FBI vs. Apple: Who Is Helping the FBI?

On Monday, the FBI asked the court for a two-week delay in a scheduled hearing on the San Bernardino iPhone case, because some "third party" approached it with a way into the phone. It wanted time to test this access method.

Who approached the FBI? We have no idea.

I have avoided speculation because the story makes no sense. Why did this third party wait so long? Why didn't the FBI go through with the hearing anyway?

Now we have speculation that the third party is the Israeli forensic company Cellebrite. From its website:

Support for Locked iOS Devices Using UFED Physical Analyzer

Using UFED Physical Analyzer, physical and file system extractions, decoding and analysis can be performed on locked iOS devices with a simple or complex passcode. Simple passcodes will be recovered during the physical extraction process and enable access to emails and keychain passwords. If a complex password is set on the device, physical extraction can be performed without access to emails and keychain. However, if the complex password is known, emails and keychain passwords will be available.

My guess is that it's not them. They have an existing and ongoing relationship with the FBI. If they could crack the phone, they would have done it months ago. This purchase order seems to be coincidental.

In any case, having a company name doesn't mean that the story makes any more sense, but there it is. We'll know more in a couple of weeks, although I doubt the FBI will share any more than they absolutely have to.

This development annoys me in every way. This case was never about the particular phone, it was about the precedent and the general issue of security vs. surveillance. This will just come up again another time, and we'll have to through this all over again -- maybe with a company that isn't as committed to our privacy as Apple is.

EDITED TO ADD: Watch former NSA Director Michael Hayden defend Apple and iPhone security. I've never seen him so impassioned before.

EDITED TO ADD (3/26): Marcy Wheeler has written extensively about the Cellebrite possibility

Posted on March 24, 2016 at 12:34 PM • 68 Comments

Comments

Renato GolinMarch 24, 2016 12:46 PM

Most likely the delay had nothing to do with FBI's capabilities, but yet another attempt to get precedent in introducing back-doors into general software.

Once they get in, there's no way out. And precedent for the operating system opens all kinds of back-doors.

To me, that was clear a well orchestrated theatre to push tech companies to give up due to pressure. If anything, they learnt that it's going to be a lot harder, so the next iteration might be even worse.

TommyMarch 24, 2016 1:30 PM

"If a complex password is set on the device, physical extraction can be performed without access to emails and keychain." [BBC Article]

I don't understand this. From what we've been told the iPhone firmware cannot be updated unless it has been digitally signed by Apple themselves - this is essentially the FBI's case. I can see this being possible if the device is jailbroken but there is no caveat suggesting this is necessary in Cellebrite's description of their exploit.

If a complex password (i.e. alphanumeric) is in use on the device how can Cellebrite decrypt the information? Providing that the password is sufficiently complex (which is convenient because of TouchID removing the requirement to constantly re-enter it) then unless Apple have badly implemented their encryption I don't understand how Cellebrite could decrypt it (except by brute force).

Does anybody have any ideas?

I've had a look at Zdziarski's blog and there are no clues there.

Watch former NSA Director Michael Hayden defend Apple and iPhone security. I've never seen him so impassioned before.

Maybe because this case has re-ignited the post-Snowden furore amongst Apple and other tech companies. I can see the NSA being scared witless that Apple will augment their security in retaliation (it's already been suggested Apple are looking at a zero-knowledge iCloud) thereby depriving the NSA and law enforcement agencies of access even with a warrant. If Apple wanted to be really secure they could entangle the bootloader with the user's encryption keys to prevent this sort of attack and/or use a TPM with hardware-controlled reset functionality.

mozMarch 24, 2016 1:33 PM

Do you have more than the ongoing relationship to guess on? If not, I would guess against you. If I was a company that had a hardware physical analyzer, and there were was a version of the phone that I couldn't crack, I would be desperately trying to work out how to do it. This would take time, but especially with the level of recent news pushing them to concentrate on the issue eventually they would find a way.

We have a very small, cheap physical chip (compared to a typical HSM / coprocessor) which contains "Secure enclave" including the store for the raw key for decrypting the device encrypted with no more than the key stretched PIN code (if we are lucky). N.B. all the actual public info about the A7 chip seems to come from people who have actually broken it open.

Attacks could consist of things like

  • finding a way to read the hardware memory using e.g. a tunnelling electron microscope or similar
  • blocking the counter which records PIN attempts, e.g. by destroying the counter memory cells
  • removing power from the chip after it checks for success and before it updates the counter (if implemented wrong, which we can't tell) - probably needs to be done by directly interfering with the chip
  • finding a vulnerability to reset the counter code*
  • side channel attacks on the pin checking process
  • using targeted x-ray radiation to zero chosen memory bits

All of those would be very slow and difficult to achieve first time and would be expensive next time. Cellebrite probably already has a process to do that but they probably haven't got it ready to commercialise widely. Probably you don't tell anyone about it until you are sure you can commercialise it, but when your big customer starts saying it's impossible, you contact them quietly to tell them that you could do it. Remember, if the FBI forced Apple to decrypt the phone, they'd probably destroy a big bit of Cellbrite's future business.

* if you have a vulnerability in the secure enclave software, would you be able to read the AES key directly??

David MMarch 24, 2016 1:36 PM

"I have avoided speculation because the story makes no sense. Why did this third party wait so long? Why didn't the FBI go through with the hearing anyway?"

That statement is assuming that the FBI wasn't lying all along about not being able to get into the iphone. Considering that the various agencies have lied at every turn concerning the surveillance of American citizens, why would a prudent person think that they have NOT been lying about needing Apple's help to break into the iphone in question?

One thing that I never seem to hear in discussions involving the government: Considering their track record of lying (both historically as well as in recent times), who in their right mind would trust them?

As I learned as a child, Trust has to be earned, and once lost is nearly impossible to regain. Color me cynical, but without proof otherwise, the smart person would start with the broad assumption that the US government is lying and go from there.

SwerviamMarch 24, 2016 1:47 PM

Of course it doesn't make sense to you, you're sane. Comey is struggling to defer his final decisive humiliation in court until media attention abates. He's obsessed with his P.R. After all, this is the famous hero of STELLARWIND who stood his ground in that dramatic fake hospital confrontation, then promptly acquiesced and today happily dabbles in all your metadata.

Issa's going to collect his scalp anyway. Comey's burned his reputation to a crisp. To preserve FBI impunity they need a new head chump to ruin.

SkepticalMarch 24, 2016 1:51 PM


One of the elements required by the All Writs Act in these circumstances is the necessity of the third-party's assistance.

If the FBI can access the contents of the phone without Apple, then Apple's assistance is no longer necessary. The Department of Justice would be obligated to inform the court of such a change in circumstances.

Cellebrite has an excellent reputation and I'm sure they have a robust R&D process. I have no idea if it's them. It's plausible. But there are many other candidates as well that seem equally probable at this point.

This is part of the unintended, and long-term, consequence of refusing to provide certain assistance to the US Government: you dramatically increase the incentives of the US Government, and many others, to find ways to break your security that ultimately leave everyone worse off relative to the state of affairs had assistance been furnished. This is because in furnishing assistance the incentives of the US Government, and the company, to ensure that the means of assistance are not abused are aligned, and so the parties can coordinate.

If not, the incentives are not aligned, and you ultimately have a state of affairs where matters are inferior from a security vantage. And indeed the risk increases as well of a monolithic political solution that may itself be inferior to diverse means of coordination and cooperation.

As far as setting precedent - this case no more sets precedent than does the denial of the US Government's motion by a federal magistrate in the EDNY.

Eventually the case might percolate upward to the appellate level, and the appellate court's decision would certainly have power as precedent - controlling power over the 9th Circuit and persuasive power elsewhere.

However, though the law as it stands now is firmly on the side of the Department of Justice[1], I don't think this is an avenue that the Department of Justice ever wanted to take. Nor frankly should it have been an avenue that Apple should have ever required to be taken either.

As the relatively stable world order that existed after the Cold War becomes progressively more uncertain, and as information and communication technology becomes progressively more important in all areas of our lives and in all forms of social conduct (including criminal), it becomes increasingly important that the tech industry and the government work together and coordinate to solve - or at the least mitigate - related problems and challenges with an open mind and in a collaborative spirit.

Whether that can be achieved remains to be seen. All parties involved, however, need to take the long view of things, and accept the reality of tradeoffs that tensions in our values, limits in our technology, and imperfections in our political systems, necessarily impose upon us.

[1] Yes, obviously certain parties disagree. However the legal reasoning of all of those parties is driven entirely by their preferred outcome. If one detaches for a moment from what one's preferred outcome is, and looks simply at the law and at the leading case on the issues raised, then - once one includes Apple's calculation of the resources needed to assist - the conclusion that the court's order was indeed proper under the AWA is very difficult to avoid. Of course, that's not the only analysis one would use in predicting what a specific court would actually decide - there are additional factors in play there as well, including the court's own preferred outcome.

CJDMarch 24, 2016 2:08 PM

Interesting however, that if you click through to more of the contract details, the description says: "IGF::OT::IGF UFED software renewals for seven machines" which appears to be exactly the product quoted in this article....

badMarch 24, 2016 2:16 PM

"EDITED TO ADD: Watch former NSA Director Michael Hayden defend Apple and iPhone security. I've never seen him so impassioned before."

If that guy's defending iPhone security, iPhones must be very insecure... That guy wants everyone to use insecure devices so he can spy on them. "Security" to him is defined as "insecurity" to us normal people. Security to him is whatever he says it is (i.e. completely insecure so he can spy on you and "protect" you), not what is actually mathematically and logically secure.

Which means the FBI are either completely incompetent or have always been completely lying through their teeth both in and out of court... Either they are bumbling buffoons for not being able to figure out how to get into such a hole-riddled device, or they have been lying all along that they need Apple and they've already broken into it ages ago, therefore not satisfying the All Writs Act prerequisites even though they falsely claimed it was.

Both possibilities are very bad.

SasparillaMarch 24, 2016 3:40 PM

Just to throw it out there, the method the FBI said it would use is the method that Rep Issa (CA and computer literate) was asking FBI director Comey, in detail and on the record, if they'd tried a week or two ago in front of Congress.

One of the "rules" of the late 1700 law the FBI is trying to use to bludgeon Apple with is that if the government has another way of accomplishing its goal instead of compelling the person / company, they they have to try that first (no ambiguity).

It would be amusing if the Administration's legal team was watching the hearing, saw what Rep Issa said and had a conversation along the lines of "That $#!!@$%& congressman just outed one of the ways we can get into the phone (that we've been ignoring). If we haven't "tried" this and its brought up in front of the Judge, our case could get thrown out."

That's not to say the FBI couldn't just sit on things for a couple of weeks and say "Nope, didn't work." and go back to work on Apple in April. With what's happened in Europe, I'd be surprised if they didn't since the PR environment would be better.

Have to mention, this whole idea of depending on For Profit companies to protect our privacy in direct contrast to nearly every democratic govt on the planet (and certainly all the tyranical ones) - doesn't seem like it can last very long - and frankly it doesn't seem like it really is anyone other than Apple. From a purely logical stand point you do what the people who control your access to your markets tell you.

Short of Apple making a huge shift, which they could, and Open Sourcing (not free though) their OS's, compiler, apps and most importantly BIOS / firmware images so they could be audited and watched. Out in the sunlight it would be much harder for Secret Orders from Secret Courts and Govts to force back doors into their products, but otherwise it seems they are doomed to eventually be "broken".

Apparently Apple is also quite sure the NSA's shipping service has been hard at work on their iCloud datacenter hardware: http://arstechnica.com/information-technology/2016/03/report-apple-designing-its-own-servers-to-avoid-snooping/

Apple needs to transition ASAP.

Mortification BuddiesMarch 24, 2016 4:14 PM

in which skeptical rubs his chapped ass in Corsican-brother empathy with his disgraced idol, HSBC Director of Deferred Prosecution/FBI spokesmodel, Josemaria Escriva de Comey.

Just in case you were adrift, unsure what you Need To do, and groping for spiritual guidance from some disembodied village idiot on the web, skep whips up a new mortal sin for his totalitarian creed: "refusing to provide certain assistance... with an open mind and in a collaborative spirit." This makes Baby Jesus cry because it incents the government to sabotage or duplicitous spoliation. Bad, bad citizen! You made the government break the law!

There's really nothing you can do for these beltway Chekisty except round em all up and give em a nice-'n-easy Nuremberg Drop. They're undebaathifiable.

Clive RobinsonMarch 24, 2016 4:19 PM

@ Moz,

if you have a vulnerability in the secure enclave software, would you be able to read the AES key directly??

That depends on if the 256 bit AES master key is in memory or not. Although not known definitely it is believed from Apple's documentation that the key is only in memory when unlocked.

With regards hardware attacks, the iPhone has not been designed to withstand certain levels of attack, due not just to cost but process reliability. Which means some hardware attacks have a probability of succeeding that might be acceptable to the FBI (remember it's very very unlikely that the FBI are actually looking for court presentable evidence).

One thing that is unknown is how Apple store the 256bit AES master key in memory. For various reasons they might not have it in memory very long at all. Without going into all the ins and outs, the 256bit key gets expanded into "round keys" you actually only need to store these for a lot of the modes you use AES in. Thus once the round keys are built the master key can be zeroed out of memory. But you can also circulate the round keys in a memory buffer so that it's not clear from examining the memory alone which byte contains which byte of a round key or which round it belongs to. You can also have the bytes encrypted in some way by for instance storing two bytes that you need to take the difference between or add together or XOR together to recover the actual byte of KeyMat. I've used variations on these ideas over the past three decades to protect keys in memory, even for comparatively low security applications (call it habit ;-)

Clive RobinsonMarch 24, 2016 4:23 PM

@ David M,

Color me cynical, but without proof otherwise, the smart person would start with the broad assumption that the US government is lying and go from there.

Shouldn't it be "go downhill from there" ;-)

albertMarch 24, 2016 5:21 PM

As far as I can tell, the UFED device and PC s/w are plug + play systems. From their website (Excel s/s) they list 6500+ makes and models, up to and including iPhone 6Plus. Read the users guide to see what they can do (pretty much everything). It's quite remarkable.
.
Dollars to donuts says that Cellebrite (and their competitors) have been working on the latest Apple products since they hit the market. It's smart to shut up about it and even smarter to maintain a good relationship with the FBI.
. .. . .. --- ....

AnuraMarch 24, 2016 5:56 PM

@Clive Robinson

For various reasons they might not have it in memory very long at all. Without going into all the ins and outs, the 256bit key gets expanded into "round keys" you actually only need to store these for a lot of the modes you use AES in. Thus once the round keys are built the master key can be zeroed out of memory

Of course, for AES-256 the first two rounds in key schedule contains the original key. Also, you can probably recover the 256-bit encryption key from any two sequential round keys due to the simple nature of the key schedule.

Clive RovinsonMarch 24, 2016 6:00 PM

@ Tommy,

I don't understand this. From what we've been told the iPhone firmware cannot be updated unless it has been digitally signed by Apple themselves - this is essentially the FBI's case.

In the case of quite a few chips not if you have physical access to the chip and it's programing pins.

Think about it this way, when the chip comes into the factory it does not have Apples code or public key on it, so there has to be a mechanisum to put them on.

It's only when Apple have put the appropriate code on that it becomes possible to update the chip via a different route to the programing pins. It's this code that Apple ads the new/update App/OS signiture checking code and public key to.

In theory you could just update the public key to a new one, if you knew exactly what location in memory it was, and this might well alow you to then add on your own apps etc dependent on how Apple did the code signing (if they only checked the signiture on the App initial download and storage rather than for each loading into RAM for execution).

Clive RobinsonMarch 24, 2016 6:36 PM

@ Anura,

Of course, for AES-256 the first two rounds in key schedule contains the original key.

Not of the "master key" just if my understanding from the Apple docs is correct, the keys derived from it that go to form the various "working keys" and there subrounds.

It's not altogether clear from the Apple docs I've read, just how long the master key is needed or kept. likewise what size etc the various sub keys are, or if Apple have used unmodified AES or not. It's why I said I did not want to go into the ins and outs of it. I just wanted to indicate as simply as,possible what Apple could do if it wanted to to make an attackers life difficult.

The alternative would be a long winded, confusing explanation. It might also be incorrect depending on what Apple have said in their docs and what they may want to keep a "Trade Secret". Also I would have to spend some time re-reading the Apple docs to check for clues etc, which as it's "holiday time" in the UK I'd rather not do ;-)

That said you are correct in saying the key expansion in 256bit AES is not what it could --some say should-- be, and if my memory serves me correctly there was a bit of a stink about it a few years ago, where Bruce got dragged in over the interpretation of what a "break" ment.

AnuraMarch 24, 2016 7:18 PM

@Clive Robinson

Ah, I see what you are saying. I remember reading the whitepaper, and being unclear about exactly how the encryption system works, so I can't really comment on that.

As for AES, from what I've read, all of the big attacks could have been prevented with a slightly stronger key schedule, to the point where just adding one rotation operation (preferably by an odd number of bits) for every 32-bit word would have been enough. I think, ideally, you would want to make the key schedule so that no key or subkey bit can be trivially predicted with a high probability from any combination of (other) subkey bits.

Marcos El MaloMarch 24, 2016 7:39 PM

@bad

If that guy's defending iPhone security, iPhones must be very insecure... That guy wants everyone to use insecure devices so he can spy on them.

Not necessarily "very insecure". You'd need to tell us relative to what it is very insecure. More insecure than not using a mobile device at all, or careful use of burner phones? Yes, clearly. We already knew that.

Hayden's agenda here is twofold. He's looking at the bigger picture –the overall security environment. Remember that part of the NSA's mission is to assist in network security. Set aside for a moment the incompatibility of that mission with the primary spying mission. The NSA has many employees devoted to this mission, employees that work earnestly and sincerely. So let's give him the benefit of the doubt (that you may revoke later) that he is concerned with keeping financial, business, and infrastructure networks as secure as possible. He doesn't want to push encryption development offshore and he knows that those who need strong encryption, be they "good guys" or "bad guys" (by his lights) will obtain and use it anyway.

Part Two of his agenda is to make bulk collection of metadata and mass surveillance palatable. You'll notice he never used the hysterical phrase "going dark". Instead he talked about content not being available. He said this was happening anyway, but no worries because the NSA has all the intelligence it needs from metadata. He is framing bulk metadata collection as something entirely reasonable compared to the FBI's obsession with content. I think this is his main goal he is pursuing, after establishing credibility for being pro-security.

We know he isn't being quite candid here, because the NSA is sucking up all the data, including content and encrypted content, for later targeting. He wants to draw attention away from that and just talk about how great the NSA's metadata strategy is, how it's both effective and less invasive.

He's not trying to trick you into using an iPhone. Use whatever phone you believe to be secure, or just don't use a phone. Just keep in mind best practices when ordering pizza. ;-)

Marcos El MaloMarch 24, 2016 8:10 PM

@Sassparilla

I tend to agree with your view. The FBI/DOJ cannot proceed if there is a credible alternative. While they can try to ignore all the suggestions being offered in public, they can't ignore something offered by a forensic lab already under contract. The legal repercussions would be too great if/when the offer was disclosed. So, they're doing the prudent thing by asking for a continuance. This isn't really costing them much PR-wise. What's the worse case scenario? The contractor accesses the phone? Then the FBI says, "See? That's all we really wanted, access to this one phone." (Meanwhile continuing the propaganda campaign to mandate backdoors. You know they're going to take another run at Congress next year, after the new President is elected.)

If the contractor fails, the FBI/DOJ continues with the case, but now they say, "See? We are playing fairly."

@Mortification Buddies

I wasn't even going to read him until you commented, but it's the same old PR flackiness. He's basically saying "security theater is good" and "the government should be in command of business". I wonder if he was born a fascist or if it happened when he was studying public relations at university.

badMarch 24, 2016 9:01 PM

@Marcos El Malo

Your "part two" makes a lot of sense... that he's trying "to make bulk collection of metadata and mass surveillance palatable."

However it really frustrates me when people say "give him the benefit of the doubt"... why? I like what @David M said about starting with assuming they're lying until proven otherwise. So far lying is all most government leaders have proven they're capable of. I include all purposefully "bending" or "omitting" the truth in ways that make falsehoods seem like truths as lies too, by the way...

"NSA's mission is to assist in network security. Set aside for a moment the incompatibility of that mission with the primary spying mission."

Nope! Those two can't be separated. And that incompatibility can't be ignored. That incompatibility has caused them to literally promote insecurity as security. Do I really need to remind people of Dual_EC_DRBG? That fiasco is one example where it has been shown that this is a problem for them. Then instead of trying to resolve the conflict of interest by breaking apart the two conflicting parts of their mission into different organizations... they decide to bring their two parts of their organization even closer together? Nuh uh... You have to go back to what @David M said at that point. Always assume the worst out of them, until proven otherwise.

Now after having said all that, he may not be trying to promote insecure iphones as secure specifically so that he can spy on people more easily, but the general idea that whatever he's saying is full of falsehoods until proven otherwise still holds (we just may not know for sure which parts are the falsehoods).

JamesMarch 24, 2016 9:55 PM

"This will just come up again another time, and we'll have to through this all over again -- maybe with a company that isn't as committed to our privacy as Apple is."

Apple is not committed, again it's all theater.

This recent development is the FBI's way of saying "We can't get it done now, too much publicity, so we will pursue this at a later date"

It's amusing people continue to believe Apple is some kind of "nice guy", they use slave labor, the don't pay taxes, IMO they purposely cripple their software (goto fail anyone?)and finally they make nothing anyone needs, just pretty toys that's all they do.

Daniel MMarch 24, 2016 10:14 PM

@ Sasparilla
"Have to mention, this whole idea of depending on For Profit companies to protect our privacy in direct contrast to nearly every democratic govt on the planet (and certainly all the tyranical ones) - doesn't seem like it can last very long - and frankly it doesn't seem like it really is anyone other than Apple. From a purely logical stand point you do what the people who control your access to your markets tell you."

As we all know, the human nature is of very high degree of complexity, evident in the case of mathmatical complexity, as in the case of cryptography, which attempts to break it down into pieces of logics in hardware, but as all hardware does the complexity is interpreted back into a virtualized software construct. Thus, in practice the high level construct is open to implementation variations which can make a theory become theories.

For the most part, I've noticed that only a very small fraction of our people maintain a high level ideological integrity. Hence, the saying every wo/man has a price. Whether an entity is For Profit does not matter much, although it facilitates the process. And, of course, it became more obvious when some business model is dependent on exploiting your privacy, no matter what the PR department says.

sooth_sayerMarch 24, 2016 10:17 PM

All the heartaches aside .. the case is not what everyone seems to be worked up about ..

1. Apple will loose in the end; they could have done themselves a favor and come up with a protocol that they will unlock phones only on court order -- but they are playing a marketing game.

Human society has existed for thousands of years and never has such hysterical debate about "privacy" been part of any political/social or economic system.

If society needs to find source of crime -- then it will find a way; Apple won't be able to stand in the way to "shield a crime" .. that's why this is a very good test case.


2. Why would anyone in their right mind think that it' a good idea to let an apple employee have the ability to unlock their device based on 3 simple questions stored on your profile somewhere. Didn't anyone read the case on these pages about Paypal resetting account information on a phone request?


If Apple had a system that couldn't be "unlocked" then they would have a case -- now they have none.
And if they tried to sell that device -- no one will pay $800 for it!


Don't forget that IOS at it's core is all stolen software without any accreditation to the source -- and Mr. Jobs (RIP) did just as many shenanigans with stock options dating as any other criminal did ..
so we aren't talking about angels with wings here .. just run of the mill yokels

I trust Apple even less than I trust the federal government; and them I don't trust at all.

No flames -- I love my iphone(4)

Daniel MMarch 24, 2016 10:34 PM

@ sooth_sayer, "Human society has existed for thousands of years and never has such hysterical debate about "privacy" been part of any political/social or economic system."

Then again, we (they) never had cellphones until about 30 years ago, and if they did they didnt have anybody to call. Due to the invention of hardware logics, the society has become more binary thinking and I'm not so sure if that's good or bad.

Marcos El MaloMarch 25, 2016 2:24 AM

@bad

Perhaps "giving him the benefit of the doubt" isn't the best choice of words. Does, "take what he is saying at face value" sound better? In any case, I'm glad he is speaking out in favor of security and strong encryption. Like it or not, he carries weight in the court of public opinion – and he's framing it correctly in my opinion: actual security vs. FBI's small version of security. He doesn't get bogged down into fuzzier questions of privacy.

And I don't think he said anything counter factual.

Regarding the two NSA missions, they were separate directorates within the organization. Very recently they were combined, which is unfortunate (I don't think it's a stretch to suspect that the security side will become totally subordinated to the spy side). Our host here, Bruce, has called for the computer security side to be spun off into an independent agency because of the conflict of interest. Check the sidebar for a featured article called "It's time to break up the NSA".

It's certainly wise to question any statements that come from the government, but it's probably less wise to interpret everything as its opposite.

@James

Hard day at the office, Jimmy? The AG giving you a hard time?

badMarch 25, 2016 3:45 AM

@Marcos El Malo

You have a good point that just because what someone says is likely full of lies, doesn't mean we can automatically assume the exact polar opposite of everything they say is true... for truth can easily be in neither extreme...

But it does mean we must vigorously question... question everything. trust nothing. And if they want to regain trust, they must simply shut up until they can present absolute proof with everything they say, and then present it. And keep going for years and years that way. It takes that long to regain such demolished trust.

But emphasizing that all our metadata is "pocket lint" and insignificant and we shouldn't be worried about it is NOT how to regain trust!!! It's a packet of outright lies! Instead, we must develop systems that hide metadata just as much as the content itself. People need to get it through their thick skulls that "data about data" is... DATA ALREADY! It's really just more content. Who I call and when and from where is just as important as the words I utter. Tracking my every movement all day every day is just as important as the thoughts I think. If it weren't, they wouldn't bother to collect it all!

And besides all that, the NSA is NOT limiting themselves to metadata only, they ABSOLUTELY ARE hoovering up content too... the fact they keep saying they aren't is utter bullshit! More lies. Lies upon lies. You shouldn't regain trust by telling more lies and just hope people will forget they are lies!

Clive RobinsonMarch 25, 2016 4:23 AM

@ sooth_sayer,

Human society has existed for thousands of years and never has such hysterical debate about "privacy" been part of any political/social or economic system.

Have you realy thought about that "never"?

Have a think about the whys of some of the early amendments such as the 4th 5th etc and the way they are worded. They are very much about what we now call privacy.

Oh and have a look at the years following the French reveloution.

And quite a few other notable times in history.

MarkMarch 25, 2016 4:30 AM

Have you read the 'Wassenaar Arrangement' : http://www.wassenaar.org/participating-states/

The U.S.A. is just as culpable for the restrictions on cryptology as is every other country listed on the map.

This has been going on for over 20 years guys.

When will governments pull their bloody head in and live up to their so called free market ideas instead of stomping on us little guys who try to make a bloody living.

https://www.gofundme.com/foocrypt needs funding to live.

It's now officially 7 days till the 4 year anniversary of being diagnosed with localised prostate cancer.

The code I wrote, lying in bed, hoping for an outcome from my Robotic Surgery, is now officially banned by the Australian Government, with imposed penalties of up to 10 years in jail, and up to something around $500,000.00 in fines. Not to mention the court costs, social impact, now imposed on me. A localised prostate cancer survivor who still gets tested for the re-occurance of prostate cancer.

We met and chatted Bruce when you came here for your book promo.

Was it just a marketing angle Bruce ? or where you serious about wanting to help.

Am nearly in the gutter again mate.

And extremely tired of fighting I.T. Multinationals over basic employment rights.

Clive RobinsonMarch 25, 2016 4:50 AM

With regards the NSA don't get confused by trying to compare what they do with the FBI.

The NSA is primarily an "Intelligence gathering" organisation with a side order of "protecting US communications". They are not in the business of gathering "US Court admissible evidence" which the FBI is, with a small side order of "Intelligence gathering" that might be part of an investigation, but not the prosecution as much Intelligence is "hearsay" or "circumstantial evidence" at best.

This is important to understand when considering "Traffic Analysis" , "meta-data" and "Data Content".

The former are "Intelligence" only the latter --plaintext-- is "Evidence".

Thus the NSA will have a very different point of view to the FBI even if the two agencies were not engaged in "Truf War" activities.

Ivan GreenbergMarch 25, 2016 4:54 AM

Maybe I am missing something, but the third party helping the FBI may be the NSA. Doesn't the NSA have the programs Dishfire and Mobile Surge for cell phones?

Rob KentMarch 25, 2016 5:26 AM

Hayden's comment about tech being driven offshore is already happening. There is a lot of distrust around American tech companies, partly as a result of the Patriot Act and the rights it gives the security services over our data, partly because the tech stack is owned by US companies whose technology may have been back-doored by the US.

This is already having a big economic effect on US cloud providers and other digital services. Two examples:

The UK Bar Council recently warned all its members against using US cloud services because of a conflict with the UK Data Protection Act and the US Patriot Act: http://www.barcouncil.org.uk/media/419804/us_access_dpa_guidance.pdf

A software company I know was recently approached by a large Asian corporation to write them a private messaging app (identical to Skype) for company, internal use because they didn't trust any commercial software to be private or secure.

Obviously, the same problems will exist or be worse with other governments, but from a US perspective it is better to have all the data flowing through US systems than in secure silos offshore.

Dirk PraetMarch 25, 2016 8:37 AM

@ James

It's amusing people continue to believe Apple is some kind of "nice guy"

I don't think anyone in his right mind believes that a Apple is a "nice guy". Their primary concern here are the costs, liabilities and lost revenues the moment an avalanche of unlocking and other backdoor requests both foreign and domestic ensues. That said, I'm still more sympathetic to their position on the issue than that of AT&T, Verizon and the like for whom ratting out their customers to governments has been part of their standard business model for as long as anyone can remember.

ThothMarch 25, 2016 9:13 AM

@Attack RAM Memory and/or Copy Out Flash et. al.
There have been talks about dumping Flash chips from Apple (which is assumed to be FDE encrypted) and also to dump RAM memory (which is hosted within the A6 processor). The iPhone 5C chipset is a non-Secure Enclave type (so it doesn't have the SEP security processor). It is thus assumed AES keys to be processed within the A6 chip's internal RAM memory. Due to the proprietary nature of the A6 chip, there would be difficulty "dumping the RAM memory" because you have to find the pins and the protocols first. The next part would then be to understand the RAM memory's format and also if the iPhone 5C has been powered off even once, the AES key wouldn't even be there anymore.

What is needed is the device's UID which would be used to entangle with the PIN code to form the AES key. Since there is no Secure Enclave to store the sensitive data (in iPhone 5C), I wonder how the UID would be secured from things like dumping of Flash memory assuming the UID must be somewhere.

Sancho_PMarch 25, 2016 12:43 PM

@Thoth

[disclaimer: I’m not an iPhone insider, don’t even have one]

Not sure why you are wondering "how the UID would be secured from things like dumping of external Flash memory", the (plaintext) UID wouldn’t be there + no one needs the (plaintext) UID (which is very likely part of the A6 CPU).

- If the device (CPU) is very simple (no Flash):
When you set up (change) your pwd the A6 may take your pwd input, encrypt the UID and write the ciphertext into a certain user Flash page.
To unlock the device the A6 will do the same but just compare instead of write.
When the original Flash content is dumped into an emulator which is connected to the phone it will be relatively easy to see when-what goes wrong (and where the counter for the failed attempts is) [1].
However, the part of entering the brute force pwds isn’t solved by the emulator.

- If the device (CPU) has it’s own small (protected) Flash: The emulator wouldn’t help.


[1]
A dirty trick would be to silently burn a “fuse” inside the CPU to “destroy” the UID at (Flash) counter >10 , but reloading the emulator each time a pwd is tried would prevent even that.

CuriousMarch 25, 2016 3:17 PM

Assuming there is a way to hack into an iPhone by de-soldering chips and whatnot, I guess FBI might do what it can to deny that such would be possible. If FBI were to signal that tampering with the iPhone this way, I am no expert, but I would think that could mean that no iPhone is really safe from intrusion.

Sancho_PMarch 25, 2016 4:34 PM

@Curious

Why should they (FBI or Apple) deny this possibility?
The whole world knows that phones are not designed as high security devices against state actors (call it a lot of money). Of course (i)phones are not ”really safe from intrusion”, however you’d define that.

The interesting point here is that any "known" vulnerability (here access method) will inevitably lead to design improvements.

Clive RobinsonMarch 25, 2016 4:40 PM

@ Curious,

I am no expert, but I would think that could mean that no iPhone is really safe from intrusion.

At the end of the day the strength of all computer security based on crypto rests entirely on the security of the key material (KeyMat) and it's "entropy"[1].

Whilst getting sufficient entropy for generating the KeyMat is not particularly difficult --just time consuming-- with a couple of dice and an easily drawn up lookup table, keeping the resultant key secure realy is not.

Over many years of research by many people and groups, the obvious conclusion is on mass humans can not remember much in the way of "unguessability". In fact it appears more than four tenths of the population can not remember a four digit number for more than a few seconds but can fairly easily remember a four word sentance...

Which means that keeping a ~77digit random number "in their head" is well beyond a very significant percentage of the population. But as well as being a very taxing feat of memory, it would take a very significant period of time --over a minute for most-- to type into a numeric key pad. Oh and forget tapping it in by reading it from a bit of paper, without visual feed back nearly everyone would fail repeatedly after as little as twenty digits, it's why we break phone numbers down into three and four digit groups.

The consequence of these all to human failings, is either a comparativly short low entropy (7-9digits max) PIN which can be "brut forced" or some "aide memoire" which is nolonger "unguessable" by an attacker but "discoverable" in some way (unless you've had time to burn the only piece of paper it's written on).

The way to limit a brut force attack is make each guess a significant computational load, that takes around a second. Which is only of limited benift with the relativly low CPU power of a phone compared to some parallel computing solutions. Thus to make it effective you need to make it "bound to the CPU" in some way. There are some chip physical structures such as PUFs that "might" do this reliably but probably not if the device has been decaped and dropped in a SEM or other high end kit.

No matter how you slice or dice it if the attacker has the device and is not limited by resources, evidentiary rules or ethics then with "practical devices" the game is over before it starts.

As has been observed the old "Two can keep a secret if the other is dead" needs updating to "One may keep a secret only with a lot of luck, even if dead"...

However as another saying goes "I believe in luck, that’s why I make my own"... You can make devices that can not be brutforced in human time scales nor subject to "rubber hose cryptanalysis" on the individual holding them, but few would consider them "practical devices". @Nick P myself and others have discussed what needs to be done... but there are caveats based on rather fluid Geo-Political issues.

[1] loosely the meaning of entropy here is "unguessability" by an attacker.

WhiskerInMenloMarch 25, 2016 8:35 PM

The application of a hardware emulator to archive the flash memory
and to allow banging on the device seems to be a required step.

https://en.wikipedia.org/wiki/Flash_memory_emulator

There are two necessary steps. *) Preservation of content & *)decrypting the content.
So step one is to extract and preserve the content without damaging the phone
and the secrets unique to the phone.
Step two is to replace the flash device with an emulator and have at
the 10000 possible keys.

An emulator built on dual ported RAM could reload vastly quicker than flash.
So try a couple key codes and if no access refresh the view the emulator gives.
Rinse lather repeat.

Any off shore service (Israel) allows the FBI and other TLAs to skirt a number of
disclosure laws. Little different than the contract swat team in Massachusetts
where sunlight laws are thwarted because it is a contract not an agency of
the government. i.e. a foreign service could deliver content obtained via
CIA and NSA channels without disclosure of methods that the court might
demand. Computer hacking laws in the US push a lot of research offshore.

Some of the methods and secrets of the CIA and NSA are difficult to invoke
in court because -- well -- they are secret. An offshore service is beyond the
reach of this court and an FBI technician can witness trade secrets and attest that
the data is from the device. Golly the trade secret could be a bug known to
Apple and leaked from Apple to this service. Shortly after the phone is "cracked",
the court informed and data discovered Apple might plug the bug in a normal bug cycle.

The known to Apple bug and off shore service would make sense given the astoundingly
low price disclosed.

There are a couple chain of custody blunders that should be sufficient to vacate the order.
The most egregious is the process of changing the iCloud password. A second is the
failure to control both the device, on line access and cloud. The FBI failed to grock the
reality and consequences that a phone is linked to services near and far to operate.
Given that all US phones need to be able to call 911 the device number and identity can
be obtained by calling 911 or listening for the device in an RF safe chamber.
The owner and Apple should have been notified to "lock" the device in an as found state.

Some close to this believe that this phone contains little to nothing of interest.
If this phone has its content lost -- that would be an argument to have Apple unlock
the next phone. Could have arguments are not quality reasons...

The FBI has a lot to loose. The All Writs Act is the justice department's Swiss army
knife law to compel a lot of actions of citizens. The DOJ would be foolish to see it diminished.
A real problem with the US legal system is an agency that misapplies a law can
withdraw its request and keep the court from ruling and striking down or applying
limits to a bad law. There is a point where it should be stuck in the court and one side
should not have the luxury of saying "nevermind".


All Who Were There Learned a New Kind of FearMarch 25, 2016 10:11 PM


This case was never about the particular phone, it was about the precedent and the general issue of security vs. surveillance.

Indeed.

EDITED TO ADD: Watch former NSA Director Michael Hayden defend Apple and iPhone security. I've never seen him so impassioned before.

Key phrasing: 'if one looks ahead a few moves on the board... this would end up offshoring all encryption'.

Indeed.


I am sure mr Richard Clarke made similar statements, statements I have been making. Granted, I am not a public pundit, so I whisper my statements via this sort of forum.

The end game there is simple.

The DoJ is sending a message that terrorists and other major criminals should never, ever trust American hardware or software.

They are teaching them not to do this.

It is true, however, the US owns third party encryption solutions and burner phones. That is the foremost target.

But, again. This is a whisper.

Skeptical wrote:

This is part of the unintended, and long-term, consequence of refusing to provide certain assistance to the US Government

If you notice, Skeptical writes much like "net sec"/'Scottish Andrew' did and does.

This kind of buffonry, pro-"Government" stance that makes anyone want to wince.


He could be trying to bait me there. But, he always writes that way. And, anyway, nothing to bait. Little fish can not eat big fish. It is always the other way around.

Yes, the legal papers might say, "The US Government Versus". But, the DOJ is but one very small branch of the US Government. They certainly do not have the final say.

I understand how some are disheartened because this case was killed.

But, I never had the slightest doubt it would be killed.

If anyone here knows any secret information about how the FBI finds security vulnerabilities, I will point out, really? Which firm was their main firm for farming vulnerabilities?

A hint. It was a major firm. And it had the word "labs" in the name.

And I can say that to always post another day.

While certainly Skeptical could be a DoJ lawyer or some sort of US undercover, it is also true, he could be Russian or Chinese. Something only true counterintelligence fuckers would ever say, so crazy would it sound to laypeople.

@James

Apple is not committed, again it's all theater.

'All the world's a stage...' And?

'Much ado about nothing'... Shakespear just translated Solomon (and some other ancient works), into english of his times. Likewise, modern "existentialist" philosophers.

You think your life is not all just a show and much ado about nothing?

I pity you.

This recent development is the FBI's way of saying "We can't get it done now, too much publicity, so we will pursue this at a later date"

That was a factor of the DoJ's thinking. Not "FBI". FBI are just investigators for the DoJ. The DoJ handle the court politics. Most likely, one of their farms finally said, "Hey, we can do this". And they considered that, and these other factors, to hold back.

So what.

It's amusing people continue to believe Apple is some kind of "nice guy", they use slave labor, the don't pay taxes, IMO they purposely cripple their software (goto fail anyone?)and finally they make nothing anyone needs, just pretty toys that's all they do.

They make software a lot of people use.

They do use slave labor. Everyone who uses lithium batteries uses slave labor. All of modern society, "fail".

And?

Maybe move out of SF "outrage central" into the real world.

@sooth_sayer

All the heartaches aside .. the case is not what everyone seems to be worked up about ..

And you, like "James" and "Skeptical" 'know the real truth', huh?

Have you, ever, in your life, found a major security vulnerability? Do you have any substantial experience with handset security at a level of finding critical vulnerabilities? Have you ever worked with DoJ at any manner of meaningful level? Have you ever worked at a major vendor's security bug disclosure department?

Or, what, exactly, is your resume, or any of your's resume?

And what field do you work in? Have you ever worked in a field to any sort of global, rareified top level?

Or are you just another talker? An armchair pundit?

With zero experience?

What are you, some factory lackey? Why do you jump onto forums posing as some kind of expert?

I can kind of sort of get why people say Skeptical is a lapdog US Gov pundit, actually paid to post on forums his propaganda. He could easily be classified or pass as a junior DoJ lawyer. Maybe some grass level contractor paid to clean stuff up pays the guy. But, I have yet to see any manner of critic here who actually has the cards to pull.

As for the desire to simply post something that might get people here worked up? Eh. I like kicking puppies in a barrel and watching them squeal. Few others will bother.

Human society has existed for thousands of years and never has such hysterical debate about "privacy" been part of any political/social or economic system.

Small mind.

Privacy of yesteryear was stripping people naked and nailing them to the cross.

If you ever got to be VIP, I would be able to view your junk and use it to extort you. If you were ever necessary to do something we wanted you to do. Which I highly doubt is a situation you will ever find your self in. And, even then, much cheaper to just threaten you personally.

But, yeah, your privacy is a commodity, if you have any importance, now, or later in your life.

Yesteryear, not so many were "VIPs". These days, a lot of VIPs.

How do you get them to tow the line?

With democracies, telling them you know their secrets is the simplest way.

In cave man days, you just dominate them more directly.

Are you the dominator or one who is dominated? Easy. You are one who is dominated trying to kiss ass to the dominators.

If society needs to find source of crime -- then it will find a way; Apple won't be able to stand in the way to "shield a crime" .. that's why this is a very good test case.

Apple is not "shielding a crime".

Kiss ass more? Nobody likes a kiss ass.

Also, belong to the club before trying to kiss their ass and gain entry.

I trust Apple even less than I trust the federal government; and them I don't trust at all.

You don't have the slightest idea of what you are talking about.

So, you have some serious secrets. And posting here such statements helps you hide from such secrets. Because you are so smart.

Wrong. It confirms and broadcasts that you are an important target.

What did you do?

What is the movie saying?

I know what you did last summer.

@Clive Robinson

With regards the NSA don't get confused by trying to compare what they do with the FBI.


The FBI does everything and is spread very, very thin. This Israeli firm may have been the missing puzzle piece. But, the US works closely with Israel. They are like the "other fiveeyes". We obviously do very secret operations with them our best buddies "five eyes" does not know about. Dubai hit. Stuxnet.

DoJ, these guys are political. They have ambitions. They are frat boys. They pride themselves in being able to outsmart the populace and lord it over a deplorably broken judicial system. But... they are not in control.

The wolves in the Shadow Government ruled Robert Kennedy just as they manipulated J Edgar Hoover to do his evil deeds.

People are naive about 'how things work'.

It is blood based, generational, and run by old folks.

parting noted:

Anything stated concretely might just be stated so, because that is what the reader was inclined to believe.

This case may have closed down, because it wanted to be said, 'apple systems are insecure and the us g does not have backdoors, they are three blind mice'.

Ok.

The case might come back up again. Okay. But, third party encryption systems (especially those as far from govs as possible, seemingly) & burner phones....

I do not say such coverage is there for everyone.

But, to whisper it, to a few.

It is plausble/implausible factor.

Plausible, signal. Implausible, noise.

Some know the way to modulate such traffic, most do not.

...


Gamm el-SurMarch 27, 2016 8:20 AM

I'll go for the easiest explanation. FBI and Apple settled it out of view. Apples gets to keep their badge of privacy heroes, and most likely the promise of some extra federal business. FBI got its way without further complications with courts, plus a juicy secret up their sleeve to guarantee Apple's collaboration in the future. This 'third party' story (sounds very much like 'a little bird') is a cheap diversion to cover the actual source of information, and all related speculation is just playing their hand.

Gamm el-SurMarch 27, 2016 9:06 AM

Adding to my previous post, there are even more wins in a secret deal and the 'third party' smoke story, for both Apple and the FBI:
* Apple doesn't risk spending time and resources for future similar US government requests, because officially it never happened and that it did is secret enough that whatever capability is being or will be provided to the FBI will be usable directly by them without risky involvement of Apple employees.
* FBI comes out as the smart and resourceful, having found a technical solution without help from e.g. their NSA 'friends'
* Apple & FBI: if foreign governments believe the 'third party' story, they will not harass Apple with similar requests and (wishful thinking) never find out on their own where the backdoor is
* Apple & FBI: 'third party' will need to be paid for their service and they may not wish to be named (especially if 'they' is Apple), so now it's even easier then usual to send a thank you gift (or anything equally effective) to whomever actually closed the deal.

Of course mine are far flung speculations, but 'Entities should not be multiplied unnecessarily'

CuriousMarch 27, 2016 12:53 PM

@Gamm el-Sur

I remember the chairman in the house hearing was pushy and effectively solicited for Apple's cooperation as if it was a matter of principle. I wonder what, if anything, happened later after the hearing in that regard.

Marcos El MaloMarch 28, 2016 12:56 AM

Armchair pundit with no experience here, and I like it that way.

It's "toe the line". Not tow. I hope that was just an autocorrect bungle, and not an indication of something else.

book readerMarch 28, 2016 2:53 AM

@Marcos

Modern people who were raised on text messages instead of books have no hope of learning to spell...

Clive RobinsonMarch 28, 2016 3:02 AM

Coincidence or not?

I've just been over to Marcy Wheeler's Empty Wheel site via the links Bruce gives at the top of this page.

To find very odd behaviour...

On the home page Marcy has written,

As a few of you have noticed, the site has been misbehaving since Friday afternoon. We are working on the problem, but for now have battened down the hatches to try to isolate the problem.

What a strange coincidence, Bruce adds links and almost at the same time the site "goes pear shapped"...

Clive RobinsonMarch 28, 2016 4:26 AM

@ Bruce,

When "EmptyWheel" is back to normal, you might want to have a look at her comments on current terrorism and "Nuclear Families".

Her point about the fact that such tight groups require no electronic technology to do their planning, and that as a family they would not be suspicious when together is a valid one. As is her point about physical bugs (which would cause a significant investment of resources at a time when austerity is the political watch word, and significant risk in such 'closed communities').

The Nuclear Family issue also harks back to my comments about the non development of a moral compas by such young men brought up in a strongly patriarchal society (an issue identified prior to 9/11 in the UK but not acted on for Political Correctness reasons for the better part of a decade). It is fairly well known and has been researched in several ways that a personal moral compas is a significant inhibitor of behaviour that has a detrimental effect on society and others. Further it has been shown that a lack of moral compas and strong family/tribe ties gives rise to "crime families" and other sects / enclaves that are extreamly difficult to infiltrate / turn members and thus investigate and prosecute against.

So it is a quite valid argument, that should be considered without the inhibitor of Political Correctness etc being used against it.

However Marcy's point that Jim Comey is in effect ignoring the Nuclear Family issue for ulterior reasons (his crypto windmills) whilst true, may cause readers to depreciate the validility of the Nuclear Family issue argument.

Dirk PraetMarch 28, 2016 5:05 PM

@ Clive

The Nuclear Family issue also harks back to my comments about the non development of a moral compass by such young men brought up in a strongly patriarchal society (an issue identified prior to 9/11 in the UK but not acted on for Political Correctness reasons for the better part of a decade).

In a Belgian context, the alienation of specific groups of young Muslim men is also negatively impacted by a failing education system. Belgium is a very small country split not only along the well-known linguistic divide, but also over a confessional line in the education system.

Since 1958, we have two separate education nets, i.e. the old Catholic school system and the newer, more liberal and non-confessional state and community schools. Traditionally, the bar in the Catholic net is much higher, training people for college, university and later on well-paid white collar jobs. The non-confessional system used to be more focused on teaching trade craft and preparing for blue collar jobs.

For obvious reasons, most immigrant families with a Muslim background preferred the non-confessional system, but even those who didn't all too often saw their youngsters flushed out over failing to meet the high standards and steep end terms required to obtain a high school diploma. Although significantly lower in the non-confessional system, many youngsters with an immigrant background are failing there too, especially in families with poorly educated, poorly integrated and linguistically challenged parents. We are after all a knowledge based economy, and which is reflected in both systems that for too long targeted natives only, incorrectly assuming that everyone else would eventually blend in automatically.

The net result is that Belgium's got one of the worst records in Europe for ethnic minority school drop-outs and employment. And even those who are employed are generally working low-paid blue collar jobs. It's way too simple to blame this on racism and discrimination only.

The simple fact of the matter here is that over the last decades, Belgian politics have remained so blindly focused on the traditional divides that they have very much ignored the huge challenge of integrating immigrant communities into mainstream society and for which an adequate education system designed to cope with the specific needs of their children is indispensable. Proper education and training are key to find work. A good, stable job the best way out of poverty and a life without any meaningful perspectives.

A while ago, the Swedish government started implementing a number of radical education system reforms after a study had shown that the average grades and levels in schools across the country were in free fall. According to the study, one of the main causes was immigrant children not only failing education programs, but also holding up native Swedish children. Solutions put in place among others were additional class hours as well as separate classes for linguistically or otherwise challenged immigrant pupils until they qualify for joining their native friends. Until a couple of years ago, such measures would have been impossible for reasons of political correctness.

The problem of a failing school system is unfortunately exacerbated in strongly patriarchal communities with dominant, macho fathers that are little involved in the education of their children, and mothers - often imported from the home land - that lack not only the authority but also the practical and intellectual means to provide guidance to their sons in their school careers and extracurricular activities. A lack of community specific social control mechanisms and leadership further contributes to the problem.

In such communities, a different attitude towards and a more prominent role for women in my opinion would be absolutely essential to bridge the gap between school, family and mainstream society, but which to date remains a major issue because of lingering cultural and religious backgrounds.

I am aware of the current debate in the UK whether or not all immigrants, including house wives and senior citizens, should have to learn English. There's a similar discussion going on in Germany and I can't for the life of me understand why anyone can possibly say they shouldn't. While it is true that the EU has failed in many ways to properly assimilate immigrants and their offspring, the same can be said about specific immigrant groups whose integration - as observed all over Europe and over several decades - has proven disproportionately problematic as compared to other groups, even ones with similar religious backgrounds.

The resulting parallel societies are ticking time bombs and one way or another will have to be dealt with. And it will require significant efforts not just from authorities and indigenous population, but - until recently undebatable - from immigrant communities as well. As to Saudi sponsored hate preachers, Salafist Da'esh recruiters, Syria returnees and other known jihadists, these people do no longer belong on our streets after the recent Paris and Brussels attacks. They belong in jail or institutions for the criminally insane.

EGOTISTICALGIRAFFEMarch 28, 2016 7:57 PM

I don't know what to make of Hayden. At times he seems like the enemy of privacy but then at times he comes around and makes some excellent arguments for our side.

WhiskersInMenloMarch 28, 2016 8:03 PM

Per: https://cryptome.org/2016/03/usg-apple-209.pdf
"The government has now successfully accessed the data stored on Farook’s
iPhone and therefore no longer requires the assistance from Apple Inc. mandated by
Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16,
2016. "

I do hope that Apple demands disclosure of the how!
For law enforcement to notice a door that is unlocked and
not inform the homeowner would be a troubling nit in
the law.

T!MMarch 29, 2016 2:22 AM

If Apple wants to live out more securtiy and doesn't want to be overruled by court, they just have to completely move off America to e.g. Germany.

_JimMarch 29, 2016 8:44 AM

... somebody from test engineering must have supplied the JTAG tools and needed 'JTAG command strings' (insert proper technical name here) to read the flash/NVRAM where the file structure and other data exists directly ...

I see that mentioned previously, no - wait ...


Green SquirrelMarch 29, 2016 9:20 AM

@ all those who say words to the effect of:

"Human society has existed for thousands of years and never has such hysterical debate about "privacy" been part of any political/social or economic system."

Actually it has (Clive comments as an example) but it also has never been at such risk before.

The reality is for almost the whole time human society has existed, privacy hasn't mattered because societies have been isolated. In the last couple of thousand of years this has started to change and so have our behaviours and expectation. However even in the earliest days, humans have looked for a "private" space in which to live their lives.

As a Roman citizen living in Spain there was almost zero risk that a Roman senator living in Rome would be able to remotely monitor your movements, your conversations and your associations. The only way this was possible was via the wonderful human element of having you tailed (or tortured, but we seem to be recreating this quite well now).

The evolution of human societies into larger and larger groupings has carried with it an evolution of privacy controls (curtains, bedrooms, lavatories etc). The growth continued but still most people lived in fairly small communities with almost no way of invading the privacy of anyone outside their immediate area and harsh social repercussions if the were to do so.

As new nations were forged from the revolutionary fires of the 18th century, the freedom of being an "Individual" (which implies privacy) became enshrined in laws. This is around the time of industrial revolution where cities were getting larger by the day, forcing people into larger and larger communities. It could well be argued that this increase in population density placed enough pressure on personal privacy that revolution and legislation were the only alternatives.

Moving into the modern era - we are now in a world where a person in China can invade the privacy of someone in Portugal without either of them ever leaving their own home. Governments have access to levels of information which Thomas of Torquemada could only have dreamed about. It should go without saying that the arrow of history has shown that we absolutely must work to enforce strong privacy in law and practice.

It should also be noted that throughout history the rich and powerful have always had access to privacy. The slaves, serfs and labourers are the ones who have had to endure the least privacy.... why does this persist to the modern era?

ianfMarch 29, 2016 9:34 AM


@ EGOTISTICALGIRAFFEdoesn't know what to make of Hayden. At times he seems like the enemy of privacy but then at times he comes around and makes some excellent arguments for our side.”

I don't know who you are, but, as you post here, and whoever you might be, I can assure you that General Hayden is not one of us. In fact, he's like the Cerberus of the Haves, Always Ready To Bite The Have-Nots. Retired now, he once was the motor behind the unbridled (and illegal no matter what NSA-tame lawyers claim), ONGOING unrestricted collection of USA telephone & (global) data traffic, which was one of the triggers that pushed Ed Snowden into action. So in a sense Hayden begat Snowden, and now has to carry the shame for (as Yanks usually assign the blame) “letting it happen on HIS watch.”

Photo, c:a 2005 of Snowden & Hayden in happier, gala-dinner times.

Verbatim quote of recent Gen. Hayden's wishes for Edward Snowden to "die of old age in Moscow." Still harbour doubts as to that H. character?


@ WhiskersInMenlo hopes that Apple demands disclosure of the how!

    Misplaced hope. FBI has nothing to gain by showing the obstinate manufacturer how it defeated its safeguards, and, besides, what proof do you have, WHAT PROOF WILL ANY OF US EVER HAVE, that the FBI did manage that, rather than just lied itself out of a looming PR-disaster corner? [SEMANTIC ALERT: can a corner ever be looming? Hmmm…]

    Answer: none. Just as we'll never learn what ZUPER#DUPER TERROR%ZECRETS were OR WERE NOT extracted from that formerly so impenetrable iBone that it required assistance from Japanese-Israeli quarters).
This still applies: https://www.schneier.com/blog/archives/2016/03/friday_squid_bl_518.html#c6720033

John LangmanMarch 29, 2016 4:49 PM

It is a common capability (on which I have commented on in the past) to use focused ion beam analysis tools to read circuit and ROM contents and then plug the results into emulators to run/modify software. Stop guessing at hardware analysis capability that already commercially exists. Security agencies know all about this stuff and USA security has these facilities in house. QED the FBI has another agenda, and it's not about getting at the phone contents.

Clive RobinsonMarch 29, 2016 5:18 PM

@ John Langman,

QED the FBI has another agenda, and it's not about getting at the phone contents.

True enough, and the DOJ/FBI were godam awful at hiding it as well, hence others have pointed out that they were lying in their court submissions.

Not that you will get the sceptical types to ever admit it, even if you stood on their air pipe till they went blue ;-)

Nick PMarch 29, 2016 5:41 PM

@ John Langman

It's true that there's numerous companies, esp ChipWorks, that can tear down about any circuit. It's also known here that several individuals and groups have come up with many ways to bypass confidentiality and integrity protections in hardware. That's a cat and mouse game for attackers and defenders. What wasn't known is if there was a bypass in whatever Apple was using that could be applied to that phone in whatever configuration/status the idiots got it into.

There were a number of attack ideas published. I had confidence that expert hardware attackers could bypass it. Yet, there shouldn't have been any certainty on FBI or general IT side given Apple allegedly licensed, built, and/or used tamper-detecting circuitry. So, we can't use that against them unless we have a NSA slide leaks showing that model w/ hardware implant.

What we can use is all the times we caught them bullshitting, esp about the precedent. I wouldn't have given them an attack even if I had it just to score a win against them on All Writs Act. Too bad someone helped them as that case could've been nice for pro-privacy side.

WhiskersInMenloMarch 29, 2016 8:11 PM

@EGOTISTICALGIRAFFE

You are correct. Apple need get no specific answer from the court.

Disclosed or not, a side effect of their court document filing is in the future
other courts cannot single out Apple for data dumps on this specific make
and model phone. Alternative remedies are now known to exist and
apparently a price has been published.

Even if the FBI has the method classified other courts can still
find that Apple is not the only game in town and one step further
there is a service out there that the FBI knows and can visit
yet again. Since the FBI has kiosked digital evidence gathering
they are in the business they can deliver this service without disclosing
the method.

Secret would be ideal for Apple. Any flaw Apple discovers on its own
and fixes without knowledge of the secret would be cool.
If secret and found in the hands of foreign nationals the small group of
secret holders in the FBI would come under serious meta data and
more investigations.

My guess is the flash memory was desoldered and replaced with
an emulator https://en.wikipedia.org/wiki/Flash_memory_emulator
this would allow a number of attacks JTAG and boundary scan tools may have
also been involved. Offshore manufacturers and refurbishing services would
likely have test vectors for hardware test scans. Scan might be a backup
to ensure that the desoldered components did not have data corrupted
in the process.

From a privacy point of view I have little problem with physical device
attacks. Lock boxes and safes in homes will be opened with an angle grinder
if the owner is unwilling or unable to assist.

Peter RothschildMarch 30, 2016 7:06 AM

Did the FBI really crack the phone?

Maybe they decided that this wasn't such a good test case after all. It is clear that there is very little chance of anything valuable on the phone, so maybe they decided to wait for a better test case. Since it seems like they FBI won't have to disclose the vulnerability, they also wouldn't have to disclose the non-vulnerability. Meanwhile, the FUD on whether Apple devices are safe might achieve some of their goals. Of course, it could have unintended consequences also.

encephalitic ostrichMarch 30, 2016 9:40 AM

In all i've read on this -- and that is a LOT -- except for Peter Rothschild above, I haven't seen anyone be skeptical of whether the FBI actually, truly did get into the phone. I think the FBI is lying and that they have not gotten into the phone. I think they are pretending to have gotten into the phone in order to back out of the case which they now predict they would lose, which would set the opposite precedent to what they were after in the first place. They will come back later with another suit after another terrible event, perhaps something like a kidnapping or something where information could actually save a life. Plus, this is a way to exit the case while punching Apple in the face -- suggesting to the public that there is a hole in the iPhone security. Also, next time I expect them to go after some other company with less money for attorneys and run by someone with less balls than Tim Cook.

Clive RobinsonMarch 30, 2016 10:56 AM

@encephalitic ostrich said,

In all i've read on this -- and that is a LOT -- except for Peter Rothschild above, I haven't seen anyone be skeptical of whether the FBI actually, truly did get into the phone.

Did you read "Re: FBI vacating" at, https://www.schneier.com/blog/archives/2016/03/friday_squid_bl_519.html#c6720356 the third paragraph upset someone further down that thread because it says,

    The thing is we are not going to be told by the FBI anything other than what was in the court filling. The court are not going to test the varacity of what the FBI have said, so I would assume that it is a pack of lies, unless it can be independently verified...

Can I recomend reading that squid thread from that link onwards, others have stated similar opinions to the one you felt was missing.

WaelApril 13, 2016 2:44 AM

@keiner,

Sorry for OT:

https://www.washingtonpost.com/world/national-security/fbi-paid-professional-hackers-one-time-fee-to-crack-san-bernardino-iphone/2016/04/12/5397814a-00de-11e6-9d36-33d198ea26c5_story.html

Parallel construction thing?

Easy to fix. It's on topic now...

We know someone helped. Does it matter who? It doesn't come across as parallel construction since it accomplishes the opposite of what parallel construction aims to do. Perhaps you can call it perpendicular construction, or parallel de-construction, or parallel destruction.

Patrick ONeilApril 16, 2016 6:39 AM

As bad as it would be if the FBI managed to force backdoors into the iPhone or other phones or computers, I would expect the privacy minded to switch to 3rd party encryption apps, and developers to stay making more 3rd party apps to cover the holes. The govt wouldn't be able to force backdoors into PGP, gnugp, LUXS, Signal, etc, and by making builtin security weak (to nonexistent) they would simply be creating a boom for 3rd party developers. The Feds would then have to try and force keyloggers to be built in to try and get to passwords or passphrases that are beyond the control of Apple (or Google) or they would have to compromise specific phones by getting a keylogger installed on a one by one basis.

Clive RobinsonApril 16, 2016 9:08 AM

@ Patrick ONeil,

I would expect the privacy minded to switch to 3rd party encryption apps, and developers to stay making more 3rd party apps to cover the holes

It will not work if the app is on the communications end point.

All a court would do is order a "shim" to be developed that gors between the App and the User Interface, thus "doing an end run" around any encryption.

As I've been saying for nearly two decades, you need to extend the encryption end point through the user past the end of the communications end point.

It is exactly the same issue as athenticating online financial transactions, you have to secure the transaction not the communications channel, and the authentication needs to be done via an out of band side channel which can not be reached by a third party that has any conection to the comms channel or comms end points.

Anything less than that will fail.

Arch HughesApril 16, 2016 11:26 AM

Maybe there is no third party. Maybe there is no break. Maybe the FBI looked at the legal landscape and saw significant chance of losing and decided to fold instead of admitting they couldnt do it. Maybe they are just pretending to try to scare people into turning over their access keys in the future.

Has the FBI done anything with the data they got out of Farook's iPhone?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.