Apple's Battle With the FBI

[Transcriber]

Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On.

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.

Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one?

But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of the court’s decision say this is no different than the controversial backdoor the FBI has been trying to force Apple and other companies to build into their software—except in this case, it’s an after-market backdoor to be used selectively on phones the government is investigating.

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically altered its software in 2014 to ensure that it would not be able to unlock customer phones and decrypt any of the most important data on them; but it turns out it overlooked a loophole in doing this that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apple to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

What Kind of Phone Are We Talking About?

The phone in question is an iPhone 5c running the iOS9 version of Apple’s software. The phone is owned by the San Bernardino Department of Public Health, which gave it to Syed Rizwan Farook, the shooter suspect, to use for work.
What Is the Issue?

Farook created a password to lock his phone, and due to security features built into the software on his device, the FBI can’t unlock the phone and access the data on it using the method it wants to use—a bruteforce password-guessing technique wherein they enter different passcodes repeatedly until they guess the right one—without running the risk that the device will lock them out permanently.
How Would It Do That?

Apple’s operating system uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. As cryptographer Matthew Green explains in a blog post, the user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes and if the result is the correct passcode, the device and data are unlocked.

To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. The government’s motion to the court (.pdf) notes that this happens after 10 failed guesses when the auto-erase feature is enabled by the user.

/snip

www.wired.com/2016/02/apples-fbi-battle-is-complicated-heres-whats-really-going-on/

[Jessiealan]

Feb 18, 2016 21:26:40 GMT -5 Transcriber said:

Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On.

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.

Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one?

But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of the court’s decision say this is no different than the controversial backdoor the FBI has been trying to force Apple and other companies to build into their software—except in this case, it’s an after-market backdoor to be used selectively on phones the government is investigating.

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically altered its software in 2014 to ensure that it would not be able to unlock customer phones and decrypt any of the most important data on them; but it turns out it overlooked a loophole in doing this that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apple to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

What Kind of Phone Are We Talking About?

The phone in question is an iPhone 5c running the iOS9 version of Apple’s software. The phone is owned by the San Bernardino Department of Public Health, which gave it to Syed Rizwan Farook, the shooter suspect, to use for work.

What Is the Issue?

Farook created a password to lock his phone, and due to security features built into the software on his device, the FBI can’t unlock the phone and access the data on it using the method it wants to use—a bruteforce password-guessing technique wherein they enter different passcodes repeatedly until they guess the right one—without running the risk that the device will lock them out permanently.

How Would It Do That?

Apple’s operating system uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. As cryptographer Matthew Green explains in a blog post, the user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes and if the result is the correct passcode, the device and data are unlocked.

To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. The government’s motion to the court (.pdf) notes that this happens after 10 failed guesses when the auto-erase feature is enabled by the user.

/snip

www.wired.com/2016/02/apples-fbi-battle-is-complicated-heres-whats-really-going-on/

This is much too complicated for someone as low tech as I to understand fully. From what I gather, the Feds want to be able to access phones connected with criminal activity all by themselves and without assistance from the companies that created the devices. In other words, a "backdoor" .

If I have covered the basics, wouldn't the best way be to just request Apple open up the information they need. The contents on this particular phone might lead them to contacts of the San Bernardino killers and prevent other plans for violence in this country. All this pulling back and forth may be wasting precious time.

[josephdphillips]

Feb 18, 2016 23:13:46 GMT -5 Jessiealan said:

This is much too complicated for someone as low tech as I to understand fully. From what I gather, the Feds want to be able to access phones connected with criminal activity all by themselves and without assistance from the companies that created the devices. In other words, a "backdoor" . If I have covered the basics, wouldn't the best way be to just request Apple open up the information they need. The contents on this particular phone might lead them to contacts of the San Bernardino killers and prevent other plans for violence in this country. All this pulling back and forth may be wasting precious time.

It isn't complicated, and Apple is clearly in the wrong. Apple is saying they are above the law -- no exceptions.

Law enforcement should be able to access information on a phone with a court order, the way they can access data on any other kind of computer. There is nothing sacrosanct about an iPhone. iPads aren't protected, so why should iPhones be?

[watcheroo42]

Did anyone catch this from the anti-virus software fellow McAfee - who has offered his de-encryption service to the FBI absolutely free?

'. . . At points, his message seemed to taunt the Feds. McAfee, who's running for president as a Libertarian, said the FBI hit this impasse because it only hires straight-laced computer experts who are less talented than his "prodigies."

"And why do the best hackers on the planet not work for the FBI? Because the FBI will not hire anyone with a 24-inch purple mohawk, 10-gauge ear piercings, and a tattooed face who demands to smoke weed while working and won't work for less than a half-million dollars a year," he wrote. "But you bet your ass that the Chinese and Russians are hiring similar people with similar demands and have been for many years. It's why we are decades behind in the cyber race."'

[Dex]

It boils down to privacy rights. I don't think we have 'right to privacy'.

This is a good article that spells it out. This is not about Apple but about Google. It's all part of the same thing, basically. When it comes to Apple, the Apple-TV gadget sends info back to Apple, right down to being able to pick up and transmit the communication that's going on in the room. Or so I've been told.



Google eavesdropping tool installed on computers without permission

www.theguardian.com/technology/2015/jun/23/google-eavesdropping-tool-installed-computers-without-permission

What it comes down to is that there's no reason to refuse the FBI. Privacy is not an issue anymore.

[Dex]

Feb 19, 2016 12:13:10 GMT -5 watcheroo42 said:

Did anyone catch this from the anti-virus software fellow McAfee - who has offered his de-encryption service to the FBI absolutely free?

'. . . At points, his message seemed to taunt the Feds. McAfee, who's running for president as a Libertarian, said the FBI hit this impasse because it only hires straight-laced computer experts who are less talented than his "prodigies."

"And why do the best hackers on the planet not work for the FBI? Because the FBI will not hire anyone with a 24-inch purple mohawk, 10-gauge ear piercings, and a tattooed face who demands to smoke weed while working and won't work for less than a half-million dollars a year," he wrote. "But you bet your ass that the Chinese and Russians are hiring similar people with similar demands and have been for many years. It's why we are decades behind in the cyber race."'

Good quote. I appreciate that point of view.

[beth]

Apple Doesn't Have to Help FBI in New York iPhone Case, Judge Says


A federal judge in Brooklyn says the FBI cannot force Apple to open a locked iPhone used by a suspected drug dealer.

The ruling is a boost to Apple in the public opinion war with the federal government over access to locked devices. Though it is not binding on a judge in California who is now considering the separate case of access to a locked iPhone used by one of the San Bernardino attackers, it gives the company a leg up, and Apple will be sure to cite it in that ongoing dispute.

The massacre in San Bernardino, Calif., left 14 people dead, and investigators searching for answers.

U.S. Magistrate Judge James Orenstein said the FBI could not compel Apple to unlock the phone in the Brooklyn case, because Congress specifically considered and rejected a bill that would require companies like Apple to make the data on a locked iPhone available to law enforcement.

motr hrtr (video, etc)
www.nbcnews.com/tech/tech-news/fbi-can-t-force-apple-new-york-iphone-case-judge-n528446

[beth]

more this afternoon ....

The high-stakes legal fight between Apple Inc. and the Justice Department over a locked iPhone shifted Tuesday from the courts to the halls of Congress.

FBI Director James Comey and Apple chief lawyer Bruce Sewell are appearing before the House Judiciary Committee for a hearing on encryption, security and privacy.

Comey, testifying first, acknowledged that a "mistake" was made in the handling of San Bernardino gunman Syed Rizwan Farook's iPhone in the 24 hours following the December attack.

The FBI previously reported that investigators had reset Farook's iCloud account password. As a result, Comey said Monday, it became "impossible later to cause the phone to back up again to the iCloud." However, he maintained that even if the mistake hadn't been made, the FBI still would not have been able to get everything off the iPhone without Apple's assistance.

"Apple is very good at what it does. It's a wonderful company, it makes wonderful products. They have set out to design a phone that can't be opened. And they're darn near succeeding," Comey said. "That doesn't make them bad people, it just creates a challenge for us that we're not yet up to meeting without intervention from the courts."

The hearing comes amid two significant and conflicting court rulings in New York and California on whether Apple can be forced to help the FBI gain access to locked iPhones.

In California, a judge has ordered Apple to create software to bypass the auto-erase security function on an iPhone used by Farook, who along with his wife Tafsheen Malik, killed 14 people in one of the deadliest attacks on U.S. soil. In New York, the judge in an unrelated drug case ruled in favor of Apple on Monday, saying it cannot be required to help unlock a suspect's phone to assist in an investigation.

Comey told lawmakers that technological advancements have been accompanied by "new dangers" which can prevent law enforcement from collecting critical evidence in criminal and terrorism investigations.

"When changes in technology hinder law enforcement's ability to exercise investigative tools and follow critical leads, we may not be able to root out the child predators hiding in the shadows of the Internet, or find and arrest violent criminals who are targeting our neighborhoods. We may not be able to identify and stop terrorists who are using social media to recruit, plan, and execute an attack in our country. We may not be able to recover critical information from a device that belongs to a victim who cannot provide us with the password, especially when time is of the essence," Comey warned in his opening statement. "These are not just theoretical concerns."

In response to a question about the legal authority to hack into a locked iPhone, Comey said the Founding Fathers created a legal process that allows investigators to search suspects' homes, and the same process should apply in this case. "They wouldn't have imagined any ... device that couldn't be entered" with a court order, he said.

"We are a rule of law country. The FBI is not cracking into your phone or listening to your communications except under the rule of law and going to a judge," Comey stressed.

But Apple maintains that by asking it to weaken the security of its products, the FBI would set a dangerous precedent.

In his prepared statement, Sewell, Apple's vice president and general counsel, asked: "Should the FBI be allowed to stop Apple, or any company, from offering the American people the safest and most secure product it can make? Should the FBI have the right to compel a company to produce a product it doesn't already make, to the FBI's exact specifications and for the FBI's use?"

His statement also reiterated the central argument Apple has made in court: "They are asking for a backdoor into the iPhone ... Building that software tool would not affect just one iPhone. It would weaken the security for all of them."font size="4"]FBI Admits Mistake in Handling Terrorist's Iphone[/font]

www.cbsnews.com/news/apple-fbi-fight-over-locked-iphone-moves-to-congress/

[fretslider]

Mar 1, 2016 16:31:37 GMT -5 beth said:

more this afternoon ....

The high-stakes legal fight between Apple Inc. and the Justice Department over a locked iPhone shifted Tuesday from the courts to the halls of Congress.

FBI Director James Comey and Apple chief lawyer Bruce Sewell are appearing before the House Judiciary Committee for a hearing on encryption, security and privacy.

Comey, testifying first, acknowledged that a "mistake" was made in the handling of San Bernardino gunman Syed Rizwan Farook's iPhone in the 24 hours following the December attack.

The FBI previously reported that investigators had reset Farook's iCloud account password. As a result, Comey said Monday, it became "impossible later to cause the phone to back up again to the iCloud." However, he maintained that even if the mistake hadn't been made, the FBI still would not have been able to get everything off the iPhone without Apple's assistance.

"Apple is very good at what it does. It's a wonderful company, it makes wonderful products. They have set out to design a phone that can't be opened. And they're darn near succeeding," Comey said. "That doesn't make them bad people, it just creates a challenge for us that we're not yet up to meeting without intervention from the courts."

The hearing comes amid two significant and conflicting court rulings in New York and California on whether Apple can be forced to help the FBI gain access to locked iPhones.

In California, a judge has ordered Apple to create software to bypass the auto-erase security function on an iPhone used by Farook, who along with his wife Tafsheen Malik, killed 14 people in one of the deadliest attacks on U.S. soil. In New York, the judge in an unrelated drug case ruled in favor of Apple on Monday, saying it cannot be required to help unlock a suspect's phone to assist in an investigation.

Comey told lawmakers that technological advancements have been accompanied by "new dangers" which can prevent law enforcement from collecting critical evidence in criminal and terrorism investigations.

"When changes in technology hinder law enforcement's ability to exercise investigative tools and follow critical leads, we may not be able to root out the child predators hiding in the shadows of the Internet, or find and arrest violent criminals who are targeting our neighborhoods. We may not be able to identify and stop terrorists who are using social media to recruit, plan, and execute an attack in our country. We may not be able to recover critical information from a device that belongs to a victim who cannot provide us with the password, especially when time is of the essence," Comey warned in his opening statement. "These are not just theoretical concerns."

In response to a question about the legal authority to hack into a locked iPhone, Comey said the Founding Fathers created a legal process that allows investigators to search suspects' homes, and the same process should apply in this case. "They wouldn't have imagined any ... device that couldn't be entered" with a court order, he said.

"We are a rule of law country. The FBI is not cracking into your phone or listening to your communications except under the rule of law and going to a judge," Comey stressed.

But Apple maintains that by asking it to weaken the security of its products, the FBI would set a dangerous precedent.

In his prepared statement, Sewell, Apple's vice president and general counsel, asked: "Should the FBI be allowed to stop Apple, or any company, from offering the American people the safest and most secure product it can make? Should the FBI have the right to compel a company to produce a product it doesn't already make, to the FBI's exact specifications and for the FBI's use?"

His statement also reiterated the central argument Apple has made in court: "They are asking for a backdoor into the iPhone ... Building that software tool would not affect just one iPhone. It would weaken the security for all of them."font size="4"]FBI Admits Mistake in Handling Terrorist's Iphone

[/font]

www.cbsnews.com/news/apple-fbi-fight-over-locked-iphone-moves-to-congress/

[/quote]

It's a tough call. But in the end the good of the many must outweigh the good of the one or the few. All agencies of the state tend to say one thing then do another. National security has become the magic rationale for all kinds of excesses and limits on personal freedom. It's a shame, I'd like to see that airhead who now runs Apple cut down to size.

[Dex]

It's hard to make a call on this one. Both sides have a good point.