FBI and Apple's Encryption

The New York Times is reporting that Apple encryption is hampering an FBI investigation:

In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over, in real time, text messages between suspects using iPhones.

Apple's response: Its iMessage system was encrypted and the company could not comply.

Government officials had warned for months that this type of standoff was inevitable as technology companies like Apple and Google embraced tougher encryption. The case, coming after several others in which similar requests were rebuffed, prompted some senior Justice Department and F.B.I. officials to advocate taking Apple to court, several current and former law enforcement officials said.

While that prospect has been shelved for now, the Justice Department is engaged in a court dispute with another tech company, Microsoft.

Several people have asked me in e-mail if this is the case I was referrring to here:

There's a persistent rumor going around that Apple is in the secret FISA Court, fighting a government order to make its platform more surveillance-friendly -- and they're losing. This might explain Apple CEO Tim Cook's somewhat sudden vehemence about privacy. I have not found any confirmation of the rumor.

It's not. The rumor I am hearing is not about access to a particular user and his communications. It is about general access to iOS data and communications. And it's in the FISA court, which means that it's not a domestic criminal matter.

To reiterate: this is a rumor. I have no confirmation. But I know three reporters that are poking around, looking for the story.

EDITED TO ADD (9/11): Nicholas Weaver, Matthew Green, and

EDITED TO ADD (9/12): Related: Here is Apple's iOS Security Guide.

Posted on September 10, 2015 at 6:00 AM • 47 Comments

Comments

JacobSeptember 10, 2015 6:52 AM

At the Microsoft hearing yesterday in front of a 3-judge panel in regard to the protection of email in Ireland:

"Lynch (one of the judges) seemed fascinated that there were so few American regulations on what Microsoft could choose to do with its clients’ emails. He asked whether the company could take everyone’s emails “to some briefcase-bank country that has no regulations and disclose them to the National Enquirer” and Rosenkranz (counsel for Microsoft) acknowledged that legally it could. (“Our business model would evaporate,” he said in answer to a similar question earlier in the hearing.)"

Disclosing email content to the National Enquirer is in direct violation of MS privacy Policy (at least as the public understands it). So one can deduce that the privacy policy of a company is not a legal binder and they can do as they please with any data under their control.
And the same applies to Apple.

sidelobeSeptember 10, 2015 7:02 AM

Surely no law enforcement official would be so audacious as to recommend that envelopes be outlawed for paper correspondence, or that special "law-enforcement access" envelopes be required, Yet citizens and companies are made to feel guilty for assuming their right to private electronic communication. It baffles me that law enforcement should feel entitled to access to secure communication just because it had access to non-secure communication.

ramriotSeptember 10, 2015 7:05 AM

What I find interesting in this case is the words real-time.

If I remember correctly the iMessage system uses end-to-end public key cryptography with a cloud based public key store, so a warrant for the clear text of old messages could not be complied with unless one of the end points could be compromised.

But they wanted real-time access, which may well be possible only because the iMessage app trusts Apple's cloud service to give it the correct public keys for each recipient. Now provided the App can be cajoled into flushing its key cache, or adding an additional recipient{FBI} (hidden from the user) then I think Apple could comply with this order.

Interestingly enough this weakness was already known and discussed quite a while ago but Apple chose not to comment.

blakeSeptember 10, 2015 7:13 AM

@Jacob

> the privacy policy of a company is not a legal binder

Of course not.

I'd be surprised if you could even get a court to accept that a "policy" forms part of the Terms and Conditions that you clicked you agreed to when you used the service. Those T&Cs might be binding, but good luck getting anything to stick when they contain those "may be changed without notice" clauses.


> Lynch seemed fascinated that there were so few American regulations ...

This wouldn't work for EU emails, right? There are EU regulations about removing personal data from the EU. This thing:

https://en.wikipedia.org/wiki/Data_Protection_Directive

Oh, but that's apparently not actually directly binding either -

> EU directives are addressed to the member states, and aren't legally binding for individuals in principle. The member states must transpose the directive into internal law.

WinterSeptember 10, 2015 7:14 AM

I was wondering. If you read Matthew Green's blog post (link above), it must be possible to decode the key exchange.

So it must be possible for the end point users to replace the (public and private?) keys before they reach the iMessage software. Which should allow them to exchange public keys via a different channel and then use iMessage with their own keys.

That would foil any wiretapping attempt and force the interceptors to compromise the end points themselves.

I assume you need to root your iPhone for that and Apple will have made it very difficult to pull off such a stunt.

ianfSeptember 10, 2015 7:19 AM

Bruce, thanks for reiterating that rumor.

If Apple  is sincere about users' rights to privacy, yet is “losing in the FISA court,” and may thus end up compelled to allow the FBI "rear entry,” doesn't it sound plausible that they'll rather underwrite a major technological shift of a sort that will make them, and by extension their buyers/users, IMMUNE to such surveillance requests?

I don't know how, but they are the 4000-lbs gorilla of the wireless communications, and so they might come up with something that the lawmakers can not surmount. For starters (just a thought), they may explicitly WARN users that the channel is no longer secure. Or they could cut up & scramble the iMessages in such a way that vital random parts of them travel via to US LEO impregnable routes.

At the very least they could end up routing iMessages through global 3G/4G networks & stick to their own, outside the 5 Eyes-jurisdictions placed server farms… batch communication to and from which would be their own internal company matter. More ideas please.

mpittSeptember 10, 2015 7:24 AM

@blake

The Data Protection Directive is implemented in national law by the EU member states, as is stated in the rest of the paragraph that you partially quoted. So yes, it's not directly legally binding, but its implementations are.

Alan KaminskySeptember 10, 2015 7:59 AM

Apple could give the encrypted text messages to the FBI and say, "This is what we have. You decrypt them." Then the FBI could pass the messages off to the NSA, who can break any encryption on the planet, right? Apple complies with the court order, FBI arrests the terrorists, everyone's happy.

curiouserSeptember 10, 2015 7:59 AM

So does this invalidate any of the Snowden documents? Or those urban myths about the capabilities of Echelon?

MarkSeptember 10, 2015 8:12 AM

Maybe the NSA -- who's busy stockpiling all of these zero-day vulnerabilities -- knows something about Apple's implementation that they/we don't?

Does anybody seriously trust any product out of America?

EvanSeptember 10, 2015 9:11 AM

Is Apple fighting the good fight, or is this case a red hereing to cover up Apple allowing other agencies under other circumstances access to customer data?

com.apple.pcapdSeptember 10, 2015 9:38 AM

True what Green says about the importance of trusting Apple. I'll trust Apple when I see them do to Cook what they did to Joe Nacchio.

wiredogSeptember 10, 2015 9:41 AM

@sidelobe
Surely no law enforcement official would be so audacious as to recommend that envelopes be outlawed for paper correspondence, or that special "law-enforcement access" envelopes be required

It is already extremely easy to open a standard envelope and reseal it undetectably. Sure, you can put a hair or some other telltale in place, but the person opening the envelope may notice that, too.

rgaffSeptember 10, 2015 10:03 AM

@wiredog, sidelobe

Indeed... ever tried holding an envelope up to the bright light and looking through it? You don't even need to "open" it to read its contents...

I'm convinced that, in today's stupid unconstitutional climate, that "mail covers" includes full take on all the content of every letter too, not just the addresses on the outside.... (because just like "collect" changes meanings, and they can freely "least untruthful" perjure themselves any time they please, or freely commit war crimes by targeting medical responders to drone strikes, they literally don't have to ever "open" any letters to read them all either)

t76ir8nfSeptember 10, 2015 10:21 AM

Apple should display key fingerprints in the iMessage app so users can verify each other, just like with OTR or Signal. Then it would be a lot harder for the government to MITM everyone without users knowing.

DanielSeptember 10, 2015 10:30 AM

Look, let us be honest with what is going on with Apple and MS. It isn't about some noble idea--it's about money. Apple and MS want to be able to troll through user data in order to be target ads and other marketing material. In order to do that, they need to be able to get users to give them their data. In order to get people to give MS and Apple their data, they have to market that their users data is secure and private.

The problem from MS and Apple point of view with what the FBI wants is that if the FBI gets what it wants there is a real danger that their marketing datasets become corrupt, in the sense of introducing systemic risk. This makes their marketing data less valuable. Potentially, there is even a risk that they might not be able to offer "free e-mail for everyone" anymore.

The difficulty for the FBI is that is the tech companies get what they want...well..trot out the Four Horsemen of the Internet.

In the end, though, the consumer loses either way. Even if Apple doesn't have to respond to a warrant, under the 3rd Party doctrine they could still turn that data over to the FBI voluntarily. An excellent example of this is what Google has done with its email system and child pornography. Google turns people in to the FBI willingly--no need for a warrant.

For myself, I see no reason to trust Apple any more or less than I trust the FBI. If anything, I tend to think the FBI should win (legally) because at least the FBI is in theory subject to democratic forces whereas Apple is not.

Clive RobinsonSeptember 10, 2015 10:35 AM

@ Wiredog, sidelobe,

It is already extremely easy to open a standard envelope and reseal it undetectably.

Yes and it's something I've taught a limited number of people for years how to do.

However as I then show them there are ways of doing things that make tampering not impossible but very difficult without it being fairly obvious.

But you need to consider the envelope as no more than a shipping container that might well get damaged in transit anyway, so your message security should not be reliant on it.

There are ways to protect messages, the simplest is type them into a computer encrypt them in some reliable manner and then print them out as 2D bar codes (think big QR codes) that can be easily read in by a modern phone camera or cheap multifunction printer / fax / copier device found on many SOHO desks.

The Rusians in times past simply photographed the messages and put either the unfixed, or fixed but not developed negatives into a hard plastic light proof pouch heat sealed it and then put it in a standard "photographs do not bend" envelope and sent it by courier or post.

If you want to make it tamper evident in a similar way wrap the 2D barcode paper up inbetween one or two pieces of "watermarked" metal foil and then run it through one of those handy little paper laminating machines and drop the result into your envelope before posting.

A slightly more advanced way is to also put a one time programable RFID with a connection coil around the outside of the foil packaged with bare contacts sticking out of the lamination, the coil gets glued to both the laminate and the foil which makes life more difficult for an attacker (but not impossible). Such systems are effectivly used for the photograph page in many modern passports. What you put in the RFID is not your "mug shot" but a high resolution photo of the laminated unit which you have digitaly signed. Geting the RFIDs is perhaps the hardest part, but by no means difficult.

Clive RobinsonSeptember 10, 2015 10:41 AM

The moral of this iMesage story is, the old "don't trust third parties with your security".

I'm thinking a seperate device with a touch screen and camera that can create and read encrypted 2D bar codes would be quite a usefull thing. You then MMS the images to each other.

Douglas KnightSeptember 10, 2015 10:52 AM

And it's in the FISA court, which means that it's not a domestic criminal matter.

FISA handles domestic civil matters, too. It just requires FBI to mumble something about espionage.

Ian EiloartSeptember 10, 2015 11:09 AM

@ Alan Kaminsky - of course the the government admitted that they were satisfied with receipt of the encrypted communications, then we'd all know iMessage wasn't secure. If the government can decrypt them, so can others; at least perhaps some other governments. Then Apple would have to keep improving the encryption until the government started insisting upon decrypted comms. That way, the world gets to learn about the limits of the government's capabilities. So, no, they're never going to be satisfied with encrypted comms: unless the cypher is known already to be very weak.

BradSeptember 10, 2015 11:20 AM

@t76ir8nf

That would be a useless feature. You still have to trust the app and the iMessage service. The app could display false thumbprints. The service could add a hidden iMessage device to your account so sent/received messages also got encrypted for the "monitoring" device. Or any number of other attacks. Simply put, without direct peer to peer connections and open source code + protocol there's no way for anyone to verify the security. You put your trust in Apple not be a bad actor or be coerced period.

RASeptember 10, 2015 12:32 PM

I think ubiquitous encryption should become the norm. Normal response to the US Gov surveillance abuse. After a while, law enforcement will adapt to a new encrypted world. Encrypt it all.

sidelobeSeptember 10, 2015 2:11 PM

@Clive, Wiredog, rgaff,

My point isn't that paper envelopes make perfect privacy. It's that they are commonly understood to be concealing private communication, and that this is generally respected. This is about the societal norm, not the technology. The evolution of SMS or email to more secure communication seems to be an inconvenience to law enforcement, just as wrapping a letter in an envelope.

The assumption is reversed: we expect that law enforcement should respect private paper mail, but law enforcements expects that they should be able to read electronic mail. There should be an assumption of privacy whenever private parties want to communicate, and invading that privacy should take exceptional effort. This is what limiting government is all about.

The average person doesn't want to build their own encryption methods any more than they want to laminate their letters in plastic and foil. They want to lick the envelope and have a reasonable expectation of privacy.

rgaffSeptember 10, 2015 5:45 PM

@sidelobe

Paper envelopes may be "commonly understood" to conceal private communication, but I'm saying that common understanding is very likely dead wrong. That assumption is probably not "generally respected" but instead generally violated. We just need another Snowden to prove it, and everyone will yawn and hardly anyone will care, meanwhile another person will be exiled or imprisoned with the harshest treatment.

If you assume what I'm suggesting is correct, then from law enforcement's perspective, there is no reversal with encryption, only extension, and "wanting it all." It's more logical if you think of it this way. Law enforcement doesn't care if people expect or assume they have privacy, they just want to make sure they don't ever actually get it. And mathematically impossible-to-crack encryption is more likely to actually deliver privacy than literally paper-thin envelopes ever will, that's why they care so much about one and not the other.

Note I'm not saying you shouldn't be right... you should be right about how our government works... it's just not the real world we all actually live in.

Dirk PraetSeptember 10, 2015 8:06 PM

@ Brad, @ t76ir8nf

That would be a useless feature. You still have to trust the app and the iMessage service.

Not entirely. Implementing CONIKS or some other key verification/certificate transparancy feature (as in Signal, Threema and the like) would necessitate another attack vector than the key substitution venue Nicholas Weaver and Matthew Green have described. And which would probably be harder for Apple to do and for the USG to enforce. Any which way - even if Apple's and Microsoft's current defiance is more than just a smokescreen - it is pretty safe to assume that under the current US regime they will eventually lose.

According to some Washington CNBC reporter called Eamon Javers, Comey would now also have suggested that "restricted encryption rules could just be a cost of doing business as a US company, like rules against child labor". If this is indeed true, than the FBI director for all practical purposes is a paranoid lunatic and a clear and present danger to the entire US tech industry and all of its customers.

ianfSeptember 11, 2015 1:24 AM

@ So then Will they shut down Apple just like they did Lavabit?

Lavabit shut itself down rather than comply with the Feds' SSL keys requests… unsure if that prevented these from falling into the govt's grubby hands or not (can't find confirmation or refutation of it anywhere, the court cases are ongoing).

Apple is in no danger of shutting itself down – they're too big for that. They may, however, do something to protect their ways of doing business that will prevent the USGovt from getting "front door" access to users' data & that it won't find an easy legal way to circumvent (on the other hand, mere threat of illegality has thus far not prevented various Fed actors from acting… as there always are the tools of immunity & presidential pardon for fellow political felons).

CuriousSeptember 11, 2015 2:12 AM

Having read Matthew Green's recent article about Apple's iMessage feature, I can't help but wonder how easy it would be if, the generation of private and public keys aren't random, but as suggested as being a possibility, keys handed to Apple by FBI (or others). I also wonder, if it would be feasible to only use a limited set of keys, and reuse them, maybe with some minor tweak like mixing in some trivial variable to make them all different. I guess it might be worth to keep speculating about ways in which FBI would achieve "real time" access to all the communications.

Btw, I noticed a sentence in M.Green's article which sparked my imagination:
"Apple claims that they offer true end-to-end encryption that they can't read "
Although I understand there might be other information that would contradict me, I can at least imagining a situation for which Apple can say Apple can't read the messages, but that law enforcement can (for some reason).

Another thing: Me being someone who finds all of this interesting, but also being someone who can't really explain how all this works, I think that at the very least, somewhere, Apple should already have explained how everything works, if they haven't done so already.

I think the very notion of "trust", even when used in a meaningful context, might as well be deemed meaningless to some degree, because of how such 'trust' (slight, or overwhelming) ultimately would likely depend on *exactly* what Apple says/has said. Specifically the problem I sketch up here, is that if Apple's communications to its users are unclear (vague) and/or insincere (fluff), or have characteristics of being exaggerations, there is simply no reason to trust Apple as a company in this context, because 'trust' in this manner would seem more like a user having to make a guess then in interpreting what has been said, than relying on real information that isn't merely an expression of some purported goodwill of a company.

I think is interesting how the problem about "trust" sketched up above then shouldn't be thought of as "public trust" (because 'trust' in this way is meaningless/unverifiable). 'Trust' or 'public trust' then is foremost an intellectual "problem", rather than a phenomenon, or some "thing" in society. On the other hand, a 'public trust' is only feasible if being based on common knowledge, admittedly leaving it here unclear exactly what this knowledge is, and who possess this. In this way, expert knowledge would be a sound digest of the known technology or some sound rationale based on what Apple has provided as information, one way or another.

Presumably, only the ones that take an interest in learning about how it all works can really trust the bits of information they think they know, while the others probably being accustomed to hearing simple praises and simple assurances, would have to infer their own goodwill onto their Apple product by making guesses on their own (making stuff up). Such an act of guessing, shouldn't be thought of as being 'trust' imo. So, this flawed notion of "trust" would be easy to check with a survey that doesn't put words into the mouths of them, because if users in turn cannot properly formulate their 'trust' in Apple, or rather in Apple's iMessage feature, then after all the "trust" of an individual might after all end up looking like wishful thinking, something that imo isn't compatible with any idea of 'trust' as a more meaningful concept.

I am simply saying that if Apple were to enjoy merely a free-form "goodwill" of its users, I'd argue that one can think of the users in general then as having being lulled into false sense of security, and for being possibly clueless.

Oopmph, heh, I am now trying to sort of how using keys work in my head.

So, am I correct in understanding that iMessage between its users simply rely on symmetric encryption for automatically both encrypting and decrypting with a public key? No public key cryptography anywhere?

M.Green's article uses the words "public key encryption", is that the same as "public key cryptography"?

CuriousSeptember 11, 2015 2:27 AM

Btw, it is possible to split hairs with this notion of "trust". Because one could say: I trust this *thing* to work, or to be fast, or to be secure against attacks, or to be secure against surveillance, or to offer privacy, or to offer total privacy, or to ensure anonymity, or to ensure (fill in yourself). So, trust could mean anything really, and simply trusting a company could also come to mean anything.

CuriousSeptember 11, 2015 3:20 AM

I don't intend to drag people onto my cart wagon of confusion, but as someone that isn't into all of the crypto stuff, I would like to take the opportunity to ask: I see that in the 2013 pdf file from Quarklabs about iMessage (link from Green's article), they point out how there is no certificate pinning. If that is the case even today, does that mean that man-in-the-middle attacks would likely be trivial against iMessage users, and more importantly, if so could such a MITM attack somehow circumvent the proclaimed "end-to-end encryption"?

Clive RobinsonSeptember 11, 2015 6:10 AM

@ So Now, ianf,

It is very unlikely that the USG could shut Apple down even if they desperatly wanted to. It's much more likely that Apple will die at the hands of it's accountants abd C-level staff who have been incorrectly incentivized.

The reason is not because of the "to big to fail" argument but "tax avoidence", Apple now has so few assets "on shore" that it is actually hurting their future growth. The cost of directly bringing the assets back on shore would result in massive tax issues. Some one even suggested years ago that Apple's desire to get into "payment systems" was possibly a desire to have an avenue for laundering their assets back on shore.

Personally I suspect they will go down the reverse foreign investment route and use non tangible goods such as IP to "restructure" their finances through a number of tax havens. Mainly because most Governments do not appear keen on closing this particular tax avoidance dodge. Which of course would be totally nothing to do with campaign contributions and other similar "financial assistance" to politico's... No it can only be that they want to thoroughly test that much maligned canard of the "trickle down effect"...

WinterSeptember 11, 2015 6:16 AM

@Clive
"Mainly because most Governments do not appear keen on closing this particular tax avoidance dodge. Which of course would be totally nothing to do with campaign contributions and other similar "financial assistance" to politico's..."

Nothing that questionable is necessary.

My country, the Netherlands is a big player in the IP money laundering scheme. The reason is not bribery (financial assistance to politicians is legally and electorally "difficult").

The simple fact that the government can levy a tax of ~1% on money that otherwise would never have crossed out borders is incentive enough. That is all above board and nicely accounted for.

uh, MikeSeptember 11, 2015 8:33 AM

Y'all know, it's very nearly as easy to send comments to senators as to post comments on this blog.

The FBI forgets that the United States is not the Planet Earth, nor is it Planet FBI. An American backdoor in an Apple phone will not sell outside the USA, and probably won't sell inside the USA.

Senators will understand that Apple needs to make up-to-date products that serve the product owner, not some other authority than the product owner. Apple wants to sell phones outside the USA, and will sell phones outside the USA, and outside the USA, Apple phones will not have the USA backdoor.

The FBI is more stupid than the Senate. Start communicating with the Senate. They (most of them) have other interests than spying on their constituents.

It's easy. If you leave comments here, leave comments with your senators as well. Push back.

uh, MikeSeptember 11, 2015 8:37 AM

Perhaps, in the public arena, we can install a rumor that the phones already have the backdoor. If enough people believe they're already p0wned, they'll get angry and start to shout. That will make the elected officials spurn Clown Comey. Then we can get back to work defending ourselves from non-Government criminals.

CallMeLateForSupperSeptember 11, 2015 2:19 PM

@uh, Mike
"Perhaps, in the public arena, we can install
a rumor that the phones already have the backdoor."

Disinformation is a two-edged sword. Get caught in the lie and it could be game over. This particular "game" is too important to be treated capriciously. I subscribe to "Speak truth to power".

"If enough people believe they're already p0wned,
they'll get angry and start to shout. That will
make the elected officials spurn Clown Comey."

(I believe the term is "pwned".) The perfect finishing touch for your argument is, "And we'll all live happily ever after. The End."

Even if the people start to shout, that alone would not significantly alter the course of Supertanker Congress.

At a place where I worked, long ago and far away, the following maxim for "selling" unpopular/inconvenient work product to management was repeated ad nauseum: "If you can't convince them with facts, dazzle them with fancy footwork." Comey's initial call for a unicorn (a hat-tip to whomever recently injected that term into this blog) was weak (putting it kindly) on substantive, germain facts. So much for brandishing facts. Now Comey has transitioned to dazzling his audience with fancy footwork: parsing metaphors, i.e. front-door versus back-door, while avoiding direct references to the actual object of his desire, i.e. unfettered access to everyone's stuff.

CuriousSeptember 11, 2015 3:26 PM

@CallMeLateForSupper

I just want to jump in and cough up something I recall from a Chomsky talk on youtube some time ago, when someone in the audience asked him what he thought about speaking truth to power. Chomsky simply started with I guess a cynical statement in saying something like, that the people in power already know the truth (maybe related to some particular context, don't remember). Whatever one is inclined to think, I guess it all depends on just whom you would like to communicate with. To simply want to speak truth to power, seem to rely on some kind of assumption that somebody cares about truth as such, as if everyone was the same team. I would think that there is literally a working hazard, that by working at any place, it has the effect of being subjec to indoctrination. 'Indoctrination' is not a dirty word in the military afaik.

gooberSeptember 14, 2015 4:15 AM

>It's easy. If you leave comments here, leave comments with your senators as well. Push back.

Except half the people here are British commonwealth sans USA who care not what the US senate thinks.

rgaffSeptember 16, 2015 4:08 PM

@goober

"Except half the people here are British commonwealth sans USA who care not what the US senate thinks."

Anyone worldwide could care what the Senate thinks... but no Senator cares what anyone worldwide thinks, all they care about is where their money is coming from and how to get re-elected... if you don't much effect either of those, you are quite boldly ignored and not even pretended to be listened to.

AnonOctober 4, 2015 11:29 PM

If you can't or don't want to trust Apple (or any 3rd party for that matter) then encrypt the message using another offline system, and send that result as the message?

The core problem is whether the supplied encryption/keys can be trusted. If you use another system outside their control, then the method of transmission should not matter.

Daniel A BennyNovember 12, 2015 5:28 AM

It is good to know that Apple encryption technology is Advance and that FBI is finding problem to break it, but checks and Balance has to be in place, so that rogue elements cannot misuse the technology.

More over privacy and security of the common man is also important, I suggest the Apple should keep the backup of all communication so that it provides the information to Government agency whenever it is asked for it, at least 3 year data should be maintained without hampering the privacy and security of the common man.

[link removed by moderator]

nateFebruary 20, 2016 11:03 AM

Apple can have a FISA Warrant and a copy of the Affidavit brought to them and Apple will privately obtain a copy of the phone's contents and deliver that content back to the FBI. If what is on that phone is so important, then have the Encryption argument later and get the info and save the WORLD three months ago. This is nonsense, as a Law Enforcement member my whole life I realize that it is the Encryption Key for 800,000 iPhones that the Government wants because no matter the location in the world where the phone is located the Feds will have access.

In closing, the Patriot Act was suppose to allow our Government to intercept communications from foreign countries to radicals here and visa versa. Mr. Clapper, after Snowden, under oath, lied when he said that was the case when Fiorina and Clapper and the Generals in 2002-3 conspired to use HP servers and technology to secretly spy on all Americans. Clapper said it was done inadvertently. The truth, it was deliberate and goes on today without warrants. Local Law Enforcement can do all the listening and spying at the ISP's without leaving their desks.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.