back to article US DoJ files motion to compel Apple to obey FBI iPhone crack order

The US Department of Justice has today filed a motion compelling Apple to comply with a court order to help the FBI break into a killer's iPhone. On Tuesday, a magistrate judge in central California granted an order filed by the Feds that requires Apple to reprogram San Bernardino murderer Syed Farook's smartphone with a …

  1. redpawn Silver badge

    "Error 53" might be the help called for.

    1. NoneSuch
      Pint

      What about the 70 phones that Apple unlocked at Federal request that came before this?

      Methinks he doth protest too much.

      It's pub o'clock.

      1. Old Handle

        That was back when Apple still had a key, instead of just a key to making a key. Arguably that's not a big difference, but Apple either thinks it is, or at least wants us to think so.

        1. Anonymous Coward
          Anonymous Coward

          "Arguably that's not a big difference"

          For some people it may be a subtle distinction, but it nevertheless a very important one. Software is legally of the same status as speech. Free speech protections in the US constitution mean the law can't compel you to say something you don't believe. Nor as a free citizen or free enterprise, do you have to supply your effort to an action you (or if an enterprise, your board) do not believe in. There is a profoundly important principle that we should seek to preserve, and that is that the government works for the people. At the best of times Politicians are wont to forget that, and it is always bad if they do, so it is always an important to fight to retain the distinction. This action subtly, but significantly tips the balance the wrong way and steps over the line. If the FBI win, the people of America will no longer be able to call themselves free citizens.

          Of course many have been saying that for years, but until now those arguments have relied on the notion of psychological enslavement to the government (e,g, sheep like thinking) as distinct from legal enslavement.

          BTW, I made this point on the Times editorial about this, in the same tone of voice. My comment was censored.

          Also this strange amendment to a NYT article on the subject. Note, not recording there has been an amendment breaks their own strictly enforced editorial guidelines.

          1. frank ly Silver badge

            "Software is legally of the same status as speech."

            Has a law been passed or judicial decisions been made which actually state that is so? Or, is it some kind of intellectual inference that has been made for the puprpose of argument?

            "Free speech protections in the US constitution mean the law can't compel you to say something you don't believe."

            I thought the protection was that the law can't compel you to make any statement that incriminates yourself (the 5th ammendment). Is there some kind of 'Galileo clause' as well?

            1. SuccessCase

              "Has a law been passed or judicial decisions been made which actually state that is so?"

              Yes it Is an established principle see here what an EFF lawyer says on it, (extract below):

              "Reengineering iOS and breaking any number of Apple’s promises to its customers is the definition of an unreasonable burden. As the Ninth Circuit put it in a case interpreting technical assistance in a different context, private companies' obligations to assist the government have “not extended to circumstances in which there is a complete disruption of a service they offer to a customer as part of their business.” What’s more, such an order would be unconstitutional. Code is speech, and forcing Apple to push backdoored updates would constitute “compelled speech” in violation of the First Amendment. It would raise Fourth and Fifth Amendment issues as well. Most important, Apple’s choice to offer device encryption controlled entirely by the user is both entirely legal and in line with the expert consensus on security best practices. It would be extremely wrong-headed for Congress to require third-party access to encrypted devices, but unless it does, Apple can’t be forced to do so under the All Writs Act."

              1. SuccessCase

                Oh, and re: "What about the 70 phones that Apple unlocked at Federal request that came before this?"

                See, No Apple has not unlocked 70 iPhones for law enforcements

              2. Anonymous Coward
                Anonymous Coward

                Constitutionally protected...

                Is that the same Constitution they use as toilet paper?

            2. allthecoolshortnamesweretaken

              Upvoted for 'Galileo clause', even if it does sound a bit like an episode title from Star Trek TOS.

            3. OviB

              So you "intellectualy infer" that it would be legal to be forced to say something you don't want to say? If that's the case I am glad not to be born in the "Land of the Free".

          2. Anonymous Coward
            Anonymous Coward

            "...the people of America will no longer be able to call themselves free citizens."

            Calling is OK, as long as you don't behave like one.

        2. Warm Braw Silver badge

          Just a key to making a key

          While I'm very much on the side of Apple in that I don't see how they can be compelled to write software at the whim of the government or a court, the one thing stopping the court getting anyone else to do it is that Apple have the signing key for the firmware.

          I suspect the court may be on firmer legal ground if it were to demand that Apple disclose that key so that the FBI could, at least in principle, get someone else to develop its hack. It is, after all, just information that happens to be in Apple's possession that might assist a lawful search. If it did, though, that truly would be the end of IT security as we know it.

          1. Adrian 4 Silver badge

            Re: Just a key to making a key

            Could Apple not revoke their signing key (replacing it with another) before handing over the old one to be used on the un-updated phone ?

            The courts might send Apple executives to jail for disobeying the order, but those executives likely can't create any software. And can they force an employee to create software if that employee believes it to be immoral ? Surely the court would have to coerce someone with both the means AND the ability, such as an actual programmer.

    2. This post has been deleted by its author

  2. Chika
    Big Brother

    Here we go...

    And here's the reason why I said elsewhere that the FBI were likely to win this one.

    George was right about pretty much everything in his book, 1984. The only thing he really got wrong was the date...

    1. Alistair Silver badge
      Windows

      Re: Here we go...

      @ Chika:

      The initial order was the slide. It does not matter *which* way this set of court issues go, the effective result is the same.

      Say farewell to publicly available encryption.

      http://forums.theregister.co.uk/forum/3/2016/02/18/opinion_against_feds_iphone_case/#c_2785394

      1. Lysenko

        Nope...

        Three reasons:

        1) Whatever trick Apple pull to get at the data (if they do so) they'll almost certainly plug forever in the next release to avoid a repetition.

        2) If the US Congress tries to legislate to prevent that they'll very quickly find out the true meaning of "globalization". Huawei, YotaPhone and the rest would just love to take Apple's business.

        3) Any legislation like the above throws Android under the bus as well, which would just result in Ubuntu mobile becoming relevant again.

        Hubristic American pretentions about "universal jurisdiction" are just that. China and Russia are not going to cave in just because the "greatest country on Earth" [sic] decides to wave its dick about ... even if Captain Combover himself is the one holding the dick.

        1. Yet Another Anonymous coward Silver badge

          Re: Nope...

          1, The trick is already plugged in the iPhone hardware crypto unit

          The data on this phone can be extracted by normal chip reverse engineering HW

          2, Not just that. If Apple are required by the US to break the crypto HW in the new iPhone then they will be required to hand over the crack to every other government if they want to sell there.

        2. Pseu Donyme

          Re: Nope...

          > 1) ... they'll almost certainly plug forever in the next release to avoid a repetition.

          We'll see, as long as it is possible to do it with a special build of the firmware it would have to be the next hardware release though*. (Secure enclave doesn't apply to a 5c, but it doesn't really help since it too runs replaceable firmware - or that is my take from: http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html ).

          * e.g. add a tamper-proof chip akin what is in a SIM to keep the encryption key which will only spit it out given the correct passcode (and unlike a SIM, will irrevocably erase its contents after those ten misses).

          1. Danny 14 Silver badge

            Re: Nope...

            Courts compel companies to assist the authorities all the time. That is what laws and courts do. At least this proves that even bazillionnaires need to follow the law. Im sure they can lobby against future cases ever happening again. Or just buy the courts.

            1. Anonymous Coward
              Anonymous Coward

              Re: That is what laws and courts do.

              There's laws and courts, and there's what people try to get away with in their quests for power or freedom.

              1. Destroy All Monsters Silver badge
                Holmes

                Re: That is what laws and courts do.

                I still don't understand what "freedom" has to do with it.

                I think people are starting to mightily confuse things, disingeniously (Apple and its iPhans) or not (appreciators of freedom from the Omnipotent Government and opponents to unreasonable searches and seizures)

                It is an open court decision, not a secret agency backdooring action, or plausibly deniable executive order from White House. It isn't even an UK-style "order to self-incriminate", forcing one to hand out encryption keys.

                One can even appeal.

                You know, in the olden days, court orders may be issued and mystery boxes might appear on the Main Distribution Frames in the phone company building. That had nothing to do with chilling effects, enabling Russia or China (evil bugbears) or involving constitutional problems. Yes, there are abuses. Thus, vigilance.

                We have seen some utter crap in the last 20 years and many people now in powerful places or on Sunday morning TV should be hanged till dead for that crap, but this isn't in that set.

                And how exactly do you, under the US Constitution, force programmers to write software

                Am I in an Orlowski article? What does the US Constitution and forced programming have to do with it? Here's your answer:

                1) Hire programmer

                2) Transfer $$$ (duly taxed)

                3) ???

                4) Program written!

                1. Anonymous Coward
                  Anonymous Coward

                  Re: That is what laws and courts do.

                  It is an open court decision, not a secret agency backdooring action, or plausibly deniable executive order from White House. It isn't even an UK-style "order to self-incriminate", forcing one to hand out encryption keys.

                  The problem with this court order is the disingenuous way in which both the FBI and now the DoJ are pretending that this is a one-off, whereas they full well know that there is no court that can prevent the abuse of the precedent that this action creates.

                  If you take the distracting "Apple" logo off this case and look underneath, you will see that it's not about Apple in isolation in one single, never to be repeated action. The way the US legal system works, this "one off" turns by its very existence into a template for repeats, and we all know how carefully agencies draw within the lines when it comes to keeping themselves to limitations (they ignore them with gay abandon).

                  THAT is the real game here - establishing precedent. Everything else is BS.

                  They could have had that help informally from Apple, and someone would have worked on a clone or found another way of telling the FBI "it'll take a while, and this is not possible with newer models" (which would be correct). By going public they have pretty much given the game away.

                  I can tell you what will happen when such a precedent is set: it will be impossible for any US company to sell to EU companies, because they have Data Protection laws to comply with. The "rinse and repeat" template that will set in the form of a legal precedent will basically declare the whole of the US IT industry off limits for European data. Equipment provided can no longer be trusted, and we already knew that data held in the US is non-compliant with EU privacy standards - this will merely put the final nail in.

                  1. KeithR

                    Re: That is what laws and courts do.

                    Excellent summation, AC.

                2. KeithR

                  Re: That is what laws and courts do.

                  "Am I in an Orlowski article? What does the US Constitution and forced programming have to do with it? Here's your answer:

                  1) Hire programmer

                  2) Transfer $$$ (duly taxed)

                  3) ???

                  4) Program written!"

                  Which is not remotely relevant to the point under discussion, which is the efforts of your courts to try and force Apple to do just that, against its will.

        3. InfiniteApathy

          Re: Nope...

          > ESPECIALLY if Captain Combover himself is the one holding the dick.

        4. Anonymous Coward
          Anonymous Coward

          Re: Nope...

          3) Any legislation like the above throws Android under the bus as well, which would just result in Ubuntu mobile becoming relevant again.

          Nope. Ubuntu is just as subject to US law as any other software. It doesn't have some magic exclusion.

          1. Lysenko

            Ubuntu is just as subject to US law...

            No it isn't. Open source isn't subject to any national legislation. If the US tried this (again) it would go the same way as 56bit key limits. I used to have a nice sideline bolting proper crypto into some US products crippled by retarded export rules ... and that wasn't even open source.

          2. SolidSquid

            Re: Nope...

            > Nope. Ubuntu is just as subject to US law as any other software. It doesn't have some magic exclusion.

            Nope, Canonical is UK based, not US, so isn't bound by US law. Technically they could probably be compelled by the UK courts, but given the UK HQ is largely a technicality there's nothing to stop them just moving to a new location to avoid it

        5. Winkypop Silver badge
          Trollface

          Re: Nope...

          Captain Combover

          +1

  3. Wommit

    So a government agency has used old laws, out of their original context, to force a company (could be a person too,) to create something that every security expert in the world says is a very bad idea.

    The UK police often use laws in ways that their originators never envisaged, and in ways specifically denied by parliament. So we have a lot of experience of this type of thing.

    IMHO this case should go all the way up to the Supreme Court. Perhaps the US Congress could clarify the law being used.

    1. Anonymous Coward
      Anonymous Coward

      No, not really

      The "old laws" that you speak of were quite specific: no unreasonable search and seizure unless warranted by court order or mitigating circumstances.

      The government went through all proper procedures to gain the right to ask Apple to bypass the auto-kill feature. They have known assailants, known accomplices, known criminal activities, directly attributable evidence, went through court procedures to request unlocking in front of a judge, followed the case through all legal steps necessary to attain the right.

      THAT is what the "Old Laws" says you have to do.

      You think that, because you're Neu Tek and Oh, So Special!, that the laws don't apply to you...nor, to this case. But they DO.

      There is **EVERY** reasonable statement that what the government is looking to do in this case is precise in definition, limited in scope to this case alone and within the powers both granted them and necessary to uphold justice and impose punishment on the guilty.

      I'm sorry that you think that the use of your Shiny is out of bounds of all legal ramifications. Privacy is granted...as long as you play by the rules. For the government to ask for the privacy of highly suspected criminals to be denied is within all legal precedence and is arguably protecting us (as long as that is the limit! Each case on its own merit, no blanket declarations allowed).

      1. Anonymous Coward
        Anonymous Coward

        Re: No, not really

        Unfortunately 4 of the remaining 8 supreme court justices agree with you, meaning it's up to the lower courts. I think you're a dangerous idiot, and wish the 4th amendment were respected and fought for as much as the 2nd.

      2. KeithR

        Re: No, not really

        "For the government to ask for the privacy of highly suspected criminals to be denied is within all legal precedence"

        That's not the point, and you know (or should know) it.

        Nobody's trying to protect the privacy of a dead terrorist. Indeed, I assume that US law is analogous to law in the civilised world like the UK, where "personal data" of a deceased person is explicitly outwith the scope of the Data Protection Act.

        The issue is - clearly - about what happens next if Apple does fold, and the implications for the privacy of those of us who aren't criminals/terrorists/dead...

      3. Anonymous Coward
        Anonymous Coward

        Re: No, not really

        Your definition of reasonable and mine seem to difer.

        what the government is looking to do in this case is precise in definition, limited in scope to this case alone and within the powers both granted them

        With respect, the claim of this being a limited, contained, one-off exercise is disingenuous, and should not have been made by parties who are well versed in US law. The very fact that they have attempted to make such a claim whereas they are certain to have a more than passing familiarity with the very basics of US law is what made quite a lot of alarm bells go off at once.

        In US law, there is no way to limit the scope of a verdict as it is precedent driven. You cannot avoid setting a precedent, and once it is set, it significantly lowers the barrier for a repeat because that's how the whole system works, and it's been working like that for decades. There is no possible way to prevent the far wider ramifications of being able to force a company to commit commercial suicide by damaging its own technology which took many man years to get it right.

        In short, the very fact that people who should know the very fundamentals of US law are claiming this exercise is limited in scope and a one off in clear defiance of the facts they are certain to know is enough of a reason to slow this one down pretty sharpish.

        Law enforcement has legal powers to compel collaboration, but it does not have the legal power (at least, not until this story has reached the very end of the legal process) to demand that a company - and by consequence of the precedent set an entire multi billion dollar industry - commits seppuku.

        You see, there is a little extra problem that starts showing up here, which is what has not been mentioned before. If this "let's use a legal crowbar to get backdoor crypto in via harassment" method is successful, you will have to turn to the Chinese to buy any kit safe for government use.

        The reason we use COTS kit is because it's cheaper than making special versions for government, and by breaking COTS you open the door for those Evil Terrorists™ to turn the tables on intercept and listen in to the home life of all those government officials with handy families. In short, it's the shortest path to making it a lot unsafer for everyone. Not immediately - I'd give it about 3 months before the avalanche starts.

        Personally I don't care about Apple, and I had a laugh at Zuckerberg talking about security as if he knew what that word actually meant. But I do care about a government that has already grabbed a lot more power than it should have post 9/11 and has not only handed little of it back post emergency, but seems to have developed a taste for more. I guess we have a bit of Putin envy here, and it's not where we need to go, at least not if we want to remain truthful to what at one point was termed a democracy (you know, with rights and a Constitution and stuff). It is that far wider picture that is disturbing, because we are doing all of this on the thinnest of assumptions that there is actually something on that phone - at present we don't even know this.

        What you're saying is that the whole of the IT industry needs to be shafted and the security of all people needs to be jeopardised because the combined resources of multi-billion dollar funded government agencies, spies and hangers-on are dependent on POSSIBLE data that may hide on one tiny consumer device to identify POSSIBLE further terrorist because all that might (and already existing legal support) it not capable of doing it without. OK, so what the f*ck have they been doing all those years? Buy yachts for themselves with all that money? Build world's biggest room heater?

        I am absolutely for assisting law enforcement, but that does not mean it should happen through weakening our safety. "Please leave all your doors and windows wide open to help us catch the murderous thugs and rapists who are roaming your neighbourhood" is IMHO not an approach that deserves support, sorry.

      4. SolidSquid

        Re: No, not really

        > You think that, because you're Neu Tek and Oh, So Special!, that the laws don't apply to you...nor, to this case. But they DO.

        It's not a question of whether the laws apply to new technology or not, it's whether the courts can compel a company to do a significant amount of work (in this case writing up a work around for their security systems) which will have a clear detrimental effect on the company itself, despite the company having done nothing illegal

        Even under the same rules which would allow the FBI to get a warrant to search a safe, which is the closest parallel I can think of, they wouldn't be able to get one in this case, as that would require the FBI to provide evidence of *what* they know is on the phone, whereas they've just asserted that they think there's more data there than in the iCloud

    2. EddieD

      Apple will certainly take this as far as they possibly can - we've seen many times in various patent disputes how far Apple will take litigation.

      I hope that they do. As has been pointed out, it seem fairly certain that there's nothing on the phone, as the owner was using iCloud backups, and was fairly thorough with the destruction of his other devices.

      I still like the idea (iDea?) of Apple sayin okey-dokey, bring it here, attaching it to a device and "accidentally" bricking it.

      1. Danny 14 Silver badge

        DoJ is pretty much the end of the road.

        1. EddieD

          I had a late night silly idea which on reflection wasn't worth posting

    3. KeithR

      "The UK police often use laws in ways that their originators never envisaged, and in ways specifically denied by parliament"

      Not true in any meaningful sense. Most of the law the UK police actually use is current and extremely purpose-specific: and it's a very rare thing indeed that a UK Court, the DPP or the CPS will try and shoe-horn a current offence into an archaic piece of legislation it wasn't intended to cover.

      The idea of old laws - like the one allowing pregnant women to urinate in a policeman's helmet - still being is a funny meme, but complete cobblers, for the most part.

      1. nsld

        apart from

        Interception of communications, Joint enterprise, riot and affray and several others which have been used in ways they were not intended for, thanks primarily to untested internal interpretations from people like the CPS.

  4. Zog_but_not_the_first Silver badge
    Pirate

    No longer a problem

    Now that McAfee's on the case

    1. Danny 14 Silver badge

      Re: No longer a problem

      GO JOHN. USE YOUR JUNGLE SKILLS.

    2. allthecoolshortnamesweretaken

      Re: No longer a problem

      What's he gonna do, ugly the data out of the phone by looking at it?

    3. Slap

      Re: No longer a problem

      Try it free - 30 day trial.

  5. Anonymous Coward
    Anonymous Coward

    Here's what you do tim...

    ...tell the feds that you're going to unlock the phone. When they hand it over to you smash the twatting fuck out of it with a lump hammer! Then hand it back to the junior G-man and say "There y'go buddy, i've cracked it for ya".

    Please let me know if this has helped.

    1. nsld

      Re: Here's what you do tim...

      And if they ask why tell them you used the "Birmingham Screwdriver"

      Will keep them guessing for years.....

    2. Martin Summers Silver badge

      Re: Here's what you do tim...

      Upvoted just for use of the phrase "smash the twatting fuck out of it" which made me chuckle somewhat.

    3. Matt Bryant Silver badge
      FAIL

      Re: AC Re: Here's what you do tim...

      ".....When they hand it over to you smash the twatting fuck out of it with a lump hammer!....' Sure, because being charged as an accessory to multiple murders after the fact by the deliberate spoliation of evidence, plus interference with a Federal investigation, would just be so smart.

      /Hmmmm, may need to add some sarcasm tags for some of the posters here.

      1. Anonymous Coward
        Anonymous Coward

        Re: AC Here's what you do tim...

        Who cares, the court of public opinion has already cast its verdict: you'd be an American Hero striking a hammer blow for liberty and justice.

        1. Martin Summers Silver badge

          Re: AC Here's what you do tim...

          "you'd be an American Hero striking a hammer blow for liberty and justice."

          Tell that to Edward Snowdon!

        2. Matt Bryant Silver badge
          WTF?

          Re: tnovelli Re: AC Here's what you do tim...

          "Who cares....." Well, you might if you ended up in prison for a long, long stretch. Feelings of morality superiority don't deflect prison bullies, rapists or shivs.

          ".....the court of public opinion has already cast its verdict....." You may want to consider polling the opinion of those outside your tiny circle of equally deluded friends. As a pointer as to why US public opinion may not chime with yours, you may want to consider that the Republicans have a majority in the Senate because they got voted in there by the public.

          "....you'd be an American Hero striking a hammer blow for liberty and justice." Or just an idiot destroying any future chance of a career in technology should you be released from prison before retirement age.

          1. KeithR

            Re: tnovelli AC Here's what you do tim...

            Hoy, Bryant - remember this?

            "/Hmmmm, may need to add some sarcasm tags for some of the posters here."

      2. hplasm Silver badge
        Devil

        Re: AC Here's what you do tim...

        And the matt came back, the very next...year.

        Must have been an eclipse or something...

        1. Anonymous Coward
          Anonymous Coward

          Re: AC Here's what you do tim...

          The last A/C post was not by Bryant, thank you.

    4. Michael Thibault

      Re: Here's what you do tim...

      All of this mayhemist misdirection from the seriousness of the situation has made me wonder: what if Apple can't/is unable to, successfully*,--whether subject to un-appealable compulsion or after considered capitulation--re-arrange the phone into the desired configuration to satisfy their enslaving TLA? Is Apple liable? Culpable? Both? Neither?

      * fail does happen, after all

      1. Anonymous Coward
        Anonymous Coward

        Re: Here's what you do tim...

        what if Apple can't/is unable to, successfully*,--whether subject to un-appealable compulsion or after considered capitulation--re-arrange the phone into the desired configuration to satisfy their enslaving TLA? Is Apple liable? Culpable? Both? Neither?

        It will immediately be accused of failing deliberately, be found non-compliant with a court order and be fined billions of dollars, which then happen to balance the US budget a bit. After that they will try the same with Google, Facebook and Twitter because it's the only way they can tax them without loopholes legalising paying no tax whatsoever.

        Hey - I just found the real reason of this farce! Yes! :)

      2. SolidSquid

        Re: Here's what you do tim...

        - what if Apple can't/is unable to, successfully*,--whether subject to un-appealable compulsion or after considered capitulation--re-arrange the phone into the desired configuration to satisfy their enslaving TLA?

        Given this work is supposed to be specifically for a single device, they'd need to be doing any testing against the phone itself which could potentially run afoul of a software bug. The alternative is developing it with other phones for testing in a way that can then be safely moved to the iPhone which is part of this case, which would undermine the claims it would only work for one device

  6. Pen-y-gors Silver badge

    Security hole?

    Surely the mere fact that anyone can download AND RUN a firmware update while the phone is locked is a bit worrying? I would expect on a secure system it would only accept updates when an authenticated user was logged in, who gives permission for the update, otherwise all sorts of bad things could happen.

    1. Yet Another Anonymous coward Silver badge

      Re: Security hole?

      It is worrying and it is fixed in the new iPhone.

      That is the real concern about this case - it sets a precedent for banning the fix.

      It would make it illegal to make HW that didn't have holes

      1. Danny 14 Silver badge

        Re: Security hole?

        Its a phone. Not an ICBM launch panel. There are probably ways to recreate the exact same keys based on whatever method they choose to seed. Apple are fighting it so we dont learn how easy it woild be to crack them...

        1. Charles 9 Silver badge

          Re: Security hole?

          Its a secret. Doesn't matter how important it is, being forced by the State to divulge secrets against one's will opens up a can of worms. Apple's contending ANY compliance will open up another can of worms due to a snowball effect; if they can be forced to do ONE, they can be forced to do ANY AND ALL.

  7. Captain DaFt

    This could be VERY bad for American business

    I will call everyone's attention to the overlooked fact that the iPhone in question is not Farook's phone, but belongs to the company he worked for.

    Cracking it could provide a path into the company's IT.

    Now how will you be able to trust any American company to keep data safe if law enforcement can charge any member of that company's workforce under some pretext*, then demand that any device he may have been in contact with be opened so that they can view its contents for "evidence"?

    *I'm not saying it's not legitimate this time, but once the precedent is set, history shows it will be abused eventually.

    1. EddieD

      Re: This could be VERY bad for American business

      If you add in the battle that Microsoft are having about Uncle Sam demanding access to data on servers outside the US, belonging to non-USasians who haven't committed a crime, and you could easily predict a massive blow to sales of US tech equipment.

      The snag then is, what do you buy instead?

      1. Pookietoo

        Re: what do you buy instead?

        Chinese hardware running Ubuntu?

    2. a_yank_lurker Silver badge

      Re: This could be VERY bad for American business

      The ferals do not seem to care if they destroy the US IT industry and what remains of the US industry in general. It looks like many US IT workers will moving elsewhere if the ferals have their way. How hard is it learn Mandarin?

      1. Rainer

        Re: This could be VERY bad for American business

        Learning Mandarin is fairly easy - provided you start doing so at age three.

        1. Anonymous Coward
          Anonymous Coward

          Re: This could be VERY bad for American business

          I just so happen to have Rosetta Chinese, Spanish, Russian, and German (Never started self-improvement)....

    3. David 14

      Re: This could be VERY bad for American business

      Umm... except the employer WANTS the phone cracked... do they not. The only party refusing here is Apple.... so in other words, there is NO privacy issue... just a PR campaign

    4. Anonymous Coward
      Anonymous Coward

      Re: This could be VERY bad for American business

      Excellent news for the rest of the world.

      It's called winning the battle but losing the war.

      The US specialises in it.

      1. Anonymous Coward
        Anonymous Coward

        Re: This could be VERY bad for American business

        It's called winning the battle but losing the war.

        The US specialises in it.

        YOU WEREN'T THEEEERE, MAAAN

        (sorry, couldn't help myself, feel free to give it the downvotes it deserves).

  8. Martin Summers Silver badge

    Apple are between a rock and a hard place. Something to realise though is that whilst they may well have to assist with the new firmware they are not actually breaking the encryption themselves. All they are doing is making it easier for law enforcement to do it, it is they who will be committing that act and would have done so had there been no other mechanisms in place to slow them down. If the alleged terrorist wanted to keep everything completely safe on that phone you would imagine he wouldn't just use a pin number. Anyone who wants to keep their information safe will from now on not use pin codes and as someone else above posted, Apple will no doubt make sure this can never happen again. The FBI will be shooting themselves in the foot asking for this. Apple have taken a stand and made appropriate noise, on this occasion I don't think they have any choice but comply.

  9. Ken Moorhouse Silver badge

    I can see both sides of the argument...

    Quite often thought needs to be given the to the "old way" of doing something, and compare it with a contemporary problem to try and justify what is right and what is wrong with, in this case Tim Cook's stance. Let's say someone lodges an incriminating document in the vaults of a Swiss Bank. Would the bank accede to compelling legal requests to release the document? If so, does that reduce people's regard for the integrity of that bank's reputation for discretion?

    1. This post has been deleted by its author

    2. John H Woods Silver badge

      Re: I can see both sides of the argument...

      "Quite often thought needs to be given the to the "old way" of doing something, and compare it with a contemporary problem to try and justify what is right and what is wrong with, in this case Tim Cook's stance" -- Ken Moorhouse

      A perfectly sensible approach ... but ...

      "Let's say someone lodges an incriminating document in the vaults of a Swiss Bank. Would the bank accede to compelling legal requests to release the document?"

      Ah, now that's the problem. If you are going to use analogies to form conclusions to the original case, they have to be analogous in the relevant respects. Try this.

      A Swiss Bank vault may contain a document of as yet unknown value. There are four ways to open the vault

      a) the emergency code, which is well known but will destroy any such document

      b) the secret code to the vault, the knowledge of which has disappeared with its deceased owner

      c) cracking the door lock somehow

      d) drilling through the concrete into the bunker.

      Now, the FBI, aided by the DoJ, want to do (c) but they want the vault manufacturer to make a tool which will open this vault. However the vault manufacturer demurs on the grounds that such a tool will open many of the vaults they have already sold.

      If there's a good chance the document contains the date, time and location of a nuclear attack, then why not just drill (i.e. attempt to use electron microscopy to read the required info that the chips won't divulge). It's expensive but it might be worth it.

      In this case, it's pretty unlikely there is such a document. Vaults known to have been used by the deceased that probably did contain such documents have been destroyed by him. He shared this vault with someone else (his employer) so he probably didn't put any incriminating documents in it.

      So it's probably not worth doing (d). And if it's not worth doing (d) I'm not sure it's worth doing (c). However, because the US govt doesn't care about any of the other vaults, bizarrely including the ones belonging to citizen that it is its duty to protect,it is going to insist on (c).

      It seems to me that the only thing the vault manufacturer can do is comply with the order but I think they have a reasonable case that the cost of this isn't just the tool, but the necessity of offering free replacement vaults which are invulnerable to that tool to all its existing customers.

    3. Fred Flintstone Gold badge

      Re: I can see both sides of the argument...

      Let's say someone lodges an incriminating document in the vaults of a Swiss Bank. Would the bank accede to compelling legal requests to release the document?

      Always, plenty of cases to prove it - follow proper legal process and the Swiss will comply. But that's not quite the same to this case. What is being asked here is that the US safe manufacturer is asked to open the super safe it built for that bank after the bank has set its own combination, and doing so sets a precedent that from then on can compel *any* US safe manufacturer to attempt the same, time and time again.

      If so, does that reduce people's regard for the integrity of that bank's reputation for discretion?

      No, but US safe manufacturer will no longer be able to supply Swiss banks - and that's the exact problem here.

  10. Anonymous Coward
    Anonymous Coward

    Contempt of Court

    If Apple doesn't comply the most likely response of the DOJ is to find them guilty of contempt of court and Apple would be fined daily till they comply. Apple are a rich company so even a hefty daily fine shouldn't be a problem for them ...... unless the fine could be made a proportion of turnover, in which case I expect they would cave in very very quickly ..... but I don't think US law is geared up to cause "problems" for big US corporations.

    1. Malcolm Weir Silver badge

      Re: Contempt of Court

      No, Apple's non-compliance will (obviously) take the form of appeals from the (tiny, insignificant, junior, rubber-stamping) "Magistrate Judge" to other judges, likely ending up with an appeal to SCOTUS, who may or may not grant cert.

      If they lose at that point, then they'll almost certainly comply. But with such loud complaints and public announcements of "future" features to prevent this that they'll come out OK, and the government will lose.

      I find interesting that the DOJ's efforts spend a lot of time on the ownership of the phone, as if anyone cared once the search warrant was issued. Since this is s settled point (i.e. they have the phone and the warrant) the fact that the DOJ harps on about seems to me to suggest that they may be aware of the slipperiness of their footing.

      1. Kurt Meyer

        Re: Contempt of Court

        @Malcom Weir

        "No, Apple's non-compliance will (obviously) take the form of appeals from the (tiny, insignificant, junior, rubber-stamping) "Magistrate Judge" to other judges..."

        A little background info for you, Malcom. Perhaps the next time you offer a comment on the United States District Courts, you won't look quite so ignorant.

        Because you certainly do look ignorant now.

        "A Guide to the Federal Magistrate Judge System

        Peter G. McCabe, Esq.

        A White Paper Prepared at the Request of the Federal Bar Association.

        In the United States District Courts, there are two types of federal judges: United States District Judges (confirmed by the Senate with life tenure); and United States Magistrate Judges (appointed through a merit selection process for renewable, eight year terms).

        Although their precise duties may change from district to district, Magistrate Judges often conduct mediations, resolve discovery disputes, and decide a wide variety of motions; determine whether criminal defendants will be detained or released on a bond; appoint counsel for such defendants (and, in the misdemeanor context, hold trials and sentence defendants); and make recommendations regarding whether a party should win a case on summary judgment, whether a Social Security claimant should receive a disability award, whether a habeas petitioner should prevail, and whether a case merits dismissal. When both sides to a civil case consent, Magistrate Judges hear the entire dispute, rule on all motions, and preside at trial.

        There are now 531 full-time Magistrate Judges in the United States District Courts. According to the Administrative Office of the U.S. Courts, in 2013, Magistrate Judges disposed of a total of 1,179,358 matters.

        The importance of Magistrate Judges to the day-to-day workings of the federal trial courts cannot be overstated. Many federal cases settle early in the litigation process, and fewer civil and criminal cases now proceed to trial. Although felony criminal matters are the province of District Judges, in misdemeanor matters and in civil cases, it is often the Magistrate Judge -- and, sometimes, only the Magistrate Judge -- with whom the litigants and their counsel will meet and interact as their case is litigated in the federal trial court."

        The more you know...

        The entire white paper is available for your reading pleasure at: http://www.fedbar.org/PDFs/A-Guide-to-the-Federal-Magistrate-Judge-System.aspx?FT=.pdf

    2. David 14

      Re: Contempt of Court

      105% of daily revenue until they comply or die. Simple. They choose to operate in the USA because it is a good place to do business... and has a justice system based on rules of law that are conducive to business. Now... live with that and live by the law. If not, start a business elsewhere and the Apple company becomes the property of the people of the USA. Heck, in some countries that happens exactly that easy simply because a government desires it... and not because the company refuses to abide by the laws of the land.

  11. Anonymous Coward
    Anonymous Coward

    The US Government created the environment

    in the Middle East for this issue to keep money flowing into Big Oil/Military Industrial Complex and hence its own pockets. Now companies, arguably, outside that sphere of influence will have to pay. As others above have commented, this will strengthen the case for Companies outside of the US/Five Eyes not to use any of those countries to store data and only minimally move data through.

  12. John Crisp

    Supporting Apple

    Quite honestly most of the time I wouldn't give Apple the steam off my p*ss..... errr boiled potatoes.

    But for once I find myself reaching for my supporters rattle.

    I'm sure they'll cave eventually, and but will change to ensure they don't get caught in the crossfire again.

    Let's hope they hope they set a precedent for the future that reminds governments that they are our representatives, not our controllers.

    But for now I have to say "Go Apple !"

  13. Mark 85 Silver badge

    Interesting that this gets overlooked

    According to the New York Times, Apple – which has assisted federal investigations in the past – asked the FBI to file the aforementioned order under seal.

    However, when the agency submitted its demands in a public court citing the powerful All Writs Act, Apple CEO Tim Cook hit the roof: he lashed out at the "chilling" request in an open letter,

    I'm wondering if the FBI is right about the Marketing and PR Image. It would appear that Apple wouldn't have had an issue IF the order was under seal. But being an open ruling, there's all sorts of PR and image issues for Apple. I daresay Apple is manipulating public sentiment here and that in private, they have no remorse over unlocking phones, etc.

    1. a_yank_lurker Silver badge

      Re: Interesting that this gets overlooked

      "According to the New York Times" - In other words, something from the delusional ravings of a "reporter" for the Grey Whore. The Grey Whore is known to screw up stories and publish outright fiction as news on occasion. Not that the rest of the US "media" is any better.

    2. DougS Silver badge

      Re: Interesting that this gets overlooked

      Well it is interesting, but maybe not for the reasons you're thinking. Apple has helped them in the past, but as far as we know never by creating a custom version of iOS to bypass the device's built in protection. Apple has already provided them with data from the iCloud account associated with the phone, so they aren't taking a position of "screw you law enforcement, we're not going to provide any help at all". They just don't want to be put in a position where they are required to use their insider knowledge and special ability to sign iOS releases to hack a phone for the FBI.

      Whether they wanted this filed under seal because they wanted to create the custom iOS for the FBI but not publicly, or because they wanted to fight it but not publicly (in case public opinion had turned out to be against them, this is after all an investigation into terrorism on US soil so I admit to be rather surprised by the level of support Apple is seeing) is unknown - but you can guess based on thinking about why the FBI refused to file under seal.

      That's what's really interesting here. Why should the FBI want to take this public?! If they knew Apple would cooperate if the request was under seal, they would have happily compiled with Apple's request to file under seal. The only reason for them to make it public that I can see are: 1) they knew or assumed Apple was going to fight it if filed under seal so they wanted to take it public and see if Apple was willing to risk the negative publicity. 2) they chose this case quite deliberately because it lined up perfectly for their stated goal of requiring tech companies to make it easier to access encrypted communications - this is a domestic terrorist, not a suspect but one we know is guilty, and is recent in everyone's memory - it even occurred in Apple's home state!

      I think the FBI wanted to make this a test case, figuring if they were ever going to win this battle this would be the case to take. That's why they refused to file it under seal. They assumed public opinion would be against Apple (and I have to admit when I first heard about, I thought the majority of the general public would be against them as well) which would illustrate the "need" for tech companies to be required to make it easier to access encrypted communications.

      The FBI's goal now looks pretty tenuous from where I'm sitting. No matter what this judge says, the loser will appeal these rulings and it will reach the Supreme Court, so it won't reach a final decision quickly. But based on public sentiment trending strongly Apple's way, I think they've already lost the war before this battle has even begun.

      Interestingly, Scalia's death leaving the court with only 8 justices complicates this matter a bit. If it reaches the Supreme Court before his seat is filled and the court is tied 4-4, that would mean the lower court's ruling would stand but it would NOT set a nationwide precedent like a majority decision would. So there's one reason why it is a bad idea to leave a seat vacant on the Supreme Court for over a year, which looks likely given the political battle that has ensued. The Supreme Court might choose to delay hearing the case until they're at full strength, which would mean the earliest a final decision would be reached is summer 2017 and quite possibly summer 2018!

      1. Adrian 4 Silver badge

        Re: Interesting that this gets overlooked

        "That's what's really interesting here. Why should the FBI want to take this public?! "

        Perhaps you're right. But don't forget 'never ascribe to malice that which can be ascribed to incompetence'

        1. John H Woods Silver badge

          "

          "Perhaps you're right. But don't forget 'never ascribe to malice that which can be ascribed to incompetence'"

          Given that it is now being claimed the password was reset whilst in "government" custody, the level of incompetence is starting to become less believable.

  14. Anonymous Coward
    Anonymous Coward

    I am surprised ..

    You mean the almighty NSA and FBI can't break into that phone ?

    What's their legions of geniuses using their brains for ? Play cards ?

    If the NSA and FBI can't break a simple phone , there's cause for concern

    Come on. Seems all they really want to do is establish a precedent.

    1. Steve Davies 3 Silver badge

      Re: I am surprised ..

      What makes you think that have not already 'cracked it'?

      Any evidence might be ruled as an illegal siezure so they may have to go through this charade to get it all done legally. Then they can use the evidence in open court.

      Personally, I hope Apple prevail here. There was a revolution in the 18th Century in the USA. Perhaps the people inside the 'Beltway' should learn the lessons of the past lest they get repeated again. Communism fell in 1989. No need to say any more.

      1. KeithR

        Re: I am surprised ..

        "Communism fell in 1989"

        No it didn't - North Korea, Cuba, Laos, China (officially), Vietnam, Armenia, Azerbaijan, Belarus, Estonia, Georgia, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan.

        All Communist.

        Are Septics taught this arrogant parochialism, FFS?

        1. DN4

          Re: I am surprised ..

          Estonia, Latvia and Lithuania all communist? Such statement requires a staggering level of ignorance.

          What rock you've been living under the last 20 years? Probably the only thing that would make your list even more silly would be the inclusion of East Germany (that ceased to exist in 1990).

          BTW, lots of other countries on the list have various kinds of odd and hardly democratic but non-communistic regimes...

    2. SolidSquid

      Re: I am surprised ..

      They can, but it's time consuming and they don't want to spend the money necessary to do so, so they offload that cost on to a third party

  15. Lord_Beavis
    Pirate

    Work Phone

    Being that it is a "work" phone, can't the IT department use their MDM tools to issue an unlock?

    I'm sure that they've already asked that, but I hope that they haven't just gone straight to Apple. Otherwise, this whole thing stinks of a false flag op.

    The company I work for has the ability to reset the PIN using our current MDM solution so that all you have to do is swipe and set a new one.

    1. DougS Silver badge

      Re: Work Phone

      I think it is safe to assume his workplace isn't using MDM for the iPhones they're handing out, because that would have been the first thing they thought of.

  16. Anonymous Coward
    Anonymous Coward

    Maybe history has a lesson here?

    As I recall, the Cheese Eating Surrender Monkeys (tm), in times before they donated the Statue of Liberty to the Good 'Ole US of A, had a remedy for Government Overreach.

    Two wheels, begins with a T, leads up to a G...

  17. Rosie Davies

    Honest Question

    Because I don't know a huge amount about the workings of an iPhone. What would stop someone ghosting the storage of the phone? If that's possible then why would you not load the image into a phone emulator and try the 10(?) combinations before the ghost wiped itself then reload the image into an emulator, try the next 10...you get the idea. I'm guessing there's something that would stop that being possible because if I thought of it then I'm sure some clever whatnot in the FBI could and all the forcing Apple to do something would be about something entirely different from getting hold of the information.

    Rosie

    1. Mephistro Silver badge

      Re: Honest Question

      In a pinch, the contents of the phone are seriously encrypted, and the only key is secure inside a specialised chip that only serves the decryption key after having received the right PIN.

      1. JeffyPoooh Silver badge
        Pint

        Re: Honest Question

        "...the contents of the phone are seriously encrypted..."

        The 'serious' encryption is universally the XOR function. The key is the key. As the data store size obviously greatly exceeds the key length, there's usually a pseudo-random nounce (number used once); i.e. deterministic noise.

        The "contents" are likely 32GB of data, which will include at least several GB of 'Known Text' distributed throughout the memory space. For example, a long list of downloaded songs known to exist in the encrypted contents. The flash memory is presumably accessible, one way or another. De-soldering, or JTAG, or some such.

        The WWII Enigma machine had billions and billions of combinations in the 'keyspace', but because they sent weather reports in standard format, and ended with "HEIL HILTER", the nearly-infinite rotor settings fell out each morning in about 20 minutes. Churchill was reading the German Enigma messages before the intended recipient.

        I'm NOT saying that the iPhone can be cracked using old pulse dial mechanical telephone switches the way Turing et al did it. I'm just saying that the 'Known Text' attack now has several GB of big fat target.

        If they've used their nounce (number used once) even twice, then they're dead.

        Far too many people stop and stare at the key length, do the 2^N math, and are dazzled by the billions of years. That's why they don't crack codes that way.

        It would be extraordinary that the iPhone 5C just happens to represent the first uncrackable encryption system. So many have claimed that, all have failed so far.

        1. John H Woods Silver badge

          Re: Honest Question

          The 'serious' encryption is universally the XOR function -- No, it isn't.

          The WWII Enigma machine had billions and billions of combinations in the 'keyspace', but because they sent weather reports in standard format, and ended with "HEIL HILTER", the nearly-infinite rotor settings fell out each morning in about 20 minutes. -- Huge oversimplification. Known plaintext played a role, admittedly.

          Far too many people stop and stare at the key length, do the 2^N math, and are dazzled by the billions of years. That's why they don't crack codes that way. -- Correct. But AES256 is specifically designed to be resistant to known plaintext attack. The keyspace is about 10^77. You need one heck of a speed up to get anywhere near billions of years here, basically you need to know a fatal flaw: a 10^36 (trillion trillion trillion) speed up wouldn't bring the keysearch within the bounds of feasibility.

          "It would be extraordinary that the iPhone 5C just happens to represent the first uncrackable encryption system. So many have claimed that, all have failed so far." So far AES256 has resisted attacks fairly well.

          You've made a lot of very authoritative sounding statements without supporting evidence.

          1. JeffyPoooh Silver badge
            Pint

            Re: Honest Question

            John H Woods "You've made a lot of very authoritative sounding statements without supporting evidence."

            This is a comment box, not a 67-page peer-reviewed published paper. Your call for "supporting evidence" is out of place and childishly ridiculous. Having seen endless examples, we both know that it's impossible to 'prove' anything on the Internet.

            The difference between you and I is that I've bothered myself to go through dozens of presentations on the CCC.de Media website, and you obviously haven't yet found the time. So you're sitting there, unaware of the extreme cleverness of the hackers and crackers. You're still focussing on brute forcing, ignoring (for example) the entire concept of side channel attacks or other approaches.

            In this case, they're holding the phone. Humans can solder. They could (conceptually) swap the 32GB flash for fixed ROM, perhaps as simple as cutting one trace (WRITE). Phone might 'wipe itself', reboot, and wake-up right back where it was. This is just one of an infinite number of conceptual attack vectors.

            Here's the point. People that make claims like yours have ALWAYS been proven wrong; eventually (few years, not 10^77 years). Study history, please. Now run along and view some CCC.de presentations.

            You have some very dangerous 'cryptographer-hubris' that needs serious attention.

            PS Try to find the CCC.de presentation video where the hacker had decapped the security chip and used light to reset a single non-volatile bit, representing a critical security state flag.

            1. This post has been deleted by its author

          2. JeffyPoooh Silver badge
            Pint

            Re: Honest Question

            John H Woods - "The 'serious' encryption is universally the XOR function -- No, it isn't."

            At its heart, yes it is.

            Advanced Encryption Standard: "...InitialRound - AddRoundKey - each byte of the state is combined with a block of the round key using bitwise XOR." "The subkey is added by combining each byte of the state with the corresponding byte of the subkey using bitwise XOR."

            Note the "XOR" mentioned.

            Yes, there's also some shuffling and such. But it's nearly universal that there be an XOR function at the heart of any cryptographic system, ...obviously.

            You were clearly incorrect in your rebuttal. Clearly.

            1. John H Woods Silver badge

              Re: Honest Question

              "Yes, there's also some shuffling and such. " -- JeffyPooh

              This "shuffling and such" is far more critical to the cipher than the use of the XOR function. If this did not happen, then a plaintext attack vulnerability would exist. None of what you have quoted supports the statement you made, which I rejected, that "The 'serious' encryption is universally the XOR function"

        2. Tom 38 Silver badge
          Headmaster

          Re: Honest Question

          The WWII Enigma machine had billions and billions of combinations in the 'keyspace', but because they sent weather reports in standard format, and ended with "HEIL HILTER", the nearly-infinite rotor settings fell out each morning in about 20 minutes.

          Who is this Hilter character, sounds interesting.

          PS: If a few of them had ended like that, it would probably have taken us a little longer each day.

    2. Rainer
      Megaphone

      Re: Honest Question

      Someone on reddit explained it very well: part of the key is wired to the hardware of the phone.

      You can't clone that part. The data has to be decrypted on that specific phone.

      It's even more (much much more) complicated on later phones.

      Apple has thousands of people working on this thing (the iPhone) and employs some of the smartest minds on this planet to think for every possible attack vector.

      Later phones probably even shield against side-channel attacks (measuring minuscule discrepancies in power-usage etc) to help guess the key that is stored outside the control of iOS on the "secure enclave".

      Today, it might be an iPhone. But what if (in a future that may be not so far away) it was possible to directly read data from the brain?

      You'd use it every day at work, probably, and in your spare time. You'd think of a flower and your brain would send that image via your phone to someone else's phone and from there it would directly reach the brain. The device to enable this would be built in such a way that it wouldn't work without you giving explicit consent to this "transfer".

      But what about when you committed a crime? Would law-enforcement be allowed to "tap your brain", against your will to recover details of the crime that you yourself didn't want to tell?

      What if you were in a coma? Would it be OK to tap your brain? After all, when they asked you, you didn't really object ;-)

      The above mentioned device would have to modified to allow overriding the protection-mechanism.

      So, quite rightfully, Tim Cook takes a stand and says "it has to stop somewhere".

      Because it has to.

      Maybe Tim Cook thinks, this is his "Rosa Parks" moment. It was a small thing at the time. But somebody had to do it and as remarked by someone above, both sides may think this is the case of all cases to drag into the limelight.

  18. This post has been deleted by a moderator

    1. This post has been deleted by its author

  19. Anonymous Coward
    Anonymous Coward

    Something doesn't compute

    Why is it that critical that someone has access to this one phone?

    What sort of undeniable, ultimately incriminating evidence do they expect to find there?

    Or is that some detective going all cocky and thinking "it'd be cool if I ask those guys to backdoor the thing for me, it'll make me look important", and then he gets told to fuck off and decides to adopt what the Spaniards call the "por mis cojones" approach?

    Bit unrelated, but that attitude reminds me of their gaffe back in Pristina, when that Merkin General thought it'd be a great idea to send the (British) troops under his command to take on the Russians, the advisability of which was contested by field commander Captain Blount and his superior General Jackson then proceeded to tell the Merkin where to stick his idea, then trod off to meet the Russians, bottle of Scotland's finest (no, not Irn Bru) under his arm. Like the Merkin General, someone at the FBI is going to lose his job over this. As he should, for such an incredibly stupid idea.

    1. Anonymous Coward
      Anonymous Coward

      Re: Something doesn't compute

      Why is it that critical that someone has access to this one phone?

      How about 14 murdered people, 22 severely wounded, many bereaved families wanting answers, unknown accomplices possibly yet to be discovered.

      What sort of undeniable, ultimately incriminating evidence do they expect to find there?

      Who knows, but if it does point to fellow conspirators you'd sure as hell would want to find out. This is not a game.

      And given that this is a global problem we all have an interest in the criminal investigation finding out as much a possible. Who knows where the next one will be? Might happen in your neighbourhood, it could happen to you and your family. I guess that would teach you the importance of the rule of law.

      At the moment Apple are rapidly gaining a reputation as "the Terrorist's friend". If Apple succeed in resisting this order that won't go unnoticed. It would unfortunately be a big encouragement to the kind of guys who commit these crimes. Want to conspire and coordinate an atrocity? Use an iPhone. I don't think Apple has thought this through very well. If there are a string of attacks and each time there's nothing to go on but a locked iPhone and an encrypted iCloud account, it will be difficult for Apple to deny that they materially assisted. That won't be so good for their reputation or for the ongoing liberty of some of their CEOs...

      How would you feel if someone you loved got murdered and Apple refused to play ball?

      1. Tessier-Ashpool

        Re: Something doesn't compute

        How would I feel? For the greater good I would applaud their stance wholeheartedly. It's narrow self interest otherwise, blinded by emotion.

        1. Anonymous Coward
          Anonymous Coward

          Re: Something doesn't compute

          How would I feel? For the greater good I would applaud their stance wholeheartedly. It's narrow self interest otherwise, blinded by emotion

          Yeah right. I'm sure you would.

          You're basically saying that there should be nothing to stop a bunch of guys getting together and forming a terrorist network, plotting, committing a string of atrocities and succeed in protecting the rest of the network before, during and afterwards. You don’t know what the rule of law and freedom are.

          If US society keeps heading in this direction the law and order deficit being espoused by the likes of Apple (who are cravenly reflecting your own opinion in the misguided drive for short term profits) will have a detrimental effect on your freedom. Enjoy...

          1. Adrian 4 Silver badge

            Re: Something doesn't compute

            Americans used to be proud of Benjamin Franklin.

            When did he lose his reputation ?

          2. John H Woods Silver badge

            Re: Something doesn't compute

            "Yeah right. I'm sure you would."

            No need for hypotheticals --- one of the victim's mothers, Carole Adams, supports Apple in this matter.

          3. ckm5

            Re: Something doesn't compute

            There is nothing to stop bad guys from doing anything - all the technology in the world will not stop them, that's just wishful thinking. There were terrorists before iPhones, some were way more successful than the current crop (cf. https://www.washingtonpost.com/news/worldviews/wp/2015/11/18/terrorisms-long-history-in-paris-where-the-french-ask-how-the-story-ends/)

            Making everyone unsafe by using the legal system to create bad public policy is not the role or mission of government agencies or anyone in the executive branch. As someone said upthread, the FBI is asking Apple and ALL OF US to "Please leave all your doors & windows wide open to help us catch the murderous thugs & rapists who are roaming your neighborhood."

            Any way you slice it, it's a very, very bad development - it's the kind of cavalier abuse of legal power that has already undermined the US tech industry in many ways, most visibly in the current EU privacy mess.

      2. Michael Thibault

        Re: Something doesn't compute

        >Why is it that critical that someone has access to this one phone?

        >How about 14 murdered people, 22 severely wounded, many bereaved families wanting answers, unknown accomplices possibly yet to be discovered.

        An arguments based on emotion. Meaning an argument that is entirely context-specific (and so not generalisable) and one which blithely ignores, or is ignorant of, the role of precedence in law.

        I'll resist the temptation to go all Rumsfeldian on the 'possibly yet unknowns' tangent.

        >What sort of undeniable, ultimately incriminating evidence do they expect to find there?

        >Who knows, but if it does point to fellow conspirators you'd sure as hell would want to find out. This is not a game.

        And if there turns out to be no evidence?

        Isn't the court order having been sought at all based on speculation of there being something (or anything at all) to follow up on? It's a fishing expedition! And in at least two ways. And it is a game. One with long-lasting and far-reaching implications for just about every living soul on the planet--phone or no phone.

        1. bazza Silver badge

          Re: Something doesn't compute

          An arguments based on emotion.

          In all jurisdictions a murder investigation is a legal obligation. They don't happen simply because someone is a bit upset about it.

          OK, so murder is practically a national past time, and the terrorists are going to have to really go for it to make a significant contribution to homicide statistics, but I'm not aware of any state where an investigation is somehow optional.

        2. Anonymous Coward
          Anonymous Coward

          Re: Something doesn't compute

          Meaning an argument that is entirely context-specific (and so not generalisable) and one which blithely ignores, or is ignorant of, the role of precedence in law.

          Speaking of context specific, the FBI are asking for specific assistance for this specific iPhone in this specific case. I know they are being a bit thick vs Microsoft and their data centre in Ireland, but in this case they are asking for very limited and sensible assistance.

        3. Anonymous Coward
          Anonymous Coward

          Re: Something doesn't compute

          And it is a game.

          Real life mass murder is a game?

          Heard about a guy called Hitler? Or someone called Stalin? Do you think people go to school or cinemas for the thrilling chance of being shot at?

          Get real.

          1. Anonymous Coward
            Anonymous Coward

            Re: Something doesn't compute

            "Heard about a guy called Hitler? Or someone called Stalin?"

            Exactly, that's the problem - everything they did was legal.

            1. Anonymous Coward
              Anonymous Coward

              Re: Something doesn't compute

              Exactly, that's the problem - everything they did was legal.

              Er, mixed messages. In their domestic legal systems may be, but that was not the only 'jurisdiction' in play.

              They got away with it partly because there was no such thing as TV or small video cameras. Being the perpetrator of secret atrocities is one thing, having those hidden acts publicised on CNN is another thing entirely and will spoil any villain's breakfast. Everyone knows that these days, which is why at the first hint of trouble countries seem to disable the Internet.

              Hitler, had he been captured alive, would have ended up at the Nuremberg Trials like all the other senior Nazis did.

              Stalin was publicly (and shockingly) condemned by his successor, which is probably as close to a public trial as a premier in Soviet Russia was ever likely to get.

              The rule of law and order is paramount. If it is allowed to decline, you can end up with a Hitler running the country. Remember that Hitler was "democratically" elected by the German population in 1933 against a background of unchecked aggression on the part of his henchmen. Had the policing system in Germany been able to bring that aggression to a halt at an early juncture, history may have turned out very differently.

              Ok, so a dispute about a locked iPhone is hardly along quite the same scale. But if Apple succeed in resisting and iPhones really do end up giving bad guys an impregnable means of communicating that's never going to be good for law, order and democracy. The FBI wouldn't even be able to rely on the Wire Fraud act.

              Conflicting Requirements

              There is a fundamental conflict in the Requirements that apply to the Internet.

              First, we want the good guys to be able to quietly go about their business in private, free from snooping by other guys.

              Second, we want the bad guys to not be able to quietly go about their business in private, we want them snooped on by other guys so that they can be prevented from killing people.

              The trouble is that the technology we have cannot tell the difference between good guys and bad guys. To resolve that someone somewhere has to do some snooping, preferably before the next 9/11, but definitely afterwards.

              Most of the good guys seemingly want no snooping at all, which is tremendously helpful to the bad guys too. All Apple are doing is going along with that (cynically, to protect their short term profits). I don't think Apple should be that worried - nothing else has stopped people buying a lot of iPhones, and being helpful to the FBI now and then wouldn't stop them either.

              What is Tim Cook Up To?

              Tim Cook, like everyone else, relies on the rule of law and order so as to be able to enjoy a quiet life. One wonders what Apple's attitude would be if the San Bernadino shootings had affected him personally. Ok so they didn't, but he must surely be sensitive to the need to properly investigate all aspects of the case.

              I don't know how it has come to pass that the FBI felt it necessary to go with a public hearing to get a court order to compel Apple to assist. Did the FBI ask privately and did Apple refuse? It would certainly have been more to Apple's liking that this matter had remained private. Clearly the relationship between the FBI and Apple has broken down to the point where the FBI has decided to go nuclear. That's everyone's fault, including Apple's, but probably mostly the politicians who have failed to set a clear and reasonable framework in which law and order can operate effectively in today's technological world. The FBI, with the very puzzling FBI vs Microsoft case, haven't exactly been helping either.

              Now that everyone knows that Apple could technically do this, they're going to be told to do so by a lot of countries with less restrained legal systems than the USA. For many governments its very easy for them to say "give us a policeman's back door to iPhones or we'll close down your business and block your servers". It'd be a much cheaper way of doing it than the approach China has taken. They've basically rendered phone crypto irrelevant because they control the services to which a phone can connect.

              1. SolidSquid

                Re: Something doesn't compute

                > Er, mixed messages. In their domestic legal systems may be, but that was not the only 'jurisdiction' in play.

                > Hitler, had he been captured alive, would have ended up at the Nuremberg Trials like all the other senior Nazis did.

                Being charged under laws which were written post-WW2 specifically for the punishment of the crimes committed by the Nazis and their allies and to prevent anyone else committing the same atrocities. While I'm not saying I agree with what they said, at the time they committed the crimes their domestic legal system *was* the only juristiction in play, it's just another one was created post-war so they could be charged.

                And asserting Apple could technically do this isn't the same as them actually being able to, and certainly not the same as them being able to do it in as narrow a context as the FBI claims they can. They may well be fighting this to prevent a precedent being set rather than because, in this specific case, they don't want to cooperate

        4. Anonymous Coward
          Anonymous Coward

          Re: Something doesn't compute

          Apple are complicit because they are denying a court ordered search warrant for the contents of this phone. Speculation as to contents does not matter here. It is not the private property of the terrorists though it is the property of the State of California. Thus there is NO PRIVACY ARGUEMENT here!

          You people have even helped write the disclaimers you see when you join a domain or use the company network for a company owned device.

          The FBI have a duty to investigate EVERY aspect of this case. Apple is not allowed to deny them access to ANY phone or they will be in contempt of court. That contempt of court citation could have numerous penalties that don't have ANY recourse, including search and seizure of Apple itself.

      3. John H Woods Silver badge

        Re: Something doesn't compute

        "How would you feel if someone you loved got murdered and Apple refused to play ball?"

        How would you feel if someone you loved got murdered because Apple did play ball? For instance someone that ISIS wanted to target, and who was very careful and discrete, is nevertheless killed because one of their kids lost their iPhone and it ended up in the wrong hands?

      4. gnasher729 Silver badge

        Re: Something doesn't compute

        You said "Who knows, but if it does point to fellow conspirators you'd sure as hell would want to find out. This is not a game."

        That's what is called a fishing expedition. No reasonable judge should ever give out a search warrant for that kind of thing. You can't get a search warrant because there might be a crime and there might be evidence. You need a reasonable cause to believe that there _is_ evidence. You may turn out to be wrong, but you need the reasonable cause to start with.

        The actual case is solved. The perpetrator will never be convicted because corpses cannot be convicted. There is actual little reason to believe that there is anything incriminating on that phone: The perpetrator destroyed a computer hard drive and two phones, obviously to destroy evidence. He didn't destroy this phone. The obvious reason would be that there is nothing of interest on it.

        It's his work phone. You wouldn't keep evidence of a crime on your work phone. Any time your boss could come to you and say "Joe over there has to go on a trip and his phone is being repaired, please give him your work phone". And then Joe gets curious and finds your weapons purchases... Would _you_ use your work phone to call your terrorist friends, or to watch porn (just something else you wouldn't want people to know), when you own two other phones?

        1. Anonymous Coward
          Anonymous Coward

          Re: Something doesn't compute

          > Would _you_ use your work phone to call your terrorist friends, or to watch porn

          What if I work for the PIRA and part-time for xHamster on the weekends?

      5. KeithR

        Re: Something doesn't compute

        "At the moment Apple are rapidly gaining a reputation as "the Terrorist's friend". "

        Like much of the cities of New York and Boston in the 70s, citizens - and politicians - of which were openly sponsoring the IRA's bombing campaigns in the UK.

        Not as much fun when it happens to you, eh?

      6. Anonymous Coward
        Anonymous Coward

        Re: Something doesn't compute

        > How about 14 murdered people, 22 severely wounded, many bereaved families wanting answers, unknown accomplices possibly yet to be discovered

        Nice straw man you've got there, me fellow AC! :-)

    2. KeithR

      Re: Something doesn't compute

      Oh yeah - the Merkin General who was literally prepared to start WW III by getting BRITISH soldiers to attack the Russians squatting on a relatively strategically unimportant airstrip in order to capture it.

      Fucking bell-end. Bet he shouted "Hooah" a lot though...

      We just waited until the Russians were a bit hungry and thirsty, shared some of our rations, and they let us walk in...

  20. This post has been deleted by its author

  21. Unicornpiss Silver badge
    Meh

    Surely...

    The government has the resources to remove the flash storage, copy the data, and just brute force it. Or based on the exploits they are holding in reserve, they must have extensive knowledge of all smartphones and could engineer their own firmware. Perhaps they already have and this is just a smokescreen to limit public reaction to our lack of privacy, or the "easy way" is being tried first. Or perhaps I'm giving too much credit where it is not due?

    1. This post has been deleted by its author

      1. JeffyPoooh Silver badge
        Pint

        Re: Surely...

        John H Woods "Brute forcing AES256 is possible, of course, but would take some time - at least 10^30 years."

        Which is why, in the entire history of *modern* cryptography, simple unguided brute forcing is rarely (ever?) used.

        The WWII Germans made the same trivial error as you just did. They did the trivial math on the rotor setting combinations, and came to an incorrect conclusion. Churchill read their mail before they did.

        I've posted above about 'Known Text' and 'nounce'. Just two of likely many-thousands of possible attack vectors.

        Yes, it's good to know the 'rules' of cryptography. But it's even better to understand the exceptions.

        1. Steve Todd

          Re: Surely...

          With enigma the problem was a combination of a mathematical weakness in the algorithm, combined with known text, that allowed the Bletchley Park code breakers to very much reduce the search space. AES on the other hand has been the product of multiple cryptographers and much analysis to look for weaknesses, none practical having been found.

          1. JeffyPoooh Silver badge
            Pint

            Re: Surely...

            None?

            Wiki copy-and-paste from the 'Side-channel attacks' section:

            << In October 2005, Dag Arne Osvik, Adi Shamir and Eran Tromer presented a paper demonstrating several cache-timing attacks against AES.[33] One attack was able to obtain an entire AES key after only 800 operations triggering encryptions, in a total of 65 milliseconds. This attack requires the attacker to be able to run programs on the same system or platform that is performing AES.

            In December 2009 an attack on some hardware implementations was published that used differential fault analysis and allows recovery of a key with a complexity of 232.[34]

            In November 2010 Endre Bangerter, David Gullasch and Stephan Krenn published a paper which described a practical approach to a "near real time" recovery of secret keys from AES-128 without the need for either cipher text or plaintext. The approach also works on AES-128 implementations that use compression tables, such as OpenSSL.[35] Like some earlier attacks this one requires the ability to run unprivileged code on the system performing the AES encryption, which may be achieved by malware infection far more easily than commandeering the root account.[36] >>

            The [numbers] lead to citations in case you don't trust Wiki. I'd just like to preempt the most obvious rebuttal to a Wiki source. I'm just a bit lazy...

            Consider also that the investigators could use a de-soldering station, etc.

        2. Anonymous Coward
          Anonymous Coward

          Re: Surely...

          I've posted above about 'Known Text' and 'nounce'. Just two of likely many-thousands of possible attack vectors.

          Yes, it's good to know the 'rules' of cryptography. But it's even better to understand the exceptions.

          It is worth noting, however, that all your posts are based on an as yet unproven assumption that Apple has made the sort of trivial errors that would indeed reduce the available keyspace. Apple screwed up (IMHO) with the quality of fingerprint reader they've used, but as far as I can tell, their crypto is fairly solid and I think we can safely assume they can read those reports you have been quoting too. Security on the iPhone has been incrementally getting better, and they had to get it right in software before they finally managed to add the hardware support for it so I disagree with you that breaking this will be as much a walk in the park as you seem to think based on the videos you've seen and some limited Wikipedia browsing.

          We are heading towards another lovely question here, though: even if we assume the FBI succeeds in compelling Apple and so start a takedown of the whole Silicon Valley (the only positive would be the demise of Facebook, really), the question remains if Apple can break the phone.

          After all, you are talking about developing new software that has to undo a well established process that may not work. What if Apple itself bricks the phone? Is Apple then going to be guilty of contempt, no matter what it does? There is no guarantee so far that Apple can indeed do what is demanded and that demand, by the way, included the phrase "REASONABLE efforts" - a concept I think we're straying well beyond.

          Even in the case Apple gets compelled, there is still no guarantee that the phone can be breached. At the moment this is but theory.

          I have another question. If this is a company phone, and said company is the government, why was that phone not in an MDM? Who screwed up there?

          1. JeffyPoooh Silver badge
            Pint

            Re: Surely...

            AC (John?) "...as yet unproven assumption that Apple has made the sort of trivial errors that would indeed reduce the available keyspace."

            The latest crypto and latest implementations are just the latest in a very long line.

            It's called Inductive Reasoning to see the sun 'rise' in the East every morning and leap to the unproven hypothesis that it'll almost certainly continue to 'rise' in future mornings.

            It's extremely unlikely that the iPhone 5C will end up in a museum as the very first perfect implementation in history.

            In fact, the Feds have already identified an attack vector. It's underway and they're very likely to succeed.

            There would be 'N' such attack vectors. The theory that 'N' = 0 is extremely unlikely.

            "...trivial errors..."

            The crackers find implementation errors that are sometimes trivial (often only in hindsight), but sometimes they find implementation errors are unbelievably subtle. Other times they're exploiting an inherent physical or design weakness, that may have nothing directly to do with the security designers.

            The attacks do not "reduce the available keyspace" (you're still stuck in that same limited thinking, sigh... seriously, please stop...). The side-channel attacks often reveal the key almost directly. The key could be a million bits and their attack would still read it out bit by bit.

            Just because I can't be arsed to give you anything more than a quote from Wiki, it doesn't mean that I don't have a shelf bulging with books on the history of cryptography. Cryptographer-Hubris is a recurring theme in history. I'm here to make the world a better place by gently mocking such dangerous cryptographer-hubris.

            You'd be a better person if you drop the naive faith in cryptography. Learn the endlessly recurring history. We've been through this exact same cycle so many times before.

            (Unless you're a terrorist. Then, please... ...trust the crypto fully.)

            1. Anonymous Coward
              Anonymous Coward

              Re: Surely...

              Just because I can't be arsed to give you anything more than a quote from Wiki, it doesn't mean that I don't have a shelf bulging with books on the history of cryptography. Cryptographer-Hubris is a recurring theme in history. I'm here to make the world a better place by gently mocking such dangerous cryptographer-hubris.

              The FBI has one particular vector in mind, and that is killing the time delay and max count of the PIN code so they can iterate through the possible PIN codes without the device killing the master key which would require the content to be broken with more traditional means.

              Side channel attacks are only found when someone has already used the correct key and the system and state changes that occur as a result of that can be observed, analysed and possibly replicated. As there is no correct key yet, there's nothing to observe.

              Even a shelf full of crypto history books won't change that...

            2. This post has been deleted by its author

        3. JeffyPoooh Silver badge
          Pint

          Re: Surely...

          John H Woods = this post has been deleted by its author

          Seriously?

          Boss reminded you not to post crypto topics from work? Your work being in GCHQ?

    2. Anonymous Coward
      Anonymous Coward

      Re: Surely...

      > The government has the resources to remove the flash storage, copy the data, and just brute force it

      It doesn't work like that¹. It is not "the government" trying, allegedly, to get at some data, but some employees in some division of some office of a police department.

      Unless they are far more stupid than one would give them credit for, I should expect their department of commerce to vehemently oppose the idea, not to mention their constitutional courts (whatever those are called in the US).

      ¹ Leaving aside for a moment that "the government" used to supposedly mean "those who represent me and run things strictly on behalf of me and my fellow citizens"

  22. dan1980

    "And how exactly do you, under the US Constitution, force programmers to write software . . ."

    Surely that is the pertinent question, no?

    Taking this out of the digital/computing realm and into the (slightly) more familiar physical world, we can compare this to a safe manufacturer.

    A safe manufacturer might be compelled to assist authorities by opening one of their safes using proprietary knowledge.This could be considered a sort of 'back door' in that the safe will likely have been built in such a way that one can open it without the combination - but only with detailed technical knowledge of its construction.

    Expanding on that, it is likely that, at least in advanced designs, specialised equipment will be required and this equipment may only be accessible to the manufacturer.

    Well and good, but let's imagine that the required specialised equipment does not exist. That is essentially the situation with Apple - the FBI is asking them to use their knowledge to custom-build a tool to break into their product.

    Which law grants them the power to compel a company to do such a thing?

    1. DainB Bronze badge

      As far as I understand new firmware has to be signed for phone to accept it. All FBI needs to have is a private key Apple uses to sign firmware, modification of firmware is not that complex.

      1. Mephistro Silver badge
        Black Helicopters

        Now, that..

        .. would be a really bad idea. If the feds have that private key, who -and how- could guarantee that they won't retain a copy of said key for similar ocassions, without needing to resort to those pesky judges? or even for mass surveillance?

        1. DainB Bronze badge

          Re: Now, that..

          So you're fine with private corporation being able to update firmware on your phone whenever and however they want without your consent and probably even knowing it ?

          1. Mephistro Silver badge

            Re: Now, that.. (@ DainB)

            "So you're fine with private corporation being able to update firmware on your phone whenever..."

            No, I'm not. That's why I don't trust my phone and use it in 'paranoid mode' whenever possible and only put data on it I don´t mind being made public. A pain in the ass, and I haven't "much to hide", but I do it out of principle. For my PCs, I accept the updates manually, usually after a one day delay and some searching in technical forums, to see whether it comes with some nasty surprise. Not a perfect solution, I know, but It has saved me some trouble in the past.

            Anyway, there are several BIG differences between Google or Apple and American TLAs.

            The worst that these private companies can do to you is to cause your inbox to get filled with commercial spam, which is a big nuisance, but just a nuisance. On the other hand TLAs have been harvesting all the data they can about private citizens for many years, either breaking, corrupting or ignoring American laws, not to speak about other countries laws. The reason they're doing this? So they can look for possible culprits or scapegoats AFTER a crime has been commited. So, even if you are not guilty of as crime, the fact that e.g. you where two times in the same area where two similar crimes where commited may well cause your home to be raided by armed FBI agents, you and your family arrested/interrogated/imprisoned until they find the culprit or a better scapegoat (if ever). This way, they can feed to the media an image of continous success that's handy for getting promotions, medals and all that shit.

            Also, citizens can control Apple and Google by "voting with their wallets" or "voting with their browser". American TLAs have proved to exhaustion they can't be controlled neither by their own country's laws nor by the citizens.

            Allowing TLAs to break phones in a whim without any oversight is a really bad idea, and things are fucked up enough the way they're now, without giving them more tools.

        2. KeithR

          Re: Now, that..

          ".. would be a really bad idea. If the feds have that private key, who -and how- could guarantee that they won't retain a copy of said key for similar occasions, without needing to resort to those pesky judges? or even for mass surveillance?"

          Which is the entire crux of the matter - a fact lost to many on here, it seems.

    2. Anonymous Coward
      Anonymous Coward

      @dan1980

      re: "Which law grants them the power to compel a company to do such a thing?"

      Um, you miss the point - the US is not a nation of laws, it's a nation of optional laws. Some people or companies are above the law.

      The overriding US law is that the ends justifies the means.

  23. Frank N. Stein

    Who is it again exactly who confirmed that Apple actually can, or has ever successfully written a custom build of iOS that can be installed on a locked phone for which no one but a dead man has the unlock PIN? And why exactly is it that the FBI couldn't get the NSA to do it, given that they are supposed to be able to hack anyone's phone?

    1. bazza Silver badge

      Er, Apple kinda have confirmed it. They do so every time they put out an update.

      The whole point of signed firmware updates is that the existing firmware will trust them implicitly. Putting down a signed update that does what the FBI wants is easy for Apple. They have the source code and signing keys.

      There's fiddly bits and pieces concerning what user input is required to start the installation running, but the user plays no role in deciding whether the update is legitimate and from Apple. And unless Apple has used a mask ROM for the secure enclave on later phones (which seems unlikely - unupgradeable firmware can't be bug fixed), that too could probably be circumvented in a similar way.

      Signed updates are used by everything - Windows, Linux, OS X, BlackBerry, etc.

      The whole thing is fine so long as Apple or anyone else don't leak their signing keys. Apple are not being asked for those in this court order. They're being asked for a special update that works on this specific iPhone and no other (so it won't work on yours).

      Of course if they do leak the keys then there's no defence left. Keeping such keys on an Internet connected computer is asking for trouble.

      Unless NSA have got something really good (which I doubt) they can't realistically hack the keys either.

      1. Charles 9 Silver badge

        "The whole point of signed firmware updates is that the existing firmware will trust them implicitly. Putting down a signed update that does what the FBI wants is easy for Apple. They have the source code and signing keys."

        Ah, but here's the rub. Last I checked, user intervention is required to actually perform a new firmware installation. You can have the phone download and keep the installation without intervention, but because people USE their phones everyday, every update I've seen requires the user to say OK first, and THAT requires unlocking the phone. So now, to turn something said once by Spike Milligan, the crowbar you need to open the crate is inside the crate.

  24. This post has been deleted by its author

  25. Captain DaFt

    Latest twist:

    Apple says it's to late to try to crack it because the password was changed while the phone was in police custody:

    http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust#.uq37VNX4v

    1. Mark 85 Silver badge

      Re: Latest twist:

      That's interesting and a game changer. I guess the FBI now needs to find out who changed the password and what it is. The Buzzfeed link suggests it was Farook's employer.

    2. gnasher729 Silver badge

      Re: Latest twist:

      That story is a lot more complicated.

      The FBI doesn't actually want to unlock the phone, they want the data on it. Apple told them a very clever way to get the data: If you turned on "iCloud Backup" on your phone, then every night your phone sends its data to iCloud. For that to happen the phone must be on a network that it trusts (like your home network), and iCloud Backup must be set up, and the phone must know your iCloud password. Which it will do. So your phone creates backups even when it is locked.

      Apple told the FBI that they could do exactly that: Take the iPhone from the FBI to a place with a network it trusts (the criminals home network, or his workplace) and wait until it performs a backup, then pick up the data from iCloud which Apple can access and has accessed. Actually Apple did this for the FBI. It didn't work. It turned out that some dimwit had changed the iCloud password remotely while the phone was in the FBI's custody. So now to make it backup you first need to unlock the phone and type in the right iCloud password on the phone.

      You can see at which step of this the FBI is now stuck. The FBI knows the new iCloud password. They just can't type it into the iPhone. And they don't know the old password, so they cannot change it back. Everyone knows that servers (like iCloud) don't store passwords. That's why no server that is safe can tell you your old password, they can only allow you to change your password to something new. If they knew the old password they could probably change it back and the iPhone might start backing up again.

      1. partypop69

        Re: Latest twist:

        ICloud Backup has to be enabled for a backup to run. If the phone had terrorist secrets, why would ICloud backup would enabled ? This doesn't make sense.

        1. KeithR

          Re: Latest twist:

          And if the data's on iCloud, it's on an Apple server, presumably far far easier for Apple to get at...

      2. Anonymous Coward
        Anonymous Coward

        Re: Latest twist:

        But normally, to change a password you need the OLD password first. So someone out there knows BOTH passwords. Find that person.

    3. Mephistro Silver badge
      Black Helicopters

      Re: Latest twist:

      Another hint that all of this case is just smoke and mirrors, and that the true goal of the FBI is getting a copy of the update plus all the data in the encrypted iPhone. It doesn't sound too farfetched that having these two ingredients and a ton of computing power, they'll be able to extract Apple's private key.

      At least it seems that they would like to give it a try.

      1. Charles 9 Silver badge

        Re: Latest twist:

        Nah, I doubt they'd be going for a Known Plaintext attack. Most encryption algorithms are robust against that as a matter of course.

  26. Anonymous Coward
    Anonymous Coward

    Just give it to Google....

    They'd love to break into that phone... in effort to make Android not look so bad after all.

    Don't they also have that Quantum stuff ?

    I also like the idea of cloning the storage and run a million emulators to brute force it...

    But as others have said... this is not about whether it can be done technically or not.

    This is about setting a precedent for future state sponsored privacy violation.

    1. John H Woods Silver badge

      Re: Just give it to Google....

      "I also like the idea of cloning the storage and run a million emulators to brute force it..."

      Do you know how big 2^256 is? If, as is suspected, you'll have to, on average, search half the keyspace before hitting paydirt, that is 2^255 or about 6e+76 key attempts. Let's say you can do one per nanosecond (you'd need a hell of a computer, but let's say). That makes 6e+67 seconds. Let's say you have ten million of those computers. That means it'll only take 6e+60 seconds. Let's say there's a weakness in AES256 that you can exploit to give you trillion trillion trillion fold speed up. Now it's only going to take you about 6e+24 seconds.

      That's only about 10 million times the current age of the universe.

      1. Charles 9 Silver badge

        Re: Just give it to Google....

        What about a black-project quantum computer and Shor's Algorithm?

      2. JeffyPoooh Silver badge
        Pint

        Re: Just give it to Google....

        @John H Woods

        You sound like an Enigma Machine salesman circa 1938. LOL

        Brute forcing & 'age of Universe' topic is a complete and utter red herring.

        Although it's nice to know the basic rules of cryptography, it's even better to understand the exceptions.

        The history of cryptography provides endless examples. It's clear that far too many have studied modern cryptography technology, and slept through the lesson-filled related history.

        The Media collection at CCC.de provides a lovely peek under the covers. Watch even just a half-dozen examples, and you'll have to adopt an entirely different attitude.

        The only subject with higher levels of naivete is the topic of Self-driving Cars.

        1. gnasher729 Silver badge

          Re: Just give it to Google....

          The Enigma _was_ designed in the 1930's by what would today be considered amateurs. Polish mathematicians in the 1930's figured out "If we could intercept about 100 messages sent with the same settings, and if we were told the external cables used with these 100 messages, and if they haven't done something really clever, then we can reconstruct the exact design of the wheels". That was pre-war. The same settings where used for 3 months. A "spy" (I suspect a cleaner) reported how the cables were plugged in. And the wiring of the wheels was mathematically reconstructed.

          The Enigma didn't produce arbitrary permutations of the input. Every single setting of the Enigma produced a permutation that would _exchange_ letters in 13 separate pairs of letters. And every initial rotor setting produced an exchange that followed some particular pattern that could be identified with a known clear text. As a result, with known clear text they only had to check 26 x 26 x 26 rotor settings to find the exact rotor settings, and then figuring out the cable connections was easy.

          When a fourth wheel was added for extra security, it turned out that every four wheel encryption used the same settings for the first three wheels as everyone else. So instead of having a problem that was unsolvable in the 1940's, all they needed was to crack the three wheel enigma and then check 26 wheel positions for the last wheel.

          SHA-256 has no known weaknesses. There is right now no way to crack it other than by brute force. 2^256 keys is so much that a mathematical breakthrough, followed by another mathematical breakthrough, followed by another one, doesn't get you anywhere near being able to crack it.

          But the real problem is elsewhere. What the FBI wants isn't the contents of this one phone. What they want is to prevent people from having secure phones. What the NSA most certainly can't do is crack that phone at a cost that makes it worthwhile. They have more important things to do than cracking the secrets of a dead man.

          1. JeffyPoooh Silver badge
            Pint

            Re: Just give it to Google....

            "SHA-256 has no known weaknesses."

            Individual *implementations* may have dozens or hundreds of weaknesses. It's extraordinarily unlikely that the iPhone 5C has a perfectly secure implementation.

            You've either reviewed the encrypted hardware cracking presentations on CCC.de Media or you haven't. If you haven't, then you're living in La La Land.

        2. John H Woods Silver badge

          Re: Just give it to Google....

          That's pretty condescending. Read my response again properly and you will see that it is a response to someone suggesting cloning the storage and running "a million emulators" --- so none of the side channel, timing attacks etc. are available.

          I would not be at all surprised if the phone can be cracked. But I would be very surprised indeed if a dump of its storage could be, especially because resistance to known plaintext is a particular characteristic of AES256.

  27. Jess

    I suspect they are working on new firmware

    that plugs this hole (i.e. new firmware being installed on a locked phone, without it being wiped.) and once that is out, they may then comply.

  28. james 68

    Much ado about fu©k all squared

    This whole rigmarole is a farce - on BOTH sides of the argument.

    The spangly fashion accessory in question does not belong to the murderer, it belongs to the company he worked for.

    Perhaps I‘m a tad jaded but does that not suggest that this whole thing could be cleared up by the actual owner asking for it to be unlocked?

    Now I do fully understand that the FBI is trying to set a precedent for phones to be unlocked upon request but surely Apple could simply sidestep the whole deal by stating that they will unlock the bloody thing for it`s rightful owner and the FBI be damned.

    Instead we get a media circus where Apple can get some free advertisement and claim to be all fluffy and unicorn fondely.

    1. KeithR

      Re: Much ado about fu©k all squared

      Which is why many of us question the FBI's real motivation here, and applaud Apple's push-back...

      1. james 68

        Re: Much ado about fu©k all squared

        I too would applaud Apples pushback, were it not for the fact that they have no problem opening devices for the feds so long as the request isnt made public....

        1. Mark 85 Silver badge

          Re: Much ado about fu©k all squared

          Apparently, according the mainstream sources, Apple asked for this to be "public" for some reason. It's the why suddenly insist on "public" that's worrisome. Other sources maintain that Apple insisted on "secret" as they have done in the past but the FBI when "public".

          The question is "why?" and what's behind this? Is this by mutual agreement for some reason?

  29. Sir Alien

    No middle ground...

    Apple are rather clever on this and it may or may not cost them valuable business. But I suppose that is what the gamble is about.

    I don't think Apple are simply not wanting to decrypt one phone with custom firmware. Some people are legitimising the behaviour towards Apple (not a fanboy) but when you think clearly, once Apple has written this custom firmware to decrypt phones it does not stop there. Going from a vocal court case the government simply has to put a secret court order in place to now hand over the tools and custom firmware to the FBI/NSA and they can indeed decrypt any phone they want. Apple are clearly trying to prevent a situation where no one knows.

    Instead they are making a cake and eating it situation. They completely remove encryption, lose huge business and make the American economy take a massive hit. Or they leave encryption in place as is.

    Like many have said before, it's either full encryption or no encryption. There is no middle ground.

    - S.A

    1. Anonymous Coward
      Anonymous Coward

      Re: No middle ground...

      Why don't governments around the world could just ban any and all encryption and obfuscation—to include things like steganography? They can simply justify it on the ground that ANY encryption becomes an existential threat to the State, making it a choice between tyranny and anarchy with no third option (because any attempt at it will inevitably slide toward one or the other).

      1. Sir Alien

        Re: No middle ground...

        Imagine the Russian sending all their stuff in plain text for the Americans to see or the Americans sending all their stuff for the Russians to see. One example, Russia now have all the specs for an iPhone clone and make their own to sell around the world because it was freely available by intercepting information across the internet.

        Apple the company goes bankrupt and the American economy loses billions of dollars. Many people become unemployed, not just those directly employed by Apple, and then you get social unrest. The human race are by nature explorers and inventors. When we are not exploring or inventing we are fighting (aka. wars) which are obviously bad.

        Basically anything that you want to be confidential would not longer be. Does not matter if it is a terrorist case or your new invention that a larger company has just stolen.

        - S.A

        1. Charles 9 Silver badge

          Re: No middle ground...

          Aren't we seeing that all the time? Isn't that what espionage is all about?

      2. KeithR

        Re: No middle ground...

        "Why don't governments around the world could just ban any and all encryption and obfuscation—to include things like steganography?"

        And they'd enforce that how, exactly?

        Not to mention the impact on freedom of speech, so beloved of our cousins across the Atlantic...

        1. Charles 9 Silver badge

          Re: No middle ground...

          Beloved by the hoi polloi, not by those up top who only see the Constitution as "ink on a page." The biggest lesson of this age will probably be that representative government simply cannot last in the face of instinctive human greed; sooner or later, either SOMEONE will amass the power to usurp or more than one will and destroy everything around them in a winners take small infinite-stakes bid to remove the competition.

      3. Mark 85 Silver badge

        Re: No middle ground...

        Why don't governments around the world could just ban any and all encryption and obfuscation—to include things like steganography?

        How would you stop it? There's laws against speeding... yeah.. those work. There's laws against attacking and hacking computer systems... yeah... those work. Think about all the laws and tell me one, just one, that does work*.

        *I'm speaking of legislated laws by a country, not physics or Newton's are Darwin's**.

        ** This is a maybe as lots of places try to repeal Darwin's.

  30. Anonymous Coward
    Anonymous Coward

    At least we now know who the real player is

    OK, now we see who is really behind this attempt to build precedent, the FBI was really just a pawn.

    To recap briefly:

    - Apple has been ordered (no, not asked, ordered) to develop a way to break its own device, a device it spent many man years securing;

    - The FBI & court allege they limit this order to a one-off whilst knowing full well that this would create legal precedent, in other words, a legal template to do this agin and again because they managed to get this approved last time;

    - They have poured a liberal terrorist sauce over all of this, which is a red flag to anyone who has been watching DoJ and agencies since 9/11. We'll get back to that in a minute.

    Analysis:

    - This is not just about Apple. Such a precedent will be abused almost immediately to force other US companies into compliance and force them to start working on breaking their own customer security;

    - There is no doubt in my mind that such a precedent will start an absolute FLOOD of demands from every US provider of equipment and services of note as part of a simple campaign of brute harassment. The aim of such a campaign would be to make it more economical for such companies to build in a backdoor than to fight lawsuit after lawsuit, all based on this precedent;

    - In short, the long con here is that this is again a play to get the beloved backdoors in place, this time not by mandating them directly but by a campaign of aggressive legal harassment. The FBI doesn't care about the costs - after all, it's only the tax payer's money and it gives their flood of lawyers finally something to do.

    Implications:

    - The "terrorist" red flag: FBI as well as DoJ are casually admitting here that the multi-billion dollar budgets of NSA and other agencies combined were insufficient to gather enough intelligence to not need the data held on one single consumer device which curiously was left intact while all other devices involved were wiped. I would certainly recommend that this should yield an in-depth investigation by Congress into why these agencies were unable to do without - what the hell have they been doing? Let's not forget that they missed these people despite all the data gathering and privileges they already have.

    - If FBI and DoJ win this, the implications are that it will no longer be possible to protect ANY information held on US provided equipment and services. You might as well buy a Chinese knock off because at least they don't pretend to care about your rights. I am certain that Huawei et al are praying on their knees that the FBI and DoJ win this because it will make it far easier to sell into the European market, a market that will at that point no longer have a choice if they want to comply with EU Data Protection laws. A win for the DoJ and FBI is basically the last straw for Silicon Valley which is already reeling from the EU cancelling Safe Harbor.

    - FBI, DoJ and court appear not to be above misleading the American public. Especially the Court and DoJ know full well that they WILL set precedent and that WILL get abused (because there's precedent for that too), so any talk about this affair being "once, "a one off", "an exception", "a special case" and "limited" is wilful misdirection. Well, let's call a spade a spade: they're lying, and they know it.

    In my humble opinion, the latter merits an investigation of its own. If we can't trust a court, what's the point of it?

  31. Roland6 Silver badge

    "And how exactly do you, under the US Constitution, force programmers to write software"

    Pay them?

    Seriously, a programmer is an employee of the company and hence simply does whatever (within reason) their employer asks. And how many real programmers with one eye in their CV and future, would throw up the chance of doing something different and potentially quite interesting...

    1. Anonymous Coward
      Anonymous Coward

      Re: "And how exactly do you, under the US Constitution, force programmers to write software"

      ...with a distinct chance of becoming persona non grata everywhere else afterwards? Some people are savvy enough to look longer term and realize getting yourself dirty (even IF the pay's good) can have consequences.

      1. Roland6 Silver badge

        Re: "And how exactly do you, under the US Constitution, force programmers to write software"

        @AC - ".with a distinct chance of becoming persona non grata everywhere else... " From the comments around the web, you would of thought working at MS gave people a distinct chance of becoming persona non grata's, but it hasn't stopped them and there does seem to be arather large number of companies willing to employ such people.

        Remember in this instance we are talking about an Apple (US) employee, being offered the chance of working on something that will have the attention of Tim Cook etc. - I suspect turning it down is going to be a much bigger career limiting move...

  32. JaitcH
    WTF?

    Don't laugh England, Mad May most likely wetting her pants

    There is precedent for these All Writs Act authorities in the (British) Common Law - the Writ of Assistance. Some say this goes as far back as Roman Law.

    The use of that writ by the judges appointed by King George III was one British practice that the American Revolution was specifically intended to terminate.

    Guess the jokes on the American citizens.

    1. KeithR

      Re: Don't laugh England, Mad May most likely wetting her pants

      Yep - the irony isn't lost on me!

  33. JeffyPoooh Silver badge
    Pint

    I smell a subtle back-story...

    Apple made an explicit decision to design the latest iPhones so they were perfectly uncrackable by anyone, especially themselves!! By doing so they could distinguish themselves in the marketplace, AND - key point - simply wave-off all those pesky law enforcement investigators. Apple presumably believed that they've already accomplished this goal. Annoyingly, the pesky investigator figured out a work-around, and are now back banging on Apple's door demanding assistance.

    Cook must have been simply furious at the internal folks that had failed to spot the work-around. His anger may be fueled by disappointment at his naive assumption about security vice crackers. Yet another example...

    (Pure speculation of course.)

    1. gnasher729 Silver badge

      Re: I smell a subtle back-story...

      What Apple has done is create a phone that is _safe_.

      Since phones can easily get into hands of criminals, for a phone to be safe means it must be _very_ safe. Apple says, quite rightfully "if we could crack the passcode, then criminals could find out how to do it. Therefore for a phone to be safe, the manufacturer should be unable to crack it".

      If it is possible for Apple to break in (and that's a big "if"), then it requires creating firmware that _works_ but removes some of the security (creating firmware that "works" would be very, very difficult for anyone, removing the security would be quite easy). Then it would require signing the firmware with Apple's signing key, which is the most secret secret that Apple is keeping anywhere, and that should be impossible for anyone. So _if_ Apple could break in, the fact that they could break in doesn't make your phone unsafe. But if Apple _did_ break in, that means Apple _has_ created and signed that firmware, so it _exists_, and _that_ makes your phone unsafe.

    2. Adrian 4 Silver badge

      Re: I smell a subtle back-story...

      It's probable the bean-counters that are to blame there. The 5S does have a defence against this workaround (the protection against repeated attacks is inside the secure module, not in iOS). The 5C doesn't. I'm not an apple buyer so I don't quite recall the timeline but weren't these phones released simultaneously - the 5S cost more and included the latest security. The 5C was cheaper and used the older method, presumably for cost or marketing reasons rather than engineering.

      1. Anonymous Coward
        Anonymous Coward

        Re: I smell a subtle back-story...

        I think the 5C was an experiment by Apple to see what actually sold their product, a market test. It proved that making a "cheap edition" was not going to capture any more market share as they didn't sell well at all.

    3. Anonymous Coward
      Anonymous Coward

      Re: I smell a subtle back-story...

      Apple made an explicit decision to design the latest iPhones so they were perfectly uncrackable by anyone, especially themselves!! By doing so they could distinguish themselves in the marketplace, AND - key point - simply wave-off all those pesky law enforcement investigators

      If you smell a back story at Apple I suggest you may want to wash your moustache more often :)

      We have a couple of billion people on this planet who have a right to privacy, and a handful terrorists who have not. The bottom line of this whole saga is that the FBI thinks it's quite OK to jeopardise the security of the billions to get at a few - which, it is worth remembering, happens to be the whole point of terrorism.

      Who runs the show at the FBI these days? Osama Bin Idiot?

  34. Anonymous Coward
    Anonymous Coward

    It all about signatures, not code

    Alice and Bob have been arrested. However neither will talk. The plod are getting increasingly frustrated, when they hit upon a cunning plan. They will get Alice's lawyer to sign a fake affidavit saying that Alice will co-operate. They will then show this fake to Bob's lawyer. He will recognise the genuine signature and pass the information on to his client who the police hope will in turn sing like a canary.

    Obviously this won't happen, there are rule to prevent such abuse, and in any case no one would ever trust Alice's lawyer again.

    This is the crux of the issue for Apple, they are being asked to add their official signature to a piece of malware, if they do this once then they can be required to do it time and time again and not always in public.

    For Apple, this is fight they cannot lose.

  35. a_yank_lurker Silver badge

    Time

    Something that has not really been mentioned. The ferals seem to think this might take a few days to code, test, and deploy. But OSes are complex bits of code and a major change, which this is, could require several months of work before it is ready - maybe even a year or more. In intelligence there is a well known observation that the value of any information degrades with time. If the modifications take awhile, say 10 months the information will be a year old and quite possibly rather worthless.

    Also, the password was changed by San Bernardino County who is the actual owner of the phone. Maybe the ferals should be leaning hard on them with the promise of all expense paid visit to Club Fed complete with an orange jump suit.

    1. Mephistro Silver badge
      Pint

      Re: Time

      I beg to disagree with the first part of your comment. Apple only needs to modify a small part of their OS, the one that decides the span of time between failed password retries.

      On the other hand, the second paragraph mirrors my thoughts exactly. It would be great to know if the password was changed by a -probably clueless- sysadmin in SB County or by an automated system owned and controlled by the country, or by a third party MSM provider. One way or another, the password must be known by someone easily identifiable and very easy to find.

      The present brouhaha also begs several questions: Why did the FBI allow the phone to be connected to a mobile network while in their custody? Knowing the risk that someone, for some reason, could send a reset code or even a remote device wipe? Or were the feds themselves who wiped it, ?

      This case looks like bullshit and smells like bullshit, so it's probably not a muffin. The feds covering their asses against accusations of incompetence? The feds pushing a hidden agenda? The feds trying to set a legal precedence?...

      Anyway this may keep us entertained for weeks yet. Popcorn galore!

      1. Roland6 Silver badge

        Re: Time

        I beg to disagree with the first part of your comment. Apple only needs to modify a small part of their OS, the one that decides the span of time between failed password retries.

        Lets go through the changes being asked for:

        1. [Apple] will bypass or disable the auto-erase function whether or not it has been enabled;

        This is a straight-forward change, to make the function do nothing.

        2. [Apple] will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE;

        This is probably a bigger change, given that we don't know what stubs are already in iOS and active at the time of passcode entry. But it may be simply to permit keyboard input on these ports.

        3. [Apple] will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

        There are two parts to this, firstly the changing of the delay between attempts, a straight-forward change of time variable(s). The second a wrong passcode not resulting in the failed attempts counter being incremented, also a straight-forward code change.

      2. e_is_real_i_isnt

        Re: Time

        The password to the iCloud account was changed. This is not the password for the phone. Since the phone doesn't have the iCloud password anymore, it cannot upload a back-up.

        I think even if they had the back-up to hand over, it would still need decryption, but at least there would be a copy the FBI, et al, could play with endlessly.

  36. Howard Hanek Bronze badge
    Facepalm

    Oh Dear

    It's election season and the Administration, who has been accused of being soft in their effort against terrorism, needs to flex its terrorism muscles and Tim Cook and Apple have been so supportive in the past.........so it makes good Kabuki. We even have a heroine who will save them all in Act III. Or something.

  37. partypop69

    "Terrorism" is new the blanket word... to invade our privacy. The iPhone has terrorist secrets, just like Iraq had weapons of mass destruction.

    If the Iphone truely had terrorist secrets, they'd hire a iOS hacker to access the data. Whenever the device in your possession you have full control, I dont care what encryption it has, anything can be broken. This is not about this one iPhone and its contents, its about power.

    1. Anonymous Coward
      Anonymous Coward

      Even if the key hidden away in a secure chip that can't be removed or decapped without self-destructing, thus the ONLY place the encrypted memory can be read is on the actual device?

      1. JeffyPoooh Silver badge
        Pint

        "...key hidden away in a secure chip that....without self-destructing..."

        AC "Even if the key hidden away in a secure chip that can't be removed or decapped without self-destructing, thus the ONLY place the encrypted memory can be read is on the actual device?"

        Congratulations! You're clearly NOT a hardware cracker! Yay!

        Neither am I. But I've seen how they work. Because I have Internet, a video player and *interest*.

        One video I saw was cracking a 'totally secure' SmartCard. The card processor had all sorts of physical roadblocks. It took him almost four hours to get the keys out. All friggin' morning. Crikey!

        Try CCC.de Media. It's a goldmine of presentations.

        It'll shake your worldview to its core.

        1. Charles 9 Silver badge

          Re: "...key hidden away in a secure chip that....without self-destructing..."

          Show me one where they fully decrypt an iPhone 5c or later while locked (or better shut off).

    2. JeffyPoooh Silver badge
      Pint

      "...device in your possession... full control... anything can be broken..."

      partypop69 "Whenever the device in your possession you have full control, I don't care what encryption it has, anything can be broken."

      Agree.

      Anyone that disagrees needs to spend some remidial education time on CCC.de Media presentations to address their missing background understanding of the real world.

      What's really shocking is how quickly the hardware-in-possession crackers can crack. Days or a couple of weeks, done and dusted.

      Cryptographer-hubris is dangerous. It's an attitude that needs to stamped out.

      Cryptography-Keyspace fanboyism ("...10^77 years!!") is just annoying.

  38. bruceld

    If this was the dubya era...dubya would be ripping the freshly unencrypted apple device from Tim cooks boney shriveled hand.

  39. d3vy

    So, the guy destroyed two other phones, the only remaining phone is his work phone.

    I'm willing to put money on it that there is nothing on that phone, because if it was me I'd not use my work phone which my work could take away at their whim to plan anything. If he has anything on it worth seeing then there would have been three destroyed phones.

  40. Anonymous Coward
    Anonymous Coward

    Today your Iphone

    Tomorrow it will be your brain.

    1. Mark 85 Silver badge

      Re: Today your Iphone

      They're getting close to it. Consider Google, Facebook, and Microsoft's attitude. We are owned, we just don't really know it.

  41. Bota

    Just set a custom pass code to something with more than 10 digits.

    See you in court, 125 years later ;)

  42. J J Carter Silver badge
    Boffin

    Back in the day...

    Just as well Alan Turing didn't throw a hissy-fit over cracking the Enigma code!

  43. J J Carter Silver badge
    Holmes

    Porridge time!

    Sharing a cell with Bubba up at the super-max penitentiary may change Cook's mind!

    1. Anonymous Coward
      Anonymous Coward

      Re: Porridge time!

      Cook might LIKE that, you never know

  44. This post has been deleted by its author

  45. thx1138v2

    Chain of evidence

    I'm not exactly sure about this but I don't think Apple can break that phone because the FBI can't turn the phone over to Apple without breaking the chain of evidence. That means that Apple would have to turn the software to unlock the phone over to the FBI with instructions about how to perform the procedure.

    If that is correct and considering that the government's demonstrated lack of security on their own networks that are hacked on a fairly routine basis it wouldn't be long before that code was turned out into the wild.

    Someone correct me if I'm wrong about the chain of evidence issue.

    1. Roland6 Silver badge

      Re: Chain of evidence

      Agree there are chain of evidence issues. The first one is confirming that if as some have suggested the phone has been 'updated' over-the-air whilst 'locked' (passcode changed) then it would need to be established that such updates haven't altered the contents of the phone. Secondly, it would need to be established that the Apple update doesn't change the relevant contents.

      I would expect that to 'safeguard' the chan of evidence, the phone will either be escorted or a room will be used at Apple so that the modified software and phone don't actually leave Apple during the investigation. Interestingly, this aspect of the case doesn't seem to have been covered. Because on cpompletion relevant systems and phones would need to be destroyed so as to protect Apple's existing security.

      1. Mark 85 Silver badge

        Re: Chain of evidence

        Supposedly according to some reports, this is exactly what the FBI offered. On Apple's premises, with an agent to monitor 24/7. Apple would hand over the data and then clean the phone and return it to the FBI for the evidence chain. The problem is there's so many conflicting reports floating around. Which ones do we believe?

        1. SolidSquid

          Re: Chain of evidence

          Actually, even if Apple were to agree to this, the chain of evidence issue still applies. Are the FBI going to fully audit the software Apple provides before running it? *Can* they fully audit it with the device still locked, since they won't know for sure what it'll be interacting with? If no to either, can anything on the phone be considered evidence any more, given they ran software which could potentially have modified data on it?

      2. gnasher729 Silver badge

        Re: Chain of evidence

        About the "Chain of evidence": All the data on that iPhone is encrypted. That means two things: You cannot read it (or more precise, you can read it but all you get is encrypted data that looks like garbage), and you cannot write it (or more precise, whatever you write will look like garbage). The firmware update wouldn't unlock the phone yet, so the firmware update, if done incompetently, could destroy data on the phone, but it couldn't write false data.

        But remember that the perpetrator is dead. He will never go to court, he will never be convicted. The FBI wants information about other people. They won't need anything on the phone for evidence. They won't arrest someone because their phone number is on this phone. They may get observed because of it, and then evidence may or may not be found.

  46. psychonaut

    due process

    isnt it as simple as

    apple say that the encryption cant be breached. as usual for apple, they are correct, even if its not true.

    court says you have to help having followed due legal process.

    apple say its not possible / we wont do it (same thing)

    apple cannot say anything else because then they are shown to have lied and lose face / customers / reputation.

    its not like the court are saying "make a back door for every phone". they are saying "if its possible, which it looks like it is, then you must help if a court has decided that it is relevant in this case".

    technically i suppose, if there is a backdoor creatable for one phone, then it could in principal be applied to every iphone (pre the soc encryption) , but i dont think this is the same thing. it can only be applied to another phone if a court decides that it is legal to do so.

    i dont understand why this means that freedoms are under attack. isnt it the same thing as wire taps - (should) only be available to law enforcement if a court decides its applicable? (im not saying they havent abused this as per 5 eyes etc etc, but the principle of the thing remains - i dont understand why it isnt the same situation)

    1. Charles 9 Silver badge

      Re: due process

      "technically i suppose, if there is a backdoor creatable for one phone, then it could in principal be applied to every iphone (pre the soc encryption) , but i dont think this is the same thing. it can only be applied to another phone if a court decides that it is legal to do so."

      The emboldened part is exactly the issue. If Apple is compelled to do it and complies, it opens a can of worms because it becomes a proof of concept. And note that the government cannot really be trusted these days, so once they know it's possible, what's top stop them asking for more cracks, only THIS time using the secret "can't tell anyone you're being investigated as we don't really exist" courts. Not only that, being legally compelled to perform an assertive action (like writing code) provides legal precedent for compelling Apple to lie about any warrant canaries (they could use national security statutes to trump fiduciary duty).

      1. psychonaut

        Re: due process

        but the proof of concept is already here (or near as damn it). apple can change the firmware on the phone. its doable. it just hasnt been done yet, but it is possible.

        just like its doable for them to tap your phone (and legal i believe if there is a court order)

        1. Charles 9 Silver badge

          Re: due process

          Change the firmware without user intervention? When was that demonstrated on a locked phone?

          1. psychonaut

            Re: due process

            i thought that had been said already - firmware update via usb (only from what ive read - i dont actually personally know that to be doable)

            1. Danny 14 Silver badge

              Re: due process

              I doubt the firmware update will be via the front door. Apple JTAG-esq updates more likely.

  47. J J Carter Silver badge

    Securidee theatre, people!

    Let's get real. The NSA has the decrypt tech and/or can legally compel any US company/citizen to covertly co-operate or face jail-time sharing a cell with Bubba. And they do jail time for admitting they've covertly co-operated.

    Why the Feds took this into the public-domain is anyone's guess, more likely that not it's a turf-war with another TLA.

  48. hotdamn

    There's nothing private about that phone. I belongs to the county and is public. Apple is making a big stink out of nothing.They are making a stand that will lose.

  49. Anonymous Coward
    Anonymous Coward

    A lot of fiction here :(

    Apple release phone X. Said phone will only permit updates which are signed by Apple iOS Whatever CA. At the time of the phone's release the future software direction will not be set in stone.

    They're mostly right when they say they can't decrypt the data, however they have the catch-all license to cheat - since they hold the private key for signing future iOS releases and can target it at specific IMEIs, Apple could quite easily sign a custom iOS for this particular phone and upgrade it. Once that's done, brute force it as long as you like and it won't wipe.

    It's all very well saying Apple can't decrypt it, but they hold the keys to the kingdom and can move the goalposts any time they like.

    1. psychonaut

      Re: A lot of fiction here :(

      agreed - they could choose to write an update that bricked the phone (error 53 anyone??) or just make it so that it only plays snake. or make it look like windows 8 or whatever.

      they could also choose to get that update to not restrict the number of password guesses and to change the amount of time between guesses. its all the same thing. you can either change the code or you cant. once you can change the code of the os and get it to update, you can do anything you want.

      afaik (just from the stuff ive read) , they can get it to update to a new custom version of ios from a usb update

      they dont have to release that into the wild, and they could destroy it after it is written. they could kill the guy who wrote it. they could tie it to that phones serial number. all the rest is details. i dont see why it is such a problem. the only problem is it means that if a court orders it, apple could unlock anyones iphone 5c (but probably not the later variants with the soc security). it just makes apples stance of "its totally secure" to be proved false.its the reality distortion field at work again.....holding it wrong...holding it wrong...(echo to fade....)

    2. gnasher729 Silver badge

      "There's nothing private about that phone. I belongs to the county and is public. Apple is making a big stink out of nothing.They are making a stand that will lose."

      The problem is that you don't actually understand what this is all about. It isn't about the perp's data. Apple has delivered all the data that was available on iCloud for example, which included a six week old backup with all the data of the phone. Phone operators have delivered lists of phone calls that were made with the phone. The phone belonged to the county which should have the passcode to access the phone.

      The problem is that the FBI asks Apple to create a firmware update with the potential to destroy the iPhone security for every iPhone in the world, including the iPhones of police officers, fire fighters, army personnel, hospital workers, politicians, undercover agents, and so on and so on.

  50. stuff and nonesense

    Police/Feds looked in the wrong place..

    Don't know if it has been said BUT the phone was in posession of the perp however it belonged to the health department.

    Surely the police can subpoena the health department and the health department as the owners of the phone ask Apple for help...

    1. Danny 14 Silver badge

      Re: Police/Feds looked in the wrong place..

      how can they help? I give people phones here at work, they password it and I can do little other than request a remote wipe. I cannot unlock the phones without the password.

      1. Charles 9 Silver badge

        Re: Police/Feds looked in the wrong place..

        Can't you install administrative software onto the phones so that you CAN override those passwords?

  51. Anonymous Coward
    Anonymous Coward

    If Apple is forced...

    They should program the phone to appear to be securely wiping the memory, while playing a funny tune, then - after minutes of torture - print on the screen, 'Just kidding' and carry on as directed

    Because it'd be funny.

  52. Anonymous Coward
    Anonymous Coward

    Anyone posted this yet?

    Applicable cartoon..

    https://pbs.twimg.com/media/CbqPx0bWIAEC5vO.jpg

  53. Supa

    Chris

    "It's believed the pair have possible links to terrorists abroad."

    I thought it was the US government that had links to terrorists abroad...

  54. razorfishsl

    By the power of Christ I compel you.......

  55. Oengus Silver badge

    Custom iOS

    I wonder how much Apple would charge me to create a custom iOS?

    Maybe the FBI are approaching this the wrong way.

    Create a specification for a custom version of iOS with the requirement to allow agents to access each others phones in the field. The OS needs to be installable from any Agency computer onto any iPhone, connected via USB, whose IMEI (or Serial No or other unique identifier) is on the FBI central phone database. It can only be installed via USB/Lightning when connected to the FBI network with access to a "licensing" system. Updates can only be done when connected to the FBI network.

    Of course Apple can provide a quote for the job and make the cost high enough to be financially attractive. If the FBI accept the quote and meet the terms of the quote Apple will do it. Because it is a "commercial in confidence" transaction the details will never be revealed. Apple will have their commercial integrity intact. The FBI will have their iPhone access. All parties will be happy. The public will never know they are being fleeced...

    Of course Apple will have a new revenue stream creating Custom iOSes and charging annual maintenance fees to keep them up to date.

  56. Anonymous Coward
    Anonymous Coward

    It's less of a hack

    It's just a peek really

    - Fabulous Bumbling Idiots

  57. Anonymous Coward
    Anonymous Coward

    Infamy, infamy!

    They've all got it in for me!

    - Tim

  58. Anonymous Coward
    Anonymous Coward

    Hmmmmm

    If he destroyed his other phones but didn't break his work phone, doesn't that mean that the bad stuff was probably on the broken phones?

    This is just a fishing exercise for extended rights, masquerading as public 'safety'.

    Assbadgers

  59. athame

    A whole new angle on being locked into Apple

    Hmmm - so Apple worked so hard to keylessly encrypt customer data that once locked out they can't do anythng about it? Yep I'd call that a PR coup but it may also be highly likely and true.

    What if Apple just say they can't? OK it means Apple may appear stupid on one level but it gets them off the hook and it's as good as "won't",

    Anyway if the NSA is so great at snooping and catching "tersts" (Yes that's single vowel American speak for what we Brits call Ter-ror-ists) why don't the Feds just ask them to do it?

    I can picture it now ... unwilling hackers strapped into chairs and receiving electric shocks, waterboarding and sleep deprivation for everyline of unsuccessful code they write and finally rewarded with a Texas burial...

    A bit like how it may have been for those programming the original Mac under the harsh tutalage of the late SJ. ;-)

  60. Unbelievable!

    It will set a precedent. Whether known or not..

    ..all software houses will now become a target of GCHQ/NSA "secret techniques" so that such places cannot hold the arm up the back of the legal requestor for the future. Such agencies won't ever need to 'ask' again. :(

  61. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019