Another FBI Filing on the San Bernardino iPhone Case

The FBI's reply to Apple is more of a character assassination attempt than a legal argument. It's as if it only cares about public opinion at this point.

Although notice the threat in footnote 9 on page 22:

For the reasons discussed above, the FBI cannot itself modify the software on Farook's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers.

This should immediately remind everyone of the Lavabit case, where the FBI did ask for the site's master key in order to get at one user. Ladar Levison commented on the similarities. He, of course, shut his service down rather than turn over the master key. A company as large as Apple does not have that option. Marcy Wheeler wrote about this in detail.

My previous three posts on this are here, here, and here, all with lots of interesting links to various writings on this case.

EDITED TO ADD:The New York Times reports that the White House might have overreached in this case.

John Oliver has a great segment on this. With a Matt Blaze cameo!

Good NPR interview with Richard Clarke.

Well, I don't think it's a fierce debate. I think the Justice Department and the FBI are on their own here. You know, the secretary of defense has said how important encryption is when asked about this case. The National Security Agency director and three past National Security Agency directors, a former CIA director, a former Homeland Security secretary have all said that they're much more sympathetic with Apple in this case. You really have to understand that the FBI director is exaggerating the need for this and is trying to build it up as an emotional case, organizing the families of the victims and all of that. And it's Jim Comey and the attorney general is letting him get away with it.

Senator Lindsay Graham is changing his views:

"It's just not so simple," Graham said. "I thought it was that simple."

Steven Levy on the history angle of this story.

Benjamin Wittes on possible legislative options.

EDITED TO ADD (3/17): Apple's latest response is pretty withering. Commentary from Susan Crawford. FBI and China are on the same side. How this fight risks the whole US tech industry.

EDITED TO ADD (3/18): Tim Cook interview. Apple engineers might refuse to help the FBI, if Apple loses the case. And I should have previously posted this letter from racial justice activists, and this more recent essay on how this affects the LGBTQ community.

EDITED TO ADD (3/21): Interesting article on the Apple/FBI tensions that led to this case.

Posted on March 16, 2016 at 6:12 AM • 106 Comments

Comments

Snarki, child of LokiMarch 16, 2016 6:45 AM

From the linked "possible legislative options": #4: removing tech company "common carrier" immunity, when they don't help with decryption.

Yeah, that's going to work great. Someone should make sure that Comey has some encrypted kiddie-pr0n in his email. Or maybe it's just random numbers. Either way, liability!

Scott ShepardMarch 16, 2016 6:59 AM

I have noticed a missing argument in the debates about Strong Encryption and the Court Order presented to Apple. Consider the Security Triad: Confidentiality, Integrity, and Availability (CIA). The concept of Confidentiality is the missing piece.

When Apple sells an iPhone with Security, there is an implied Contract of Confidentiality between Apple and the User of the phone. The User has a reasonable expectation that the information in the phone will only be shared with individuals that the User authorizes.

This Confidentiality Contract should be considered a form of Privileged Communication, like Attorney-Client and Physician-Patient Privilege. Except, in this case, the information isn't locked up in someone's brain. It is locked up in some form of encryption. For the sake of argument, let's call it Computer-User Privilege.

Just as other Privileged Communication is not always absolute, Computer-User Privilege should not always be considered absolute. Warrants can be issued directly to the User for access to the information on the Computer. If the User refuses access, the Judge can find the User in contempt of court.

Apple is being asked to create something that can be re-purposed and redistributed. The creation of this technology would eventually expose all Users to future, unwarranted breaches of Computer-User Privilege.

Privacy is also important here, because the phone has sensors: GPS, Microphone, Camera, etc. The phone tracks where we go. The phone listens to what we say. The phone photographs us and where we are, even though we are not in "public" places, like a park or a side-walk.

I believe that strong encryption does not just protect our Privacy. I believe that strong encryption protects our Computer-User Privilege, which is a necessary part of our Information Systems Security.

AnonMarch 16, 2016 7:09 AM

The Levy link is about Clipper & its history. I'd like to see a history of FBI crimes. Not by individual agents: http://www.cbsnews.com/news/years-of-fbi-agent-crimes-detailed/ but crimes of FBI policy, starting with harrassment of Dr. MLK and various black musicians as ordered directly by JEdgar Hoover, to illegal spying, profiling and harrassment of antiwar dissidents, and on & on like that. Would make a good filing by Apple, just to let the judge know what he's dealing with in regard to these lowlifes.

Rolf Weber March 16, 2016 7:10 AM

To threaten Apple to Compel them to hand over iOS source code is no more than logical. It simply prevents Apple from defending with "we have no idea how to write that code" or "it would took us 5 years to write it".
BTW, Lavabit chose such a childish "defense".

GrowingUpUnderSpiesMarch 16, 2016 7:22 AM

We need a backdoor in iOS. Then we need to have the most malicious hackers access it. After that we need people to get hurt from the backdoor. We told the FBI it would be a bad idea, let them see the world burn afterwards. We need to show the security threat of a backdoor, painted in blood.

JohnMarch 16, 2016 8:30 AM

Did Senator Lindsey Graham grow a conscious? Or did he just recall what Truman said about the FBI
"we want no Gestapo or secret police. The FBI is tending in that direction."
-H Truman

I have to wonder why no one asked "Doesn't the NSA record everything going through the network?" Shouldn't it be a simple matter of scanning that database for that phones metadata?
Most certainly since the NSA has opened it up to LEO's.
https://www.washingtonpost.com/news/the-watch/wp/2016/03/10/surprise-nsa-data-will-soon-routinely-be-used-for-domestic-policing-that-has-nothing-to-do-with-terrorism/

Eddy PazuzuMarch 16, 2016 8:42 AM

Clark makes the crucial point that Comey's out there all alone, escalating and escalating and making a fool of himself.

From the standpoint of brute self-preservation, even the worst power-mad egomaniac would say to himself in the mirror: 'All right then. Face it, Jim, you stepped on your crank. Accept your public failure and disgrace and move on! There's work to do! Entrap some more mental defectives into holding rubber bombs. Execute some more Boston Marathon defense witnesses.' Then shave and flex and stride out to the office with his head held high, like normal losers do.

But he can't. Why not?

Here's the thing. Comey's a fanatic, a cultist. Opus Dei inculcates its subjects with a premodern concept of absolute sovereignty. It's inimical to Vatican doctrine, which incorporates human rights. Comey swore to uphold the law but he had his fingers crossed. His real oath is obedience to the imaginary Christ in his head - that is, to his Order.

In Comey's delusional mind, Apple is little Regan floating in the air. Scalia's Father Merrick, flopped down dead in green splats of devil puke. Comey's all alone now, furiously sprinking holy water, yelling, "The power of Christ COMPELS YOU! The power of Christ COMPELS YOU!"

What we have here is a VIP with psychiatric impairment.

PeterMarch 16, 2016 8:47 AM

"A company as large as Apple does not have that option." (closing the shop)

Of course they do, they are just to greedy and spineless to chose it .

Clive RobinsonMarch 16, 2016 9:09 AM

@ Vesselin Bontchev,

I also liked the bit about "personal services"[1] where to put crudely the courts refrain from "Making some one somebody elses '13itch'". Which is in essence what the FBI are trying to do to Apple...

[1] "Personal services" is a euphemism for amongst other things "sex", and a "contract" could be a marriage certificate, payment to a call girl / street walker or worse some one sold / indentured into supplying such services (effectivly a "sex slave").

MarcusMarch 16, 2016 9:10 AM

Can Apple revoke the key they currently use to sign iOS updates? I imagine this would require an updated iOS signed with the current key. I doubt the key is hard-coded in the iPhone.

Anybody who upgrades iOS would be safe if the current key was later compromised (by a the FBI or anybody else).

JeroenMarch 16, 2016 10:03 AM

The course of action I would suggest is to push an update with the update current key that would require all future updates to be signed by multiple keys, some of which are held by individuals or organisations outside US jurisdiction, and set up procedures to manage that process.

CallMeLateForSupperMarch 16, 2016 10:23 AM

Some readers here recently noted that NSA has uncharacteristically stayed out of the news for some time. I noted the same thing; further, it seemed to me that NSA dropped below radar right about the time that Comey grabbed the podium to introduce - and refine and replay - his "going dark" scare story (last fall). The coincidence of one agency exiting and the other agency entering reminded me of "tag team wrestling". Was Clapper & Co. catching its breath and getting on with business while Comey had a go, I wondered.

Now I think NSA just didn't have a dog in the fight that Comey was fomenting. They have publicly stated as much.

Here is a thought-provoking and edifying article:
"Why the NSA is staying out of Apple's fight with
the FBI.
"Apple’s court fight has exposed a deep rift in how the two agencies deal with technology"
http://www.theverge.com/2016/3/9/11186868/apple-fbi-nsa-encryption-exploit-hack

65535March 16, 2016 10:59 AM

The fact that the FBI intimidated a relatively small email shop [Lavabit] into shutting down doesn’t necessarily mean it can intimidate Apple and the rest of US technology industry.

Further I am dubious of any meaningful data on the 5C iPhone of the San Bernardino killers. The FBI appears to be trying to the “keyboard cache”which probably has long been flush if the iPhone was powered down [that would be the local key strokes on said phone months ago].

Next, if there emails sent from that phone the Call Data Records/Metadata would have been captured by Verizon and the email provider probably could be forced to reveal any emails by Farook. As for images sent to someone the same type of metadata and internet records are probably already in the Fed’s hands.

See comments on the FBI’s claims of additional data on the 5C iPhone:
https://www.schneier.com/blog/archives/2016/03/friday_squid_bl_517.html#c6719288

Lasly, the fact that FBI agent Stacey Perino and FBI Supervisory Special Agent Christopher Pluhar “don’t know of a method” of hacking the 5C iPhone nor can they code a program themselves doesn’t reflect well on them.

The FBI is near to the NSA with its huge amount of zero-day exploits and the largest hacking pool of experts in the USA - which makes one wonder why the FBI hasn’t asked them for more expert help.

The bottom line is there is little additional data on that 5C iPhone which will provide any more 'critical' evidence in this case. The FBI seems to be beating a dead horse and pushing toward a courtroom precedent that could have huge negative effects on Apple and US technology industry in general – if not worldwide. If Apple builds this malware to defeat their own phones it will be very costly and most likely will be leaked to criminals and dictators world wide. It’s a power grab by the FBI.

asdfMarch 16, 2016 11:32 AM

"A company as large as Apple does not have that option [of shutting down rather than handing over the master key that exposes *everyone*]."

Well... they *DO* have the option of simply losing a large amount of market share, possibly even to the point of going bankrupt, as large numbers of people seek technology developed in other countries...

It really shouldn't be illegal to have a private thought or conversation! This country sucks! Certain people blinded by rage that the whole world doesn't worship them as Gods will do anything to anyone no matter the consequences to industry, commerce, banking, the viability of the country on the world market, the constitution and bill of rights, internationally accepted human rights, or basic rule of law.

goodcop.badcopMarch 16, 2016 11:37 AM

Concerning the PR management of FBIvApple and the role of the NSA, it appears to me like the old "good cop/bad cop" routine, but in this case being used to inject opinions rather than to extract information.

Following the Snowden disclosures the NSA took a huge hit to it's public image. What if an even more evil government agency were to rise up, and the NSA was to come to the rescue? Wouldn't that make the NSA seem relatively better?

For people who only see things in relative terms rather than in a coordinated frame of reference, the NSA would appear to be "good" instead of "less bad".

But the negation of a dis-value such as this is not a value, it is simply the removal of abuse. Like the relief that comes from stopping hitting your head against the wall.

There's also a subtle context destruction that comes from an assault on a universal right. The implied false alternative is that one must either be for the FBI or for Apple, but that there is no objective standpoint from which to consider the substance of the principles involved. The totalitarian goal in this area is to always be the ultimate ground for all thought. Every idea must be defined relative to the government and every frame of awareness must contain a figure which represents the government in one way or another.

So even if the FBI loses the Apple case, they will still have reinforced the government as the psychological container for all human action.

asdfMarch 16, 2016 11:46 AM

@Peter

It's not the size of the company that stops them from simply closing. It's the fact that they are "publicly owned"... that is, owned by stockholders, not by the company leaders. If the company leaders try to do stuff that is against the best interests of stockholders (such as closing the company) they will simply be fired by the stockholders. It literally can't happen unless the majority of stockholders decide that "human rights" is more important than their own money, and put their money where their mouth is, and flush all their money down the toilet to make it happen.

ReplyMarch 16, 2016 12:01 PM

@65535
@All

Former cyber czar says NSA could crack the San Bernadino shooter’s phone
http://arstechnica.com/tech-policy/2016/03/former-cyber-czar-says-nsa-could-crack-the-san-bernadino-shooters-phone/

Apple fires back: “Government is adept at devising new surveillance techniques”
http://arstechnica.com/tech-policy/2016/03/apple-fires-back-government-is-adept-at-devising-new-surveillance-techniques/

FBI v. Apple is a security and privacy issue. What about civil rights?
http://arstechnica.com/tech-policy/2016/03/fbi-v-apple-is-a-security-and-privacy-issue-what-about-civil-rights/

When graded on tech issues, 2016 presidential candidates don’t do well
http://arstechnica.com/tech-policy/2016/03/when-graded-on-tech-issues-2016-presidential-candidates-dont-do-well/

To bypass code-signing checks, malware gang steals lots of certificates
http://arstechnica.com/security/2016/03/to-bypass-code-signing-checks-malware-gang-steals-lots-of-certificates/

Why are so few Android phones encrypted, and should you encrypt yours?
http://arstechnica.com/gadgets/2016/03/why-are-so-few-android-phones-encrypted-and-should-you-encrypt-yours/

jfgunterMarch 16, 2016 12:47 PM

There will be another young MLK in future. There will also be another J Edgar Hoover. If FBI wins vs. Apple, young future MLK will be destroyed as a budding political leader. I expect no bold political leader could ever again reach the main stage of American politics.

Not to mention that hacking hardware and software tend to break out into the wild, and to come radically down in price. Private investigators serving major corporations, unscrupulous small businesses, and wealthy estranged spouses would surely benefit from this. Not to mention crime syndicates and ultimately young hackers.

The price of stingray clones has fallen from mid six figures to low three figures!

aikimarkMarch 16, 2016 1:27 PM

I would have no problem with the following conditions:
* The FBI paid Apple for their time and resources (and profit)
* The FBI turned over the phone to the Apple team
* The FBI would not get to see or participate in any part of the Apple process
* Apple only returns data to the FBI
* Apple destroys both the phone and their hack-related work

jonesMarch 16, 2016 1:55 PM

It would be amusing should the FBI reverse engineer the iPhone, were Apple then to slap them with a DMCA suit...

asdfMarch 16, 2016 1:59 PM

@aikimark You propose that Apple destroy evidence in a terrorism case, to try to falsely bolster the idea that it's "just this one phone" and "can't happen with any more phones" in spite of them already lining up 30 more phones to do this to?

Clive RobinsonMarch 16, 2016 2:01 PM

@ aikimark,

As I point out on the odd occasion, the only legitimate reason the FBI would have in the SB iPhone is "evidence".

Contrary to what many think there are a lot of tests evidence has to pass. One of which is the "chain of custody" abother is "available for independent testing". Thus if the FBI went to court with evidence from the SB iPhone they would reasonably expect it to be challenged.

If they cannot,

1, Explain how the evidence was gathered in exactibg detail.

2, Produce the phone for independent testing / verification.

3, Produce a faultless chain of custody.

Then it's game over the "fruit of the poison vine" applies and the whole case gets tossed, no mater how small a part in the evidence the SB iPhone data is.

It's the prosecutions duty to produce a "burden of proof" sufficient to meet the "beyond reasonable doubt" criteria the tribunal of truth --jury-- is required to apply. Thus from the defence point of view, if they can show "bad faith" / untrustworthy / withheld evidence from the LEOs even if miniscule then it irredeemably taints the rest of the evidence and the burden of proof for "beyond reasonable doubt" can not be met.

asdfMarch 16, 2016 2:06 PM

Sure, we're destroying the constitution and trampling on human rights, but it's just this one time, we promise, and we have to do it because of terrorism, or all children will immediately die everywhere and all mankind will cease to exist... think of the children... it's an existential threat... just trust me.

Never mind that you are more likely to die multiple times by slipping in the bathtub or getting struck by lightning than from terrorism... just trust me, terrorism is an existential threat, we have to give up every principle and law and right to combat it. Be very afraid. Be terrorized. TERRROR I say! TERRRRRORRRR!

geraldMarch 16, 2016 2:33 PM

Opening source code is a double-edged sword.

The chief benefit is peer review, theoretically.
One drawback is that users can then be duped into using corrupt versions, because the enemy can build their own.

http://www.networkworld.com/article/3044800/cyberespionage-groups-are-stealing-digital-certificates-to-sign-malware.html

You can't dupe a user into using a tampered version, signed or otherwise, if you can't build the thing to begin with... because you don't have the source code. The effort to surmount this obstacle corresponds to reverse-engineering. So, how can code be opened to permit review but not opened to permit an enemy to build corrupt versions?

I have seen signatures pasted on websites. So, I'm supposed to build a project from Git, then compare the signature to... what's on a website? There should be a stronger means of establishing integrity than this piecemeal chain of questionable steps.

Ray DillingerMarch 16, 2016 2:53 PM

I think this case actually has a lot to do with the Lavabit episode.

Lavabit received an order asking IIUI to enable the FBI to access a *single* account. The operator, fearing that their motive might be persecution and vengeance rather than prosecution and justice, took less than 48 hours to consult with an attorney. Consulting with an attorney, as a constitutionally guaranteed right, seems reasonable to me.

He may or may not have voluntarily provided access to that account - we'll never know, because by the time he had finished consulting an attorney the FBI had, apparently because of his less than instant compliance, made a completely intolerable demand instead for the keys to the entire site. That would have enabled covert, real-time access to the communications of subscribers who were specifically purchasing the service of privacy. Deprived of the ability to sell what his subscribers were buying, he shut the business down rather than engage in fraud or the provision of pretended services.

Then as now, the FBI made a demand for access so broad in scope, burdensome to provide, or contrary to the basic principles of the party from whom it was demanded, as to be offensive.

The major distinction as far as I can tell is that Apple has the money to hire a herd of lawyers and fight it in court, and Lavabit didn't.

If Lavabit had fought the demand in court and lost (very likely given its meager legal budget and the infamy of the single account that the FBI originally demanded access to) it would have established a precedent which the FBI would now be trying to leverage in further cases. So the decision by Lavabit to shut down rather than have a court battle was probably the only way to avoid the creation of a harmful precedent.

In much the same way the FBI now seeks a precedent in the Apple case, and in much the same way, compelling compliance with their order seems more important to them than the data from the one phone that the case is about.

So I have to wonder if an attempt to replace the precedent they planned to get from a Lavabit case, which they failed to obtain because it never came to court, may be part of what motivates the FBI in its battle over the Apple case.

Of course if they had that Lavabit precedent, they would certainly be using it against Apple right now.

DanMarch 16, 2016 3:09 PM

Is the IOS code verification and IOS code execution in seperate steps? If so, the FBI can just start up with the normal software and, once the verification is complete, Insert whatever program they want at the point in memory the CPU starts execution at. They would have to temporarily stop the clock of the CPU while they did it, but it would be very easy to do (assuming they have skilled hardware hackers, of course). They could probably even just disable writeing to the nonvolitile storage on the iPhone. That would probably be even easier.

CoryMarch 16, 2016 3:20 PM

I have a quick, somewhat unrelated question.

Can anybody recommend any good zero-knowledge encrypted bookmark managers (preferably in the cloud, but not essential) for Debian Linux?

I'm using a combination of Firefox and Google Chrome (yes, I know).

RonMarch 16, 2016 3:53 PM

@Ray Dillinger

Lavabit did lose and did create precedent, and the FBI has pointed this out in the briefs of the Apple case... Lavabit did hand over the keys in the end (on pages and pages of sparse tiny text), and THEN shut the company down because they could no longer sell privacy in good faith. It was either that or knowingly continue to commit fraud, or go to prison. Yep... those were the choices the FBI gave them: commit fraud or go to prison. They chose to shut the company down and not commit any (more) fraud.

Note that the Lavabit case is under seal, and the details are secret. Therefore most of what we know is either leaked or surmised. So it's literally secret precedent that we're not allowed to know. Heh.

albertMarch 16, 2016 3:56 PM

@John,
"...Did Senator Lindsey Graham grow a conscious?..."
That should be '...become conscious?...' It's funnier that way. (I know what you meant:)
.
@Scott Shepard,
IANAL either. Consider your argument from the point of view of a written contract, or a EULA (or TOS). Those a legally enforceable. If Apple had a contract that doesn't include anything illegal, it's enforceable, and binding. I wonder. If Apple did have legal contracts with millions of iPhone owners, promising not to compromise the products security, what kind of approach would the FBI take? A class action lawsuit by a million iPhone users would definitely be an excessive hardship on the company.
.
@Clive, @aikimark,
Getting that iPhone data is a forensic process, just like DNA analysis. The FBI has their own DNA lab, because they can't afford to trust outside contractors. If they had their own CyberEngineering Lab, they wouldn't need Apple's 'help'. They would simply reverse engineer the iPhone, then proceed:).
.....
I see this case as an example of LE trying to compel a person to spy on someone else. The person has to -agree- to do so; they can't be forced.
-----------
IronyWatch.org: US DOJ Celebrates 50th Anniversary of the FOIA
https://www.justice.gov/oip/video/us-department-justice-50th-anniversary-foia
. .. . .. --- ....

A Tor UserMarch 16, 2016 4:23 PM

Anyone else notice how many of the links Bruce links to are anti-Tor and can't be viewed with the Tor browser?

Rolf WeberMarch 16, 2016 4:24 PM

@Ray Dillinger

What you claim is simply wrong. In the Lavabit case, the FBI waited more than a month before they requested the keys. They requested the keys after it was clear that Lavabit was unwilling to comply.

lol at rolfMarch 16, 2016 4:56 PM

@Rolf Weber

What's the matter, having trouble defending your cult leaders in the government, so you have to pick on minutiae like timelines? lol...

A Tor UserMarch 16, 2016 5:06 PM

@That's the way of the world

Since some of them are actually full of pro-privacy articles, I assume some of it is just ignorance about cloudflare... it would be nice to educate some of them... but I can't find how to contact some like https://lawfareblog.com/

Thanks for the links. Ironically one of them blocks Tor.

"A VPN instead" is just putting all my trust in one specific third party (the owner of the VPN)... definitely NOT an ideal solution. (Not that Tor is ideal against a global adversary either, but I like to make my FBI work for their spying instead of just serving up secret orders...)

Marcos El MaloMarch 16, 2016 5:48 PM

@Clive Robinson
Are you familiar with the movie Blowup https://en.wikipedia.org/wiki/Blowup ? What you wrote caused that movie to come to mind.

I gather that you agree that the FBI has its evidence in its possession, but is now conflating analysis of the evidence with access to the evidence.

I wonder if the FBI wouldn't be asking the court to compel mediums to serve it if James Comey believed that the phone contained psychic impressions. I hope he is at least considering the possibility, else how can he face the families of the victims and look them in the eye?

asdfMarch 16, 2016 5:53 PM

@Marcos El Malo

Nah. If any medium will do he can surely find one that likes his nazi style... it's only a problem if he has to compel a certain one and that one happens to dislike the holocaust.

That's the way of the worldMarch 16, 2016 6:18 PM

@A Tor User

You can connect to a VPN via TOR if you're concerned about centralised trust. VPN's, unlike TOR, tend not to blocked as frequently. It's not an ideal solution but hey... that's the way of the world ;-)

To contact Lawfare you can contact their editor-in-chief

Email: benjamin.wittes@gmail.com
Twitter: https://twitter.com/benjaminwittes

DanMarch 16, 2016 6:47 PM

I think laws should be passed regarding use of organizational keys by law enforcement. Keys like SSL keys and Apple's code signing key should be kept by that organization only, for that organization's use only. This should especially be the case when the key in question is required to be confidential for the integrity of the service. If the FBI request apple's code signing key and get it, Apple should at least be able to sue them if something bad happens regarding that key (such as it being leaked onto the internet, or malware signed with it showing up). (a corporation is considered a organization in this comment)

rj brownMarch 16, 2016 7:05 PM

Has anyone considered the possibility that Apple will dodge this bullet by moving its headquarters offshore? Lots of other companies are doing this for tax reasons, why not Apple? Apple already has significant presence in other countries. A move of the HQ to a crypto-friendly country could make a way out of this FBI mess for Apple, but it would leave the FBI with no reason to try it again with another company.

Sancho_PMarch 16, 2016 7:10 PM

Re Benjamin Wittes (https://www.lawfareblog.com/new-front-second-crypto-war),
quoted by @Bruce.
It seems Wittes had a very bad childhood, probably as orphan?

His highly sophisticated “Approach #2” is completely obsolete.

It is something everyone with intact family would know:
For each important lock you need a spare key.
In case of an important pwd you would write it down in case shit happens.
If you don’t, likely it isn’t important or you don’t want to share it even with your relatives.

OK, it might be no one has told you about the possibility to write it down.
Jeeeeze, Ben.

I think I don’t fully understand #3, #4 and #5, so I assume they are not reasonable.

OldFishMarch 16, 2016 7:19 PM

@Aikimark

What you describe is a contract. The problem is that when only one party is interested it becomes thuggery.

asdfMarch 16, 2016 7:19 PM

@Dan

"Apple should at least be able to sue them if something bad happens regarding that key"

What about potentially billions of dollars in lost business (or trillions industry wide), as people migrate somewhere else to another country, when the only "bad" thing perceived to have happened is that the USA is proved just as bad as China, North Korea, and Russia in regards to basic Human Rights? Is the FBI going to pay them all back for all that? It's so ridiculous...

How about the collapse of the entire American banking industry, or all shopping and commerce, because end-to-end encryption between companies and their customers or between each other is outlawed? Is the FBI going to just shrug and "pay everyone back" for all that??? Yet that's the very warpath they are on! Arrg! I'm a pirate! Let's war againsst all teh things everywhoare!

Don't forget the entire tech industry itself... you want to drive to another city to log into your server at a physical console, because end to end encryption has been outlawed? You can't just reverse time 30 years and ban the whole internet...

Geez people... talk about "existential threat" This f***** up government is waaaay more of an existential threat to modern man than any bogus terrorist. Hey! I got it, why don't we rewind time all the way back to the "dark ages"... I believe there were like 50 to 150 million people slaughtered because of their beliefs, not the measly 5 million that weakling hitler did... This is where the future is headed when all worldwide communication, thought, and education has to be strictly monitored and controlled to make sure any heretical viewpoints don't creep in. Well, we're already doing 2 out of 3, we're well on our way!

WhiskersInMenloMarch 16, 2016 7:53 PM

I am curious how the justice expects source to be delivered.

No vendor has unencumbered source. Most devices not purely
of Apple's design would have encumbered documentation available
to customers of sufficient status only under NDA. A betting man would
note that some of these companies are not in the USA.

International trade agreements and treaties established by the president,
department of state and congress have applicability of these international
contracts.

I suspect that Apple cannot certify that their source code is free of
pollution from AT&T and other Unixe trade secret and copyrights
restrictions thus the white room group at the FBI would have to demonstrate
that they have a valid access to this content. Copyright is longer than
the life of Micky Mouse don't ya know.

Knowledge of the internals of iOS is currently limited to Apple employees,
x-employees and contractors ALL under NDA. It would be a violation of that NDA
to present yourself as knowledgeable of ISO internals. Staffing and
training a group to make an error free modification would likely have
a learning curve.

Error free -- that reaches out to the QA and test harnesses.
Some purchased, some Apple authored, all wrapped into
an Apple documented ISO 9001 and more document set.

Apple products appear to share a lot of features and OS functionality.
The easy way to accomplish this is to have a common source tree system.
This court is interested in a single model of a phone but my uninformed
(I never worked at Apple) opinion is to collect the code for this one
phone and package it would involve a lot of work helped a bit
with "unifdef". Massive stuff breaks when #ifdef stuff is stripped.
Makefiles that might expose future products need editing.

Consider the simple case of building a kernel for a Raspberry Pi.
A lot of folk cannot get it right and it is very open.

Apple might mutter that abuse of contracts as established by NDA
and employment agreements have value and will be litigated naming the
employee and the employer.

Interesting...

FigureitoutMarch 16, 2016 8:35 PM

WhiskersInMenlo
No vendor has unencumbered source. Most devices not purely of Apple's design would have encumbered documentation available to customers of sufficient status only under NDA.
--Exactly. Especially something like a smartphone. Will require lots of external expertise that Apple surely gets some real nice support w/ any issues it has lol.

In other words, what if you *can't* do what FBI is asking? That's baloney legally, you *can't* do it, and your supposed to be allowed to not "incriminate" yourself. Same w/ decrypting malware that encrypts your files.

DanMarch 16, 2016 9:24 PM

In the comments of one of the previous posts about this case by Bruce Schneier (this sentence is a little complicated, I know), I presented my idea of a compromise: If you have to make a backdoor, make it like the Dual_EC_DRBG backdoor (that backdoor requires knowledge of a secret number to use).(An interesting backdoor idea is a public key cipher turned into a symmetric cipher in a way that the ciphertext can be decrypted by the symmetric key and the private key) Generate the backdoor parameters in a hardware security module (It helps if you can prove you did this, also you should probably make a few backup HSMs). Make the HSM act as a decryption oracle (a function that outputs the plaintext when you input the ciphertext), but with an enforced delay between decryptions. If you choose the delay right, it will be useful for a few targeted cases, but useless for mass surveillance.(I explained my reasoning a bit more here then I did in my other post)

WhiskersInMenloMarch 16, 2016 9:29 PM

Figureitout

Thanks, I think you have it.
The source to IOS contains stuff that is not Apple's to surrender.
It can be done but the legal and technical work to identify all the externals
and have DOJ issue like demands on all is a bigger than a breadbox
task. Operating systems have binary blobs that are encumbered
if by nothing other than wrapper technology.
Even MP3 code and other codex for audio and video are encumbered.
For the FBI to load and install their own build -- could place them in
in sufficient violation that anything found would be acquired in an illegal
what that could cast fruit of the poison tree far and wide.

Interesting all the stuff going on.
Edits of court opinions with liberties we see day in and day out on network news
where the fact checkers are sleeping.


Parts of the government have AT&T unix licenses but these are
often restricted to an office or project by contract.

Marcos El MaloMarch 16, 2016 10:57 PM

@asdf This, exactly and precisely. Even I was totally unconcerned about government surveillance and ascribed to them the best of intentions (stop laughing, y'all, I'm being serious), I do not esteem their competence for protecting anyone from cyber threats, no more than I think they are competent at preventing crime. Indeed, the SCOTUS has ruled that the government has no constitutional obligation or liability to protect anyone from any threat, even when it is a clear and present danger. Even when it is in progress. (Look up Castle Rock v. Gonzales. I've got a link somewhere in my notes.)

Police angencies had a brief golden age when it was easy to intercept unencrypted communications, and now they believe it is their right, and it is a right that supersedes . . . apparently everything. Our frikkin' property rights are at stake if one doesn't overly care about our other rights. To solve more crime, they would remove our ability to protect ourselves, our homes, and our shit.

Most troubling is that the government has stated in so many words that it believes it has the power, under the AWA, to seize both the source AND the signing key. What's that Darth Vader line from the Empire Strikes Back? "I am altering the deal. Pray I don't alter it further." (Footnote 9. of the latest DOJ filing -- the thing Marcy Wheeler wrote about at https://www.emptywheel.net/2016/03/14/dojs-clear-threat-to-go-after-apples-source-code/ )

@WhiskersInMenlo -- possibly the DOJ took an Linux Enterprise License from SCO. ;-) Joking aside, there is precedent for the government to just outright seize IP under eminent domain when it serves a national security purpose (according to them). I don't remember the case name, but it had to do with propellor design. Company filed for a patent, IP immediately seized under a gag order or NSL before patent is published,

tyrMarch 17, 2016 12:11 AM

"But Huxley, Orwell and Kafka didn’t take away hope, they gave it to us. They gave us the words to describe the present (not the future, though the present is the moment at which the past becomes the future, so they’re related). They gave us the cognitive tools to conduct the argument about the society we want to build, how we want our technology to serve us."

Cory Doctorow

The entire Apple/FBI fiasco should be written up as Kafka.
The inability to enforce the legal snooping on the documents
of the dead based on an ancient law from before the first
transistor was invented. So where's the "reality tunnel"
that made this seem like such a wonderful idea that tax
dollars have to be wasted on it ?

If they were a little less eager to hound smart people out
of the country or into the grave maybe they would recieve
more sympathy for the inherent level of madness and stupid
ideas being exhibited.

GaryMarch 17, 2016 12:29 AM

He, of course, shut his service down rather than turn over the master key. A company as large as Apple does not have that option'

I totally agree with @peter. This comment is absolute nonsense. What makes Apple a more important company than a much smaller company?

So Apple with its hundreds of billions of dollars must be supported in a case like this but a small business should just shut down?

Marcos El MaloMarch 17, 2016 3:13 AM

@Gary
It's the difference between a sole proprietorship and a company owned by many many thousands of shareholders. The sole proprietor can make the decision instantly to shut down operations and call it a day. A publicly traded company's management cannot make that decision. You'd need a majority of shareholders to decide to pull the plug. (An individual shareholder may sell his or her shares, but that doesn't shut the company down.)

John SMarch 17, 2016 4:12 AM

Apple could just invert their company to an Irish company (think pharma M&A) or Switzerland or Germany....

Then I doubt the USA can demand Apple (a foreign company) to do anything.

Of course this is just an escalation and it is likely that the USA would try and gang up with a few allies to get an international law passed. Good luck with that.

In a global world where everything is distributed around the world and where many America companies don't bring profits back to US shores due to tax implications, what value is there in being an American company?

Apple doesn't need to move people, or production or R&D, just create a new registered HQ in a foreign company. Switzerland offer very good deals...

Snarki, child of LokiMarch 17, 2016 6:56 AM

Hey, if Apple wants to *negotiate* some sort of backdoor with FBI, they're risking their entire iphone market.

SO: The FBI should be compelled to put money in escrow to compensate Apple for damages from FBI's mishandling of the backdoor.

I suggest about $1 trillion is the right amount. In small bills, to be held in a locked room at Apple HQ. It would be just as secure as FBI's handling of the iphone backdoor, amirite?

DanMarch 17, 2016 7:58 AM

@Snarki
Apple should just make the FBI sign a contract with Apple when Apple writes the backdoor. The contract should hold the FBI responsible for all loss of profits Apple experiences in the next 4 years(or even longer).
That should become a standard for giving backdoors for the goverment. While this is wishful thinking, I really hope it is asked for by Apple.

CuriousMarch 17, 2016 9:05 AM

Btw, I was listening to a recent presentation by Daniel J. Bernstein ("First 10 years of Curve25519", audio only), and I thought it was interesting to hear that he speculated that Apple is using symmetric encryption on the iPhone with curve 25519. I might have butchered what he said here, but such was my impression. As for how it makes sense using ECC for symmetric encryption, I have no idea, not something I know much about. Feel free to enlighten me.

That made me think, if NSA somehow knows of a way to break ECC stuff, I guess they wouldn't let FBI in on it, and so I amused myself thinking that NSA isn't officially helping FBI for that particular reason.

I am not a cryptographer, so don't mind me if what I wrote sounded silly.

Clive RobinsonMarch 17, 2016 9:56 AM

@ rj brown,

Has anyone considered the possibility that Apple will dodge this bullet by moving its headquarters offshore? Lots of other companies are doing this for tax reasons, why not Apple?

I've mentioned this a couple of time on this blog in the past week or so, but nobody wanted to pick up on it.

And from the look of this thread nobody else wants to talk about it here either :-(

I suspect the reason is to do with "Off Shoring" HiTec jobs to the east etc, as has happened with the semiconductor industry, and other industries before that. In part it's kind of "Don't mention the Devils name, lest you call him to you" type thinking.

However to do it Apple or any other Corp does not need to actually move it's HQ off shore. It just needs to off shore it's research and IP holding divisions and make them effectivly autonomous. That is to all intents and purposes "out of jurisdiction and beyond their direct control".

Some Corps have already done this as a tax avoidence measure via the likes of variois very small EU nations (you would not believe the royalties some people pay on coffee making ;-). Put simply you put the IP Holding autonomous entity in a tax haven, you then use the royalty payments to funnel what would otherwise be profits "Off Shore". It's the same as doing "back to back loans" and other financial engineering through tax havens. The intent is to reduce profit to loss in most taxable jurisdictions by finding an excuse to pay the real profit tax free into the tax haven. Of course any loss you make can in most of these taxable jurisdictions be used to "offset earnings" in future years, such that the tax authority effectivly ends up owing the company large sums of money...

In most countries moving the staff or dividends back would also not be a particular problem, however as far as personal and corporate tax is concerned the US is a major oddity. It can in effect require people not just to work abroad but also give up their citizenship to avoid US tax. Such financial "balls and chains" are yet a further disincentive to making HiTec jobs in the US for Corps. And people are getting genuinely frightened about it reaching a "tipping point" where HiTec jobs will be in the East not the West and will never come back (think Television and other home electronics manufacturing). The unprivileged US citizens will suffer significantly try thinking of Silicon Valley becoming like Detroit and similar car / iron&steel / manufacturing towns, due to the lack of "economic churn". Even those retired will feal the effect as their pensions and other investments will tend rather rapidly to "head south" and have minimal if nonexistant value, as there will not be the required economy to support them. But as those retiring probably won't be able to aford the health care the life expectancy of millenials will drop back into the pre-baby-boomer sixties or early seventies, not the eighties to low hundred+ of the baby-boomers and privileged...

It's why what Jim Comey is doing is utter madness, every way you look at it you can only see major harm to the US and it's citizens. As for the criminal edge cases he and the DOJ try to convince you "are a dire threat to civilisation as we know it" they are not, never were, and very unlikely to be so in the near future. It's all political posturing alied with nest feathering from the likes of the MIC. Further the back doors Comey&Co want are actually relativly easy to avoid for people who can read a book and think further than a week into the future . It actually takes less knowledge than you get in high school maths to implement secure communications that neither the FBI or the NSA can crack (think "One Time" codes and ciphers).

It's one reason why those who have actually taken a critical look at the issue get quite annoyed at the "authoritarian followers" that just regurgitate the Comey nonsense without critical thought. In effect the authoritarian followers are more sad than those "Tea bagger children, waving "Atlas Shrugged" placards and chanting devoid of meaning slogans because mummy told them to", because unlike the children you would expect them to know better...

65535March 17, 2016 10:23 AM

To be succinct, the FBI is beating and dead horse.

There is little, if any data that would add to the FBI’s case in the San Bernardino murders.

What the FBI is looking for is a Court Room ruling on the ability to force IT manufactures to build back-door's or malware for their products. This is a dubious and harmful practice for all American companies.

If the FBI really wanted ‘Leave no stone "un-turned” it would have gone to the NSA or other similar Three Letter Agencies [TLAs] to get the data from the 5C cell phone.

This could include key stroke cache, and some key strokes/passwords to a chat room(s) – and possibly pictures on the phone. This is a dead end. If said pictures and data has been sent over the system the FBI knows.

The 5C phone has already been pwn'd by the FBI and probably does not contain any critical key stokes or critical images. It is clear the SB killer case is old and cold.

But, this case could be labeled as “Terrorists Attack” which could be followed for years on end. The FBI is looking for a legal way to spy on every iPhone in the USA [and probably world wide] to justify their expensive existence.

The FBI wants a court room "precedent" to force large and small companies into submitting to the FBI's wishes of making cracking software. This is wrong.

The FBI and the government NSA/CIA] can probably do so in short order without help from the Apple. It's a power grab by the FBI. I say let this case die in peace.

JimMarch 17, 2016 10:41 AM

@ Clive robinson, "I suspect the reason is to do with "Off Shoring" HiTec jobs to the east etc, as has happened with the semiconductor industry, and other industries before that."

I'm of the belief that this is by design, so I'm not too worried about it.

"It just needs to off shore it's research and IP holding divisions and make them effectivly autonomous."

Companies like Apple need protection or a potent enforcer to maintain their competitive edge, as they are one of the pioneers in that regard. It's been a way to keep the smaller hands out of reach, putting competitors back a few months, by slapping them with accusations they understand little. I'm not so sure if moving is in their best interest.

Snarki, child of LokiMarch 17, 2016 11:57 AM

@Dan
"Apple should just make the FBI sign a contract with Apple when Apple writes the backdoor."

What a kind, trusting soul you are!

Please consider, when not just "contracts" but TREATIES exist, judges rule, and yet the Feds drag their feet for decades because they don't want to pay (Native Americans, in some of the most egregious cases).

CASH. UP. FRONT.

blakeMarch 17, 2016 12:01 PM

@Dan

> Apple's code signing key should be kept by that organization only, for that organization's use only

> If the FBI request apple's code signing key and get it

These two sentences are in the same post. You appear be using the word "only" in a manner which which I am not familiar.

> the contract should hold the FBI responsible for all loss of profits Apple experiences in the next 4 years

Besides the idiocy of "hey everyone, we've got 4 years to not care about product quality because we're guaranteed a profit!", how does that help the Apple customers who had their phones hacked?

> I presented my idea of a compromise ...

1994 called, they have a Clipper Chip to sell you.

Jim LippardMarch 17, 2016 12:10 PM

Anon commented above on March 16 at 7:09 a.m.: "I'd like to see a history of FBI crimes." You can start with Ronald Kessler's _The Bureau: The Secret History of the FBI_ (2002) and Tim Weiner's _Enemies: A History of the FBI_ (2013).

PeterMarch 17, 2016 12:57 PM

This is really funny :
"Tor is an anonymity service that is maintained with assistance from the US State Department and designed in part to allows victims of censorship in countries like China and Iran to surf the web."
http://www.theregister.co.uk/2016/02/25/tor_users_discriminated_against/

Riight...
TOR has ONE purpose : Enabling American spies to hide in plain site, among all the pedophiles, necrophiliacs, credit-card dealers and other scum of the dark internets ..

Scott ShepardMarch 17, 2016 1:55 PM

@albert Exactly! But I'd go even further to suggest that no written contract is necessary, just as I don't remember written contracts between me and my doctor explicitly specifying that the doctor will not share any information without my permission.

I don't believe Privileged Communication requires a written contract. I believe the Contract of Confidentiality is implied. Apple, and any other company sharing access to our encrypted information should consider themselves liable. If this isn't the case already, perhaps it should be legislated as such.

Mr. Schneier mentions "information fiduciaries" in this regard. I haven't researched that phrase yet, but it sounds like a third party, who would hold on to the private key, for times when a warrant is presented. If these fiduciaries are independent agents, not susceptible to political coercion, then perhaps that is the way to go.

Regards

Clive RobinsonMarch 17, 2016 4:06 PM

@ Jim,

I'm not so sure if moving is in their [Apple's] best interest.

It's a question of balancing risks, untill the FBI started this stupid "mine are bigger than yours" pissing contest you would be correct.

Now however it rather depends on if they can win in court.

One quick fix they might try is to "off shore" the signing process and update all existing phones so the current signing key is nolonger live on users phones. Thus even if the FBI did get the source code and the existing signing key, the all important new signing key would be out of the FBI's reach. However whilst it would solve the SB iPhone issue, the FBI is going to take a rather dim view and thus try to punish Apple in some way out of pure malice, because that is at the end of the day their basic MO.

It's upto Apple and their shareholders to do their own risk analysis. However I suspect the current tactic will be to use the court system to "kick the issue into the long grass". And wait on a new President and judge on SCOTUS and then hit the lobbying side to get an affermative legislative change to ensure that something not to disimilar to CALEA has an FBI/DOJ proof applicability.

DanMarch 17, 2016 6:10 PM

@blake,
I was trying to present multiple results from this "terrorism" debate that I would be okay with. Best case scenario: Code signing keys (and any other important keys, if possible) should not be used without the consent of the company/organization/person. If that doesn't work out, then the government should be liable by any damages caused as a result of requiring a key to be used or a backdoor be put in a protocol/service. If backdoors are mandated, I want it to be done in a way that is totally useless for mass surveillance (we should research how to do backdoors correctly and if it is possible to do backdoors correctly(for a certain meaning of correctly,I choose 'useful for the things the governments SAY they want backdoors for, not the things they ACTUALLY want them for') so that if backdoors are mandated, they are actually well thought out, instead of put together at the last minute). All of these results would be acceptable to me, but I prefer the one that protects privacy the most.

Sancho_PMarch 17, 2016 6:28 PM


@Clive Robinson, @rj brown

”… I’ve mentioned [going off shore] … but nobody wanted to pick up upon it” [Clive Robinson]

Going offshore isn’t an option for the company [1].
Steve Jobs could have done that, but Tim Cook can’t.
Steve Jobs might have done that, Tim Cook wouldn’t.

Can you imagine someone being proud to be American?
Tim Cook is.
He would rather change his life than betraying American values.
Similar to Ed Snowden.

Apple isn’t Tim Cook, Tim Cook isn’t Apple.

[1] See:
It’s not about Apple, it’s about Tim Cook - Now it’s about Apple:
https://www.schneier.com/blog/archives/2016/02/judge_demands_t.html#c6717303

DanMarch 17, 2016 6:36 PM

I propose a plan for a little fun at the Fed's expense: Someone should make a open-source "secure" protocol that is deliberately backdoored (the protocol should still be secure, if it didn't have the backdoor). The protocol should have "having a backdoor" as one of its "selling points" (I note that I said it would be open-source). Release the protocol to the public and watch how it is adopted by absolutely nobody. For extra fun, the documentation of the protocol should clearly explain how to make the backdoor useless without breaking compatibility with the backdoored version of the protocol (that part of the documentation should be base64 encoded so government officials don't notice it right away). Maybe some government officials will advocate the protocol before they realize the SPECIFICATION ITSELF describes how to defeat the backdoor (the protocol is open-source…). Nobody has to do this, but it would be very funny if someone did.

JPAMarch 17, 2016 10:16 PM

I think it was Clive who mentioned the real serious issue here and that is what Apple's attorneys are pointed out as the sinister extension of the All Writs Act. The FBI is taking the position that if the government orders you to do something that will facilitate their investigation into a crime then you need to do so, unless what they are ordering is against US law. So it doesn't matter if it will violate your religious or personal values, you are supposed to comply. That means that they can order you to betray your spouse or children, have sex outside of marriage if that would compromise someone, etc etc.

The FBI is trying to make themselves God and that needs to be stopped.

WhiskersInMenloMarch 18, 2016 3:00 AM

@Marcos El Malo
Yes patent secrecy orders are a real thing.
They do not stop a rocket company from building
a rocket for the government. The rocket gets classified.
That does open a tangle. Should the patents in motion
by Apple be sequestered with patent secrecy orders
and review the ability of Apple to innovate for a market could
be hobbled. Apple employees would have to have clearances
and locked rooms and .... fences... and guards with guns.
Hillary would get her encrypted phone but it would be
an expensive one. ;-)


name.withheld.for.obvious.reasonsMarch 18, 2016 3:05 AM

If corporations are people then the FBI is essentially asking the Apple corporation to commit suicide (or at least engage in a game of Russian Roulette). It is as if Comey is a prosecutor and Apple's Tim Cook(think Aaron Swartz) is a defendent in a criminal case.

Comey is asking Apple (Tim Cook) to make sure that his trousers are easily accessible from the rear. Simultaneously Apple is to provide appetizers at catered events with high profile guests and dignitaries. Tim Cook being one of the servants at these events is also made to be "accessible at any time" without any of the party guests becoming aware of his "possibly" compromised position.

Somethng that fails to work in real life certainly won't work in (F)antasy (B)uilt (I)llusion land.

blakeMarch 18, 2016 10:40 AM

@Dan

> If that doesn't work out, then the government should be liable by any damages caused as a result of requiring a key to be used or a backdoor

This is still insane. Taxpayers end up paying Apple for Apple brand loss because those same taxpayers had their iPhones hacked and private information stolen.

fooMarch 18, 2016 12:36 PM

As @blake pointed out, the whole "FBI should be liable and have to pay damages" argument ignores the fact that the very victims end up paying for that through their taxes. The only way for to get around that and keep the argument is to make the individual FBI agents and leaders themselves PERSONALLY liable... which doesn't work either because they don't have trillions of dollars laying around do they... though it would be nice to lock a few of them up I suppose, when they keep abusing the law and breaking the constitution.

CallMeLateForSupperMarch 18, 2016 1:08 PM

@JPA
"The FBI is trying to make themselves God and that needs to be stopped."

The process that could do that will begin on 22 March with oral arguments in FBI vs Apple.

"Democracy is messy." (someone said) I would add, "And slow."

@All
Certain fundamentalist knee-jerks have publically exercised on their opinion that Apple is "not above the law" and should just lie down and STFU. But in fact Apple is working *within* the law here; they have substantial grievances (compelled "FBiOS", to name one) and they seek relief in court. This exact process grinds along every day in courts around the world.

albertMarch 18, 2016 1:20 PM

@Scott Shepard,

A written contract is not necessary. A court has already ruled that a TOS is a legal contract, even if you just check a box on a screen. It's the same with EULAs. Once you open the iPhone box (after you've carefully studied the warnings :), you've already agreed to the terms.

From Apple:
"...On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess....".

What if Apple had included: "Apple will not make alterations to hardware or software that allow access to protected user data" (or words to that effect)?

. .. . .. --- ....

SkepticalMarch 18, 2016 2:44 PM


A few points.

Apple's first response to the court's order was... to issue a press release.

In this press release, between proclamations of the Department of Justice's good faith, they accused the Justice Department of:

asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals.

They called the government's request for assistance chilling and claimed that:

The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

The protests of Apple, tinged with hysteria and not a little hypocrisy, found their echoes in its legal response to the court order.

The legal briefs filed by the Department of Justice have been extremely well reasoned and well argued. Read outside the immensely pressured atmosphere created by Apple, they are easily persuasive.

However, it would be foolhardy to fail to address what Apple is actually doing here.

Whatever one might think of the applicability of the All Writs Act here, the decision of a federal magistrate to invoke it to require a few engineers from Apple to spend a couple of weeks writing some code to disable a delay-and-erase feature that would be physically installed on the phone in question by Apple, and - remarkably - remain under Apple's control, does not enable the government to order products be designed with backdoors.

Let's remember that this is a request for assistance concerning a device which is already the subject of a search warrant.

Ordering a company to design a way to access information stored on any product it sells, now or in the future, is well beyond the scope of this case. It in fact has nothing to do with the case.

The question of whether lawful access features should be designed into widely used software and hardware is a legislative one. It is not the question that faces the court.

The questions that face the court are much simpler, and much narrower:

Is Apple's assistance necessary to effect a search warrant issued for this phone; is the assistance they would need to provide unreasonable; and does an existing statute or law preclude the applicability of the AWA?

That's it.

These flights of hysteria, the constant recourse to a "war" metaphor, the silly equivalence drawn between China and the United States (the difference between the two is not that either may, under their respective laws, conduct searches; the difference lies in when those laws authorize searches, and how their respective political and legal systems protect against abuse), only serve to obscure the straightforward questions before the court.

And perhaps that is the point of all this. Because as neither the law nor the facts are on Apple's side, and because Apple has slyly pushed so many into becoming early adopters of its objections, the only thing left to do is to make a lot of noise - full of sound and fury, of strong phrases and striking gestures to sacred principles, but ultimately irrelevant to the actual question before the court.

SkepticalMarch 18, 2016 3:01 PM


Regarding jurisdiction:

It does not matter whether a company is headquartered offshore. If a company does sufficient business in the United States, as Apple most certainly does and will continue to do, then they are within US jurisdiction.

This is in fact how it works in most countries, for obvious reasons. And it's led to some very thorny legal issues when the laws of one country conflict with those of another; sorting out these conflicts is itself a complicated area of law in the US legal system, as courts consider various factors as to which law it ought to apply in a given case (yes, that's right, in the U.S. system that a company is within the jurisdiction of a court does not end the question of what law should be applied to a particular question - a U.S. court may decide that Irish law, for example, is appropriate to determining whether certain information should be disclosed).

As to the reason for keeping sensitive research inside the United States, the answer is rather obvious to anyone who does not view the US Government as the primary enemy:

Inside the United States, your intellectual property receives better protection, both in law and by the action of law enforcement and intelligence agencies, than it would receive almost anywhere else.

From a business vantage, the danger is not that the United States Government will serve a search warrant on you. The danger is that a foreign competitor will gain your secrets, either via its own private espionage or via the assistance of a foreign government.

Quite frankly - despite the incendiary rhetoric lobbed by some who have viewed the US Government with strong animosity for some time - the tech industry in the United States has been extremely well protected, well treated, and well encouraged by US policies.

And it will continue to be so, whatever the outcome of this case.

I also don't doubt that, behind closed doors and in quieter tones, most of the tech industry understands the extent to which Apple's press releases form part of Apple's competitive strategy.

Why does the tech industry publicly support Apple, at least by show of hands? Because that is the most obvious and least risky way to counter Apple's strategy.

The objective of Apple's moves here is differentiation from competitors. How does one neutralize such a strategy? Easily enough here - one simply says "yes, we agree!" Differentiation neutralized.

Net effect on public discussion and policy? Negative.

DanMarch 18, 2016 5:13 PM

An interesting idea is to randomly audit laws from time to time, and decide if they are still necessary(using various criteria such as "do people know it exists?","has there been any case that involves this law in the past 20 years?",etc…). This appears to be a good idea at first glance, but I wonder what other people think.

BuckMarch 18, 2016 6:00 PM

@albert

Is that for real from Apple? Link or scanned image please! Gotta love those legal loopholes...

On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are
...
easily forced by Apple to upload from iOS into the Apple iCloud infrastructure, regardless of your personal choice of iCloud backup settings. In the case of any government request, your passcode will not be required to lawfully comply with any government search warrant. Apple's highly qualified team of lawyers and technicians will assist you in any legal proceedings, and Apple will tightly restrict all knowledge of this process under the severe penalties of NDA violation. Not even you, the customer, can legally be notified.
This policy is the ultimate testimony of how much Apple cares about the emotional and physical safety of you, our most valued customer.
Remember, if you plan on committing a heinous crime, please keep your iPhone in the 'on' position and fully charged at all times. Thank you for participating, and please enjoy the loss of your privacy!

The Repairer of ReputationsMarch 18, 2016 6:44 PM

TL;DR, skeptical at 2:44 stamps his widdle feet in a precious tantwum.

at 3:01 he takes a mulligan - perhaps suspecting that his querulous fit of pique undermines him when he tries to be the Tone Police ("hysteria" 2X! "silly"!) - whereupon skeptical pontificates into the attention-economy void for another couple encyclicals before telegraphing Big Brother's current Big Lie with his special BS-DM safe word, !*frankly*!,

"the tech industry in the United States has been extremely well protected, well treated, and well encouraged by US policies

...if you shit on the law when you're told to. If you don't, of course, crooked Fed scumbags frame you based on your super-duper Nostradamus powers of prophecy and CFO testimony fabricated by innumerate FBI assholes.

http://www.talkleft.com/nacchio/nacchionewtrial.pdf

There, skep, now you're not a liar.

Clive RobinsonMarch 19, 2016 1:41 AM

@ Dan,

Much in the EU legislation has a built in review / update period of around seven years.

As I've said in the past ALL laws should have a "sunset clause" whereby the politicos have to vote it back into statute[1]. Thus give them something else to do other than create new often harmfull legislation[2]. It also alows laws to have unintended consequences removed or reduced in scope. It also alows president and other case law to be properly reviewed and legislated for or rejected.

It won't solve all the problemd, and it won't stop new problems arising, but it will slow them down and give opportunities to rectify them a lot less painfully.

[1] And yes I realy do mean "All laws" including murder. History shows that it is necessary for a healthy, just and humane society.

[2] It's a simple fact of life that if you give somebody power they will use it as much as possible, unless you occupie their time in other ways. Worse in the US much in the way of proposed legislation is not drafted by legislators or --supposadly-- impartial civil servants but corporate lawyers and lobying groupd giving "gift horse" drafts to legislators that later turn out to be "Trojan horse" legislation when on the statute books...

QnJ1Y2UMarch 19, 2016 5:22 AM

@Skeptical

Apple's first response to the court's order was ... to issue a press release.

That's a bit of a lie by omission - it was the FBI that decided to make this into a public argument.

The short version:

  • FBI gets phone, contacts Apple.
  • Apple works with FBI to the extent possible after the iCloud password had been changed.
  • FBI doesn't speak to Apple for over two months.
  • FBI gets court order in an ex parte hearing, Apple isn't even invited.
  • Apple finds out about court order through the media.
  • Apple responds through the same channel.

The FBI's actions here shine some light on their motives. It sure looks like they wanted a test case more than they wanted the data on that phone.

More details here: http://www.ibtimes.com/apple-ceo-tim-cook-blasts-fbi-blindsiding-company-court-order-we-knew-it-was-wrong-2338402

albertMarch 19, 2016 11:24 AM

@Buck,

It's a text copy from Apple. [https://www.apple.com/privacy/government-information-requests/]


For further research, see their Eulas This one's iOS9.1:

https://ssl.apple.com/legal/sla/docs/iOS91.pdf

Warning! It's 418 pages!

Happy reading:) Let us know if you find anything interesting.

. .. . .. --- ....

NikoMarch 19, 2016 8:17 PM

@John S

Inversion is actually quite a bit more complicated than you make it out to be. The American Jobs Creation Act of 2004 essentially tells US corporations that they can't change their corporate domicile unless they meet certain conditions.

SkepticalMarch 20, 2016 10:49 PM

@Qn:

The FBI's actions here shine some light on their motives. It sure looks like they wanted a test case more than they wanted the data on that phone.

I have to be honest. I don't see anything extraordinary about the court's order here, given the relatively low burden imposed upon Apple.

The order is for Apple to furnish assistance to disable a feature in its OS via an apparently known means of access. The order allows Apple to keep the means used to do so proprietary, and moreover to design this instance to work only with this particular phone.

The barrier between Apple's capability to create a module to disable the feature is remarkably thin - 2-4 weeks, 6 engineers, including auditing, QA, and technical documentation.

So the court order doesn't substantially expand Apple's existing capability to disable the feature. It simply orders Apple to make use of it in order to effect a lawful search warrant of a terrorist's phone.

The rhetoric from Apple is nauseatingly misleading. Perhaps they think they're standing on principle. I'm sure they've convinced many of the rank-and-file that they are. We all like to feel that we're playing for the good guys.

But the people at Apple who devised this strategy, and the more thoughtful ones less wiling to buy the company line, know better.

I don't care what industry we're talking about. Let's start calling bullshit by the stink of it, no matter how well dressed it may be in rhetoric and very expensive lobbying and PR efforts.

PR efforts, I'd add, that extend from NGOs to industry groups; lobbying efforts that extend to every influential member of several committees in COngress, and key individuals beyond.

Enough. This isn't about backdoors; this case isn't about resolving the bigger issue of the approach of ubiquitous eTe strong encryption and the effect it will have on resolving crimes both ordinary and extraordinary. Those who say otherwise either do not understand the American court system, are lying, are misled, or are genuinely mistaken.

I'm tired of multinationals destroying communities, weakening the ability of nations to control their own destinies, and treating laws as exercises in finding loopholes to maximize profits.

I'm tired of multinationals hijacking the language of ethics and human rights in a cynical effort to cloak practices that honor neither.

Enough. Apple wanted to throw its weight around. It used, and is using, every connection it has, in one of the most cynical, false, misleading campaigns I've seen since I last watched a soundbite from Donald Trump.

So you know what? Fuck Apple. The Department of Justice should take off the gloves. Perhaps the Department of Justice doesn't have Apple's PR and lobbying machines. But it does have a pretty damn good understanding of the rule of law. Perhaps it's time that Apple understands that. Perhaps it's time for Apple's attorneys - the sane ones, not the ones drunk on the kool-aid nor the ones loaned from the ideologues - to explain that concept to the executives.

Apple has the capability in all but name. They can enable the Department of Justice to access the mobile phone of a terrorist. And instead of using that capability - which, I emphasize, they possess in all but name - they've chosen to mount a marketing campaign.

They shield their income in tax havens across the world. They offshore jobs to factories of brutal conditions (and then claim to be shocked, shocked, that their absurd production requirements turned out to require factory workers to assume absurd work schedules - oh, by the way, who designed a supply chain based on that?). They abuse the patent system in ways that wastes huge sums of money and time, and likely stifles innovation as well.

And now this.

Enough. Engineering and design brilliance does not make one moral, nor provide one with ethical insight, nor endow one with special protection against the normal human impulse to rationalize our selfishness in the language of nobler sentiments.

Let me be more clear. They're acting like corporate assholes. And some are taking the opportunity to make what they think is a useful ally in a larger fight.

Be careful who you tie your cause to. Big ships can become big anchors.

You want to pretend that private industry is the ethical side and that government is composed of evil spies and incompetent cops - well, you're welcome to your fantasy-land. In the real world it's actually government, and law, that keeps private industry in check, that ensures their conduct remains within bounds that we find consistent with our values.

FBI gets phone, contacts Apple. Apple works with FBI to the extent possible after the iCloud password had been changed. FBI doesn't speak to Apple for over two months.

The FBI came up with the specificity contained in that court order on their own? No contacts with Apple?

I don't buy the "FBI doesn't speak to Apple for two months."

FBI gets court order in an ex parte hearing, Apple isn't even invited. Apple finds out about court order through the media. Apple responds through the same channel.

The order was served on Apple. Apple is given ample time to respond to the court order.

Instead Apple chose to make this is a PR campaign, fitting it in nicely into an strategy to differentiate themselves from their competitors.

You understand how these companies work, right? This wasn't an off-the-cuff, emotional missive from TC. They conferred, discussed, devised a strategy, and executed.

Apple's message is simple: "hey, growth markets, we're willing to protect your privacy to an extent no one else will; and we care about our customers and their data to an extent no one else."

Apple: "You can trust Apple. You can't trust anyone else. So when it comes to your most precious data, whose product are you going to buy to communicate and store it?"

The issues floating around this debate are important. But this isn't the context in which to have that discussion.

FigureitoutMarch 21, 2016 12:32 AM

Skeptical
I have to be honest. I don't see anything extraordinary about the court's order here, given the relatively low burden imposed upon Apple.
--God you're so out of line. So ignorant and unqualified to make any statements in these matters. Do it yourself if it's such a low burden. How much C code can you cut? Not even just C, that's easy here, how about some assembly, likely some microcode and some kind of HDL needed, and also the all the hardware changes that'll probably be needed, that's at least a few weeks for new boards. These are guesses, they may affect way more and affect other modules that all have their own design considerations and at least 100 page datasheets (if you're lucky) that are all so squished in something like a smartphone. It's a highly constrained design environment. Way more than your ignorant schedule. Do you even know what you're talking about? You probably don't, you're so unqualified to make these decisions. Get these non-technical people out of making decisions in technical environments! It's so wrong. Stay out.

In short, f*ck you and you ignorant people. Get away from us.

annoyedMarch 21, 2016 10:22 AM

Skeptical (and Obama, and the FBI, and half of Congress, and every possible president-to-be-elect) wants to make all real (i.e. unbreakable) encryption illegal. He therefore wants to destroy all technology, all banking, all commerce, and the whole economy. He is willfully ignorant that all these things are completely dependent upon it, in a fingers-in-ears-la-la-la kind of way.

Does he think that when he buys something online, it uses easily-breakable encryption, so that lots of criminals can steal all his money? Or does he use unbreakable encryption? What about when he transfers money between banks?

When a computer admin logs into a cloud server to administer it, does he use easily-breakable encryption so that every hacker can break in and take over the server too? Or does he use unbreakable encryption?

Outlawing such activities (like using real encryption in banking, commerce, or computer administration) in the USA doesn't reverse mankind's understanding of mathematics. The cat's out of the bag, and people both want and need it. Outlawing Apple and any other domestic company from providing it will just let other countries provide it instead, and put domestic companies at a severe disadvantage, forcing many into bankruptcy.

I won't speak to the Human Rights issues, since obviously Skeptical has the morals of Hitler himself in this respect. i.e. it's bad when China does it, but it's fine if the USA does the exact same thing. So hypocritical and utterly repulsive.

even more annoyedMarch 21, 2016 10:42 AM

...and then, on top of that... after destroying all technology, banking, commerce, and the economy... you STILL won't have actually made it any easier to catch criminals!!!! what the f***!!! You see, real encryption is so ubiquitous that criminals will still always have easy access to it, even if it's outlawed. So they'll be no easier or harder to catch as a result. It will be the same. Only the INNOCENT will suffer!!!

Skeptical, if you want to ban encryption because criminals use it... why aren't you lobbying for outlawing cars because bank robbers use them? What's the matter with you? You are such a hypocrite! You and your kind are everything that's wrong with this country! Please move to North Korea where you'd be more comfortable with the authoritarian rule. Stop messing up my country.

QnJ1Y2UMarch 21, 2016 10:59 AM

@Skeptical

You should read the Time magazine article from the post, along with the article Bruce just posted. In short: If you're going to be outraged about this incident becoming a public spectacle, then you need to direct at least some of your outrage at the FBI and DOJ.

--------

I don't want to trust Apple with the keys to my data. After all, they are an organization made up of people, and they have a problematic and inconsistent history.

I don't want to trust the FBI with the keys to my data. After all, they are an organization made up of people, and they have a problematic and inconsistent history.

I want to manage the keys to my data. Which is why I am ecstatic that Apple thinks there is a market advantage for secure devices that let me have complete control of the keys. Markets usually work for the features they focus on. Security is usually treated as an externality; if it becomes a primary feature, then security will improve, through reviews, analysis, buying choices, etc., no matter who sells the phone.

Also, if Apple thinks there is a marketing benefit to not compromising their products, then they get to treat that as a burden to be discussed. They at least deserve a hearing on that factor, and not some ex parte evasion.

still annoyedMarch 21, 2016 12:02 PM

@QnJ1Y2U

No... if criminals can use any product or feature, then automatically it should be outlawed! Never mind all the good that comes from the rest of us using it... So ridiculous!

I have an idea... let's pass a law that says it's illegal for the sun to shine on criminals, that'll teach em! Or maybe just make it illegal for criminals to breathe air, that way we can lengthen their sentences with every breath... think of the boon to the prison companies! I think we already tried to pass a law that PI was 3, remind me why that didn't work out?

Clive RobinsonMarch 21, 2016 6:38 PM

@ still annoyed,

It is known as "The Indiana Pi Bill" or more formally "Indiana House Bill No. 246, 1897" and the offending part is towards the end of section two...

https://www.agecon.purdue.edu/crd/localgov/Second%20Level%20pages/indiana_pi_bill.htm

However the bit of most import for our arguments is Section Three, which sounds just like the FBI's Jim Comey and Pres Obama with,

    In further proof of the value of the author's proposed contribution to education and offered as a gift to the State of Indiana, is the fact of his solutions of the trisection of the angle, duplication of the cube and quadrature of the circle having been already accepted as contributions to science by the American Mathematical Monthly, the leading exponent of mathematical thought in this country. And be it remembered that these noted problems had been long since given up by scientific bodies as insolvable mysteries and above man's ability to comprehend.

Thus in short some in the past have tried to set "the laws of man" above the laws of both "nature" and "mathmatics" and failed. But the short version misses out on "the lessons of history"...

The start of the story began with physician and amateur mathematician Edward J. Goodwin in 1894. He incorectly thought he had come up with a solution to the "Pi problem" and persuaded the AMM to publish his idea (though they sensibly added a disclaimer). Having achived this he went on to use it to persuade state representative Taylor I. Record to propose a bill...

The rest they often say is history, but that misses the important lesson history teaches. Even back then many people knew the idea of squaring the circle was false and ridiculed it. BUT like a snowball down a mountain once things start to roll in the legislative process they can be difficult to stop, thus the second lesson of this event is to "Squash it flat before it gets to roll" in the legislative process.

In the case of the "Pi Bill" it was only finaly stopped by the timely intervention of Prof C. A. Waldo of Purdue University, who happened to be there on the day of the final vote, and gave the "learned gentlemen" a lesson to the wise.

Even to this day "amateurs" present as "fact" their faux notions that professional practitioners have already shown to be false. You can often spot the amateur by the way they try to defend their notion by not actually addressing the points raised by others, or making often rude accusations that others are not understanding the amatures self acclaimed skill etc etc. It is often very tiresome to deal with people with faux notions as they tend not to realise the basic logic of why their arguments are false.

Sadly though such amateurs provide those with vested political interests a way to throw doubt on the laws of nature, logic and mathmatics. We have seen it before and we are seeing it currently, and we will in all probability see it in the future.

ianfMarch 21, 2016 7:00 PM


This just in, datelined 23:50 GMT

THE GUARDIAN: FBI may have found way to unlock San Bernardino iPhone without Apple

Federal authorities have cancelled Tuesday’s court hearing with Apple, saying an ‘outside party’ has shown a potential way to crack Syed Farook’s phone

[…] On 20 March, the government said, an “outside party” showed the government a potential way to crack open Farook’s phone. The government said it would like to test the method and file a report with the court by 5 April.

An Apple spokesman didn’t immediately reply to a request for comment. The White House, which has stood by the justice department in its feud with Apple, didn’t immediately comment on the reversal.

http://www.theguardian.com/technology/2016/mar/21/fbi-apple-court-hearing-postpone-unlock-terrorist-iphone

ianfMarch 21, 2016 7:23 PM


BTW. the headline "FBI may have found way to unlock San Bernardino iPhone without Apple" sounds WAY MORE like The Guardian reporters' attempt at a speculative mansplaining of the cancellation, THAN as had it come from the FBI.

Had Comey et al. found a way to crack that iBone 5c of contention already, he wouldn't have to disclose it, and so the FBI probably would go through with the ongoing suit. So it may just as well be that someone higher up decided on such a "nominally" face-saving move:

    Hey Apple, someone showed us how to do it, so we no longer want to risk losing our bollocks in SCOTUS, and NO HARD FEELINGS, M'KAY?

annoyed but "relieved" (eyeroll)March 21, 2016 9:08 PM

@Clive

Naturally you give the most thorough, interesting, and informative explanations of things, as always. Even things presented as rhetorical. Please never tire of this! :)

@ianf

Good god if that's all they wanted to do with it I could have showed them how to "crack" the phone ages ago... you see, it is made of glass after all so you just take a hammer... :)

Dirk PraetMarch 21, 2016 9:37 PM

@ ianf

THE GUARDIAN: FBI may have found way to unlock San Bernardino iPhone without Apple

It would be kinda cool if their April 5th report would state that John McAfee was unfortunately unable to get the job done, that the phone is now totally bricked and for which they need Apple again. Or that someone had found a yellow sticky in Farook's wallet that said "iPhone password".

Clive RobinsonMarch 22, 2016 12:31 AM

@ ianf, Dirk Praet,

Had Comey et al. found a way to crack that iBone 5c of contention already, he wouldn't have to disclose it, and so the FBI probably would go through with the ongoing suit.

That would be my first thought on the matter...

However, lets do what we should never do --and forensic walla's do all the time-- which is argue from effect to cause...

Even though Sceptical won't admit it the FBI started a "pissing contest" with Apple, by notifing the press before Apple and it's even be suggested before the Magistrate inked the paperwork.

Basicaly the DOJ/FBI are on a "Minr are bigger than yours and made of steel" power trip, but Apple have given the "That don't impress me much" replie, rather than fall on their knees and Kowtow.

The DOJ legal types have then dropped the ball in the public arena, and appear keen on tripping over their laces at every opportunity as well. They are losing the publicity battle as other tech corps are goining the frey on Apples side. All this has not been helped by Obama trying to pretend that "the laws of man" overide the laws of nature, mathmatics and logic, a feat he's likely to get an IgNobel for.

Apple have made it clear they are planning to go all the way on this, and if I were a betting man at the moment I'd put a small wager on Apple, as I suspect will a few others.

The DOJ/FBI have kind of painted themselves into a corner and don't have anywhere to go currently.

Thus they might want to back out of their position as cleanly as possible for them.

I think it's probably safe to say there is neither evidence or actionable intelligence on the SB Phone. And the FBI's actions suggest they know it as well. Thus with no quick win in sight and no real point in proceading they may be looking for an out.

Thus this mysterious new capability to break the SB phone could well be nothing of the sort. That is it could be nothing more than a face saving ruse by the FBI. After all they don't have to show they have actually got into the phone to anybody. To get back at Apple all they have to do is imply that they have, thus weaken confidence in Apple's product.

Any way what ever the reason there's now time to make new popcorn for the next round ;-)

CamilleMarch 22, 2016 10:10 AM

Apple: "You can trust Apple. You can't trust anyone else. So when it comes to your most precious data, whose product are you going to buy to communicate and store it?"

It's hard to put trust into any product, after Snowden came out with his findings. As many here pointed out in the past, it's not only the badge but also production lines, shipping lanes, service providers, and all the way down to every little thing installed on it or attached to it.

For the most part, as we've seen with Snowden, the mass market don't care. They will continue to buy products they enjoy, Windows being one. It's everyday convenience that counts the most for most. Microsoft continues to sell, despite not having hopped on any privacy bandwagon and despite activist cautions.

I'm more inclined to believe that Apple is fighting due to cost of engineering. The plateau of one billion devices in service can be costly to maintain. It isn't just a matter of customer care like the PC makers of old, it's a massive infrastructure of connected services. So I'm not so sure if Apple won't eventually cave into this.

annoyedMarch 22, 2016 5:43 PM

@Camille:

You are right on about trusting hardware and software vendors. It's also frustrating that the masses don't care, but there is a vocal minority that does care, and I think over time it continues to grow no matter how pathetic of a rate. Therefore it makes sense for some company somewhere to attempt to capture some of that minority... Apple's not doing anything out of altruism, it's always only to help its own bottom line. We just need to evangelize enough so that a lack of security hurts the bottom line, and then presto, companies will at least start to pretend to care about security! Just like Apple. In the mean time our best option is a pragmatic one to do the best we can and add a bit of self-censorship (you didn't think my real name was "annoyed" did you?)

fibbing business incorporatedMarch 22, 2016 9:17 PM

The FBI would of already known how to break into the phone. "Waiting on someone to show them how", meaning we've already done it, but we would like a backdoor into all of these phones to break into them all remotely in a much shorter time frame this being too good an opportunity provided by The Terrorist , and if backdooring everyone's phones is publicly unpopular despite The Terrorist then we will get "someone" (internal cracker) to demonstrate an alternative method to break into the phone that we only just learnt (in the last year or so) from "someone".

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.