back to article Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

Everyone is losing their mind over Apple being forced to help the FBI unlock an iPhone. Just what is going on? Relax, don't spill your almond milk latte. We'll make it crystal clear for you. The FBI wants to unlock an iPhone 5C belonging to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers in December …

  1. Bob Dole (tm)

    To be clear

    The FBI could copy the memory of the device, spin up 1,000 vms and have the unlock code within an hour or so? Why do they need Apple to make a special firmware again? They've spent more time than that in front of a judge trying to get Apple to comply.

    1. Anonymous Coward
      Anonymous Coward

      Re: To be clear

      Do you have the slightest technical idea of what you are suggesting?

      You're pulling words out of something (I'm being polite), stringing them randomly together in the off chance it might make some sort of sense and failing miserably.

      The iPhone has somewhat better security than a being a simple disk image. Go read up on what Apple have done (and the iPhone 5 is different to the later models in that its not quite so secure) and then come back and ask a grown up question. This is not trivial stuff, Apple has put a lot of time into this to make it difficult (but not impossible) to break into an iPhone. The code signing is a key element and only Apple (and probably the NSA) can do this. The NSA will not want to admit it, and certainly not to the FBI hence this charade.

      Back to the main point, go read up on the security model on the iPhone and then come back and post something sensible.

      1. Roland6 Silver badge

        Re: To be clear

        Re: go read up on the security model on the iPhone

        There is a good article here:

        http://www.bbc.co.uk/news/technology-35601035

        and an informed technical article it references:

        http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/

        Both make interesting reading.

      2. Bob Dole (tm)

        Re: To be clear

        @AC:

        Apparently the FBI figured out that what I said is true. You don't need to crack the encryption. You just need a way to copy the data and reload it.

        Oh, and yes, I do have more than a passing idea of what it was I was suggesting.

    2. leexgx

      Re: To be clear

      to the poster you can't just clone the phone as it have to be jailbroken

      other notes as your at the top, the article says the drive is running IOS 8 or 9 its Not its running IOS 7

      if the device was running 8 or higher they would not be able to make a custom firmware to get into the phone as you need to wipe the phone to bypass the pinlock

      1. leexgx

        Re: To be clear

        ok other reports are now saying its running IOS9 (not sure where i got IOS7 from unless its different case)

        they should not be able to easily be able to crack their own security (updating the hacked firmware could brick the phone as well)

    3. sb52

      Re: To be clear

      I'm interested in this too. I assume the FBI has access to whatever analogue of a soldering iron is needed to access all parts of the memory of the iPhone, bypassing the components that wipe them after too many attempts.

      I'm happy to accept, as anon and leexgx claim, that it's stupid to suggest that the feds could pull every byte of data off of the device. (By the sounds of it, this would include the private key, so even the brute force attack wouldn't be necessary.) But I'd like to know WHY? Perhaps I could do some research and find out for myself, but the title of this article claimed it would fix my confusion, and it didn't address the one thing I'm confused about. Anyone want to help out with a clear concise explanation?

      1. John Sager

        Re: To be clear

        As the article states, the key to the data (128 bits, 256 bits?) is buried in the CPU, and the CPU will only use it itself to decrypt data on presentation of a valid passcode. So even though the flash memory could be cloned, that is useless without the key, which stays buried in the CPU at all times. So you need both the memory and that particular CPU running valid code to be able to get at the data.

        1. Anonymous Coward
          Anonymous Coward

          Re: To be clear

          > So even though the flash memory could be cloned, that is useless without the key, which stays buried in the CPU at all times. So you need both the memory and that particular CPU running valid code to be able to get at the data.

          But the issue is the wiping of the memory after 10 attempts. If the memory were backed up, the CPU could be bruteforced, no?

          1. Anonymous Coward
            Anonymous Coward

            Re: To be clear

            10 failed attempts likely results in the CPU discarding the encryption key, much quicker than wiping the flash memory and even more effective as it blocks your "back up the flash and restore after every 10 failed attempts" idea.

    4. Just Enough
      Boffin

      Re: To be clear

      Good lord, you've cracked it! I can't imagine why, with all the expertise, resources and time the FBI have spent on this, they never thought of this super simple solution themselves. Yet, put the problem onto The Register and within seconds someone has figured it out. And absolutely no expert knowledge required.

      And how about that Apple? All their posturing about security, but it's this easy to get access to their phones. Bunch of amateurs.

      The power of the internet shows itself once more. Well done everyone!

      1. Anonymous Coward
        Anonymous Coward

        Re: To be clear

        I was going to suggest that the FBI could just do something cool with tachyons and lasers and black holes and read all the memory that way. Besides, everyone knows the FBI has access to alien technology, so they could just ask for help from Mars or whatever.

      2. David Glasgow

        Re: To be clear @Just Enough

        Leonard, is that sarcasm?

    5. Dave Howe

      Re: To be clear

      They can spin up the vms - but can't do the testing without the physical hardware. While the time delay and wipe functions are software controlled (and are even if there is a "secure enclave") the conversion of pin to candidate key is done "on chip" and the chip will not allow you to view the secret data it uses to do this. The good news is this conversion only takes *80ms*, so you can test a dozen keys per second - provided you can bypass the software time delay. Assuming a 6 digit number for the pin, that's just under a day of testing.

  2. Neil Alexander

    "For Your Protection", yadda yadda.

    At least someone significant is standing up for our privacy. Feels like the Government aren't.

    1. Deltics

      Re: "For Your Protection", yadda yadda.

      Nobody is asking Apple to assist in going on a fishing trip. Only the most pedantic of barrack room lawyers would argue that there is any question over the guilt of the alleged offenders in this case (an argument which rests only the fact of a lack of actual conviction at this stage. There is no challenge to the alleged facts of the case as far as I know).

      And even if there were the FBI are asking for specific, very limited assistance in gathering information maintained by this one, specific, individual device. Nothing about what is being asked for has any implications for the privacy of anyone else.

      The authorities already have far greater powers to investigate BEFORE the fact of a conviction, with the ability to seize documents, tap communications on the basis of probable cause, subject (in most cases I would like to think) to the issuance of a warrant. The obstacle in the case of an iPhone is a strictly technical matter. if the information were papers kept in a secure filing cabinet then the FBI would simply physically force that cabinet open and the implications for "the privacy of the rest of us" would not even be in question.

      The only difference here is that the filing cabinet is an iPhone and the FBI need Apple's help to be able force it open IN A REASONABLE TIME. Crucially, they could do it without Apple's help, just potentially not in a timeframe that would make the resulting information useful.

      Assuming a simple incremental brute-force approach of testing each passcode from 0000 to 9999 sequentially in turn, then they might get in within 10 seconds. But thanks to the mechanisms on the device, it could also take ~9999 hours and may take over a year to get in, by which time the information may no longer be of any use in PROTECTING the rest of us.

      Or, they find that there is no information on which to act and we are all safe anyway.

      Anyone proclaiming "PRIVACY IS AT STAKE" in this case is either an idiot or selling something.

      1. Stevie

        Re: "For Your Protection", yadda yadda.

        I imagine the same arguments were used when formulating the RICO statutes.

        No, no way agreement in this narrowly defined situation could ever become any sort of standard go-to technique. I see that now.

        1. Deltics

          Re: "For Your Protection", yadda yadda.

          Irrelevant. Nothing is stopping the Feds from accessing the content on the phone, it is purely a question of the time it will take them to do it.

          Think of the phone as a locked filing cabinet. In that case if there were urgency involved and/or the lock/cabinet manufacture particularly problematic and causing difficult then they absolutely could get equivalent assistance and I doubt anybody would be at all concerned about the privacy implications for the rest of us.

          Just what precisely is the difference that you see in this case ?

          1. Anonymous Coward
            Anonymous Coward

            Re: "For Your Protection", yadda yadda.

            Why do you think there's "nothing stopping the Feds from accessing the content on the phone"? They don't have the PIN, and after 10 failed attempts the phone will discard the encryption key that allows it to read the data partition where everything except the OS is stored, wiping it in an instant.

            The FBI is asking a judge to force Apple to help them because they cannot do it at all, not that they can do it but are in a hurry. With Apple promising to appeal all the way to the Supreme Court this may not be decided for years.

            1. Dan 55 Silver badge

              Re: "For Your Protection", yadda yadda.

              It might wipe itself after ten tries, if that feature was enabled.

              1. Bloakey1

                Re: "For Your Protection", yadda yadda.

                "It might wipe itself after ten tries, if that feature was enabled."

                That is the core issue and why the F.B.I. have gone to court. Apple's technology that prevents brute force access is slowing the attempt down and it could potentially take five years or more of putting a passcode in every x amount of minutes or even hours.

                From my reading of the court order Apple have not been specifically tasked with writing the firmware. That is part of the solution, they are being forced to re-examine the technology to see if there is any way around it, to surrender any existing way that the company is aware of for getting around it and or assisting the investigating officers in finding a new way around it.

                So, firmware yes at later date, but there is other work to do such as zero day exploits etc. that need to be dealt with first.

                More interestingly <sic> they have used an old British Romano based law to force this decision as congress had no lawas in place to deal with it. The law used was never intended for this purpose and is being used more and more in the US as a solution to bypass current laws. From the woman in 2012 who they tried to force decryption of her phone thereby ensuring she self incriminated (against 5th amendment?)herself to the tracking of satellite phones.

                Rum covers over there, expect more of the same as the All Writs Act becomes the new RICO for technology.

      2. nijam Silver badge

        Re: "For Your Protection", yadda yadda.

        > Nothing about what is being asked for has any implications for the privacy of anyone else.

        Naive.

        Apple would be demonstrating that they can break their own security (on some of their product range, at least). That has wide privacy implications, not to mention setting a precedent that they will be hit with on every future occasion that $RANDOM_POLICEMAN wants to convict $RANDOM_PERSON.

      3. Just Enough

        Re: "For Your Protection", yadda yadda.

        "Nobody is asking Apple to assist in going on a fishing trip. "

        No. There are asking Apple to demonstrate how they can get access to a locked phone. And once they have done that a flood of similar demands from every judge/police force/military on the planet will follow. "You did it for them, so you can do it for us."

        But I guess that's ok, because every single one of the thousands of requests will only be for one specific, individual device. And I'm sure they will all have genuine reasons for doing. Something about terrorism will do. That's not fishing, is it?

    2. Anonymous Coward
      Anonymous Coward

      Re: "For Your Protection", yadda yadda.

      > At least someone significant is standing up for our privacy.

      Yeah, Scalia mysteriously died the week this issue comes up. He would have been the swing vote in the Supreme Court to side with the people against the FBI.

      Odd how that timing worked, eh?

      1. Sorry that handle is already taken. Silver badge

        Re: "For Your Protection", yadda yadda.

        Yeah, Scalia mysteriously died the week this issue comes up

        What's mysterious about a 79 year old dying in his sleep?

        1. Anonymous Coward
          Anonymous Coward

          Scalia would have sided with the people against the FBI?

          I think you might want to read his opinions in similar cases if you believe that...

  3. Anonymous Coward
    Anonymous Coward

    Testing

    I wouldn't want to be the one doing the testing on that. "Ooops, sorry your honour. I seem to have bricked the phone."

    1. Phil Kingston

      Re: Testing

      I wondered that. But the court order seems to give them a bit of a get out - the software has to be written to only work on the one handset, and I seem to recall towards the end if mentions something along the lines of "it's your best efforts we need" but stops short of stipulating the attempt be successful. At least, that was my reading of it yesterday.

  4. paddy carroll 1

    Meh

    They don't want one iPhone, they want to pwn them all, it's not like this guy's Dr Evil and they must have his iPhone, it doesn't stop there

    1. Palpy

      Re: Meh

      Hmmm, yes, probably they would like to pwn all iDevices.

      It sounds like the more recent iPhones have deeply-linked hardware-software systems which would make such pwnage quite hard. The phone used by the killers did not have those security enhancements.

      So an iOS firmware tweak Apple could apply to crack the iPhone 5C would not work on later models.

      Any encryption software is hackable. But the bar can be set very, very high. Apple may have set a very high bar on the iPhone 7C and later. At least, from what I am able to comprehend from the tech descriptions... which is not very much. A shallow puddle indeed.

    2. Deltics

      Re: Meh

      Complete and utter male cattle excrement.

      "They" are VERY precise and VERY specific in what they have asked for.

      You may be right that the security services/police are frustrated and would LIKE broader powers and capabilities than they currently have but there is NOTHING in this case that gets them ANY closer to achieving that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Meh

        Complete and utter male cattle excrement.

        "They" are VERY precise and VERY specific in what they have asked for.

        You may be right that the security services/police are frustrated and would LIKE broader powers and capabilities than they currently have but there is NOTHING in this case that gets them ANY closer to achieving that.

        You may want to look up what precedent means in US law. Sure, Apple fights this because it would harm their own business, but in the wider context it happens to coincide with a need to prevent this idea of vendor self harm from becoming a legal precedent.

      2. Rich 11

        Re: Meh

        but there is NOTHING in this case that gets them ANY closer to achieving that.

        Except for the construction of a firmware update which, while it might still remain Apple property, is going to be vulnerable to a tragically coincidental incidence of industrial espionage.

  5. Anonymous Coward
    Anonymous Coward

    It's probably just a false flag case...

    ...meant to reassure the public that devices exist which are so uncrackable, even the Feds can't get at your data.

    1. Bucky 2
      Black Helicopters

      Re: It's probably just a false flag case...

      That makes the most sense to me.

      The 1000 VM idea is the most obvious solution. So obvious that it's reasonable to assume they've already done this, have all the data, and have people under surveillance already.

      So the point of the media circus must be to convinced the surveilled people into thinking they haven't been fingered, and therefore lure them into doing something they can be nabbed for.

      ....at least that's how I'd write it if I were working on a spy novel. But we wouldn't find that out until the last chapter.

      1. Anonymous Coward
        Mushroom

        Re: It's probably just a false flag case...

        You and the other people who are talking about "1000 VMs" are utter morons who haven't bothered to read any facts about how Apple's encryption works. You can copy the entire contents of the flash and it will get you nothing, because the key isn't stored in the flash, nor in RAM. I won't tell you where it is, on the faint hope that you might decide to educate yourself and learn where it is stored, but I assume you'll continue spouting nonsense from a position of ignorance instead like most fools.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's probably just a false flag case...

          ...and it'd be 10,000 VM's anyway. 4-digit PIN...0000-9999

          1. dajames

            Re: It's probably just a false flag case...

            ...and it'd be 10,000 VM's anyway. 4-digit PIN...0000-9999

            It depends how you look at it. I see why people are talking about 1,000 VMs -- that's because each VM gets 10 guesses at the PIN before the VM destroys the key.

            Then again, if that attack worked, you could have 1 VM and restore from a snapshot after every 10 attempts, so the number wouldn't really matter as long as you have enough time.

            However, it seems you may actually need 2^256 VMs (or a smaller number and more time) because if all you have is a snapshot of the memory you need to brute-force the AES key and not the PIN. That'll take a while ...

            1. Anonymous Coward
              Anonymous Coward

              Re: It's probably just a false flag case...

              Then they need to clone/read the CPU memory some how?

              There have been a few papers on reading memory, not seen any on reading CPU memory remotely.

        2. Tridac

          Re: It's probably just a false flag case...

          It must be stored somewhere. Either in the flash, a serial eeprom, or perhaps they are using a hash of the processor internal hardware serial numer + algorithm + 4 digit code.

          If the processor has a jtag port for things like initial factory firmware load or debug purposes, then that provides access to all memory and peripheral devices on the system. Not saying it's easy, but it could be done...

    2. Anonymous Coward
      Terminator

      Re: It's probably just a false flag case...

      Yup. FBI/Apple Inc's version of FBI/MS's heroic Dublin pantomime. A PR exercise to trick the cattle into forgetting those nasty lies that nasty Snowden traitor told and thus restore consumer confidence and safeguard PROFIT$.

      The FBI has a term for the disinformation operations like this which it perpetrates against the people it "protects" and "serves"

      COINTELPRO

      1. Tridac

        Re: It's probably just a false flag case...

        The more that they can convince people that it's uncrackable, the more likely it is that everyone will assume that it is, including the bad guys.

        To avoid complacency, you have to ssume that *all* security devices can be cracked, given sufficient resources :-(...

        1. Anonymous Coward
          Anonymous Coward

          Re: It's probably just a false flag case...

          No one is claiming it is truly uncrackable. Apple hasn't claimed that what the FBI wants to them to do is impossible, but that there are multiple reasons they shouldn't be compelled to do it.

          This phone is a 5c, the newer ones have a secure element that makes the strategy the FBI wants to pursue impossible. But given sufficient resources I'm sure even those could be cracked. You might need to decap the SoC in an unlit vacuum, use an electron microscope to read the fused UUID, who knows, so it could be cost prohibitive but I don't think anyone is naive enough to claim something like this is truly impossible. But truly impossible and impossible for all practical purposes are the same thing for most of us - in the 'good enough for me' category.

  6. W Donelson

    If Apple gives in on this, it could result in...

    .. thousands of such judicial orders, which would cost it huge time and money.

    And, of course, any "bulk" solution to those orders would constitute a True Threat to all older iPhones and devices.

    1. dan1980

      Re: If Apple gives in on this, it could result in...

      So, this is an older device and it may be a totally different story on newer devices, BUT, the general take-away is that if you really want to protect your customers from having their devices and data accessed by the government, you must also secure the devices from access by yourself (the vendor/manufacturer/coder).

      Again, maybe the newer devices are like this but either way, IF a device can be accessed by the developer, the developer can then be obliged to access it on behalf of the government.

      I.e - in this instance, Apple themselves are the weak link in the security.

      Note that all of this is independent of the specific case in question.

      1. Otto is a bear.

        Re: If Apple gives in on this, it could result in...

        Hold on, this is a case where there is a wholly lawful and socially necessary request to access the phone data of someone who has committed a criminal act. Do we really want to allow any form of data storage that can never be read by anyone else in any circumstances? They are not asking for a remote back door, only forensic access to the data of a known felon.

        Put yourself in the shoes of a victim or relation to a victim, not just of a terrorist act, but of a murder or other serious criminal act, would you really want it made impossible to read their data. Think about the consequences of not allowing the FBI warranted access. If someone murdered me, I'd want the police to access my iPhone, and that of my killers, wouldn't you. Remember in some cases perpetrators actually video their crimes on their smart phone, or take photographs, do you want them not caught, and convicted by their own records.

        So if Apple does not give in it could result in every criminal and terrorist buying an iPhone to keep their records on. I would also assume as, in this case it is a terrorist act the NSA would crack the phone for the FBI if they could, and still manage to keep it secret.

        1. Anonymous Coward
          Anonymous Coward

          Re: If Apple gives in on this, it could result in...

          If someone murdered me, I'd want the police to access my iPhone, and that of my killers, wouldn't you

          .. which is why I have my passwords and PIN codes stored in a service with data inheritance enabled. There is no problem getting to my data if something happens to me, but you won't be able to do that behind my back because during the timeout the service will alert met that the inheritance clock has been started. All I have to do to stop such abuse is to generate a new inheritance code.

          We should also not forget that the FBI has other means available to get information. For meta data, for instance, it apparently does not even need a court order so it should already have all the call data.

        2. nijam Silver badge

          Re: If Apple gives in on this, it could result in...

          > ... Put yourself in the shoes of a victim ...

          You don't have put yourself "in the shoes of a victim". Without reliable encryption, you *are* a victim.

          1. ralph058

            Re: If Apple gives in on this, it could result in...

            There is no such thing as a reliable encryption system. They only thing you can hope for is to delay their breaking the system until after it doesn't matter.

            Encryption of computational systems are unreliable because they depend upon fixed protocols to work. Fixed protocols mean that every file has sets of data which will enable recovering the key.

        3. Schlimnitz

          Re: If Apple gives in on this, it could result in...

          "Do we really want to allow any form of data storage that can never be read by anyone else in any circumstances?"

          Er, you mean like paper: which you can burn?

          Given that the perpetrator in this case apparently destroyed two other phones, one would suspect that there will be nothing at all of interest on this one.

        4. Cynic_999

          Re: If Apple gives in on this, it could result in...

          "

          If someone murdered me, I'd want the police to access my iPhone, and that of my killers, wouldn't you

          "

          Well, catering for the ability for others to access your data if you should die is up to you. After all, that part is no different whether you were murdered or run over by a bus, and I can think of many objections to the idea of providing automatic access to the encrypted data of anyone who dies.

          As for accessing the data of your killers - why? They have already been caught and punished, so the data is unlikely to be of significant importance as far as you or yours is concerned. Unless of course you really meant to say that access should be granted to the data of your *suspected* killers - who may of course be entirely innocent, or could even be data of innocent people who the government would like to find out about, and where if you had your way a false accusation would then open the magic door ...

  7. Anonymous Coward
    Anonymous Coward

    Who cares...

    I just want one of them Sushiritto's

  8. phil dude
    Boffin

    an afterthought...

    It occured to me as an afterthought, that this current situation may explain why Apple does not buy it's chips and designs them in house.

    Perhaps they had a spook awakening some years back, and this was their defensive tech.

    Ultimately Apple's closed garden, may be a double-edged sword, if it means the phone cannot be backdoored...

    Disclosure: I have a Huwaei Nexus 6p fully googlfied - I want to hear Google come out and agree with Apple, and also to demonstrate the same level of security...

    P.

    1. Phil Kingston

      Re: an afterthought...

      I read a headline indicating Google are agreeing with Apple's stance.

      Quite whether their products can demonstrate the same level of security is probably still an open topic.

      1. phil dude
        Thumb Up

        Re: an afterthought...

        Hence my ~thought - but we still have a problem so long as there is the "you must lie for us" laws, that creative despots find a way to deploy.

        Still Google and Apple are a start. We need IBM, Microsoft, AMD, Nvidia and some of the other phone, motherboard, tv manufacturers, before we can can start to be confident this is not a false flag operation.

        P.

      2. Anonymous Coward
        Anonymous Coward

        Re: an afterthought...

        Quite whether their products can demonstrate the same level of security is probably still an open topic.

        Logically they can probably only make statements on the Nexus phone as they are not in control of what hardware others use for Android (come to think of it, they're not really that much in control on the Nexus either as that's been made by about 3 different companies by now).

        However, Google has a different position to privacy than Apple - just read their generic Terms & Conditions. Their definition of privacy seems to suggest that you only have a right to privacy if they can look over your shoulder.

  9. OzBob

    Which raises an interesting question,...

    if the ability to potentially perform this unlock is in Apple's codebase and keys, how secure are they keeping it? We worry about "bad actors" within government agencies, is Apple tracking those who have access to it's commercial product? Could the government "coerce" someone with access to this repository or keys to copy it and release it to the NSA?

    "Sometimes our government is doing what we think only other governments do" - Right Now video, Van Halen

    1. phil dude
      Coat

      Re: Which raises an interesting question,...

      I have an image of the room in Terminator 2 where the T1000 hand is kept, with a gigantic Apple on the wall with a usb port.

      But then, that's scifi and none of that stuff comes true....

      P.

      1. 's water music

        Re: Which raises an interesting question,...

        I have an image of the room in Terminator 2 where the T1000 hand is kept, with a gigantic Apple on the wall with a usb port.

        I suspect it is more like the cage in the factory in Chappie where they keep the thumb drive to control firmware updates to the police bots where more or less anyone can wander in and take it offsite for a few days, but with more tasteful interior decor.

    2. Anonymous Coward
      Anonymous Coward

      Re: Which raises an interesting question,...

      The ability isn't in their codebase, it is in the heads of their engineers. The FBI is asking them to write the code to do this, but even if that code stays within the walls of Apple people won't be able to trust that it doesn't escape. And having success at this once will encourage the FBI to ask them again and again, so the "well once you use the code you delete it" idea probably isn't feasible.

      Give them an inch and in a few years the FBI will be getting judges to order Apple to unlock the phones of petty criminals like tax cheats and drug mules.

    3. Otto is a bear.

      Re: Which raises an interesting question,...

      Bad actors do not only work for governments, they work for large corporations and criminals as well, and crime syndicates have a lot more spare cash than any government, and are a lot less picky as to how they apply pressure.

  10. frank ly

    While they're at it

    They can issue a court order to force those scientists to make a working fusion reactor (we know it's possible).

  11. Velv
    Big Brother

    First they came with a court order for the terrorists, and we complied because we're good corporate citizens.

    Then they came with a court order for the murderers and the rapists, and we complied because we're good corporate citizens.

    Then they came with a court order for the bank robbers, and we complied because we're good corporate citizens.

    Then they came with a court order for the shoplifters, and we complied because we're good corporate citizens.

    Then they came with a court order for everyone just in case...

    If the order of a court is all it takes to compel any vendor to break into someone's personal data, just where does it stop.

    1. Someone Else Silver badge
      Coat

      I'm just glad Tim Cook isn't Carly Fiorina. (For a whole bunch of reasons....)

      1. Johan-Kristian Wold

        Now, Tim Cook being Carly Fiorina or vice versa, doesn't scare me. A gay man becoming a homophobe, or a homophobe becoming a gay man (or woman) - he'd lock up in an infinite loop.

        Now, in the old days, you could say that is where Tim Cook normally is, Infinite loop 1 being the address of the old Apple Campus...

      2. Hans 1

        >I'm just glad Tim Cook isn't Carly Fiorina. (For a whole bunch of reasons....)

        Under Carla, Apple would already be chapter 11

    2. tom dial Silver badge

      And the point is?

      A court order is all that is required to enter your house, search it, and arrest you. That has been true for 227 years in the US and longer, often far longer, in numerous other countries. In many places, it takes far less than a court order to do any of those things, and worse.

      1. Trigonoceps occipitalis

        Re: And the point is?

        In the UK there are many who can force entry without a warrant or court order. Most notable are the Customs and Excise bit of HMRC. The list also includes such as gas engineers and disease control personnel. I expect there are similar powers in the USA.

        A gas engineer may not have the power of arrest (over and above a normal citizen) but Customs and Excise certainly do search and arrest after simply turning up and demanding entry. I suspect that the disease control personnel may detain with out arrest if required to prevent spread of disease (probably constrained by the need for retrospective court action).

        Letting your fingers dance over Google or Wikipedia will get a more definitive answer and a longer list.

        From the Guardian 22 January 2013: "Ministers give Whitehall departments two years to decide which of the 1,300 remaining entry powers should be repealed"

        1. bazza Silver badge

          Re: And the point is?

          Indeed, the only police force that needs a warrant is the ordinary coppers. The MoD, British Transport and UKAEA (I think they're still around) Police can just walk in anywhere they want.

          The balancing control is that they have to be acting in accordance with their remit. For a British Transport policeman to enter a property there a has to be a live investigation related to the transport system and a good reason to believe that there is a connection. The UKAEA police can't do anything unless there is actually some nuclear material missing, etc. etc.

          What makes Customs and Excise different is that there is almost always something in the tax laws they can pin on almost anyone!

          I've never heard of anyone complaining about abuse of these powers of entry, so it's surprising that there was a review started.

        2. Anonymous Coward
          Anonymous Coward

          Re: And the point is?

          That's the difference between having a prohibition against unreasonable search and seizure baked into your constitution and merely having statutory powers and restrictions passed by a legislature. In the US system enforcement of constitutional rights can be done by enabling legislation (for example the 1863 Civil Rights Act), or by court decision (Mapp v Ohio, the case that brought us the Exclusionary Rule). Note that the Civil Rights Act provides a private right of action for damages against government officials who violate someone's civil rights. As a tool for keeping government abuse in check it has seen better days, but the fact that it exists at all is pretty remarkable.

      2. Anonymous Coward
        Anonymous Coward

        @tom dial

        Sure, a court order allows them to enter your house and search it. Let's say they're looking for the books for your illegal gambling business, and they find them but all the numbers are written in a secret code only you understand. They are powerless to force you to tell them your secret code that would allow them to make sense of it.

        What the FBI is trying to do would be immediately thrown out of every court in the land if it was about forcing someone to reveal the secret code they've written on papers found via a properly executed search warrant. Let's hope the courts are smart enough to see the parallel, instead of bowing to the no doubt heavy pressure the Obama administration (and all the republican candidates, and Hillary) will be putting on them to "do the right thing for the families of San Bernadino".

        1. Roland6 Silver badge

          Re: @tom dial

          Let's say they're looking for the books for your illegal gambling business, and they find them...

          Analogy fail - they haven't found the books, they've just found a locked filing cabinet...

          1. Kurt Meyer

            Re: @tom dial

            @ Roland6

            DougS writes - "Let's say they're looking for the books for your illegal gambling business, and they find them but all the numbers are written in a secret code only you understand."

            You write - "Analogy fail - they haven't found the books, they've just found a locked filing cabinet..."

            Reading fail - followed by analysis fail - They have found the "books", they are unable to read them.

            1. Roland6 Silver badge

              Re: @tom dial

              @Kurt - the 'books' are the files on the phone - I don't regard the phone as a book.

              1. Kurt Meyer

                Re: @tom dial

                @Roland6 - They certainly have the files, and so far they can't read them.

                DougS, you, and I, agree on that much. Let's call it a day, and head for the nearest tavern. ;-)

          2. This post has been deleted by its author

        2. dajames

          Re: @tom dial

          They are powerless to force you to tell them your secret code that would allow them to make sense of it.

          Are you sure? Isn't that what the Regulation of Investigatory Powers Act 2000 (Wiki link) is all about?

          The level of authorization required to invoke the terms of the act varies depending on who is doing the investigating, but in the case of HMRC it's basically "any customs officer whose job it is".

          1. Anonymous Coward
            Anonymous Coward

            @dajames

            I guess I should have noted I was talking about US law here. You sad sacks in the UK are saddled with that horrible RIPA law that fortunately has no counterpart in the US.

          2. Kurt Meyer

            Re: @tom dial

            @dajames

            "Are you sure? Isn't that what the Regulation of Investigatory Powers Act 2000 is all about?"

            With all due respect, I must point out that in the matter of the San Bernadino County murder investigation(s), the UK Regulation of Investigatory Powers Act 2000 is as relevant as a roll of bog paper.

            I want to make absolutely clear, dajames, that what follows is in no way directed at you personally.

            I am surprised at the frequency of comments by persons living outside the country in question (whatever country that may be), regarding the laws and legal procedures of their own country, and how the commentater believes that those are somehow applicable in a foreign land. They are not. If you break the law in Denmark, or Peru, or Kenya, you'll be dealt with by their laws, not the laws of your homeland.

      3. Hans 1

        Re: And the point is?

        >A court order is all that is required to enter your house, search it, and arrest you.

        The 3 letter agencies have a choice when it comes to courts it consults for an order ... when it is "legal", they go to the court of justice, when it is illegal, they got to the secret court, that stomps all over justice.

        So, may I ask you, what is your point ? Court order is mute!

  12. 101

    A tangled web we weave....

    So then, all sides are gaming.

    Gov. figures Apple can crack it with an update, but Apple doesn't want to admit it for competitive reasons.

    Gov. meanwhile counts on prevailing with a sympathetic judge to create a legal process ordering all device makers to create a backdoor.

    Which in turn negates any need to have a real "Backdoor Law" promulgated via a recalcitrant Congress.

    Which in turn, I guess, negates any need for encryption because soon enough every teeny with thumbs will be able to crack a device update.

    In short, a gambit so, as always: THEY win, WE lose.

    1. tom dial Silver badge

      Re: A tangled web we weave....

      That blanket statement probably should be changed (at least) to read

      "every teeny with thumbs" who can sign Apple code "will be able to crack a device update"

      1. Anonymous Coward
        Anonymous Coward

        Re: A tangled web we weave....

        Nobody can sign an Apple iOS update except Apple.

        1. Anonymous Coward
          Anonymous Coward

          Re: A tangled web we weave....

          "Nobody can sign an Apple iOS update except Apple"

          don't forget the rest of the 'tangled web' quote .... nobody can sign an Apple iOS update except someone with Apple's keys, so "Oh what a tangled web we weave, when first we sign shit with these keys"?

          1. Anonymous Coward
            Anonymous Coward

            Re: A tangled web we weave....

            I am giving Apple the benefit of the doubt that they know how to keep a key that important secure. I would bet it is kept on an air gapped system or isolated network, and only a handful of people have access to it - probably never alone.

            They make over 2/3 their profit off iOS, given that it would cost them billions in lost profits due to the scandal if the iOS signing key escaped and was used to sign a bogus OS update I think they can afford to secure it at least as well as the T101 hand and CPU were in Terminator 2 :)

            1. Hans 1

              Re: A tangled web we weave....

              >I am giving Apple the benefit of the doubt that they know how to keep a key that important secure. I would bet it is kept on an air gapped system or isolated network, and only a handful of people have access to it - probably never alone.

              >They make over 2/3 their profit off iOS, given that it would cost them billions in lost profits due to the scandal if the iOS signing key escaped and was used to sign a bogus OS update I think they can afford to secure it at least as well as the T101 hand and CPU were in Terminator 2 :)

              Oi, Dougy Giro ?

              What are you mumbling, don't understand a thing ? Have you read the article ?

  13. toughluck

    The FBI wants to unlock an iPhone 5C belonging to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers in December in San Bernardino, California.

    Um, I recently found out that they only allegedly shot and killed 14 coworkers. So don't go around slinging accusations like that.

    1. Christoph

      Reports always say 'allegedly' just in case they are found innocent and then sue. You can have multiple videos and witnesses of someone committing an obvious crime, and it's still 'allegedly' - it's just CYA, nothing else.

      1. Kurt Meyer
        FAIL

        @Christoph @toughluck

        "Um, I recently found out that they only allegedly shot and killed 14 coworkers."

        "Reports always say 'allegedly' just in case they are found innocent and then sue."

        "...it's just CYA, nothing else."

        Thank you for proving again the wisdom underlying the old adage: "It is better to keep your mouth shut and be thought to be ignorant, than to open your mouth and confirm it."

        You could hardly sound more so if you claimed the Sun rose in the West every morning.

        In the United States, a person charged with a crime is presumed to be innocent until proven to be guilty in a court of law.

        Whether you agree, or not, whether you think that to be wise, or not, does not matter. It is the law of the land.

        Nothing else matters, not pictures in the newspaper, not video on the television, not fingerprints, spent shell casings, nor even eyewitness accounts. Not even the accused's own words, much less the ill-informed opinions of the ignorant on an internet message board.

        Any physical evidence, witness testimony, and/or admission by the defendant may be used in court as the prosecution seeks a conviction, with the standard of proof necessary to obtain said conviction being "proof beyond a reasonable doubt."

        However, until the very moment the foreman of the jury announces "Your Honor, we find the defendant to be guilty of ...", the law presumes the defendant's innocence.

        Thus "alleged" "The accused" "The suspect"

        1. phil dude
          Boffin

          Re: @Christoph @toughluck

          @Kurt Meyer: Thank you for clarifying that.

          It is all too easy for us desktop jockeys to assume we have the whole story, when over the centuries has shown that it is not so easy to trust the loudest voice!!

          The way my engineering brain sees it is this - it is a high bandwidth world and media is a low frequency sampling mechanism. Hence, we don't get all the components and aliasing is a real problem...;-)

          P.

        2. Christoph

          Re: @Christoph @toughluck

          Oh dear, oh dear, oh dear. You actually believe that newspapers refrain from publicly accusing people and destroying their lives and thereby boosting their own circulation and making a bit of money, because that person might be innocent? Because the law says they are innocent until proven guilty? Because it would be morally wrong to accuse them?

          On my planet, the sky is coloured blue and the newspapers refrain from doing that because it would get them sued.

  14. Equals42

    More than just this one example at stake

    Just remember that while courts in the US may say that they'll only use this in extreme cases (I don't buy that) there are plenty of countries where I'm sure they aren't as squeamish about stomping on privacy rights. This privacy protection extends to a great number of people who live around the world. If every country can force Apple to do this or face losing access to their market, it basically means that Apple would have to either dedicate a whole crap load of people to do this full time or they might as well give up on giving people the appearance of privacy.

  15. JonP

    I don't see the problem here

    The FBI have been to a judge and got a court order for a one off piece of frigged software. I guess Apple need to protest otherwise it would look like they'd cave for anyone, but this seems to me to be how things should work.

    1. Intractable Potsherd

      Re: I don't see the problem here

      We're so far down the comments that I doubt anyone will read this, but, from the report, the FBI have an order from a magistrate. In every jurisdiction I know of, a magistrate is right at the bottom of the judicial hierarchy, and in some (such as the England and Wales) they are volunteers with no legal training. One of the things about magistrates is that they are usually extremely deferential to law-enforcement agencies. For these reasons, I would say that the order is suspect, and that Apple should not give in until it has been reviewed by a (or more than one) "real" judge(s).

      1. Kurt Meyer

        Re: I don't see the problem here

        @Intractable Potsherd - "We're so far down the comments that I doubt anyone will read this..." Alas for you, people have read this.

        "In every jurisdiction I know of..." There's the rub, eh? You clearly don't know a goddamned thing about the jurisdiction(s) where this story is playing out, but you're not going to let a little fact like that slow you down, let alone stop you.

        No, not you, instead you treat us to a waffle on the magistrates of England and Wales, which has sweet FA to do with United States Magistrate Judges in California.

        Herrings and zebras. Why do you and others of your ilk insist on comparing them? You look and sound ridiculous.

        "...but, from the report, the FBI have an order from a magistrate. In every jurisdiction I know of, a magistrate is right at the bottom of the judicial hierarchy, and in some (such as the England and Wales) they are volunteers with no legal training. One of the things about magistrates is that they are usually extremely deferential to law-enforcement agencies. For these reasons, I would say that the order is suspect, and that Apple should not give in until it has been reviewed by a (or more than one) "real" judge(s)."

        That would be you IP, demonstrating your utter ignorance.

        "A Guide to the Federal Magistrate Judge System

        Peter G. McCabe, Esq.

        A White Paper Prepared at the Request of the Federal Bar Association.

        In the United States District Courts, there are two types of federal judges: United States District Judges (confirmed by the Senate with life tenure); and United States Magistrate Judges (appointed through a merit selection process for renewable, eight year terms).

        Although their precise duties may change from district to district, Magistrate Judges often conduct mediations, resolve discovery disputes, and decide a wide variety of motions; determine whether criminal defendants will be detained or released on a bond; appoint counsel for such defendants (and, in the misdemeanor context, hold trials and sentence defendants); and make recommendations regarding whether a party should win a case on summary judgment, whether a Social Security claimant should receive a disability award, whether a habeas petitioner should prevail, and whether a case merits dismissal. When both sides to a civil case consent, Magistrate Judges hear the entire dispute, rule on all motions, and preside at trial.

        There are now 531 full-time Magistrate Judges in the United States District Courts. According to the Administrative Office of the U.S. Courts, in 2013, Magistrate Judges disposed of a total of 1,179,358 matters.

        The importance of Magistrate Judges to the day-to-day workings of the federal trial courts cannot be overstated. Many federal cases settle early in the litigation process, and fewer civil and criminal cases now proceed to trial. Although felony criminal matters are the province of District Judges, in misdemeanor matters and in civil cases, it is often the Magistrate Judge -- and, sometimes, only the Magistrate Judge -- with whom the litigants and their counsel will meet and interact as their case is litigated in the federal trial court."

        So, not exactly the same as kindly old Will Wanksworth of Ugthorpe, eh?

        The more you know...

        The entire white paper is available for your reading pleasure at: http://www.fedbar.org/PDFs/A-Guide-to-the-Federal-Magistrate-Judge-System.aspx?FT=.pdf

  16. JeffyPoooh
    Pint

    Simple solution...

    Open the phone, yank the battery, de-solder the Flash memory chip, connect it to an adapter, plug it into a reader, read out its contents and post the resultant 32GB zipped file to the web. Offer $100k to the (likely Chaos Computer Club member or similar) cracker that cracks the encryption due to some unforeseen weakness.

    E.g. There's going to be some known-text somewhere in the memory space. More likely tens of thousands of them.

    Keep in mind that Apple can't even properly code a Set Date & Time function, so do NOT assume that they've suddenly started transcribing code from God. They're human. They've certainly made dozens or hundreds of implementation mistakes in this encryption system.

    1. Rainer

      Re: Simple solution...

      Dude, you have no idea.

      The passcode is needed to unlock the key with which the data is encrypted.

      That key is a 256 Bit AES key. You can't brute force that:

      https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/

      If all it would take is a 100k bounty, the FBI would do it themselves.

      Just returned from the pub, eh?

      1. JeffyPoooh
        Pint

        Re: Simple solution...

        @Rainer

        I did not suggest brute force.

        The hackers would target the weaknesses in the *implementation*, as opposed to the basic theory. Example already given ('known text' attack); just ONE example that springs to mind. There will be dozens or hundreds of such weaknesses.

        Now run along and review the educational videos on CCC.de and do not attempt further rebuttals until you have done so. You and others not knowing doesn't form a proof of your point. It only demonstrates that you've failed to keep up.

      2. Doctor Syntax Silver badge

        Re: Simple solution...

        "The passcode is needed to unlock the key with which the data is encrypted.

        That key is a 256 Bit AES key. You can't brute force that"

        Yes, but the whole point of this is that the FBI wants to brute force the passcode. Not the key, the passcode.

        They seem to think it can be done if Apple would remove the limitation that 10 wrong guesses will wipe the whole thing. It's not immediately obvious to me why, if the flash memory were to be cloned, this couldn't be done in a VM as the whole memory image could be restored every 10 guesses.

        I'd have thought that extracting and cloning such an image is something the NSA would have looked at already and had a method worked out. That makes me suspicious.

        Consider the situation. The owner is dead and is unable to object. There's general acceptance that the owner committed several murders - and in due course we can expect a coroner's court to make that official. There's a strong argument that good intelligence relating to terrorism could be obtained. It's about as good a situation as TPTB could have to set a precedent which could be used later in weaker circumstances - a phone seized from a live suspect who's not been charged with a particularly serious offence let alone convicted - in other words a fishing expedition.

        1. Anonymous Coward
          Anonymous Coward

          Re: Simple solution...

          Does someone have a link to this "strong argument that good intelligence relating to terrorism could be obtained"? Because all I see is that they killed a few people and they have Arabic names. If that's all it takes to be a terrorist these days, then we should be accusing every Middle Eastern country of terrorism. After all, they've got all those people in their militaries that have killed people and they have Arabic sounding names too!

        2. Pseu Donyme

          Re: Simple solution...

          > ... if the flash memory were to be cloned ...

          I was thinking along these lines myself, but it turns out that there is a unique per chip 256-bit number baked in the A6 chip (in an internal ROM section or somesuch on the silicon); this and the passcode are used to derive the encryption keys; since there is no external interface to access this* it cannot simply be copied / cloned to be used in a VM.

          * even the firmware cannot read this directly, it can only have it fed to the AES hardware

          1. Rainer

            Re: Simple solution...

            ^^^^^^^This!

        3. Anonymous Coward
          Anonymous Coward

          Re: Simple solution...

          They seem to think it can be done if Apple would remove the limitation that 10 wrong guesses will wipe the whole thing. It's not immediately obvious to me why, if the flash memory were to be cloned, this couldn't be done in a VM as the whole memory image could be restored every 10 guesses.

          As far as I understand it, the key is salted with a unique ID that is burned into the hardware, so what you will get in your VM is a different key to what is needed to access the encrypted content. Thus, instead of having to guess a 4 digit PIN (assuming the perp didn't set a longer one), you're back to having to decrypt using the full 256 bit keyspace which takes a little bit longer than the FBI is willing to wait. Hence the attempt to brute force a manufacturer into destroying their own business instead.

          That the judge issues this order demonstrates to me that the judge didn't quite realise the scope of the question either. The limitations of the order do not transport into the precedent it sets for the whole industry, and that is the key issue here. I suspect that Apple would have sought to come up with some idea to get in if this had not gone public, but going public pretty much slammed the brakes on the whole idea as the company cannot afford to comply.

          You're looking at pretty classic consequences of being heavy handed.

      3. Tridac

        Re: Simple solution...

        ...That key is a 256 Bit AES key. You can't brute force that

        That's irrelevant, as the user entered key is only 4 decimal digits. There must be code in the system that relates that to the stored key. If you have access to the binary image, assuming that that is not encrypted in flash and that the aes stuff is done in software, the code could be disassembled to work out the algorithm. More difficult, but the same applies even if the encryption is done in hardware, since the pattern of accesses to that hardware could be analysed. It's not rocket science either, as code analysis is a standard technique to reverse engineer and, for example, maintain older systems for which no source or hardware docs exist.

        There really is no completely secure method, given enough resources and i'd be surprised if people like the NSA haven't already done a complete analysis of all the major phone manufacturers products...

        Chris

  17. Sureo
    Big Brother

    Really...

    We may as well assume that they can crack everything.

    1. JeffyPoooh
      Pint

      Re: Really...

      Sureo: "We may as well assume that they can crack everything."

      In the situation where the cracker has procession of the hardware (under his control), it's a safe assumption.

      For those requiring an adjustment to their assumptions, I highly recommend spending an evening or two on the CCC.de / Media section watching some presentations. You'd come away with a whole newly enlightened attitude and understanding.

      If you do, then you'll understand that 'basic crypto theory' has little to do with 'weaknesses in implementations'. Watching one cracker extract a key, one bit at a time (not all at once); the entire key rolled out in a few minutes. It would have taken billions of years the other way.

      If you don't watch-and-learn, then you just won't get it. So watch the CCC.de presentations.

  18. Mike Brown

    one good thing this proves

    Is that the FBI dont already have back doors into iphones.

    1. Anonymous Coward
      Anonymous Coward

      Re: one good thing this proves

      Nope, it proves nothing.

      If the FBI had a back door into the phone, do you think they would admit it. If I had a back door, I'd go through this time and time again to keep the fact I have a back door hidden and soooper secret.

    2. Mark 85

      Re: one good thing this proves

      Interesting take. But other news media outlets report that the NSA is working on this. So, the question is: have they cracked it or haven't they? If they haven't then, yes, handing the phone to Apple to open it, saves them time and money. It also gives them a copy of the firmware. If they have cracked it, then it just confirms their efforts and is now a PR implement to lull everyone into a false sense of security.

  19. Christoph

    Forced Labour?

    I can see the courts having the power to force Apple to release something they know, but this is ordering them to write new software. Under what power can they do this?

    Apple is an innocent party in the case - how can they be ordered to do particular new work? And suppose a programmer refuses to do this - are Apple supposed to fire him, and keep firing valuable employees until they find someone who will do the work?

    Since when do the courts have the power to order an innocent party to do forced labour?

    And if the courts can do this, they (and courts in other countries) can trivially order Apple to produce versions that work on other phones.

    1. MrDamage Silver badge

      Re: Forced Labour?

      Given that courts have forced gag orders down the throats of companies in clear violation of the 1st amendment, whats stopping them from ignoring the 13th amendment as well?

  20. PghMike

    bad precedent

    I think Apple's most concerned about setting a bad precedent that it can be ordered to work to remove the security protections it inserted in iPhones. Right now, the request is that they generate firmware that sends keys to a piece of hardware without extra rate limiting. In 5S and later phones, there's a secure enclave that makes it much harder to do the passcode testing, since the enclave itself performs rate limiting.

    But in the future, Apple MIGHT find itself ordered to make use of any bugs it later discovers in the enclave, or even to physically modify an enclave, to allow the same types of attacks on a more secure phone. And they might be required to turn over the resulting firmware to the FBI to use on other phones (along with keys to allow the FBI to sign it for other phones). Apple no doubt wants to stop from even starting going down this slippery slope.

    Also, note that although the keys used to encrypt flash data are highly random AES keys, those keys are protected only by the passcode, and for most people, those passcode are way too small (4-6 digits). So, while someone who's really careful could make it very hard for the FBI to break into a phone, even with Apple's help, a novice (99.99999% of Apple users) would use a passcode from a much smaller space, conceivably small enough that with Apple's help, and a few bugs in the enclave here or there, the FBI could break into the phone.

    Most significantly, this level of detail is way too technical for nearly everyone following this story. To them, the question is going to be a very simple "Are iPhones secure from the government, or are they not?" Apple wants the answer to that to be "Yes, they're secure."

  21. PhilipN Silver badge

    What happened to "probable cause"

    FBI do not know what is on the phone. Maybe nothing. They get a judge to make an order to open it up anyway.

    In legal terms it is called a fishing expedition and a definite no-no.

    Welcome to 2016.

    1. Anonymous Coward
      Anonymous Coward

      Re: What happened to "probable cause"

      In legal terms it is called a fishing expedition and a definite no-no.

      Er, there was a mass shooting in San Bernadino, in case you've forgotten. I know that's in America, but mass shooting is still a criminal act. There's 14 murder victims and 22 severely wounded people to care about.

      The FBI don't need to go fishing to see if a crime has been committed, we all know what was done.

    2. Brangdon

      Re: What happened to "probable cause"

      No, it isn't. Not only do they have a court order, the owner of the phone has given them permission. (The phone was owned by the chap's employer, which happens to be a government department.)

      1. Anonymous Coward
        Anonymous Coward

        " the owner of the phone has given them permission"

        Case closed

        1. PhilipN Silver badge

          Re: " the owner of the phone has given them permission"

          Case closed? .... No it is not.

          If my secretary keeps a private diary in her desk (which I own) in my office premises (which I own) do I have the unrestricted right to read it when she is not there? ........ No!

          1. Kurt Meyer
            FAIL

            Re: " the owner of the phone has given them permission"

            @PhilipN - You have made two attempts to deny that the law enforcement agencies charged with investigating the San Bernadino shootings have "probable cause" to examine the phone found in the suspect's vehicle. Not his personal phone, a phone owned, and issued to him, by his employer, the San Bernardino County Health Dept.

            You say - "FBI do not know what is on the phone. Maybe nothing. They get a judge to make an order to open it up anyway.

            In legal terms it is called a fishing expedition and a definite no-no."

            You are wrong.

            First, Brangdon is kind enough to inform you that the legal owner of the phone in question has granted permission to the relevant law enforcement agencies to examine the phone. This granted permission completely removes any legal requirement to establish 'probable cause'. The user of the phone (whether alive or not), has no legal standing in this matter. He doesn't own the phone.

            Here, just for you, is an example of this process.

            Case one: the cops come to my dwelling and wish to search it. I refuse permission. In order to perform their search, they must go in front of a judge and request a search warrant. Before the judge will issue the warrant, the cops must show that they have probable cause to conduct the search.

            Cops show probable cause = warrant issued = search conducted.

            No probable cause = no warrant issued = no search.

            Case two: the cops come to my dwelling and wish to search it. I grant permission. The search is performed, no warrant is needed, and thus, no probable cause is needed.

            Shortly after Brangdon makes his entirely correct observation, along comes our old friend AC to point out, and rightly so, that the phone was found in the possession of a person who is the number one suspect in a case of mass murder.This fact, alone, will satisfy the probable cause requirement in any court in the United States, but mere facts are not enough to convince you. An AC then remarks correctly "Case closed".

            Instead of an acknowledgement that your original statement had been disproved, you come roaring back with all of the stubbornness and intelligence common to donkeys, whether of the two or four legged variety. There is one small problem. Your grand rebuttal, your closing speech to the jury, the cudgel with which you would smite your foes, is broken.

            You say:

            "If my secretary keeps a private diary in her desk (which I own) in my office premises (which I own) do I have the unrestricted right to read it when she is not there? ........ No!" My emphasis added.

            You are wrong again.

            Look at that statement closely Philip. Did you miss something? Yes you did. Your statement is not analogous to the situation in San Bernadino. Let's try again.

            You should have said:

            "If my secretary keeps a private diary (which I own) in her desk (which I own) in my office premises (which I own) do I have the unrestricted right to read it when she is not there?" Again, my emphasis added.

            Did you spot the difference? The correct answer is of course, yes you can read the diary, you own it. The second statement is analogous to the situation in San Bernadino.

            Still don't believe it?

            Do you have a company-owned PC on your company-owned desk at work?

            Do you think for an instant that your boss, or his designated representatives, cannot look through your browsing history, or indeed, any file on that company-owned PC?

            Does NSFW ring a bell? Why do you think that acronym was created?

            TL:DR You have been wrong since you opened your mouth.

            1. PhilipN Silver badge

              Re: " the owner of the phone has given them permission"

              Think "privacy" and it may help you out.

              1. Kurt Meyer
                FAIL

                Re: " the owner of the phone has given them permission"

                Think "laws of the United States regarding criminal procedures" and that may help you out...

                But I doubt it.

  22. JLV

    this position is liable to damage privacy.

    What we have in this case is a convicted murderer (well, he would have been if he were alive) and a judge with a warrant, on US territory, in a very open and public procedure. At this point, I see no more expectation of privacy than I would expect in performing a search of physical premises under the same circumstances.

    Either Apple is either able to do this or not. If they are not, fine. If they are able to, and it is a generalized weakness in their security, applicable under different circumstances, then they should patch the vulnerability. If, as this article implies, they are able to do it and to do so without putting other users at risk, they should comply with what seems to be an entirely reasonable judicial request.

    Apple can choose to fight it. But in doing so, it is, in my opinion, providing ammunition to those politicians who are scare-mongering and requesting encryption backdoors willy-nilly. If a company can't be compelled to cooperate, if able to, under current laws for something as clearly justified as this, then the pressure will grow to limit encryption in general. A backdoor-based approach is much more dangerous than a warrant-based compulsion to collaborate with law enforcement.

    i.e. Apple can choose to make its products' unhackable and should be allowed to. But it should not be allowed to ignore the law.

    1. Yet Another Anonymous coward Silver badge

      Re: this position is liable to damage privacy.

      This order is effectively telling them to make a patch to add a vulnerability.

      The concern is that they can then be ordered, perhaps with a secret gagging order, to roll that patch out to every phone

  23. Eddy Ito

    Do we even know which version of iOS the device runs? I get it might not be the original 7.0.1 which could have the lock screen bypassed but some of the iOS 9 versions exposed some information on a locked device.

    Now given that some iOS updates have done unspeakable things to some devices I have to wonder how the FBI would react if such an error occurred on this device should Apple finally capitulate.

    Lastly, how do we know whose phone this is really? The answer is, we don't. It was taken from a black Lexus sedan with California plates but the attackers were gunned down in a rented black SUV with Utah plates. Oddly the order states the plate number as 35KGD203 which doesn't match typical CA numbering so it's probably a typo and likely should be 5KGD203 as a quick search turns up a pointer to a court docket referring to USA v. Black Lexus IS300 Cal. Plate 5KGD203, handicap placard 36..., VIN JTHB... Now some reports say the Lexus belongs to a member of the gunman's family and not the actual shooter, which might make sense given the handicap placard, and it may be that the phone belongs to someone else entirely. One would think it would be easy enough to trace the phone through Verizon and maybe LE already has and found it to be a PAYG perhaps? Then again, if that is so, why not simply say it instead of hiding behind the legalese?

    1. tom dial Silver badge

      Which iOS

      It is reported elsewhere* that the software is iOS8, and that the phone is owned by Farook's former employer, who provided it to him. The FBI certainly will, by now, have obtained business records that show ownership.

      * Either New York Times or Washington Post, as I recall from last night.

      1. a_yank_lurker

        Re: Which iOS

        Dumb question, since this was a company phone wouldn't the company have access to the phone and text logs? The last time I checked my records my carrier can provide every phone number in and out bound to the phone.That would tell one if there is even any reason try to decrypt the phone.

        To me this smells more like grandstanding by the ferals as well as a dodgy fishing expedition. Personally, I doubt there is anything useful on the phone to begin with.

        1. chris 17 Silver badge

          Re: Which iOS

          Your carrier won't know details of messages sent as iMessages or through what's app or any other encrypted messaging service. The Feds are after info they can't glean else where other than from the recipient or senders phone. Meta data is useless here.

  24. Bota

    It would also be terrible PR for Apple, which has repeatedly stated in recent months that it cares about protecting people's privacy and security. >> it's a good job they didn't join PRISM then.

    Wait...

  25. W. Anderson

    The devil is in the details/ interpretation of actions

    A suspicious aspect of this story may, just may be found in this part of sentence "....and allow the FBI to enter in a string of PINs at high speed from some external tool." If Apple is not required to have their special firmware upgrade to leave Cupertino premises, then the question becomes - does this "external tool" belong to FBI or Apple?

    If the FBI, how will Apple know that this "special tool" (of the FBI) does not copy Apple's special firmware, to later surreptitiously use on other Apple smartphones or Tablets at their own secret facilities?

  26. Anonymous Coward
    Anonymous Coward

    Not exactly secure is it

    So a locked iPhone will still accept and install an offered firmware update no questions asked? Rather than waiting for the unlock code before starting the install (or if it needs a cold boot, setting a "permit a firmware update within the next 30 seconds" timestamp and flag and rebooting) as any sane designer with security in mind would have coded.

    Idiots.

    Expect that to be patched in the next iOS update. Unless an NSL demands otherwise.

    1. leexgx

      Re: Not exactly secure is it

      ok orget that (below) they are running IOS 9 so apple should not be able to comply

      IOS 8 or higher will not as it needs the phone to be unlocked first to accept the update (if in DFU mode phone the keys have to be wiped before it accepts the new firmware, in itunes you have to enter the pin lock code before it allows sync or IOS upgrade)

      IOS 7 apple Might be able to make a custom firmware that does not tell the phone to wipe when in DFU mode or when plugged into itunes and doing manual firmware update (but screen lock should prevent an IOS upgrade)

    2. Anonymous Coward
      Anonymous Coward

      Re: Not exactly secure is it

      So a locked iPhone will still accept and install an offered firmware update no questions asked?

      That's the whole point of signed firmware. The signature confirms that the firmware comes from Apple and is therefore (by definition) legitimate.

      Of course if Apple ever leaked that signing key then any old dev can do a 'legitimate' firmware update. That's why looking after keys carefully is important. Ask RSA...

      This basic mechanism is used all over: Windows updates, probably some of the Androids, OS X updates, Linux updates. The key holder can always do anything they like.

      What Apple seem to be afraid of is their customers as a whole learning that.

      I can see that being a concern in a country as madly paranoid as the USA. But pretty much everywhere else in the world citizens would be condemning a company refusing to assist a murder investigation. If Apple tried to be that publicly obstructive here in the UK they'd get into serious trouble.

      The big problem for Apple is that whilst they may be able to hold out in the US, they'd have no such luck anywhere else. Their biggest mistake has been to stir up publicity about it, because they are going to be swamped with similar court orders all over the world. Tim Cook is guilty of thinking only about the American market. He's forgotten that Apple are a global company.

      What they should have done is quietly assist the FBI, just like any other good citizen would, and hope it never gets out.

      Regarding the security enclave on later devices, I don't think that would make any difference. Unless Apple has committed the code it runs to a mask ROM, it too will have updateable firmware. I doubt they'd be using a ROM - it's kinda risky because it is impossible to fix any bugs that emerge afterwards.

    3. Roland6 Silver badge

      Re: Not exactly secure is it

      So a locked iPhone will still accept and install an offered firmware update no questions asked?

      You might find the following useful reading:

      https://www.theiphonewiki.com/wiki/DFU_Mode

  27. Frank N. Stein

    Can't the NSA do this without involving Apple, at all? Couldn't the FBI have quietly asked the NSA to do this without it every appearing in the media via one of those "secret" court orders? Methinks Apple (i.e, TIM COOK) is more concerned about it being found out that they COULD comply and thus, create a perception of insecure iDevices, thus hampering sales?

    1. phil dude
      Black Helicopters

      another plausible scenario...

      @Frank N Stein: Well that's another scenario, parallel construction defence.

      I have read a few comments along these lines that the feds have all they need, and they are using this as a springboard for future "behind the scenes" use.

      And if you are watching the show with popcorn the NSA just weighed in with "Paris wouldn't have happened if we could read your phone" or something along those lines...sorry no link, its late ;-)

      P.

    2. Pangasinan
      Facepalm

      Exactly, If Apple help the FBI,

      If no usable data is found, nothing follows, then nobody is any wiser.

      If any arrests are made, then the FBI could tag on a disclaimer that 'We've had this suspect under surveillance for months'.

      Apple would not lose its trust with customers and the FBI would be happy

    3. Anonymous Coward
      Anonymous Coward

      > Can't the NSA do this without involving Apple, at all? Couldn't the FBI have quietly asked the NSA to do this

      They probably did. And the NSA probably decided not to confirm their capabilities. The FBI should really be taking the NSA to court. :-/

  28. Anonymous Bosch

    Time is Apples ally

    By the time this gets all the way up the judiacial quagmire to the Supremes, the question will be moot. Firstly, the iPhone5c will be obsolete and Apple will no longer be supporting it. Secondly, all of the "non-work" information on the iPhone will be so out of date it will be almost useless.

  29. Pangasinan

    On the QT . . . .

    Apple stick to the defiant stance in public, but quietly allow FBI to do their dirty deeds.

    If there is no data to exploit, then nobody is any wiser.

    If arrests are made as a result of this, then the FBI can issue the usual bland statement that 'We have had this person under observation for some time'.

  30. scrubber
    Childcatcher

    Government can't force you to create things

    Surely the power of the court is only to hand over things which you possess, not to create something new?

    In the example of the warrant to search a house, if they find a safe they can't open they surely can't force a locksmith (or the original safe maker for that matter) to use their skills and knowledge and time to open that safe if they don't want to? Isn't that ... forced labour?

    1. Ken Hagan Gold badge

      Re: Government can't force you to create things

      Apple possess the signing key. I'm sure the FBI are able to knock up the hacked build of iOS by themselves, but without Apple's signing key they can't put it on the device.

      One could argue that the FBI are actually playing nicely. They are *not* asking for the signing key (which various super-secret powers probably allow them, or their friends, to do) but are instead merely asking Apple to use it to sign something for them. However, if that sets some kind of legal precedent then it isn't actually playing as nicely as all that.

  31. Seajay#

    Unhelpful

    Maybe Apple are trying to avoid doing this as a marketing device. They want to put the message out that "We care about your privacy, iPhones are secure" and they care more abou their brand than they do about helping the FBI. If that's the case then they're just your standard amoral corporate bastards, nothing new.

    The other possibility, that they feel they are taking a moral position is stranger to me. There has been a lot of discussion of surveilence and encryption and there are good moral reasons to stand up to the government on backdoors and bulk collection. This however is different, it's being done in the open, following due process, ordered by a judge. There was no national security letter gagging Apple from disclosing that they had been asked to do this. There is no suggestion that this is a fishing expedition, it's the phone of a dead terrorist.

    If companies refuse to help in this situation, when the state is doing everything right, all they are doing is providing great ammunition to the people who say ban encryption.

  32. Enigman
    Black Helicopters

    It's all about the $

    Apple will push the "We care about your privacy" but it really comes down to making money. The idea of a company giving away the keys to what some people consider their lifeline would certainly give some people pause about buying a product (even if they are giving away more valuable marketing information to Facebook, Twitter etc through social oversharing.)

    Given the push with Apple Pay and using an iDevice for making payments and who knows what other financial services in the future. If they desire to replace ATM's, credit cards with an Apple device (and essentially act as a financial service provider) it would be that much harder for them to sell those services to both the industry and the consumer if they were seen to publicly provide a means to access the devices even in a controlled environment. This is where they are probably envisaging huge profits in the future by getting a percentage of each transaction processed via millions of iDevices.

    Even if they presented facts stating the work (if performed) was carried out in a strictly controlled environment there would always be that doubt that they could carry out a similar process remotely on any device. There would also be the worry that a foreign power or criminal organisation would then target their engineers to enact the same process for those parties.

  33. Brangdon

    "Apple can do what the FBI is asking it to do but doesn't want to admit it."

    I don't know why the article keeps saying that. Cook's open letter does admit it. The letter says they can but shouldn't. Nowhere do they say it's impossible.

  34. Anonymous Coward
    Anonymous Coward

    Blackphone 2 ?

    The security features of a modern iPhone are impressive. Thanks El Reg for some of the best journalism on the internet on a technical subject, again.

    Does any of the well informed readership know if the much vaunted Blackphone 2 has similar "down to the metal" encryption? I believe the developers of Apples encryption technology are now working with Silent Circle.

    IANAT (I am not a terrorist) but I do like the warm feeling from knowing my data is secure.

  35. Anonymous Coward
    Anonymous Coward

    Conspiracy Theory

    We know that the Snowden leaks have been damaging to the US economy due to loss of trust in cloud/data/hardware biz.

    We know that any US company can be served a National Security Letter to compel actions such as implementing a back door or reveal private keys for law enforcement use, and compel them to never disclose such a letter or activity.

    So why is all this being played out in public?

    Could this all be one great big grandstanding/publicity stunt to restore faith in US tech products?

  36. MJI Silver badge

    Just thought

    Kept company phone, destroyed two other phones.

    I bet there is nothing to do with this case on the phone.

    Finding the remains of the old phones and trying to extract off them could produce more info.

  37. Crisp

    All this has happened before, and all this will happen again.

    We just want this one little tool. We'll only use it against terrorists we promise...

    ... Oh, and paedophiles ...

    ... and copyright infringers ...

    ... possibly against parents that might not actually live in the school catchment area that they say they do ...

    1. tom dial Silver badge

      Re: All this has happened before, and all this will happen again.

      It's about a search warrant. There is no reason search warrants for terrorism, paedophilia, copyright infringement, financial manipulation, extortion, or any other crime should be treated differently. This one might receive more attention because of its obvious terrorism connection, but the other crimes listed above, and many others not listed, are in the aggregate much more important.

  38. Keir Snelling
    Trollface

    I have a wickedly delightful wish

    Imagine, several years from now, after a series of court cases, appeals, false dawns, and the inevitable supreme court ruling, Apply finally cave and do what the FBI have requested.

    The agents nervously fondle the device, eager to learn what conspiracies are documented within, having waited for this day for so long. They tap in the recently revealed unlock code. Success! They're in.

    Methodically, they start to examine the contents of the device in detail. But everything on the phone is clean, no photos, music, videos, text messages, 3rd party apps. Web history is blank, phone logs clear - it's like a factory fresh device. With one exception....

    Within the email app they find but one email, sent from the terrorist to himself. The subject line is blank.

    They open the email, wondering what it's contents might be.

    As it unfolds into view, they can see a single line of text. It's a URL. It's been obfuscated by a URL shortening service.

    They jot it down on their notepads. Not willing to access an external link from the phone itself.

    Carefully, they copy the URL into the browser installed on one of the agent's laptops.

    As the URL resolves, and loads it's target, a look of enlightenment, followed by smiles appears on their faces..... Wait until their bosses see what they've uncovered.

    The URL - oh, yes, here it is - go check for yourselves....

    https://goo.gl/5AasnP

  39. G*

    Sounds like the FBI just want to smash this iPhone's backdoors in.

  40. Paw Bokenfohr

    Does anyone believe that the next FBI request / court order wouldn't be...

    ...to do the same again, but with a different serial number iPhone (after all, it's trivial now the code is available).

    And then the one after that would be to provide the software build to the FBI with a tool so they can change the target serial themselves.

    And then the next one would be to provide a new build which added in the functionality that it automatically did the brute-force attack itself (after all, why not?)

    And then, the next one would be to build this all in to general iOS releases with some (bullshit) security measure so only they could use it etc.

    I don't usually subscribe to slippery slope arguments, but with this one, it's obvious (from what they have previously said and explicitly asked for) that this is where they want to go.

    1. tom dial Silver badge

      Re: Does anyone believe that the next FBI request / court order wouldn't be...

      If/when Apple complies with the order, they certainly can expect more such. The number probably will not be huge, simply because stored cell phone contents probably are not commonly at issue in criminal investigations and prosecutions (although it is likely that will increase going forward).

      As long as Apple keeps the software signing key and the requirement for its use, potential for FBI or other misuse should not be a significant issue.

      What is somewhat interesting to consider is why it should be thought different, in terms of privacy rights, whether data on a phone is or is not encrypted. Alternatively, should encryption, which expresses individual power, be thought to be a right simply because the government cannot break it? What, in principle, makes it different from data that are not encrypted or, for that matter, from data that are not only plain text but on paper and simply out of plain view? (For US) Where does the fourth amendment (and the voluminous jurisprudence that goes with it), which allows, but limits, government searches and seizures fit in; and why should encrypted data be thought legitimately exempt from disclosure (if one thinks that) while plain text data is not? Is there a reason to have different, perhaps more stringent, requirements for a search warrant involving encrypted data that for one that does not?

      The subject certainly is worth discussion at length, but after quite a few centuries of US law, and before that English statutory and common law, we have a reasonably consistent understanding of what constitutes legitimate government search and other criminal investigation activity that those who argue for absolute immunity from search because it is encrypted should consider.

      My own position is that encryption should not affect legitimacy of a search; that the (unencrypted or not) documents in a file drawer and the data in an encrypted iPhone on the file cabinet should have exactly the same status with respect to a search warrant. The fact that the government can read some of it directly and must expend effort or enlist help is secondary and likely not a fourth amendment issue. (There may, however, be fifth amendment issues if I am ordered to decrypt it or provide the key so that the government can do so).

  41. flszen
    Mushroom

    Something might go wrong

    Apple: "Ok, here's the new firmware. *steps back* "

    FBI: "Great! *boots firmware* ... ERROR 53!?"

    Apple: "Trololol!"

  42. Gordon861

    What are the chances that this will go quiet eventually, then Apple will quietly do what is asked behind closed doors (under threat of being taxed to oblivion). Then the FBI will put out a story that he coughed up the PIN or they found a piece of paper in the bottom of a box in his belongings and tried it.

  43. John H Woods Silver badge

    "Then the FBI will put out a story that he coughed up the PIN" --- Gordon861

    Now THAT would be a story!

  44. Anonymous Coward
    Anonymous Coward

    Apple has already lost

    Apple is not going to change a legitimate court order. Hopefully Apple will be fined $10 million per day and once they unlock the phone, they should be fined a $100 BILLION for defying a court order.

  45. Marty McFly Silver badge

    Trust

    I love my country. I fear my government.

    I trust Apple more than I trust the government. I support what Apple is doing here, and I will continue to purchase their products based upon that paradigm.

  46. Brian 3

    I think the here is that they have a court order to tell them to make software and what they should have is a contract. The court order can be used to make someone surrender or destroy atoms but I've never heard of one to make something. That amounts to slavery.

    1. Marty McFly Silver badge

      Fascism

      Actually, it is economic fascism. Look up the book definition. The business is private, but the government tells them what products to make.

  47. This post has been deleted by its author

  48. Breen Whitman

    I don't think it will hurt apple. Their customer base is a third each of hipster faggots, vacuous 40 something women, and 16 yo girls. So the last 2/3rd don't care and the first third change focus to whatever the issue du jour is. Aren't they all focusing on foraging these days?

  49. D 13

    I'm just glad I don't have to carry around top secret information on my phone that must be kept out of the hands of the NSA at any cost.

    Only a handful or people in the world really needs the level of security that Apple are saying they provide here. Either that or they really want to go after the Jihadi market.

  50. CrosscutSaw

    Sushirrito

    That looks like a handroll, wrapped.

    In order for them to earn their name, they should wrap that thing in a flour tortilla!

    (that is my contribution to this thread, sorry, LOL)

  51. Anonymous Coward
    Anonymous Coward

    Catch 22

    In the UK we have the RIPA and soon-to-be Misuse of Technology Act.

    In which the maximum penalty for not handing over encryption keys when asked by a court order is going up from 2 to 10 years, and 5 to life (for offenses involving suspected child/extreme pornography)

    This is hot off the press, hasn't even hit the papers yet but for once both Labour, Lib Dem and the Conservatives are intending to support it because of among other things the Cryptowall 4.0 fiasco,

    and the rise of anonymous cryptocurrencies as an alternative to laundered notes for criminals.

    Also in there are mentions of the power to add low level (ie uEFI) back doors to phones and tablet PCs sold in the UK, and being able to legally intercept and inspect "technological devices" imported into the UK allegedly for safety but we all know what this is going to be used for.

    At this point moving to Russia is looking more and more like a viable option.

    AC, but if anyone reading this wants to contact me they already know where I live.

  52. Anonymous Coward
    Anonymous Coward

    Follow the money

    Have to wonder how much Apple stock vs stock in Google or Samsung is held by the decision-makers in this case.

    I mean, if you wanted to wreck Apple's business you couldn't ask for a better scenario.

    But then the same people went ahead and crippled the ability of US businesses to compete for offshore customers in the cloud products market, so maybe it's that they're too stupid to understand the consequences. Or they just don't care.

    Remind me, isn't the same US government who in a recent hack lost the results of security clearance investigations on 23 million past and future public employees, and those associated with them?

    To paraphrase, "You want the truth? You want the truth? You can't handle the truth!"

    The leadership of the FBI and other three letter agencies have benefited over the years from a mythology of exaggerated expertise and high ethical standards. The fact is that very little of that mythology has any basis in fact. The FBI is asking for Apple's help because neither the Congress nor the Executive have seen fit to make the investment required to provide them the necessary staff to get the job done. That's why a contract systems administrator was able to carry a treasure trove of confidential documents out of the NSA (which he did, as far as we know, without any hope of monetary gain -- imagine what someone in it to make a fortune could do, or probably has done). These agencies don't have the expertise to even run their own networks, let alone develop and deploy custom smartphone firmware.

    Question, how many former Apple engineers are employed by the FBI? I know that might sound harsh, seeing that after a decade there are probably still more Russian than Arabic (or Farsi) speakers working for the agency, but it's a question that someone needs to ask.

  53. Anonymous Coward
    Anonymous Coward

    Apple CEO Tim Cook wants terrorists and crooks to buy Apple products

    Yup, Apple wants EVERYONE'S business. The bottom line is money. If the next terrorist attack on US soil kills one of your relatives, are you going to complain about the FBI infringing on your privacy? I'm sure the friends of the victims in San Bernardino are worried about keeping iPhone data private. Do you think Tim Cook gives a damn about YOUR rights? As far as I'm concerned Cook is using these peoples' misfortune to sell his products and he's an iPhony.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like