Apple calls BS on FBI, AG: We're totally not dragging our feet in murder probe iPhone decryption. PS: No backdoors Apple has responded to a demand from the United States' Attorney General William Barr that it grant the FBI access to two iPhones used in a recent shooting by carefully calling bullshit on his claims. Barr held a press conference on Monday in which he accused Apple of not having given the FBI “any substantive assistance” in …
The FBI et al are not clueless. They know exactly what they're asking for, and that it will destroy the utility of legitimate encryption. They don't give a shit, because they have tasted Total Information Awareness and they miss it deeply.
Re-post of a comment from a previous story on this topic:
[The FBI] chose this case to try again for the same reason that they chose the San Bernardino case: scary Muslim foreigners killed Americans, so public sentiment will be on the FBI's side, in turn creating pressure on Apple to comply.
When Apple inevitably refuses, the Feds will float it as a test case, because their wet dream is a favorable Federal court ruling that establishes precedent forcing Apple to assist. Once that precedent is established, they can then use the case law to force cooperation from other companies that provide encrypted devices and/or comms. (Barring another 9/11 scale attack, it's a long shot that Congress would pass legislation to that effect IMHO.)
If the Feds read the tea leaves and think the case might produce the opposite result, they will back down (as they did in 2016) and pay some company such as Cellebrite to do the dirty for them. Their worst nightmare is a Supreme Court ruling that companies such as Apple do not have a duty to hack their own systems. By backing down from the demand if it looks like they might lose, they moot the case so that Apple (or whoever) no longer has standing to pursue it; thus preserving the current state of ambiguity.
"The big message coming out of the USA Government over the last couple of years is: avoid any products from within the US sphere of influence."
How did you infer this? Apple is within the US sphere of influence, and is resolutely sticking to its position in the face of everything US.gov can throw at it - which is the whole point of the article. The message coming out of USA Gov is more like: "we'll keep pushing to violate citizens' 4A rights until we get a ruling that lets us do what we like, at which point all bets are off for all technology everywhere."
Assuming I wanted to avail myself of the benefits of smart tech, right now I'd buy an iPhone over any other internet-connected smart comms device. At least the company is pushing back on arbitrary violations and not just selling my data to the highest bidder, whilst also being big enough that they can do encryption properly (you could do it yourself but do you really - honestly - think you could build anything that would stand up to the tender affections of the NSA?).
Right now the only realistic alternative is not to step into the smart/connected/cloudy environment at all, and keep everything offline.
Pretty much.
They are pushing for back doors, they have yet to comply with Privacy Shield, they are trying to give US authorities extra-territorial jurisdiction, they are cutting off supply of products and services on a whim, they are threatening tech companies with a presence in the USA and they are trying to strangle companies that threaten US based companies.
Given the growth of cloud services and a reliance on Big Tech, I am very much for nothing smart and nothing cloudy. Putting everything under my control and using technology that might not disappear (to me), just because Trump got out of bed on the wrong side.
"US Government : “Don’t buy Huawei products. They have a government mandated back door to spy on you”
Also US Government : “Buy our American products with a government mandated back door to spy on you”
This has always looked like the real reason the US don't want Huawei, they have no way force a US friendly backdoor into Huawei products, yet provided no evidence there is a Chinese backdoor.
Trump's insistance that the UK don't use Huawei kit is a very good reason to make sure we do, well at least a good reason to not use ANY US made kit.
"There is no point in telling someone they are stupid as they are too dumb to realize what your telling them.."
In this case govt of all flavors prefer their own version of the truth while they sadly try to man-handle/brow beat and con the public that thy are dong it for their own good.
BvB
I'm no Apple fanboy, but it is nice to see them hardline against a backdoor in this case.
If it's forced by legal requirement, I think we may see someone secretly leak the backdoor keys for select individuals phones.
"Why my my my Mr. Director, you look so utterly dashing in that selfie at that club we can't mention..."
Regardless of Apple's inability to break into their phones or whatever, the fact still remains that they will bow to the Chinese by taking down an app in the Apple store which may or may not have been used by the protesters in Hong Kong, strictly because the Chinese government demanded it. But when the United States government asks for assistance, Apple refuses to help. Then all you tinfoil hat wearing "privacy warriors" applaud them for "sticking the finger to the big bad US government".
So it seems you're happy with Apple doing China's bidding where human rights are constantly being trashed... just so long as uncle Tim Crook is still stickin' it to the man, and you can complain about your insecure fears over the public WiFi while you drink your Starbucks in peace. I salute you!
"So it seems you're happy with Apple doing China's bidding where human rights are constantly being trashed"
Remind me what countries soldiers were being trained at this base again?
Ah Saudi Arabia. That bastion of human rights.
I guess the US does make far money of Arms deals with Saudi than it does with an app in China.
Go to that article. See what we said. We weren't happy with Apple's decision in Hong Kong, and we were pretty clear about that. Yes, I see some people there who made such arguments as "It's legal under Chinese law", but they seem to have received quite a few dissenting replies. I'm still not happy about that.
That said, show me a good company that protects people everywhere, rejecting requests for censorship and surveillance no matter who submitted them. I can't think of any. Apple is helping slide closer to that end of the scale, but they're not on it. I'm happy to be angry at Apple whenever they do something dishonest. This time, they haven't.
"But when the United States government asks for assistance, Apple refuses to help."
They literally gave the gmen everything they could retrieve. That's a wide definition of refusal.
n.b. I don't allow some products in my house on principle, so I'm no latte sipping hipster or whatever stereotype you want to throw at me as a way of dismissing my point.
The FIB has a long history of lying about this. They claimed at once stage they had over 8,000 locked phones that were preventing crimes from being solves. The actual number turned out to be about 10% of that - none of it terrorist related, almost entirely down to the "highly sucessful" war on drugs.
It's pretty safe to run on the assumption that when the head of the FIB says something, it's a lie.
Last time they wanted Apple to push in an iOS update that would get around the limits on trying passcodes (note to terrorists, use passwords instead of passcodes and this won't even be possible) though I'm not sure if that is still a possibility - they may have closed the route to forcing iOS updates in a locked phone in DFU mode. At least I hope they did, as there's no reason that should be necessary.
The real prize they want is a law requiring either a backdoor for law enforcement, or for Apple (and Google etc.) to not design phones that they can't unlock. Either they'd have to build in some sort of "master key" that could unlock phone (hopefully specific to a given serial number though I'm sure that's not the option a jackboot like Barr would choose) or have to ship a copy of the key created when a user sets a passcode to Apple.
I'm sure such a vast database of unlock codes for every iPhone in the world wouldn't be a hacker target, or tempting to insiders to access for fun or profit...
I wish Apple would allow for a way for a user to set an encryption key for iCloud data. Currently Apple is able to hand over iCloud data since while it is encrypted, much of it is only encrypted once and with a key Apple controls. I imagine the reason they haven't done this is to placate the FBI by providing a way to get data from most users (I don't use iCloud, I do local backups which ARE protected by a key only I control)
If the fight with the FBI gets nasty, Apple should go full privacy and offer that option for iCloud to really stick a finger in their eye. If stupid laws and politicians playing on fear are going to try to take away our privacy, I hope they go down fighting!
And I'm equally sure the backdoor keys to Barr and Trump's iPhones won't be accidentally leaked to all the red-top rags in the world.
I'll accept such a backdoor when Barr also accepts wearing an explosive collar secured by the same means - after all, it's perfectly safe, is it not?
If they're not ok with that idea, then perhaps they've begun to understand.
If you've nothing to hide, why are you wearing pants?
>I wish Apple would allow for a way for a user to set an encryption key for iCloud data. Currently, Apple is able to hand over iCloud data since while it is encrypted, much of it is only encrypted once and with a key Apple controls.
Yes, my eyes also caught the aside that Apple had handed over a user's iCloud data.
It is noteworthy that this aspect of Apple's security is so far behind what is shipped on its devices.
My bet is that they were planning on doing this but backed off after the San Bernadino fight with the FBI. Being able to give iCloud data allows them to give something to authorities when there's a search warrant, if they made it so they couldn't hand that over sadly that would probably be the straw that breaks the camel's back and gets congress to act in a bipartisan fashion (with only those on the extreme right and extreme left dissenting) and writing a law that mandates backdoors.
So, typically your iCloud is used for backups right.... in case your phone is destroyed / lost / broken, some of us use iDevices but dont want that manky iTunes on our computers right so the phone backs itself / photos etc up to the cloud. If the backup is encrypted with a key thats only present on the device then the backups become kinda useless in the typical recovery scenarios.
What I'm talking about would be the same thing as how backups using iTunes work. You provide a password, which is used to generate a key that encrypts your iCloud data before it is send to Apple's servers. If your phone is lost/stolen/etc., when you set up the new one you have to provide the password to generate that key. If you forgot that password, sucks to be you.
Make him an offer. Hand over the suspect phone along with his own private one. Make best efforts to crack both phones. If they succeed the contents of his phone get published for the world to see, this, of course, being the effect that success would ultimately have one everyone else's phone. If he doesn't like the deal he shouldn't inflict it on everyone else and anyway he doesn't have anything to hide, does he? Does he?
Below is quote from BBC news on the same story . . . .
"The US government ended up paying another company a reported $1m (£770,000) to develop software to get around the device's encryption."
Does that not suggest the encryption is already undermined. How? Did they brute force it, did they go zero day hunting? I'm not an apple buyer but was always under the impression their encryption was pretty good (well you would since it is obviously a selling point).
If it can be broken for $1 meeellliion its practically worthless YMMV.
That was reported. We assume it's correct, but it might not be. However, I believe that that did happen.
That was four years ago, years which Apple has spent improving security. It's quite likely they've patched the vulnerability used back then and the various people who want access now need to find another one. It would be easier if Apple put one in, so they'll ask for that for a long time. If it was really very important, they'd have another group find it. That they haven't suggests that they don't care all that much about these specific devices and just want access, you know, for next time whenever that might be don't question us we're the law.
"The US government ended up paying another company a reported $1m (£770,000) to develop software to get around the device's encryption."
BBC isn't known for its brilliant tech journalism.
I strongly suspect the Israeli company used hardware probing/modding of kinds that are very well guarded secrets.
@Anonymous Boring Coward: "I strongly suspect the Israeli company"
One of the Cellebrite hacks was physical, they sold a device which exploited a flaw in the lightning cable comms protocols, which could put the phone into some diagnostic / engineering mode, making it easier to retrieve data. As far as I understand, those physical units sold for around the sum reported, and were armed for four or five exploits.
My understanding is there is a way to access iphone storage and the security chip by literally dissecting the phone bit by bit then kind of reassembling it, and using very high means and a lot ot time to read or manipulate the security features and storage. The point being, cracking it by some teenage thief aint' gonna' happen. Meanwhile an adversary with literally unlimited resources is going to find the cost/reward ratio punitive. (I would guess Apple engineers could modify the security and storage chips tamper proof making it more difficult if not impossible to crack.)
I would assume that it is possible to forensically retrieve the contents of the storage on the phone. It may then be possible to brute-force the encryption keys, given enough resources. The scale of those resources wouold depend on the encryption mechanism used, and I'm willing to bet Apple have strengthened it since.
This is AFAIK not possible currently without theoretical electron microscopes (or hardware flaws, which have not yet been discovered/published).
The chips have "secure enclaves", and thus if powered/used, even on a seperate board, will (since the previous 2008 update to the flaw) secure erase the *keys* if too many attempts are made. As we are talking about data inside the CPU/RAM and encrypted, you'd need to both dump it (without triggering the erasure, or damaging the chip) and decrypt it (how much GPU/CPU power do you have).
If Apple have designed the chip correctly, there's no feasible way to get to the data currently.
There were a number of experts offering to crack the phone for free. Some were US-based. That the FBI went with a foreign company to the tune of $1M suggests strongly to me that said foreign company had done some favor for the FBI that had not been compensated up to that point.
Apple has been aggressively iterating on its security since then. Specifically, I believe that the publicly suggested hacks have been disabled.
That was done for an iPhone 5 running an older version of iOS several years ago for the San Bernadino case.
The FBI says they have tried having third parties unlock this phone (I assume they meant the one that wasn't shot!) and failed to do so. When Apple learns of exploits they fix them, so the only way companies like Cellbrite can continue to offer unlocking services to law enforcement is if they keep finding new bugs faster than Apple fixes them.
If it can be broken for $1 meeellliion its practically worthless YMMV.
If you're talking about nation-state adversaries, sure; but even they have limits on how many 7-figure unlocks they'll pay for. Seven figures per unlock is a pretty high barrier for a phone thief, though, so the encryption still has some real-world utility.
I'm sure there are many many good people working for the FBI. The issue really is the institution. Organisations such as the FBI develop a "personality" of their own from their own internal procedures and culture, which can be very hard to change.
Hence why there are very few racist police officers in the Met (and they get dealt with harshly), but the Met itself still manages to remain institutionally racist (allegedly). An organisation is not just the sum of the people in it.
That's exactly the problem. If the FBI only existed to do things like this, the U.S. could figure that out and get rid of it. But most of the stuff they do is actively helpful to the average citizen, from investigations of major crimes to coordination among smaller crime-fighting organizations. And then they turn around and demand things they have no business having and access communications data without warrants. The institution needs a thorough cleaning and some parts should be jettisoned entirely, but on the whole they're still needed and mostly honest. If only it was easy to assign organizations to a good or bad pile, the efforts to improve would be so much simpler.
I have always thought that Apple was rotten to the core, and the FBI were the good guys.
But in light of the FBI's latest antics, and the general behavior of US Government since 9/11, it looks like the positions have switched, and the US Government is now rotten to the core.
There’s backdoors that are wide open, and backdoors that are actually pretty difficult for a third party to open. I wonder if it would be possible to arrive at a position where we’re content that it’s good enough? We’ve managed that with credit card chips, SIMs. The effort / reward ratio is just not worth it.
Though of course the flaw is, who gets to know what the back door is?
Five minutes after the head of the FBI has such a key, so do the Chinese. And the Russians.
And the Indians, Malaysians, Europeans, Iranians, Italian Mafia, Columbian drug dealers and every other organisation you might care to mention that has a reasonable amount of money coupled with a desire to get the data from someone else's iPhone.
Within a couple of years, every script kiddy in the world has a copy.
That's the reason it's impossible.
Think upon this - if such a God Mode key is brought into existence, it would be one of the most valuable pieces of data on the planet. Some people will gladly torture and murder to get it, while others will willingly pay said people rather a lot of money.
The more widely distributed, the sooner these people would succeed and the more agents would be put at pointless personal risk.
If I were an FBI agent, I would not want this, because I would like my and my colleagues limbs to remain attached and fingers unbroken.
If there isn't any back door, why will telling Apple that there should have been one help?
Obviously they are using a current investigation to try to make Apple change for the future, not to actually help the current investigation.
FBI should develop their own tools instead, as I'm sure NSA and that Israeli firm have already done years ago.
The more expensive it is to break the encryption, the less likely it is that the authorities will use it frivolously.
Of course they don't care about these phones or this particular case, they are just using it for publicity like they did with the San Bernadino shooter. No one would care if they had a phone from a mob guy or bank robber, they have to have a "but what about the terrorists" angle to have any chance of getting public backing.
They are playing the same playbook they have for 20+ years when they first floated the "Clipper chip" idea. Real police work is dead, they just want have everything handed to them. Next they'll probably want a law allowing them to jail people for not giving them encryption keys to data found on their home computer, like they do in the UK.
Does anyone else think the US Government is acting like a teenager on this? The conversation seems to have gone roughly like this:
US Government: Decrypt this phone for us
Apple: No. We can't.
US Government: Give us a backdoor because we have phones we need to decrypt.
Apple: No.
US Government: *storms off in a huff* . Fine! We don't need your stinking decryption anyway. We have our own.
US Government: *storms back". Decrypt this phone for us
"...if Barr can make the case that Apple is standing in the way of proper investigation of terrorist activities,"
If he and his chums can pull this trick, they will open the floodgates for the rest of countries in the world doing the same thing. It's as if they were Illuminati trying to turn the world into a totally fucked dystopia.
The perfect storm is coming: Total control of the masses through social media + total surveillance. And the USA is up there in the first positions, together with China and similar luminaries of Democracy and Human Rights!
It's a pity Bleating is not a language. Someone could make a mint with said language's courses!
8^(
What does the law say about it? Is there a law in the US requiring Apple to put a backdoor in their phones? No? Then the government should be working with Congress to put such a law in place.
If Congress disagrees? The govt is out of luck, and should move on. Dragging Apple's name through the mud over it doesn't change the law. All it'd actually do is end up with Apple taking the govt to court due to them being lied about by the AG.
If you buy the pitch that Apple does not have back doors in everything they make, I have a bridge you might be interested in.
If you think your use of Apple products has any privacy or security, you have no clue about just how powerful and above the law most large corporations have become.
Whilst the mucky-mucks at the FBI etc might tech illiterate and maybe only risen to the top by virtue of the Peter Principle, I am certain there is a huge army of some of the best tech minds in their employ.
Is it beyond imagination that they have actually cracked the security? What better way to slurp data from important suspects than by ensuring they use something widely known to be impenetrable?
To ensure the high profile crims use that "impenetrable" device just kick off a high profile case every now and then, which they hope to lose because it so obviously flies in the face of what the "Land of the Free" (wish we had a sarcostrophe ) stands for.
Wasn't there a tinfoil hat icon at one point?
I can’t imagine anything being manufactured/sold in the US not having an access mechanism for the NSA. However, intelligence gathering is different from legal evidence gathering that can be presented in court.
The FBI is making the claim that they need to be able to get the information and be able to present to the court.
Using a secret vulnerability to gather information is not presentable in court; it’s provenance can be contested.
What the FBI wants is a carteblanche access to everyone’s phone everywhere in the world.
The reality is that the keys will leak and people will lose privacy or may get killed.
Barr can’t guarantee that only the terrorists or the pedophiliacs will be targeted.
Mass surveillance hasn’t made us more secure; the amount of data is huge.
#MyStupidGovernment @work.
Check this out and realize...
The FBI Got Data From A Locked iPhone 11 Pro Max—So Why Is It Demanding Apple Unlock Older Phones?
IASSOTS
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
