physical way of getting at the storage to clone it which is probably costly, if possible at all.

Cloning the storage does not work, because the storage is still encrypted. Breaking the PIN by brute force to find the right encryption key requires a mere 10,000 to 1,000,000 attempts (but they can only use 10 of those 10,000-1,000,000 attempts without Apple sabotaging their OS for them); breaking the encryption key in the same way takes approximately 1,000,000,000,000,000,000,000,000,000,000,000,000,000 attempts.

As I understand it, the PIN gives the user access to the OS. The OS contains the keychain with the large prime number used in the encryption made available transparently to the user because no-one can remember numbers dozens of digits long.

Is there another password to activate the keychain?

 Kilkrazy wrote:
As I understand it, the PIN gives the user access to the OS. The OS contains the keychain with the large prime number used in the encryption made available transparently to the user because no-one can remember numbers dozens of digits long.

Is there another password to activate the keychain?

Yes, there is, and it's part of the hardware of the phone, not written to the phone's memory.

 Ketara wrote:
The whole issue appears to be being spun heavily both sides.

Apple creating a new form of OS that can be loaded without unlocking the phone to permit access does not automatically build a backdoor into every device as they're saying. It's not a general security risk unless the FBI upload it to the internet. And it is problematic for the security services if they literally cannot access devices used by terrorists and criminals any more.

But there's no way the FBI will just delete it once it's been created. They will hang onto it. I doubt any power on earth could remove it from them once it's been created. Not to mention the dubious ethics of forcing Apple (who have no relation to the case) to spend money and man hours developing software not in existence. It also means that once it is known the FBI can do that, you're effectively shooting Apple's sales in the foot.

I (personally) believe that whilst companies should help state security where appropriate, it is not necessary for them to be assuming the technical and financial responsibility of counter-intelligence services, especially to the detriment of their own market advantage. If the software already existed, I would advocate them letting the FBI use it (just this once, and on a case by case future basis), but building it?

No. The way this should have been handled is with Apple privately contracting (for an appropriately sum of money) to build a piece of software that does what is asked by the FBI, for the FBI, under very strict contract conditions (namely the usage on a single phone), with it being written into the contract explicitly that this was for one use. Have that one use be in an Apple building somewhere under Apple oversight and control, and then let them bury it in a vault somewhere in Switzerland after the data has been retrieved from the one device. That keeps it secure and means the Government has to go through them again if it needs to unlock more phones, on a case by case basis.

That would have been the logical thing for both sides to agree on here. Instead we have Apple trying to play Guardians of Justice and abdicate their moral responsibility, and the FBI trying to pass the buck for doing their job. Not impressed with either.

Its now being reported the government has asked to crack multiple phones, so its not just a one time thing.

If Apple does it for the US, I am sure China will be "on the phone" pun intended within micro seconds (assuming they haven't hacked it already).
What if its uncrackable with current technology?