back to article FBI iPhone unlock order reaction: Trump, Rubio say no to Apple. EFF and Twitter say yes

A moment of mass collective commentary is upon us following the response of Apple CEO Tim Cook to a judge's demand that the computer company unlock the iPhone of San Bernardino shooter Syed Farook. Since it's been only a few hours since Cook's letter in which he called the request "an unprecedented step which threatens the …

  1. djstardust

    Well played Apple

    I'm not an Apple fan in the slightest, in fact I detest them as a company.

    However they have played this one 100% correctly. Well done Tim Cook. Your open letter explains perfectly why the phones are encrypted and I take my hat off to you (metaphorically speaking of course)

    1. Anonymous Coward
      Anonymous Coward

      Re: Well played Apple

      And let's not forget Obama - after all, as part of the Executive Branch, aren't the FBI following the President's orders?

      Obama can stop all this with one simple Executive Order - why hasn't he?

      1. Eddy Ito Silver badge

        Re: Well played Apple

        I don't understand. The FBI is essentially following his orders. I don't see how he could compel Apple any more than the judge who issued the order.

        1. Yet Another Anonymous coward Silver badge

          Re: Well played Apple

          He has a large number of troops, almost unlimited supplies of electricity and the authority to ex-judicially execute US citizens anywhere in the world by drone strike

          1. Wzrd1

            Re: Well played Apple

            ".. and the authority to ex-judicially execute US citizens anywhere in the world by drone strike"

            Which is why a certain group of "militia" were all killed in a forestry center not too long ago, right?

            Oh wait, they were stopped by a roadblock and arrested.

            Don't be a tosser and ignore what a war is. Citizens were also targeted during WWII, when they were working with the enemy.

            Or are wars different now and they're really pillow fights? It sure didn't look that way to me, or to our allied forces when we were fighting them.

            Still trying to figure out the Iraq thing, as the US gained no oil, that's largely going to Europe. Maybe it was what I first theorized, "He tried to kill my dad".

            1. Mike VandeVelde
              Paris Hilton

              "Don't be a tosser and ignore what a war is."

              I'm sorry, I could have been paying closer attention maybe it slipped past me, but has someone declared war? I thought that was a quaint old tradition that has been neglected for the last 75 years?

            2. Anonymous Coward
              Anonymous Coward

              Re: Well played Apple

              Still trying to figure out the Iraq thing, as the US gained no oil, that's largely going to Europe. Maybe it was what I first theorized, "He tried to kill my dad".

              The Iraq war seems to have been over money. Euros, to be precise. The US ability to borrow gazillions from other countries to sponsor its own habits is based on the US Dollar being used as default reserver currency, and as energy currency. Sadam had started to sell oil in Euros, and that was such a profitable exercise that the Americans needed to show all the other ME players the severe consequences of doing that instead of dollars. Now, even the US can't just start a war somewhere, which is why they dreamt up the WMD excuse.

              Wars are very profitable for some people, and if you want to see what certain people in the UK were up to I would suggest you get hold of the Worricker trilogy which is a very clever way of talking about the events without being accused of leaking secrets and which may have lead to some serious cursing in a newly established private bank...

        2. circuitguy

          Re: Well played Apple

          actually Obama can screw apple by reversing his decision that stop Samsung import ban on apple products it won. or order the treasury to freeze all apple bank accounts, etc.. under the nation security act.....

          But Al Gore still represents Apple, Obama usually listens to the political side of advice from Gore verses national interest....

          1. Wzrd1

            Re: Well played Apple

            "or order the treasury to freeze all apple bank accounts, etc.. under the nation security act....."

            What is rm -rf / again?

            How difficult is it to make thermite and set it on the SAN units?

            That's a whole lot faster than a warrant can be served.

      2. Anonymous Coward
        Anonymous Coward

        Re: Well played Apple

        Obama can stop all this with one simple Executive Order - why hasn't he?

        Because he uses his brain. Although I can't comment on any other occasion, in this case he's been smart to let the law play out instead of interfering.

        1. Anonymous Coward
          Anonymous Coward

          Re: Well played Apple

          Because he uses his brain. Although I can't comment on any other occasion, in this case he's been smart to let the law play out instead of interfering.

          Sorry, that seems like a copout. This is a blatant attack by the Obama administration on the 5th and 14th Amendments on self-incrimination and right-to-privacy. If Obama is the constitutional scholar that he claims to be, he should stop this right now instead of seeing if the FBI is successful in subverting the Constitution.

          Remember "Blame Bush"? Now it's "Blame Obama"!

    2. Wzrd1

      Re: Well played Apple

      As usual, the press gets it wrong.

      Apple unlocked his phone - gladly, once a court order was obtained and presented.

      Apple refuses to write a new OS that disposes of the cryptography, thus undoing all encrypted Apple telephones.

      Let's review now, the FBI asked Apple to write an entire new operating system, to unlock, allegedly one telephone that was already unlocked.

      How much do we have to pay for a new commercial operating system, but the department of justice wants one for free?!

      In short, enslave corporation, acquire a free product and allegedly use it once. Just like GCHQ and the NSA only slurped once.

      Frankly, I'd make rapid plans to move the entire company offshore.

  2. Anonymous Coward
    Anonymous Coward

    Twitter

    What a lot of noise

  3. Pavlov's obedient mutt

    Twitter..?

    wait, people are still using that? Didn't that British dude, oh, what's his name.. french potato thing.. um. Fry - declare it to be dead and over?

    1. Anonymous Coward
      Anonymous Coward

      Re: Twitter..?

      Sort of. He went full hipster and said it was cooler before it was popular.

      1. Anonymous Coward
        Anonymous Coward

        Re: Twitter..?

        Yeah, but Fry's got form for spouting techno bollocks....

        Sat Navs that beam their signal back into space is just one example..

        * I like Fry, he's a funny, well educated bloke but he is not technologically adept...

        Why do you think he uses twitter, only 150** (??) CHR$ to type.

        **no idea, don't use it. Cant be arsed to google it. The saddos amongst you will know...

  4. aaaa

    Why is this even necessary?

    Can someone tell me why this is even necessary? Presumably the iPhone encryption algorithm is a known one. Why can't they just clone the device (by extracting the flash chip if necessary) then run the desired brute force attack on equipment of their own choosing. Once it's decrypted they can put I back in the phone if they really need to - which I doubt they do. AFAICT whilst you *can* use a complex passcode on iPhone - this particular one is protected with just a 4 digit key. It's not going to be hard to crack once the data is off the phone. If I'm right then this is clearly NOT about 'just this one phone'. I guess I must be missing something obvious - maybe someone at El Reg can write an article explaining it to me.

    1. ckm5

      Re: Why is this even necessary?

      There is protection on the phone for brute forcing the passcode. After N tries, it deletes the decryption key AFAIK. I think N=10, but it could be more. After that, the only way you can recover is to wipe the device.

      That said, if you image the phone, you could brute force it N-times with no issue (just re-image). Also, there are known vulnerabilities in iOS, I don't see why the FBI is not able to exploit them. AFAIK, a ton of iOS 8 vulnerabilities were exposed when they released iOS 9... Finally, you can brute force the keys - if this is so important, instead of waiting, the FBI could have used the time to run a brute-force attack - it's not like they have to preserve technology secrecy because it might be exposed at a trial.

      But I agree, I think the FBI is trying to score political points, not get anything of actual value. It seems to be part of a wider fight around encryption.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why is this even necessary?

        Earlier El Reg articles today have explained how there is apparently inherent protection against cloning. Basically if you take anything out of the device then it no longer has its necessary relationship with other components in the phone. It's a jigsaw puzzle that only works when all the pieces are in that particular phone.

        One of the interesting things is that the phone was the guy's work phone. He had destroyed all his personal devices. The implication is that he had made sure he had never compromised his work phone.

        1. sisk Silver badge

          Re: Why is this even necessary?

          Basically if you take anything out of the device then it no longer has its necessary relationship with other components in the phone.

          Could that not be counterfeited in a virtual machine once you've extracted and read the flash memory?

          1. Palpy

            Re: Why is this even necessary? "counterfeited in a VM..."

            Mmmm, I don't think so. As mentioned before, even in the 5C iPhones without Secure Enclave, the passcode is combined with a hardware-generated key -- and that key would not be known to a VM. From the TrailOfBits blog:

            "Devices with A6 processors, such as the iPhone 5C, also contain a hardware key that cannot ever be read and also 'tangle' this hardware key with the phone passcode."

            To recap, the phone will erase everything (actually, it will permanently "lose" the encryption key) if the passcode is incorrect for more than 10 guesses. Only Apple can flash the firmware for the phone, and the FBI wants them to flash a special iOS system which will overwrite the limitations on brute-forcing. In that case, according to TrailOfBits,

            "However, there is nothing stopping iOS from querying this hardware key as fast as it can. Without the Secure Enclave to play gatekeeper, this means iOS can guess one passcode every 80ms."

            At least, that's what I think I get from the tech explanations.

            (If it was as simple as jailbreaking the phone, or pulling the guts and hooking them up through a VM, it would have been a done deal a long time ago. The FBI are not THAT stupid.)

            1. Anonymous Coward
              Anonymous Coward

              Re: Why is this even necessary? "counterfeited in a VM..."

              Having seen the forensic tools used by UK law enforcement for recovering data from flash, SIM and other data storage related to mobile phones, it really can't be as simple as popping a chip off the board and reading it out to a VM, they go to some quite surprising lengths to extract that data.

              If it was possible, it would have been done.

              I have to applaud Apple for this, it seems a truly secure application of technology and of all the phone companies they're the one most able to resist this sort of attack from the government, let's hope it sets some solid precedents in law..

            2. circuitguy

              Re: Why is this even necessary? "counterfeited in a VM..."

              first, if u sale hardware , software and services to the US or the DOD, u have no secret code. And u can not mass product ics and complete products without a boat load of special diagnostics tools the average tech people can use safety. the 256 cyp is more noise than a real problem. Seriously, mobile computing vs battery power vs storage access vs response time vs "system overhead" = limited encoding......256 becomes 32 bit....

              but Apple the extra hardware for cyper of the ic..... the above still applies to power/heat/storage..... plus getting the data to cpu....

              1. druck Silver badge

                @circuitguy

                What have we said before about arranging words in an order that makes sense?

                1. Wzrd1

                  Re: @circuitguy

                  "What have we said before about arranging words in an order that makes sense?"

                  That's a hell of a thing to say to someone who has dyslexia!

                  Fortunately, that only strikes me when I'm severely fatigued.

        2. Wzrd1

          Re: Why is this even necessary?

          "Basically if you take anything out of the device then it no longer has its necessary relationship with other components in the phone. "

          It's called TPM. It can still be faked, with a hell of a lot of effort. As the FBI works routinely on national security matters with the NSA, it's likely a filling in a few minor blanks operation and hence, not worth the effort.

          But, oddly, they're insisting that Apple should write an entirely new operating system that undoes encryption, all by fiat, rather than via a court order.

          1. Anonymous Coward
            Anonymous Coward

            Re: Why is this even necessary?

            "But, oddly, they're insisting that Apple should write an entirely new operating system that undoes encryption, all by fiat, rather than via a court order."

            Will you stop with that BS about writing a new OS? The feds asked and the judge order Apple basically to provide a way to bypas the '10 strikes and you're out' for one specific device.

            Get the court documents and see for yourself.

        3. Anonymous Coward
          Anonymous Coward

          Re: Why is this even necessary?

          Its not even like its a new idea, try swapping a dvd drive from an xbox360, unless the correct key that's married to the mainboard is present, it wont work, matters not if the drive is identical.

          yes I know it's easy(ish) to circumvent, my point is that the tech locking parts together by software is old hat.

    2. Geoff Campbell
      Boffin

      Re: Why is this even necessary?

      iOS uses AES 256 bit encryption, as I understand it. This is essentially uncrackable with current computer architectures. From Wikipedia:

      "Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. 50 supercomputers that could check a billion billion (10^18) AES keys per second (if such a device could ever be made) would, in theory, require about 3×10^51 years to exhaust the 256-bit key space."

      GJC

      1. Roland6 Silver badge

        Re: Why is this even necessary?

        iOS uses AES 256 bit encryption, as I understand it. This is essentially uncrackable with current computer architectures.

        Interestingly, this request to Apple, would seem to support the view that AES 256 is (currently) uncrackable. Whilst I accept the intelligence agencies would want to keep this knowledge very close to their chests - in the way the UK kept very quiet about Bletchley Park and what it enabled them to do for years after WWII; I would of expected to see some indication of this capability (if it existed) in the Snowden disclosures.

        1. Wzrd1

          Re: Why is this even necessary?

          "Interestingly, this request to Apple, would seem to support the view that AES 256 is (currently) uncrackable"

          Well, the NSA uses AES (which level, I cannot discuss) and has directed that the US DoD use it.

          I'd still not call it uncrackable, just not crackable within a length of time that'd be operationally useful.

          If it takes a year to crack encrypted data that is needed this week or this month, it's reasonably secure. Add in layers, as 3DES did, add in further great lengths of time to totally decrypt data needed "today".

          1. sisk Silver badge

            Re: Why is this even necessary?

            "Uncrackable" encryption doesn't exist. Given enough time and computer power they can all be cracked. "Enough time" might be a million years, but it's still there. Plus in another 10 we'll have quantum computing tech reliable enough to render all current encryption useless. Really we need something new, and soon given the progress Google's making with their quantum computer.

  5. This post has been deleted by its author

  6. Number6

    Franklin

    This is one of those cases where the Benjamin Franklin quote is relevant.

    "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

    While he was talking about a tax matter, the freedom to encrypt stuff against prying eyes is a liberty worth preserving even if it means the occasional bad guy gets away.

    1. Wzrd1

      Re: Franklin

      ""Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.""

      Franklin was speaking of raising tax money to raise a militia during the beginnings of the French and Indian war. He later lied to Quakers about money for a fire engine, while instead purchasing cannon. But then, a cannon most certainly is an engine of fire.

      Especially to a freemason trying to help someone, despite their worst efforts to not be helped.

      Things were a bit weird back then, but in the end, the Native Americans lost, the French lost and the militias largely had their butts handed to them by both the French and Native Americans, with the British rescuing those militias repeatedly.

      3 Scots had members at our NCO open mess, where my unit at the time was formerly a militia and now is a US Army National Guard unit.

  7. ckm5
    Big Brother

    Founding fathers rolling over in their graves

    So much for the Republicans upholding the constitution...... The founding fathers would be rolling over in their graves at this.

    On a side note - we need a 'rolling over in grave' icon....

    1. Anonymous Coward
      Anonymous Coward

      Re: Founding fathers rolling over in their graves

      "So much for the Republicans upholding the constitution[..]"

      I thought the Republicans, particularly the hard line elements, were the ones who want "small government" that doesn't try to interfere with their lives.

      1. MrDamage

        Re: Founding fathers rolling over in their graves

        You are correct. Republicans want smaller government that doesn't interfere with their lives. Bugger everyone else who isn't in the top 1%.

        1. Roland6 Silver badge
          Pint

          Re: Founding fathers rolling over in their graves

          Bugger everyone else who isn't in the top 1%.

          Are billionaires that common these days in the USA?

          [I salute you with a pint of good English ale ]

          1. Wzrd1

            Re: Founding fathers rolling over in their graves

            "Are billionaires that common these days in the USA?"

            Not all that common, the trillionaires have started crowding them away from the real money.

      2. Wzrd1

        Re: Founding fathers rolling over in their graves

        "I thought the Republicans, particularly the hard line elements, were the ones who want "small government" that doesn't try to interfere with their lives."

        No, they just want whatever big business campaign contributors want, no regulation on pollution, no quality control, no taxes supporting bridges and highways, no public health, etc.

        In short, no taxes for the wealthy and the populace can sod off.

    2. sisk Silver badge

      Re: Founding fathers rolling over in their graves

      So much for the Republicans upholding the constitution

      Like Democrats they're quite good at ignoring the Constitution when it's inconvenient to their political agendas. Just look at the collective temper tantrum they're having at the thought of Obama getting to appoint a SCUSA justice, despite the fact that the Constitution quite clearly states that it is his job and right as President to do so.

      1. Wzrd1

        Re: Founding fathers rolling over in their graves

        "Like Democrats they're quite good at ignoring the Constitution when it's inconvenient to their political agendas."

        Indeed, what party created the Patriot Act, which undermined the greater part of the US Constitution?

        Here is a small Cliff Notes version of US politics today, Citizens United means wealthy benefactors get to pay as much as they want to to get the candidates that they want in power, as money is free speech and that leaves the populace speechless.

  8. Anonymous Coward
    Anonymous Coward

    It's a 4 to 6 digit passcode, why don't I save everyone the trouble, it's 911911.

    Why don't they just wait until a new vuln is spotted and use that? They are obviously in no rush as they got the phones back in December.

    Also, I'm pretty sure the NSA can get into it, not being funny but if they capture a spy with an iPhone do they just go ok well it's encrypted and leave it at that? Unlikely.

    Finally if they have access to the iCloud account can they not remote install apps? (I don't know as I have never used them and don't know if this would work) Remote install an app that disables the lock or automatically uploads all the data from the device.

    1. Tim99 Silver badge
      Coat

      $5 wrench

      Also, I'm pretty sure the NSA can get into it, not being funny but if they capture a spy with an iPhone do they just go ok well it's encrypted and leave it at that? Unlikely.

      Obligatory xkcd link

      1. Old Handle

        Re: $5 wrench

        Unfortunately, the police themselves made the person who knew the PIN well and truly wrench-proof.

        1. MrDamage
          Coat

          Re: $5 wrench

          The suspect may be wrench proof, but given how the FBI and other TLA's rely on pseudosciences such as polygraphs, there is no reason why they cannot subpoena John Edward to make contact with the suspect to obtain the passcode that way.

    2. Wzrd1

      "Finally if they have access to the iCloud account can they not remote install apps? "

      Why bother with iCloud when the tower can be had for far less effort? Own the tower, own the phone.

  9. Lysenko

    What no-one seems to have explained yet is exactly what power the court is invoking to force a private company to do actual "work". This is a totally different proposition from requiring that something be handed over or disclosed as part of a search. Bizarre as it seems I'm pretty sure you could appeal this on anti-slavery statutes (UK Law) if nothing else.

    1. Gnosis_Carmot

      Apple could short it out

      The government can, according to some under a 17-something or another law, compel Apple to do this.

      Assume for a moment that is true.

      Imagine it playing out....

      Apple : "We'll do it..."

      FBI : "Hand it over"

      Apple : "....for US $10Trillion. Payment in advance. Oh, and it'll be years before we complete the research needed."

      1. JohnMurray

        Re: Apple could short it out

        Never forgetting that fbifonecrack V1.00 will rapidly become fbifonecrack V1.1/V1.12/V1.20......along the way the wifi will stop connecting, the serial I/O will stop communicating with the fbi itunes_fbifonecrack_decode V1.0, the bluetooth will become permanently on, at high output, and the battery will die....

    2. Brangdon

      They claim the "All Writs Act of 1789" allows them to compel Apple to do the work. Google the quoted phrase for more details.

      1. Wzrd1

        "They claim the "All Writs Act of 1789" allows them to compel Apple to do the work."

        And yet, they're in a court of law, a court that has notoriously disliked Congress stepping upon the prerogatives of the court.

        It's one thing to demand a key, it's yet another thing to demand a product be produced for free. That is slavery.

        Frankly, I'd have a plan B that involved moving he entire corporate database overseas, to an unfriendly nation and physical destruction of the US based development storage hardware.

    3. druck Silver badge

      If Apple can only be compelled to hand something over, then the court could ask for the private key used to sign the firmware (or the hardware containing it which performs the service).

  10. ecarlseen

    Not quite that partisan

    As noted above, this is Obama's Justice Department demanding decryption. Also, strongly libertarian-leaning Republicans Thomas Massie and Justin Amash have both come out supporting Apple's stance on their Facebook pages.

    1. sisk Silver badge

      Re: Not quite that partisan

      Yep. The Republicrats are showing their true colors a bit more strongly than usual on this one.

  11. fidodogbreath Silver badge
    Big Brother

    Dissonance without cognition

    To quote Rand Paul: "Republicans in Congress are opposed to Big Government, except when they're for it."

    Many Republicans claim -- loudly -- that government is a worthless blight on freedom, which destroys everything it touches. It cannot even be trusted to pick up the garbage or capture stray dogs.

    Their spirit guide, St. Grover of Norquist, is fond of saying that government must be starved (via tax cuts) until it is small enough to drown in the bathtub.

    Yet, somehow, it is simultaneously competent and trustworthy enough to be handed the decryption keys for EVERY DEVICE AND SOFTWARE PROGRAM IN THE @#$% WORLD.

    Go figure.

    1. DougS Silver badge

      Re: Dissonance without cognition

      Don't forget, they also believe that the government that can't be trusted with the least influence on health care or have any control over schools is fine to be trusted with hundreds of IBMs, drones that can quietly kill someone half a world away and hundreds of huge ships armed with cruise missiles.

      It is funny how the same government that is automatically incompetent in so many things should be given carte blanche to do whatever it wants without citizen input or even knowledge for anything it thinks falls under the umbrella of 'homeland security'.

  12. RobS

    Work

    @Lysenko , strongly agree. Even if it is "just software" it takes time and effort and I imagine that the Feds want it to be reviewed and thoroughly tested (and not on the actual evidence the first time). Who is paying?

    1. Lysenko

      Who is paying?

      Even that is beside the point. The Government can't issue a Compulsory Purchase Order ("Eminent Domain" in the US) against labour - not without invoking a War Powers Act or something similar (e.g. Conscription).

      There are anti-discrimination statutes and powers to de-certify Doctors and Lawyers who refuse to perform procedures or take cases, but I can't think where they're getting this generic power from. Are they arguing that that labour is "property" in terms of the 5th Amendment? Even if they are, "involuntary servitude" is outlawed by the 13th.

  13. JB77

    Send an email to Tim Cook at Apple.

    Send an email to Tim Cook at Apple. Let him know you support him. I did.

    Tim's email is:

    tcook@apple.com

    Here's what I said, "I fully support your decision in this matter."

    Nothing fancy. Just let him know how you feel about this. Think this FBI/US Court demand is "no big deal?"

    It doesn't get any bigger than this. If Apple has to comply, every tech company in the USA will be required to follow. And whatever was left of your dwindling privacy will disappear - forever.

    JB

  14. Anonymous Coward
    Anonymous Coward

    Just take the 'Davy Crockett' hat off Donald, you bald twat!

    I think Tim has to make the 'Ultimate Sacrifice' and declare that he would rather do jail time than unlock the phone. I'm sure you will all agree with me?

    1. Yet Another Anonymous coward Silver badge

      Re: Just take the 'Davy Crockett' hat off Donald, you bald twat!

      The ultimate sacrifice would be to move Apple HQ to Switzerland and take $gazillion out of the US economy. Then have Microsoft, Google, Facebook etc follow suit when they are ordered to do the same thing.

      Amazing how compliant the US government can be when you mention the recession word

      1. Anonymous Coward
        Anonymous Coward

        Re: move Apple HQ to Switzerland and take $gazillion out of the US economy.

        hang on, I thought Apple made a point of not repatriating its $gazillions profit anyway, so as to avoid paying US taxes on them... :-)

        1. Yet Another Anonymous coward Silver badge

          Re: move Apple HQ to Switzerland and take $gazillion out of the US economy.

          Only its overseas sales - suppose all its sales were overseas ?

  15. Jason Bloomberg Silver badge
    Stop

    What the law says...

    I have no idea. Could someone perhaps find the legislation and case law which defines what a US court can and cannot order, what entities can or cannot be compelled to do, or find an expert who can advise on that?

    As entertaining as it is to listen to droves of armchair barristers taking sides it would be nice to hear what professional legal opinion is.

    1. Old Handle

      Re: What the law says...

      Here's what the law they're using says:

      (a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

      (b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.

      It's called the All Writs Act, it was passed in 1789, and yes that's the entire thing. Helpful, huh?

      1. Dan 55 Silver badge

        Re: What the law says...

        How does that even mean the court can force companies to do work for them, probably below cost, that what they otherwise wouldn't?

        1. circuitguy

          Re: What the law says...

          yes. the federal and state courts can order crazy things and they expect the executive branch to execute the order....

      2. theOtherJT

        Re: What the law says...

        and agreeable to the usages and principles of law.

        Which by my - admittedly non-professional IANAL reading - basically says "as long as that writ is lawful" which Apple are going to argue this one isn't.

      3. Ilmarinen
        Unhappy

        Re: What the law says...

        "Stop going about your business, do what I tell you to do, even though you've broken no law"

        Isn't that also called "Slavery"?

  16. sisk Silver badge

    I don't think Google's silence is indicative of anything really. If they side with the Government on this one they provoke a tidal wave of criticism that they'd no doubt want to avoid. If they openly side with Apple that means publically supporting their biggest competitor in the smartphone market. Honestly what have they to gain by weighing in at all either way?

    1. Yet Another Anonymous coward Silver badge

      > Honestly what have they to gain by weighing in at all either way?

      If they don't support Apple they tell a billion potential customers that an Android phone will hand over your data to the cops but an Apple one won't.

      Especially interesting if you are a phone customer in China, Russia, Iran, most of Africa etc

      1. sisk Silver badge

        If they don't support Apple they tell a billion potential customers that an Android phone will hand over your data to the cops but an Apple one won't.

        I disagree. It just indicates that they're staying out of it. After all the situation doesn't involve Google at all. Anyone saying that silence means they support the FBI is making assumptions based on hating Google. After all, Samsung isn't weighing in on the matter either, nor would you expect them to.

        As I said, publicly siding with Apple means supporting their competitor and siding with the FBI clearly puts them in the wrong. Why would the bother to comment on it at all?

  17. Rich 11 Silver badge

    Situation normal

    Almost immediately, politicians started piling into the debate – most, it must be said, with limited understanding or knowledge of what was being requested and the implications of it.

    I blame 24-hour rolling news. And social media. And the electorate. But mostly I blame ignorant, short-sighted fuckwits who somehow manage to get themselves voted into public office but don't have the nous to know when to shut up, stop, and think.

  18. Anonymous Coward
    Anonymous Coward

    I blame the commies...

  19. Ed Mozley

    Touch ID

    I take it they haven't tried a "demolition man" style approach and tried to unlock the phone with his finger?

    Regardless... I wonder if many "baddies" are now deleting their Touch ID settings and sticking with a good old fashioned pin.

    1. DougS Silver badge

      Re: Touch ID

      Its an iPhone 5c, too old for Touch ID. Even if it had that feature if it hasn't been unlocked for (I believe) 48 hours Touch ID won't work, it will insist on the password/PIN. Touch ID also won't work if the phone was powered off.

      What smart people will learn from this is:

      1) use an iPhone 5S or newer as the secure enclave provides additional security that the terrorist's phone lacks (though it is obviously pretty good even without that if the FBI has been dicking around for two months and hasn't got anywhere)

      2) don't use a PIN, use a password instead - Apple has long supported using a password that can use the full UTF-8 set. A PIN can theoretically be brute forced if you can find a way around the phone wipe and retry timeout. Good luck doing that with a nice 12 character nonsense password that includes punctuation etc. That's more feasible with Touch ID since you don't have to type it in every time you pick up your phone.

      3) using Touch ID is fine if you know the limitations - when you hear that pounding on your door and they say "open up its the police!" don't reach for your gun (they'll bust in and shoot you) reach for your phone and quickly power it off. Then only your password can unlock it, and so long as you don't live in a backwards country like the UK the police can't threaten you with jail to force you to tell them your password.

      4) even if you don't use Touch ID, unless you have your phone set to require an unlock code every time (no grace period if you use it shortly after it locks) you should power it off anytime you want to be sure it is truly locked if you aren't absolutely certain your grace period has expired.

  20. a_yank_lurker Silver badge

    Ferals, Congress Critters and Stupidity

    The ferals are not thinking this one through but when one prime attributes is subtracting from the sum total of human knowledge it is expected behavior. If iOS (or any OS) is compromised for one case it will be compromised again. What they are doing is making any smartphone a security risk for everyone including themselves.

  21. gerdesj
    Flame

    Trump

    Americans: Please understand that should you elect Mr Trump as your President then Britain (at the very least) will be sniggering for decades.

    Just in case you don't know "trump" is a synonym for flatus here and probably elsewhere too (possibly derived from "trumpet".) We have more words for farting than eskimos anecdotally have for snow. A significant part of our culture is based around jokes relating to farting, second only to talking about the weather and drinking shit loads of tea.

    Even now, 'er Maj. and Co. are being schooled in how to keep the upper lip correctly stiffened when confronted by a walking, talking trump.

    1. Stevie Silver badge

      Re: Trump

      Yesyesyes. Could people stop pointing this our every five minutes? There are pigmies in the Amazon rainforest who may not know about the verb "trump" but by now they are few and far between.

      The Americans know. They actually do get it.

      The supporters just don't care what you think.

      1. MrDamage

        Re: Trump

        The supporters just don't care what you think.

        FTFY

    2. fidodogbreath Silver badge

      Re: Trump

      > "trump" is a synonym for flatus here

      And on our side of the Atlantic, Trump is the apotheosis of it.

      Who says we're "separated by a common language?"

  22. Tsunamijuan

    Nothing but a gimmick to push their political agenda

    We know they can break it without asking apple for help.

    This is such a sham, as they are using it for nothing but an excuse to push their agenda that encryption should be illegal.

    Wait till they start claiming that locks on the doors to peoples houses are also illegal since they prevent the FBI from entering when they want.

  23. Old Handle
    Devil

    What Apple should do, is write an iOS version that disables the security as required, but then immediately detects that security has been compromised, displays Error 53 and trashes the phone.

  24. Nuno trancoso

    While i do stand with Apple on this issue, can't help but think they brought it upon themselves. 4 digits?

    Just give the FBI what they want then push an update next day that turns that into "variable length (of user's choosing) full alphanumeric (with special chars)" unlock code. And "enlighten" the users about the "why". Cue TLA's shitting a brick. And add a TrueCrypt like layer of plausible deniability. Watch another brick come out.

    Until encryption is taken seriously and becomes a "done deal" ie, there's nothing anyone can do to "help" third parties, it will always be open to these kind of shenanigans. This will only stop once it becomes a de facto that you can't break it unless the user cooperates, and make it so you can't really tell if he has or has not.

    The means and tech have been around since like forever, it's only the will that's been lacking.

    1. DougS Silver badge

      Apple has supported alphanumeric passwords for ages

      Since at least when I owned my 3gs back in 2009. If the terrorists were smart enough to trash their PC's hard drive and both their personal phones, I think the fact that an insecure PIN was used on this phone instead of a password and it wasn't destroyed was because the terrorist knew it contained nothing incriminating. It was a work phone, and thus used for work and not contacting ISIS HQ.

      The FBI is using this request as a publicity stunt because no one was listening to them whine about how modern encryption gets in their way. They chose to fight this battle because it is gives them the best possible position they could ever hope to take - not a suspected terrorist but a proven terrorist who killed Americans on American soil.

      There is no useful intelligence on that phone, and they know it. It is security theater.

      1. John Robson Silver badge

        Re: Apple has supported alphanumeric passwords for ages

        "There is no useful intelligence on that phone, and they know it. It is security theater."

        So - let's go full conspiracy nut here:

        - They've cracked the phone, and know there is no useful intel...

        - So they don't actually care how long this drags through court...

        - But they think they have public support because of terrorists...

        - So we'll crack the armour with this one, then use it as precedent next time we want something...

        Shame Apple are a step ahead with the secure enclave - at least I really hope they are a step ahead with the SE. I imagine it might find that it can't be updated without the passphrase/code soon...

        1. DougS Silver badge

          Re: Apple has supported alphanumeric passwords for ages

          If you're going full conspiracy theory, I wonder what the timing of Apple's change that causes the 'error 53' if you swap out the fingerprint reader and the discussion returning about government forcing 'backdoors'. Apple claimed the reason was that a rogue fingerprint reader could be used to compromise device security. Not sure how that works but interesting in light of how much discussion there has been lately and now this issue surfaces. I heard this was added in iOS 9, not sure if it was 9.0 or a later 9.x rev.

          Anyway, the ability to update a "locked" phone stems from the ability to update it in DFU mode, which is sort of a low level pre-boot state. If they block updating from DFU mode that's fine but if they ever release an iOS update that causes problems that prevent the phone booting properly or accepting a PIN/password it will be a real headache for them as end users couldn't fix it themselves.

          Maybe what they could do is require you to provide the Apple ID and password linked to the device to perform a DFU update. That would keep it secure from even Apple updating the firmware without the password - though that depends on how it is implemented, since they provide a way to reset your Apple ID password obviously Apple could do so itself. They offer two factor authentication for it so they could use it for these DFU updates but most people would probably use their phone for this which wouldn't help assuming they can get carrier cooperation.

          It is definitely a difficult problem to build something that is secure against the company who made it, but Apple appears to be trying to do exactly that. And whether you agree with their stance, this case illustrates the reason why they are going to all this trouble.

  25. Michael Thibault

    >we will leave no stone unturned as we gather as much information and evidence as possible," a statement read.

    Didn't the 'perps' make it into paradise? I thought they bought their tickets within hours of their crime... If so, evidence for what trial?

    >"These victims and families deserve nothing less. The application filed today in federal court is another step – a potentially important step – in the process of learning everything we possibly can about the attack in San Bernardino."

    All roads lead to Rome, of course; informationally all stones are, therefore, related. So... is the implication of this step in pursuit of information (that is only potentially under the next stone) that it is the beginning of a journey that is going to be perpetual and without practical limit?

  26. Anonymous Coward
    Anonymous Coward

    America, you've changed!

    What happened?

    Too many stupid politicians?

    1. Someone Else Silver badge

      Re: America, you've changed!

      What happened?

      Too many stupid politicians?

      Yes.

      Next question?

  27. Mad Chaz

    Who do they think they are?

    Surprising how the people who say that sentence are usually the ones who are full of themselves.

  28. Someone Else Silver badge
    FAIL

    Trump == Blatherskite

    As ever, it's not clear whether Trump didn't know the details of what he was talking about or simply doesn't care.

    I believe that this is an inclusive 'or'; he doesn't know, he doesn't care. (And not to go all Rumsfeld on his ass, but he doesn't care that he doesn't know, either.)

  29. IvoryT

    This spat is almost certainly public for a reason: the idea that the FBI can't get into an iPhone is one they want out there. Every call/text ever made on that phone will be already logged at the NSA. You don't spend trillions if the whole train can be derailed by something as simple as this.

  30. Winkypop Silver badge
    FAIL

    It's security, Jim

    But not as we know it.

  31. durbans

    Frank Underwood wouldn't stand for this crap. He would beat Tim Cook into submission with the aforementioned wrench until he got the answer he wanted.

  32. Mud5hark

    Why is this possible?

    What the FBI is asking for should be impossible to do. i.e. apply a firmware update to a locked phone. Surely the phone would have to be unlocked first? Otherwise these sorts of shenanigans are possible. If it's not possible in the first place then it can't happen.

    1. theOtherJT

      Re: Why is this possible?

      And on current iOS devices with the newer processor, that would appear to be the case. This has only been raised here because it's a 5C and doesn't have the levels of security that the 5S and onwards have.

      I'm actually impressed that Apple bothered to bake a hardware security solution into their current chips. It looks a bit like they might have seen this one coming.

  33. Anonymous Coward
    Anonymous Coward

    "Lots of upset, little insight"

    People have accused Donald Trump (and also, to be fair, Bernie Sanders) of all sorts of things in the past, but I don't recall insight being one of them .....

  34. Lobrau

    Are they hoping to potentially uncover more attacks?

    If not then why do they need to get into the phone? They don't need evidence to prosecute the terrorists involved as they were slotted by the police. Doesn't seem much point in putting dead people on trial.

    If they do suspect there could information leading to other terrorist cells then that's a different kettle of fish. Although I would imagine the terrorists' doctrine would protect against just such eventuality.

  35. Anonymous Coward
    Anonymous Coward

    Hand it to The Donald

    His devastatingly baffling combination of bluster and bullshit will have it open in no time.

  36. Anonymous Coward
    Anonymous Coward

    Locksmith

    So accused has a safe, would police employ a locksmith to open it? Of course. In this case the only locksmith is Apple because they own the needed private key. Apple should comply with the court order, and submit an invoice for reasonable costs. I see no particular matter of principle here.

    I do not normally @AC but in this case it may be prudent...

    1. Ilmarinen
      Stop

      Re: Locksmith

      The police are not seeking to "employ" a locksmith.

      Employment is a voluntary contract between free parties, and the locksmith has the right to say "no".

      This is seeking to *force* the locksmith to do the opening.

      The locksmith has broken no law, and is a third party in the investigation.

      Forcing someone to do something against their will, when they have broken no law is, in essence, Slavery.

    2. Jason Bloomberg Silver badge

      Re: Locksmith

      In this case it the courts are obliging the manufacturers to deliver a means by which LEA can open the safe. It comes down to two things -

      1) What power the courts have to order a person or entity to do something.

      2) What rights a person or entity has to refuse to do what is ordered by a court.

      And that is overlaid by the public debate and disagreements over what powers a court should and should not have.

      In legal terms it simply matters what powers the courts have. The emotional, ethical, moral debate is whether they should have certain powers, and whether or not they actually do have those powers.

  37. Big_Ted

    I'm confused . . . .

    These terrorists (I am happy to call them that) apparently destroyed or otherwise got rid of their personal phones and hard drives etc as stated by the FBI.

    Are they then considered to be clever enough to get rid of the stuff that could help the FBI but stupid enough to leave behind one phone, a work phone that would hold anything useful ?

    Surely this is a waste of time fishing exercise so that the FBI, local and state police, dog catcher etc can go to court in the future on a case the public wont support them on so strongly and be able to say its possible, its already been done, precedent has been set, break the phone encryption now. Not forgetting foreign governments demanding it as the cost of selling in their country.

    This must be stopped now as it doesn't matter to the result of the case being investigated but will to the future freedom of people everywhere.

  38. PassiveSmoking

    Breaking news! Donald Trump has an idiotic, ill-informed, pro-fascist opinion!

    Why is that even news?

  39. Nehmo

    Charade by the FBI

    This story is misrepresented on almost every news site. The FBI isn't asking Apple to “unlock” the phone; Apple has done that for the FBI numerous times. The FBI is demanding Apple to circumvent some security features by writing a new operating system and then updating the phone with the new OS. With the new OS installed, the FBI will be able to try to brute force the password and also do so by bypassing the keypad. http://goo.gl/1Qv100

    But it's all a charade by the FBI. The FBI already knows everything about San Bernardino's killer Farooks. It is just using the high profile case as an excuse to get public support behind its demand for software that makes all (except some brand new) iphones breakable.

    And if Apple loses, other governments (Saudi Arabia, for one) will demand the same from Apple. This is assuming they can't simply get it via a leak.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019