Reply
 
Thread Tools Display Modes
  #1  
Old 01-14-2020, 08:36 PM
davidmich is offline
Guest
 
Join Date: May 2012
Posts: 2,298

Which US laws make it impossible to force Apple to help the FBI to access a suspect's data.


Which US laws make it impossible to force Apple to help the FBI to access a suspect's data. Have there been any Supreme Court rulings on this matter? I look forward to your feedback.

But Apple on Tuesday disputed Barr’s claims they stonewalled the probe, claiming instead they gave federal authorities several gigabytes of information — including iCloud backups, account information and transactional data.
But the company indicated that it would not help the feds get into Alshamrani’s two iPhones.
  #2  
Old 01-14-2020, 09:04 PM
wevets is offline
Guest
 
Join Date: Mar 2000
Location: hobgoblin of geographers
Posts: 4,392
Since what Apple does is not illegal, isn't what you're really asking: Which US laws don't exist that would make the way Apple encrypts its phones illegal?
  #3  
Old 01-14-2020, 09:13 PM
Ravenman is offline
Charter Member
 
Join Date: Jan 2003
Location: Washington, DC
Posts: 27,489
There does not seem to be a particular law that clearly protects Apple from a court order to unlock an iPhone. The main problem is that Apple most likely is not capable of unlocking an iPhone without a very extensive amount of work — like, perhaps months or more of work, with no particular guarantee that it would be successful.

There is a dispute on whether the government order under the All Writs Act extends to being able to direct Apple to undertake such an activity. A court case in 2016 was set to decide the issue, but then the FBI found a third party which was able to crack into the locked iPhone. This meant that the Government no longer needed Apple’s assistance, so the case was dropped without a judge deciding on the law.
  #4  
Old 01-14-2020, 09:15 PM
Chronos's Avatar
Chronos is offline
Charter Member
Moderator
 
Join Date: Jan 2000
Location: The Land of Cleves
Posts: 86,406
The only way that Apple could help the FBI with what they're looking for is to change the operating system in such a way that they could access everyone's data. Most Apple users have not committed a crime, nor been accused of committing a crime.
  #5  
Old 01-14-2020, 09:19 PM
WildaBeast's Avatar
WildaBeast is online now
Guest
 
Join Date: May 2019
Location: Folsom, CA
Posts: 941
Quote:
Originally Posted by davidmich View Post
But the company indicated that it would not help the feds get into Alshamrani’s two iPhones.
From what I gathered from the last time this came up (was that the San Bernadino shooting?), it's not that they won't, it's that they literally can't break the encryption.

What they say the won't do is add a "back door" to allow the government to easily access the data on suspects' iPhones in the future. Their argument (which I agree with) is that there is no such thing as a back door that only works for the good guys. If they added such a feature like the government wants, eventually hackers will figure out how to access it.
  #6  
Old 01-14-2020, 09:22 PM
davidmich is offline
Guest
 
Join Date: May 2012
Posts: 2,298
Quote:
Originally Posted by wevets View Post
Since what Apple does is not illegal, isn't what you're really asking: Which US laws don't exist that would make the way Apple encrypts its phones illegal?
Thanks wevets. That is one way of asking.
As far as I know, there are certain privacy rights, but there are no general constitutional or statutory right of privacy. So do those privacy rights have no loopholes for the FBI/authorities to access someone phone if they are unwilling to unlock it? Is there any movement in the courts to introduce laws to enable the authorities to access smart device data that the divide owners are unwilling to provide in searches?
  #7  
Old 01-14-2020, 10:27 PM
Exapno Mapcase is offline
Charter Member
 
Join Date: Mar 2002
Location: NY but not NYC
Posts: 31,956
Courts don't introduce laws. Legislatures do.
  #8  
Old 01-14-2020, 10:31 PM
Ravenman is offline
Charter Member
 
Join Date: Jan 2003
Location: Washington, DC
Posts: 27,489
Quote:
Originally Posted by davidmich View Post
Thanks wevets. That is one way of asking.
As far as I know, there are certain privacy rights, but there are no general constitutional or statutory right of privacy. So do those privacy rights have no loopholes for the FBI/authorities to access someone phone if they are unwilling to unlock it? Is there any movement in the courts to introduce laws to enable the authorities to access smart device data that the divide owners are unwilling to provide in searches?
Once again: the main issue is technological, not legal. Modern encryption is almost like an unbreakable lock. Just because authorities may be provided the legal authority to open the lock does not mean it is possible to do so.
  #9  
Old 01-14-2020, 10:37 PM
wevets is offline
Guest
 
Join Date: Mar 2000
Location: hobgoblin of geographers
Posts: 4,392
Quote:
Originally Posted by davidmich View Post
Thanks wevets. That is one way of asking.
As far as I know, there are certain privacy rights, but there are no general constitutional or statutory right of privacy. So do those privacy rights have no loopholes for the FBI/authorities to access someone phone if they are unwilling to unlock it?

There's no law that requires Apple to build a phone with a way for the government to access the contents of the phone, much like there's no law that requires safe-builders to put in an extra hatch for government agents to get access. Does that help?
  #10  
Old 01-15-2020, 08:51 AM
davidmich is offline
Guest
 
Join Date: May 2012
Posts: 2,298
Quote:
Originally Posted by wevets View Post
There's no law that requires Apple to build a phone with a way for the government to access the contents of the phone, much like there's no law that requires safe-builders to put in an extra hatch for government agents to get access. Does that help?
Thank you all. Very helpful
  #11  
Old 01-15-2020, 08:59 AM
rbroome is offline
Member
 
Join Date: Jun 2003
Location: Louisiana
Posts: 3,558
To make the Apple case once again, though the OP has been answered, Apple's position is that once they develop the backdoor then it exists. Since it then exists, any country, the most prominent examples are the UK and the US, already have the legal authority to force Apple to secretly use that backdoor on any device the Government wishes. And to keep this action a secret. That destroys a key marketing value of the iPhone which is why Apple is opposed to this idea.
  #12  
Old 01-15-2020, 09:14 AM
Ravenman is offline
Charter Member
 
Join Date: Jan 2003
Location: Washington, DC
Posts: 27,489
Quote:
Originally Posted by rbroome View Post
To make the Apple case once again, though the OP has been answered, Apple's position is that once they develop the backdoor then it exists. Since it then exists, any country, the most prominent examples are the UK and the US, already have the legal authority to force Apple to secretly use that backdoor on any device the Government wishes. And to keep this action a secret. That destroys a key marketing value of the iPhone which is why Apple is opposed to this idea.
Apple goes further than that. A backdoor that circumvents encryption is not only a vulnerability to governments carrying out legal searches. The mere existence of a backdoor is a very serious security vulnerability that could (and most certainly will) be exploited by bad actors, from hostile governments to hackers to identity thieves.
  #13  
Old 01-15-2020, 09:37 AM
Saint Cad is offline
Guest
 
Join Date: Jul 2005
Location: N of Denver & S of Sanity
Posts: 13,785
Quote:
Originally Posted by davidmich View Post
Which US laws make it impossible to force Apple to help the FBI to access a suspect's data.
IANAL but lets back up a bit. In the United States, can a third party ever be forced to participate in an investigation? If the police need help opening a safe, can they force a locksmith (not a party to the investigation) to open it and if they refuse can the police arrest the locksmith for obstruction of justice?
  #14  
Old 01-15-2020, 10:04 AM
Ravenman is offline
Charter Member
 
Join Date: Jan 2003
Location: Washington, DC
Posts: 27,489
The type of assistance that comes immediately to mind is that telephone companies are required to provide technical assistance for authorities carrying out wiretaps.
  #15  
Old 01-15-2020, 10:06 AM
DrCube is offline
Guest
 
Join Date: Oct 2005
Location: Caseyville, IL
Posts: 7,540
The laws of mathematics apply in all countries. Apple couldn't unlock those phones if they wanted to. Even the FBI can't change that, no matter what the laws say.
  #16  
Old 01-15-2020, 10:12 AM
edwardcoast is offline
Guest
 
Join Date: Jan 2014
Posts: 1,200
Quote:
Originally Posted by Saint Cad View Post
IANAL but lets back up a bit. In the United States, can a third party ever be forced to participate in an investigation? If the police need help opening a safe, can they force a locksmith (not a party to the investigation) to open it and if they refuse can the police arrest the locksmith for obstruction of justice?
They could hire, but force? I don't see how.

In reality, they don't need to do this, because the government agencies have experts to do this. Therefore, there is already a backdoor to a safe. This is exactly the reason encryptions are designed this way and they encourage people to use long strong passwords, so no one else can get it.
  #17  
Old 01-15-2020, 10:21 AM
edwardcoast is offline
Guest
 
Join Date: Jan 2014
Posts: 1,200
Quote:
Originally Posted by DrCube View Post
The laws of mathematics apply in all countries. Apple couldn't unlock those phones if they wanted to. Even the FBI can't change that, no matter what the laws say.
Exactly. They can huff and puff all they wish about laws, but the technology will rule.

I believe this is political thing, that they want to be able to read anyone's secured data, and with the current administration I don't trust their leadership to have good intentions.
  #18  
Old 01-15-2020, 01:06 PM
Really Not All That Bright is offline
Member
 
Join Date: May 2003
Location: Florida
Posts: 68,513
Quote:
Originally Posted by Saint Cad View Post
IANAL but lets back up a bit. In the United States, can a third party ever be forced to participate in an investigation? If the police need help opening a safe, can they force a locksmith (not a party to the investigation) to open it and if they refuse can the police arrest the locksmith for obstruction of justice?
Quote:
Originally Posted by Ravenman View Post
The type of assistance that comes immediately to mind is that telephone companies are required to provide technical assistance for authorities carrying out wiretaps.
Those requirements are preexisting and derive from the federal government's authority to regulate and license telecom providers. There's no analogous legal authority for phone manufacturers, though in theory they could create a similar requirement for wireless carriers; that would basically force Apple to comply, or effectively shut them out of 90% of the new phone market (since most people buy or lease their phones from their carriers).
Quote:
Originally Posted by Exapno Mapcase View Post
Courts don't introduce laws. Legislatures do.
True, but courts do make law - just not by statute.
__________________
This can only end in tears.
  #19  
Old 01-15-2020, 01:07 PM
Wolf333 is offline
Guest
 
Join Date: Aug 2012
Posts: 1,211
Quote:
Originally Posted by edwardcoast View Post
Exactly. They can huff and puff all they wish about laws, but the technology will rule.



I believe this is political thing, that they want to be able to read anyone's secured data, and with the current administration I don't trust their leadership to have good intentions.


Also, with the current administration, the information regarding a back door most likely WILL get out.
  #20  
Old 01-15-2020, 01:33 PM
DPRK is offline
Guest
 
Join Date: May 2016
Posts: 4,337
Backdoors, accidental or deliberate, are already systematically exploited. The same NSO Group that the FBI consulted to crack some iPhones has infamously contracted with anyone and everyone; their spyware was used by the Saudi officials who tracked and murdered Khashoggi, for instance.

It's understandable that Apple may be loath to roll out backdoored versions of their software and hardware when the consequences of such are well documented.
  #21  
Old 01-15-2020, 01:35 PM
pigtwo is offline
Guest
 
Join Date: Apr 2019
Posts: 37
Quote:
Originally Posted by Ravenman View Post
A court case in 2016 was set to decide the issue, but then the FBI found a third party which was able to crack into the locked iPhone. This meant that the Government no longer needed Apple’s assistance, so the case was dropped without a judge deciding on the law.
I was under the impression that it was near impossible to crack it. How did this third party do it?
  #22  
Old 01-15-2020, 01:42 PM
DPRK is offline
Guest
 
Join Date: May 2016
Posts: 4,337
Quote:
Originally Posted by pigtwo View Post
I was under the impression that it was near impossible to crack it. How did this third party do it?
Obviously by exploiting a vulnerability (e.g.), probably several, not by accomplishing a computationally hard task. And I'll bet they didn't do it for free.
  #23  
Old 01-15-2020, 01:45 PM
Ravenman is offline
Charter Member
 
Join Date: Jan 2003
Location: Washington, DC
Posts: 27,489
Quote:
Originally Posted by pigtwo View Post
I was under the impression that it was near impossible to crack it. How did this third party do it?
There was a software issue that the third party took advantage of to prevent the phone from locking after the passcode was entered incorrectly ten times. With this exploit, which was particular to the model and that particular operating system that was installed, it look a matter of minutes for a computer to run through all the four-digit passcodes and find the right one. This is conjecture, but it sounds like this vulnerability was unknown to Apple at the time.

There are various articles now and then which show how particular iPhone models or versions of iOS have some very specific vulnerability to this attack or that attack. It's not as simple as "if I have a long password, math says it will take elventy jillion years to crack it."

But, Apple is certainly improving security all the time, so just because the FBI paid someone to crack an iPhone three years ago, doesn't mean the technique used then is possible today. It almost certainly isn't.
  #24  
Old 01-15-2020, 01:54 PM
markn+ is offline
Guest
 
Join Date: Feb 2015
Location: unknown; Speed: exactly 0
Posts: 3,028
It's important to understand that a 4 digit passcode is not secure by any stretch of the imagination, since it's vulnerable to a brute force attack that simply tries all possible codes. A mere 10,000 possible codes can be tested in a trivial amount of time by a computer, or even in a few hours by a person manually typing them in. There is no cryptographically strong security involved. The only thing that makes it secure is that the phone locks if you enter too many incorrect codes. Bypassing the lock completely bypasses the security imparted by the passcode. It would be easy for Apple to write an OS that does NOT lock the phone after incorrect tries, which to my understanding is what the FBI was asking for in the earlier case, and what Apple refused to do. There is no technological or mathematical impediment to doing it however.
  #25  
Old 01-15-2020, 02:09 PM
md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 15,357
Perhaps the best analogy would be - The perp has bought a waterproof safe from Acme Inc and dropped it somewhere in the ocean in the Marianas Trench. To find it, it only responds to certain pings known only to the buyer. It might or might not contain important details for an investigation. The FBI is asking Acme to figure out how to locate and retrieve this safe. They have to build a submarine to find the thing, and examine their plans carefully to determine if there's a way to bypass the ping code system, etc. Lots of effort, lots of cost, no reimbursement. Not them under investigation.

The government can (any government can) subpoena any information relevant to an investigation if a judge signs off that it is relevant enough. Apple has deliberately ensured that it has no method to extract information available. When someone figures out a loophole, it is fixed in the next version of iPhone. After all, the FBI who threaten to deport people or add them to the no-fly list if they don't inform on fellow Muslims, or assorted other TLA's (Three Letter Agencies) are boy scouts compared to some other countries who would also like to be able to compel Apple to crack iPhones. (Think Kashoggi). If Apple could unlock phones, then any country in which they do business could similarly compel them.

On top of that, any back door is basically an open door. If Apple can do it - or only the FBI - then how long before someone else figures it out? Or the keys get sold on the black market? Or the NSA shares this info with MI6 or Mossad and then it's out there and everyone knows. There's the old saying that if more than one person knows, it's not a secret.
  #26  
Old 01-16-2020, 02:37 AM
gotpasswords is offline
Charter Member
 
Join Date: Mar 1999
Location: San Francisco area
Posts: 16,487
Quote:
Originally Posted by DPRK
Obviously by exploiting a vulnerability (e.g.), probably several, not by accomplishing a computationally hard task. And I'll bet they didn't do it for free.
The FBI paid an Israeli company called Cellebrite $1.3 million to crack the phone via undisclosed zero-day vulnerabilities. It was an unpatched iPhone 5, and as a work phone, it had no useful information.

Back in the early 90s, there was a hardware encryption scheme developed by the NSA called Clipper that had a Law Enforcement Access Field, or LEAF. Took less than three years for it to be cracked and useless, so it was abandoned. The LEAF involved a 16 bit hash, which even in the mid 90s was not terribly difficult to break.
  #27  
Old 01-16-2020, 12:57 PM
Saint Cad is offline
Guest
 
Join Date: Jul 2005
Location: N of Denver & S of Sanity
Posts: 13,785
Quote:
Originally Posted by edwardcoast View Post
They could hire, but force? I don't see how.
So then isn't this the answer to the OP? We don't live in a police state and so no one can be forced to assist law enforcement?
  #28  
Old 01-16-2020, 01:59 PM
Elendil's Heir is offline
SDSAB
 
Join Date: Jun 2004
Location: 221B Baker St.
Posts: 87,488
In a democracy, whatever is not prohibited is permitted. In a dictatorship, whatever is not prohibited is compulsory.
  #29  
Old 01-17-2020, 11:23 PM
Colibri's Avatar
Colibri is offline
SD Curator of Critters
Moderator
 
Join Date: Oct 2000
Location: Panama
Posts: 43,907
Quote:
Originally Posted by edwardcoast View Post
I believe this is political thing, that they want to be able to read anyone's secured data, and with the current administration I don't trust their leadership to have good intentions.
Quote:
Originally Posted by Wolf333 View Post
Also, with the current administration, the information regarding a back door most likely WILL get out.
Moderator Note

Let's keep commentary about the present administration out of it, and stick to the actual legal and technical issues. No warnings issued.

Colibri
General Questions Moderator
  #30  
Old 01-18-2020, 03:45 PM
md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 15,357
Quote:
Originally Posted by markn+ View Post
It's important to understand that a 4 digit passcode is not secure by any stretch of the imagination, since it's vulnerable to a brute force attack that simply tries all possible codes. A mere 10,000 possible codes can be tested in a trivial amount of time by a computer, or even in a few hours by a person manually typing them in. There is no cryptographically strong security involved. The only thing that makes it secure is that the phone locks if you enter too many incorrect codes. Bypassing the lock completely bypasses the security imparted by the passcode. It would be easy for Apple to write an OS that does NOT lock the phone after incorrect tries, which to my understanding is what the FBI was asking for in the earlier case, and what Apple refused to do. There is no technological or mathematical impediment to doing it however.
No, the FBI had a locked phone and wanted Apple to figure out a trick to unlock it without triggering the "too many tries" threshold. As I heard it, after too many tries the phone erased itself - as in even the right code was useless. The FBI thought Apple knew some trick to bypass the codes. Apple claim (probably rightly) they didn't.

the Israeli company used so trick where with they had found that with the correct signal to the charging/USB port, they could somehow trick the phone into not resetting. Again, as each of there tricks are figured out, Apple removes that loophole in the next version. But they don't look for or design in back doors like that, so they don't know how to crack their phones. The other point was that when you plug a phone into a computer, you can back it up - that backup can be cracked. The problem with San Bernandino was that the phone hadn't been backed up for a long time.

So the FBI expected - last time and this time - that Apple had some ideas how to crack, and with the right R&D could come up with a crack. Apple said that even if they had some ideas how to crack it, they did not want to and they did not have to perform R&D in response to a subpoena.

The FBI is always looking for a poster child - good excuse to shame and possibly get courts to force Apple to cooperate. Next step, they could use the outcry to persuade congress to pass a law mandating backdoors. in the SB case, it was just some guy going postal on co-workers, with religious overtones. In this case, an actual Saudi (just like the 9-11 hijackers) went suicidal on US armed forces. How could Apple say no? How could Congress not support a law to force Apple to say yes?

Apple said no.
  #31  
Old 01-18-2020, 04:15 PM
markn+ is offline
Guest
 
Join Date: Feb 2015
Location: unknown; Speed: exactly 0
Posts: 3,028
That doesn't make sense to me. Of course Apple has a "trick" to bypass the codes -- they can modify the iOS code to create an OS that doesn't count login attempts or do the erasure. My understanding that this was what the FBI was requesting seems to be backed up by the Wikipedia article.
Quote:
As a result, the FBI asked Apple Inc. to create a new version of the phone's iOS operating system that could be installed and run in the phone's random access memory to disable certain security features that Apple refers to as "GovtOS". Apple declined due to its policy which required it to never undermine the security features of its products.
There was no R&D involved, it was probably a comparatively trivial change to the code.
  #32  
Old 01-18-2020, 04:34 PM
DSeid's Avatar
DSeid is offline
Guest
 
Join Date: Sep 2001
Location: Chicago, IL
Posts: 23,137
I'm curious about the question more broadly.

To my read the question is what power does the Federal government have to force private companies or citizens to give their time and resources in assistance of investigations?

The issue of how easy or difficult or even impossible such would be is secondary. Privacy protections from bad actors is important but to me is not the more basic point.

The government can force some private citizen action - minimally a refusal to testify can result in a contempt of court charge. Can a DNA analytics company that has technology better than the state be forced to do sample analysis for the state against their wishes? Even if it was just as simple as running the sample through their machines I don't think so. Am I wrong?

To what degree can private citizens and companies be forced to give their skills and time as involuntary draftees?
  #33  
Old 01-18-2020, 05:03 PM
dtilque is online now
Charter Member
 
Join Date: Jan 2000
Location: My own private Nogero
Posts: 7,433
Quote:
Originally Posted by markn+ View Post
That doesn't make sense to me. Of course Apple has a "trick" to bypass the codes -- they can modify the iOS code to create an OS that doesn't count login attempts or do the erasure. My understanding that this was what the FBI was requesting seems to be backed up by the Wikipedia article.
They could create such a version easily. Could they download and install it on the iPhone without first unlocking the phone? I would be surprised of they could. Doing that would require some kind of backdoor that Apple doesn't put in their phones.
  #34  
Old 01-18-2020, 05:24 PM
md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 15,357
Quote:
Originally Posted by dtilque View Post
They could create such a version easily. Could they download and install it on the iPhone without first unlocking the phone? I would be surprised of they could. Doing that would require some kind of backdoor that Apple doesn't put in their phones.
Exactly - That's the point. Apple can't access a locked phone. They can't force an iOS update onto a locked phone - needs user consent. They could modify the code so future phones could be unlocked, but unlocking an existing phone that's locked would take extra R&D since it was specifically designed to make that impossible.

So the FBI -

(a) demanded that Apple figure out how to bypass their built-in security despite that they had no method to do so at the time ...and..

(b) hoped to shame / scare / coerce them into making this possible for all new phones going forward.
  #35  
Old 01-18-2020, 05:41 PM
markn+ is offline
Guest
 
Join Date: Feb 2015
Location: unknown; Speed: exactly 0
Posts: 3,028
Do you have a cite for that? I'm not necessarily doubting it, but I see nothing in the Wikipedia article about needing to develop a never-before-used installation method. Wikipedia has a link to a technical analysis of the FBI order but unfortunately it's a dead link. I did read the order itself, which states that the new OS should be installable via "Device Firmware Upgrade (DFU) mode, recovery mode or other applicable mode". I don't know if any of these modes will actually work on a locked iPhone.
  #36  
Old 01-18-2020, 06:21 PM
DSeid's Avatar
DSeid is offline
Guest
 
Join Date: Sep 2001
Location: Chicago, IL
Posts: 23,137
As far as doablity there's this -
Quote:
... according to Dan Guido, CEO of Trail of Bits, a company that does extensive consulting on iOS security ...

... the particular operating system installed on this phone does not allow Apple to bypass the passcode and decrypt the data. So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won't be altered.

Note that even after Apple does all of this, the phone will still be locked, unless the government's bruteforcing operation works to guess the password ...

... The loophole is the fact that Apple still retains the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

How Doable Is All of This?

Guido says the government's request is completely doable and reasonable.

"They have to make a couple of modifications. They have to make it so that the operating system boots inside of a RAM disk…[and] they need to delete a bunch of code—there's a lot of code that protects the passcode that they just need to trash," he said.

Making it possible for the government to test passwords with a script instead of typing them in would take a little more effort he says. "[T]hat would require a little bit of extra development time, but again totally possible. Apple can load a new kernel driver that allows you to plug something in over the [Lightning] port… It wouldn't be trivial but it wouldn't be massive." ...
FWIW.

But does the government have to power to force a private company and its private citizens to do this work for them?
  #37  
Old 01-18-2020, 06:48 PM
markn+ is offline
Guest
 
Join Date: Feb 2015
Location: unknown; Speed: exactly 0
Posts: 3,028
Thanks DSeid, that makes sense.

This is the thing that puzzles me about the "please invent a security workaround" theory of what the FBI was asking. I've worked on boot-time security for a commercial product, in a company that takes security very seriously, like Apple does. If the FBI came to us and said please create a way to subvert your security without changing the code, I'd say you need to get someone else to work on that. We already HAVE tried to break our security, hundreds of times, in many different ways; in brainstorming discussions, thought experiments, real experiments, code reviews, etc. That's how we developed it. It is very unlikely that paying us to do part of that again is going to result in a way to break in. It seemed bizarre to me that the FBI would be putting so much importance on what is a very very long shot.
  #38  
Old 01-18-2020, 07:10 PM
DPRK is offline
Guest
 
Join Date: May 2016
Posts: 4,337
Quote:
Originally Posted by markn+ View Post
It seemed bizarre to me that the FBI would be putting so much importance on what is a very very long shot.
Put yourself in the FBI's position. You could either pay the Israelis $1.3 million (and who knows how much of that is even contingent on success), or you could try to intimidate some suckers into doing it for free, in which case it doesn't matter how long the odds are.
  #39  
Old 01-18-2020, 09:17 PM
md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 15,357
Huh?
Apple must create a special version of its operating system:
1) this must eliminate the "erase after 10 tries" provision from a version of iOS
2) this iOS must load into working RAM instead of the permanent storage unlike standard iOS updates
3) this iOS must boot off RAM instead of permanent storage.
4) this must be able to be loaded into the phone without active user consent
5) also create the ability to enter passcodes automatically via the USB (lightning) port.

(1) seems doable. Is (2) even doable? If that level of control of the iPhone exists deliberately, what protection is there? Why couldn't you just poke any program into RAM and have it execute and start dumping the entire RAM contents to the screen (say, in the equivalent of QR code to be diagnosed) Then (3)? How do you tell a running computer to reboot off something else if you can't get in? It's probably pretty deeply embedded in firmware how the computer boots, specifically to prevent this sort of hijack or wedge boot option in malicious code. Most OS's also prevent anything to be loaded and run with any sort of privilege or access outside its sand box unless explicitly given permission, so (4) would seem to be impossible. If the existing OS doesn't want to relinquish control, how would you bypass it? (5) seems to be the easiest part.

The problem is that only Apple has sufficient complete in depth knowledge (and documentation, and source code) to figure out if these steps are feasible. But as Markn+ points out, they've probably had brainstorm sessions galore and analyzed enough cracking software to determine what can be done to bypass their earlier systems - specifically to design in safeguards against all this that the FBI is asking. Guido seems to think they have the ability, but his job (and probably his consultant fee in all this) probably depends on asserting that Apple has this ability, whether they do or not.

Plus the concern about messing up the permanent storage contents. If the Apple permanent storage is like SSD's, does the storage manager rearrange contents to avoid overusing the memory chips so they don't start to "wear out" and drop bits? Thus you cannot safely and confidently push a new iOS into storage and be sure it goes into a "safe space" without the active participation of the existing system - hence the need to poke it into volatile RAM.

But..
Quote:
Put yourself in the FBI's position. You could … try to intimidate some suckers into doing it for free, ...
Yes, they old "If you don't help us then Apple is supporting Muslim Terrorists!" line.

Last edited by md2000; 01-18-2020 at 09:17 PM.
  #40  
Old 01-18-2020, 09:40 PM
KarlGauss's Avatar
KarlGauss is offline
Entangled
Charter Member
 
Join Date: Mar 2000
Location: Between pole and tropic
Posts: 8,664
nm

Last edited by KarlGauss; 01-18-2020 at 09:41 PM.
  #41  
Old 01-18-2020, 10:34 PM
smithsb's Avatar
smithsb is offline
Member
 
Join Date: Sep 2002
Location: mid-Pacific
Posts: 3,006
Perhaps a little astray; Many/most states have laws/statutes requiring a citizen to assist a police officer. Also that idea is in common law. wiki https://en.wikipedia.org/wiki/Refusi...police_officer

And we know now that Corporations are citizens.

IMHO [IANAL] Apple would have lost the case had it gone to judgement (and be bitterly fought to the Supreme Court). My supposition is based on the current extremist 5 to 4 slant in the court. Note that I believe the court is always conservative and Sylvia is the only one who could be considered moderate.

Had Apple lost, the company would have been economically devastated. Other countries would have outright banned Apple products due the the US having a backdoor [see Huawei banning by the US actions believing China has a backdoor]. Or, countries would have demanded Apple provide them with the backdoor to allow the company to continue doing business there. US consumers would have been pissed as well. The US government would have continued to pursue similar actions against any and all other phone/computer/software companies.
  #42  
Old 01-19-2020, 04:20 PM
Chronos's Avatar
Chronos is offline
Charter Member
Moderator
 
Join Date: Jan 2000
Location: The Land of Cleves
Posts: 86,406
[Moderating]

Since Colibri already had a note in this thread about not politicizing our answers, I'm going to make this a Warning for smithsb. The slant of the Supreme Court, if any, is not relevant to the factual questions under discussion here.
  #43  
Old 01-20-2020, 02:11 PM
iamthewalrus(:3= is offline
Guest
 
Join Date: Jul 2000
Location: Santa Barbara, CA
Posts: 12,253
Quote:
Originally Posted by smithsb View Post
Perhaps a little astray; Many/most states have laws/statutes requiring a citizen to assist a police officer. Also that idea is in common law. wiki https://en.wikipedia.org/wiki/Refusi...police_officer
Go read your cite. Almost all of those are piddly wrist-slaps at best, and almost certainly don't apply here because they refer to specific types of assistance in the heat of the moment. Like, if a police officer tackles a suspect and tells you to go call 911 for backup, or if they're rounding up a search posse you have to help. Nothing that covers generic "law enforcement can ask you to do anything at any time" power.

The California law allows for a max $1000 penalty. Even if you could somehow slap every single employee of Apple with that, it'd be a rounding error on their quarterly expenses.
  #44  
Old 01-20-2020, 02:43 PM
Ravenman is offline
Charter Member
 
Join Date: Jan 2003
Location: Washington, DC
Posts: 27,489
Quote:
Originally Posted by iamthewalrus(:3= View Post
Nothing that covers generic "law enforcement can ask you to do anything at any time" power.
Once again, courts never reached the merits of using the All Writs Act to compel Apple to provide the assistance because the phone was cracked before the case was heard.

There is not a clear answer one way or another is Apple could have been compelled to render the assistance thr FBI was seeking.
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:51 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright © 2019 STM Reader, LLC.

 
Copyright © 2017