Apple is dead wrong about IPhone security

this is exactly how I perceive it. As I understand it (and note that I’m in no way a legal-type person) is that past invocations of the All Writs Act has been towards phone companies for information which has passed through their networks. i.e. information which was placed into the company’s hands, so to speak. The most similar I can think of would be Apple turning over a user’s iCloud data stored on their servers, which they have done when presented with a court order. The data on a person’s iPhone is not in Apple’s possession and therefore the All Writs Act doesn’t apply to it.

It is an interesting issue, but couldn’t the defense simply state their client has forgotten the password, and never wrote it down? Whoopsy.

It’s fundamentally different. The FBI didn’t want to force Apple to hack it, they wouldn’t have had to go to Apple to do that, anyone with knowledge of cracking security could do that. What they wanted to force them to add a backdoor to the software with the intention of updating the software on just that one device, then use that backdoor to gain access. This isn’t just taking advantage of whatever security vulnerabilities already exist, it’s actually CREATING a security vulnerability.

The reason this is different from, say, subpoenaing the contents of a file cabinet or even requiring a password for an encrypted drive (which I don’t agree with either, but that’s not really relevant) is that it still only applies to that ONE device. The best way I heard it put, so I’m going to steal the quote, is there is no such thing as a backdoor only the good guys can use.

What happens if the government decides to use that backdoor one people without due process? The uproar over warrantless wiretaps is still fresh in my mind, and this would be analogous. Or, worse, what happens if that backdoor falls into the hands of nefarious individuals? Significant portions of people have personal information that could be used for nefarious reasons (eg, “The Fappening”) or for identity theft, not to mention that iPhones are used for remote email for the government and a lot of corporations, so now there’s serious national security implications and risks of corporate espionage.

To make a more accurate analogy would be like, rather than asking a locksmith to crack a safe because the person who knows the combination is dead, would be to go back to the safe manufacturer and have them not only build in a way to remotely reset the combination to all future safes, but push that to all existing ones too (putting aside that retrofitting old safes is much harder than patching software). Would you actually trust important documents to a safe that someone you don’t know could change the combination on without your knowledge? HELL NO!

Apple ABSOLUTELY made the right call from a security perspective. I’d have been fine IF the FBI had just asked for some help cracking it, or maybe asking for a bit of help identifying potential vulnerabilities that might have been have existed in that phone’s version of the software that were not publicly documented (after all, chances are hackers probably knew most of them anyway). But it is ALWAYS bad practice to deliberately build in backdoors.

And, hell, I loathe Apple products, I’ve never owned nor do I plan on ever owning one of their products., I only have an iPhone for work because it’s required and there’s no Android alternative. I’m about as anti-Apple as someone can get, but I still applaud Apple for taking the right stance here, and I’m glad to see that the industry, no matter how bitterly they compete, is essentially unanimous in backing their stance. I think that consensus goes a long way in showing how serious and how disturbing the request from the FBI was.

Blaster Master sums up the issue quite well. I quoted a small part of it. I agree the FBI overstepped by demanding a back door. Apple should have offered to crack phones (with a proper Warrant) for the FBI and not reveal what techniques they were using.

This is a thorny problem. Even for consumers. What happens if you get locked out of your own phone? All your important business docs and your appointment calendar is in that phone. You’re screwed unless you know a really talented hacker.

Security encryption is getting better and better. At some point the good guys that are trying to keep us all safe may not be able to crack it. I’m not sure what we’ll do then.

Some of us will recognize that the greater long-term large-scale risk to human happiness and human safety is not criminality or rogue violence. It’s government power misapplied to population control.

If we can prevent the catastrophe of overpowered government, the rest is trivial.

They can state that, but what happens isn’t quite so simple.

If the judge doesn’t believe them, the judge may be able to hold the defendant in contempt pretty much indefinitely until the defendant produces the password. Which is certainly awkward if you have actually forgotten your password.

It’s also possible that you can’t legally be ordered to provide your password because it counts as self-incrimination, although that’s sort of an open question as well. In some cases, judges have ruled that the password itself is not incriminating, and the documents they’re trying to decrypt aren’t self-incrimination.

Obviously, the best path is to choose a passphrase that is itself an admission of a crime you have committed, so that you can unequivocally claim that you can’t reveal your password without self-incrimination*

*This is not actual legal advice and probably will not work.

That is not an option if the contents of the phone are to be used in legal proceedings, for obvious reasons:

They did use burners – their personal cell phones were trashed to the point where the Feds don’t even know the phone number or what network they were on. Realistically, there isn’t going to be any information on the employer-issued iPhone (which makes it safe for the Feds to say “yeah, we cracked in” as a final FU to punish Apple for definance without needing to actually do so).

Yes. But the judge who is deciding the contempt hearing is in charge of evaluating the credibility of that claim may not find it credible.

The path around that is to eliminate the incrimination that arises from the fact of knowing the password.

In other words, the prosecution can’t argue, “Clearly the accused knew this material was there, because he had the password that unlocked it.” But the offending material itself is admissible.

I still do t think you are getting the issue.

The only way to securely secure documents against anyone with technical know how is unbrakable encryption.

The key used to encrypt the info is unbrakable against normal brute force. The only reason that it can be broken - is that the key if combined with the users password to encrypt the documents. Apple hardware is specifically designed to make these guesses take longer and longer and to lock out the phone completely after 10 guesses.

It is not possible for Apple to unlock the data unless they defeat both the “make things take longer and longer” or “defeat the auto lock feature” - if they have engineers working on that, then it is makes their iphone much less valuable.

I forget the price, but some Israeli company was able to do this and got a contract for the FBI for I think millions.

Any developer on the team would be able to walk out of the company with something worth millions.

They were being specifically asked to either find weaknesses in their product or to go extraordinary lengths to make a new software version that could be stolen or hacked.

This is unprecedented.

The legislature had previously in the 90s in Calia or whatever it was called considered stuff similar like this and then decided against it.

What the FBI was asking them to do - if successful - would have forced Apple to basically announce to the world:

Hey - all that security we promised you - we put five guys on it and now we will only let it be used when really important - trust us. And they would have taken a financial hit of millions if not billions of dollars.

It’s the governments job to catch people. They have tons of resources that weren’t available even a decade ago. Location data, license plate scanners, facial recognition, ,meta data galore - heck Facebook is a boon to law enforcement.

Even every piece of regular mail you send is scanned (envelope).

The idea of law enforcement going “dark” is beyond ridiculous.