Apple Says 'No'
-
This section seems a bit strange:-
Quote:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone's physical possession.
If the file exists on the phone and was encrypted using an existing version of the data, how would installing a new version of the iOS allow easier unencryption? Also - wouldn't doing that utterly corrupt the chain of evidence meaning anything discovered could not possibly be used in a civilian court of law?
Duncan Edwards Jones wrote:
If the file exists on the phone and was encrypted using an existing version of the data, how would installing a new version of the iOS allow easier unencryption?
Unless the user specifies the full encryption key every time the encrypted information is accessed, the software does know the key. It is stored somewhere in the file system. Move that flash (/disk, for general PCs) over to another machine, as a secondary storage device, and the key can be read by that other machine. Sure, the key is usually encrypted; you won't find it in cleartext. But the OS/Application knows how to decrypt it. It must know, in order to decrypt the info for the proper user. But in a standard version, the OS/App refuses to do it until the operater has authenticated himself. The special OS edition on the other machine may be willing to decrypt the key without the the owner authenticating himself, e.g. presenting a password or fingerprint. Couldn't that info, given by the user, be (part of) what encrypts the key, so that an intruder would have to know that? But the OS knows that, too. It must know the PW (or some transformation of it) in order to check that the user gives the right one. So the alternate OS version may pretend that it has just read from the user a PW corresponding to the expected one, even if no user ever specified anything. Whether you install the alternate OS version on the same device or you move the storage device (flash/disk) to another machine makes no essential difference, as long as there exists a possiblity for loading a new OS version without logging in to the machine. In the old days, that wasn't always the case, but with modern automatic over-the-air updates and fixes, it it probably possible to replace all essential parts of the OS that way. The only safe encryption is where you are the one generating the key, the only one knowing it, and you never present it to the OS or to any application. For standard PC use, I would like to have a USB dongle where I can load, say, my X.509 certificates into a flash area that is not adressable across the USB interface; only the processor in the dongle can see it. So the PC sends the ciphertext across the USB interface, the dongle decrypts it, and returns hte cleartext to the PC across the USB interface. (Or it receives cleartext and returns ciphertext.) In many applications (such as S-MIME), the ciphertext will not be the full document
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
"The Gov isn't asking hem to unlock EVERYONE's phone" No, that's exactly what the government is demanding. They want a tool that will unlock any iPhone. And that is a dangerous precedent. If history has taught us anything, it is that no government should be trusted, at any time, to do the right thing, when the wrong thing is an option. It also represents a significant reduction in security, whose primary purpose is preventing hackers/crackers from gaining access to your data. If a backdoor is created, attackers will find it, and they will exploit it.
What can this strange device be? When I touch it, it gives forth a sound It's got wires that vibrate and give music What can this thing be that I found?
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
I do not understand what it means "No". The article says the authorities have the device. So if the device could be unlocked (it doesn't matter if it is, it matters that it could), then everyone could unlock the iPhone (okay, without a source code it takes a little bit longer, but not so much). If the device is strongly encrypted (as it should be), no backdoor may unlock it, instead a strong encryption would take several million years to brute force for a super computer. Finally if the device is not really encrypted, or private key could be reached by the hardware or it is obfuscated, then device is already unlocked, just use the right tools (obfuscation is not a security, but prevents power users to poke around the device). So what it means "We could, but we said "No"!"? Are the iPhone's are really secure or they're just secure, because normal users does not have proper hardware/source code (first is easy to create, second could be reverse-engineered). A really secure device should be impossible to be unlocked by its manufacturer, unless wiped out.
-
I don't know. It's hard to decide what the right balance is. While I believe that each of us has a right to our privacy, the good of the many outweighs the good of the one.
If it's not broken, fix it until it is
> the good of the many outweighs the good of the one well the world does not work this way (or neither of us would sit in front of a computer and talk about this) - *remember*: we (as in *the west*) are not *the many* when you see it globally And the context here really matters: it's not for the good of anyone if Apple give in - the *bad* will just go and use some other - more secure - means of communication, while we all would lose even more of our privacy. > “If privacy is outlawed, only outlaws will have privacy.” (Philip Zimmermann)
-
I do not understand what it means "No". The article says the authorities have the device. So if the device could be unlocked (it doesn't matter if it is, it matters that it could), then everyone could unlock the iPhone (okay, without a source code it takes a little bit longer, but not so much). If the device is strongly encrypted (as it should be), no backdoor may unlock it, instead a strong encryption would take several million years to brute force for a super computer. Finally if the device is not really encrypted, or private key could be reached by the hardware or it is obfuscated, then device is already unlocked, just use the right tools (obfuscation is not a security, but prevents power users to poke around the device). So what it means "We could, but we said "No"!"? Are the iPhone's are really secure or they're just secure, because normal users does not have proper hardware/source code (first is easy to create, second could be reverse-engineered). A really secure device should be impossible to be unlocked by its manufacturer, unless wiped out.
From my understanding of what is being requested is to have a version of iOS that will not wipe the device if the incorrect password is typed more than 10 times. If the Feds can have a version of iOS that will allow an unlimited number of password attempts, then they can eventually type the correct password and access the phone. I suspect the source code to allow an unlimited number of sign-in attempts before wiping the phone is a pretty easy code change.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
Once someone is convicted of a crime, have they not given up their right to privacy? Like a felon has given up the right to vote? I'm not for spying on innocent citizens, but what about citizens that have been proven to NOT be innocent? Liberty comes with a price, and so does wickedness.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
I think it extremely interesting that the government is forced to go to the manufacturer to get the data. The entire situation itself indicates that the government (which obviously includes the NSA) isn't all powerful when it comes to invasion of personal privacy. I have to admit, my first reaction was, "why can't they just give the damn phone to Apple and have a government (FBI) representative (for chain of evidence reasons) present when the data is produced." That way the code-breaking capability doesn't leave Apple's "clean room" and reduces by many factors the vulnerability of such a program escaping into the wild. However, if Apple did such a thing, the government would be knocking on their door to do it again in less time than it takes to say iPhone. Ah those pesky precedents. I'll be stepping out shortly to get more popcorn for the rest of the show. Talk amongst yourselves.
Cheers, Mike Fidler "I intend to live forever - so far, so good." Steven Wright "I almost had a psychic girlfriend but she left me before we met." Also Steven Wright "I'm addicted to placebos. I could quit, but it wouldn't matter." Steven Wright yet again.
-
From my understanding of what is being requested is to have a version of iOS that will not wipe the device if the incorrect password is typed more than 10 times. If the Feds can have a version of iOS that will allow an unlimited number of password attempts, then they can eventually type the correct password and access the phone. I suspect the source code to allow an unlimited number of sign-in attempts before wiping the phone is a pretty easy code change.
So what, if someone steal your device, he/she cannot unlock it unless connects directly to processor bus (yes, there are devices that could do that). Normally such hardware price is high in the skies for normal users (which stealing person usually is). I don't think government cannot afford such a hardware, so besides legal problems why do they need Apple. Yes, modifying source code is easier, cheaper and faster, but modifying machine code is not that difficult.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
While I absolutely oppose inserting a backdoor into any security, this case is a bit different in that the owner of the phone also wants the security hacked. I have no problem with that, as a one-off hack. Most of us use company resources for personal (email for instance), but I don't pretend that anything that touches a company server is private. It's spelled out in company policy. the same applies to a company phone. All those records and content belong to the company. If an employee is stupid enough to give private information to the company, it's on them.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
While I absolutely oppose inserting a backdoor into any security, this case is a bit different in that the owner of the phone also wants the security hacked. I have no problem with that, as a one-off hack for the owner
-
But the problem is; who decides if it's for the good of the many?
New version: WinHeist Version 2.2.2 Beta
tomorrow (noun): a mystical land where 99% of all human productivity, motivation and achievement is stored.The courts. Just like getting a warrant for anything else. The authorities would have to prove "just cause" to obtain a warrant. If your spouse, child or parent were being held hostage and the authorities got the phone of one of the abductors, and it was hoped that information in the phone might help lead to their recovery, wouldn't it be worth it?
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
Actually they aren't asking Apple to unlock one person's phone. They are asking Apple to create software that can unlock that iPhone, which could then obviously be used to open any other iPhone or maybe any iDevice. If the government said they wanted to create a strain of Super Ebola transmittable through the air so they can study it. You know, just in case it naturally mutates that way we can be prepared. Don't worry we will keep it safe in just one lab in San Bernadino where only authorized scientists will have access. Would you be OK with that? There may be nothing useful in the phone at all. Everything that can fall into the wrong hands will fall into the wrong hands. Once that software is created, it will leak. Then every lost iPhone means that person loses every dime in their bank accounts. If a thief gets your phone they can log into your bank app and transfer funds. Even if you don't have the password saved, they can reset your password because your e-mail password is auto-saved. Heck it could even mean a huge spike in iPhone theft once the thieves have the tools to make so much more money from each stolen phone.
-
The courts. Just like getting a warrant for anything else. The authorities would have to prove "just cause" to obtain a warrant. If your spouse, child or parent were being held hostage and the authorities got the phone of one of the abductors, and it was hoped that information in the phone might help lead to their recovery, wouldn't it be worth it?
Just cause is a very broad term. I was pulled over in Texas and they searched me and the vehicle that I was driving because the officer said that my Garmin was obstructing my view. It was on the windshield under the rear view mirror just like thousands of other people. He stopped me because I had long hair and he just knew I was transporting drugs. In other words just cause is a fabrication, it can be anything.
New version: WinHeist Version 2.2.2 Beta
tomorrow (noun): a mystical land where 99% of all human productivity, motivation and achievement is stored. -
Just cause is a very broad term. I was pulled over in Texas and they searched me and the vehicle that I was driving because the officer said that my Garmin was obstructing my view. It was on the windshield under the rear view mirror just like thousands of other people. He stopped me because I had long hair and he just knew I was transporting drugs. In other words just cause is a fabrication, it can be anything.
New version: WinHeist Version 2.2.2 Beta
tomorrow (noun): a mystical land where 99% of all human productivity, motivation and achievement is stored.NOT so -- in the case of getting a warrant or court order. The authorities have to PROVE that just cause exists to a judge. In your case (which I'm sure happens a lot more than we realize), the officer "bluffed" just cause which may or may not have held up in court after the fact if the stop had been challenged. To get a warrant or court order - they start off in court proving their case
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
Everyone who really thinks Apple should provide the FBI with tools to access or unlock phones, should immediately turn off all locking and privacy features on their phones right now and leave them off forever. If you're not willing to do that, then you really don't want Apple to provide unlock tools to anybody, you're just not thinking things all the way through. Tools means an exploit must be present. They also set a precedent, with the expectation that those tools will continue to work, which means that the exploit must become a maintained feature of the product. What happens what that exploit is discovered by the bad guys? Will the FBI take responsibility and give up their tools so Apple can close the hole? Never.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
Ben Franklin:
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.
'nuff said.
There are two types of people in this world: those that pronounce GIF with a soft G, and those who do not deserve to speak words, ever.
Yup. I read a book about 1984... things were really screwed up back then. Hope it doesn't happen again.
Mark Just another cog in the wheel
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
A quick look through the many replies below seems to indicate most people have an immediate feeling that we want to be protected from terrorists so it is petty of Apple to "refuse to unlock this one phone" simply because they believe in privacy rights. I would suggest you know what is actually being required of Apple: The government has invoked a centuries old writ requiring the general cooperation of third parties in excecuting writs or orders of the court/government. It has invoked that general writ in this case to insist that Apple engineers write a new operating system for the iPhone that will remove the multiple password submit protection (i.e., remove the increasing delay of response and ultimate locking of the device on repeated password errors) so the government can try brute force cracking the password for the terrorist's phone (by running millions of attempts at the password in automatically until one works). To paraphrase a federal judge who refused to allow the use of th All Writs Act in that way in 2005, the government need only run this Hail Mary play if its arguments under the relevant laws fail to allow it to do what it wants to do (US Magistrate Judge Orenstein). This controversy will surely take years to resolve, since it will likely proceed to the US Supreme Court (which may not be fully staffed since the Congress apparently views the President's power to appoint justices as optional and politically inconvenient). Aside from the implications of demanding a business abandon a marketing feature or do slave labor for the government (and these do involve constitutional questions re 2nd and 5th amendments among other issues), you really need to slow down on this reaction that we want to be protected and what does it matter if the government can look at any and all of my communications (which they do anyway for the most part). There is a difference from being protected by law and being protected by the good will of a particular official of the government. We've come a long way from Patrick Henry's "give me liberty or give me death," the attitude of those who risked their lives that we might have a country like America. Now it seems to be, "to hell with liberty---I want to live at any cost." If you look at history you will see populations that made that decision always suffered severe consequences.
-
A quick look through the many replies below seems to indicate most people have an immediate feeling that we want to be protected from terrorists so it is petty of Apple to "refuse to unlock this one phone" simply because they believe in privacy rights. I would suggest you know what is actually being required of Apple: The government has invoked a centuries old writ requiring the general cooperation of third parties in excecuting writs or orders of the court/government. It has invoked that general writ in this case to insist that Apple engineers write a new operating system for the iPhone that will remove the multiple password submit protection (i.e., remove the increasing delay of response and ultimate locking of the device on repeated password errors) so the government can try brute force cracking the password for the terrorist's phone (by running millions of attempts at the password in automatically until one works). To paraphrase a federal judge who refused to allow the use of th All Writs Act in that way in 2005, the government need only run this Hail Mary play if its arguments under the relevant laws fail to allow it to do what it wants to do (US Magistrate Judge Orenstein). This controversy will surely take years to resolve, since it will likely proceed to the US Supreme Court (which may not be fully staffed since the Congress apparently views the President's power to appoint justices as optional and politically inconvenient). Aside from the implications of demanding a business abandon a marketing feature or do slave labor for the government (and these do involve constitutional questions re 2nd and 5th amendments among other issues), you really need to slow down on this reaction that we want to be protected and what does it matter if the government can look at any and all of my communications (which they do anyway for the most part). There is a difference from being protected by law and being protected by the good will of a particular official of the government. We've come a long way from Patrick Henry's "give me liberty or give me death," the attitude of those who risked their lives that we might have a country like America. Now it seems to be, "to hell with liberty---I want to live at any cost." If you look at history you will see populations that made that decision always suffered severe consequences.
Excellent commentary. Well written.
If it's not broken, fix it until it is
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
I'm not a hardware expert by any means but here's something I've been thinking of and wondering if this could be done: 1) dismantle the phone and connect the iPhone's storage chip(s) to an interface that can read the raw data of the chip(s) but would not be able to decrypt the data. 2) copy the encrypted contents of the iPhone's storage to another system and back it up as well. 3) hook up an iPhone emulator to the first backup and try entering unlock codes sequentially until the right code is hit. 4) if the emulator zaps the data then just restore from the backup and keep trying until the unlock code is found, then proceed to read the data. I'm sure there has to be a reason why no one else has suggested doing this before like you can't dismantle the iPhone without zapping everything in the phone. What do you all think?
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
Would it change your mind if they had the password from the backups of the device, but someone muffed it up and changed the password in the cloud? The reason why they don't have data on this phone - is that they didn't follow their own process. My understanding is that there is more to this than just Apple being difficult. Personally, I'm glad Apple has taken the stance they have. Remember Blackberry, around about the time they gave into Pakistan about data interception, their customers began to leave them in droves. Co-incidence? Maybe. Maybe not. Many government departments rely on the iphone security. How many would remain customers if it wasn't there.