Tim Cook responds to US judge ordering Apple assist FBI with unencrypting seized phone.
http://www.apple.com/customer-letter/
http://www.gizmodo.co.uk/2016/02/jud...ooters-iphone/
Thats quite a bold letter Apple have published on their webiste - a surprising glimpse of humanity from such a large shiny corporation (I havent formed an opinion on the matter yet though)
It's a fair observation.
The problem is that, left unchecked, terrorism is going to be the crux by which all right to privacy is completely eliminated. The terrorism threat has ballooned because of the terrible terrible policy decisions made by the US (and other) government(s) in recent decades.. so we should all be deprived of our rights to privacy, because of the bad decisions they made, and that we had no say about? I'd also argue our own government is doing plenty to support terrorism all by itself, such as cosying up with Saudia Arabia, and selling billions of pounds in arms to countries in the Middle East.
I don't have anything to hide really so it's no skin off my nose if they want to look through my pictures or emails frankly. But I think it's a dangerous road, and we stand to lose more than we gain by rolling over and letting the government do whatever they want.
Loss of privacy isn't going to fix the terrorism problem. Fixing the root cause of the problem is going to resolve it.
FWIW I think it's a pretty admirable stance Apple are making on this. But on the flip side of the coin it shows how much of a giant that company have become that they can stare down the FBI.
According to Wikileaks the NSA already has a back door into iphones (probably all in fact) so it may just be a token gesture anyhow.
Also a fair observation.
However, the 'privacy' in this case is largely irrelevant seeing as the phone owner is a) a known terrorist and b) deceased.
If unpicking the contents of this phone leads to prevention of another attack, albeit indirectly, then I am all for it. It would be setting a dangerous precedent, though, so props to Apple (I guess) for standing their ground, however pointless it is if the NSA indeed do have a means of monitoring everyone / everything.
I also have nothing to hide, but having just gone through the joys of 'mediation' following separation from my soon-to-be-ex wife I can understand that even having things as mundane as one's finances exposed to the world can be painful. I suspect it is practically impossible to live 'off the grid' in the modern world, so why not just embrace it and allow authorities the powers to weed out those that do pose a threat to society ?
The issue is not with this phone in particular. If you enable a back door it will necessarily reveal the encryption key and systems to the FBI. Once anyone has that key they don't need Apple or an OS update to break into ANY phone and it could be done as simply as through the user visiting a website or similar. Banking/financial apps, contactless payment systems etc for millions of phone users would all be at huge risk of hacking.
Apple are quite right to refuse, regardless of the reason given.
The encryption key will not be revealed.
As I understand it, the FBI want Apple to disable the mechanism that erases data after 10(?) failed password attempts and to enable an automatic method to enter passwords (10,000?) in a brute force attack.
I agree though that Apple are right to refuse. Once this facility exists I'm sure it will be regularly used.
This is why shining a laser at a plane should not be branded 'terrorism'. It unlocks pandoras box of infringing investigative approaches.
Apple are right to resist this, though the public nature of this suggests they know they will have their hand forced and want to at least have their opinion out there.
"Bite my shiny metal ass."
- Bender Bending Rodríguez
^
This. You can't trust governments any more than terrorists.
I think your point is entirely valid in terms of reasons for accessing the device. Maybe a dead terrorist, or perhaps a deceased relative, where getting access to the information would be important for a number of reasons.
Unfortunately, the 'authorities' have proven time and again that they cannot use those powers with even an ounce of responsibility. We only need to look at the leaks regarding the sort of things that the NSA and GCHQ are up to! And as soon as you even enable a back-door, no matter how secure, it gives malicious individuals (terrorists even) a route in for compromising the system.
Reads to me like an excuse, a disclaimer, before actually doing it. Hope I'm wrong of course and Apple do not 'have to' make a precedent in this matter.
Everytime additional snooping powers or curtailments of freedoms are announced by the U.S. and UK governements it is always to protect us from Terrorists and Paedophiles. We are becoming a totally surveiled society to a level that Cold War era Soviet Russia could only dream of achieving on the back of boogeymen.
Kudos Apple. Damn the Man.
Slightly off on a tangent, in the UK we already have the Regulation of Investigatory Powers Act 2000.
This act can force you to give over encryption details for your devices or be jailed.
The WIKI ENTRY (I know, I know!) shows the breadth of the legislation.
______
Jim.
I suspect that we're not being told the whole truth by either side here. Why bother amending the OS to enable a brute force attack. Although it's a long time since I coded, I can't imagine that it's any easier to do that than simply remove the password requirement during the OS update procedure.
The implication from what I've read is that Apple would create a custom OS for the FBI to install over the one in their captured mobile, which when normally done would wipe the existing one and existing data.
The simple truth is that if Apple accede, their 'fix' will be in the hands of the Russians within half an hour and terrorists an hour later.
Regardless of any opinion I've expressed on here about Apple, I'd bank commercial interests in secrecy above governmental ones any day.
Here's some clarification:
https://www.techdirt.com/articles/20...backdoor.shtml
Still dodgy. And stil not something I'd trust a government to be able to keep out of the hands of people who would abuse it. With current number processing available on today's graphics cards, brute-forcing a phone via a direct connection would take virtually no time at all as long as the passcode was under 15 characters (very likely).
Apple will do it and probably say that the FBI cracked it by themselves, win/win.
Eddie
Whole chunks of my life come under the heading "it seemed like a good idea at the time".
Cant the fbi send apple the phone, they unlock it. Download any info and send the info back to apple and then apple crush the phone,
Apple must have some " trusted employees " that could perform such a task ,
Smoke screen it seems to me but if true at face value i think apple should be allowed to protect there technology,
Hats off to Apple for standing up to the lizards.
It it was impossible to access data on locked/dead phones quite a few obscure outfits would be out of business. There is more to it than meets the eye.
More smoke and mirrors, the story will fade away with apple saying no, and doing yes.
I'm not convinced that'll be the case.
Reading the comments here, reinforce my own thoughts — http://www.rolexforums.com/showthread.php?t=459167
This.
Call me a cynic and a sceptic but I think Apple's stance on this is based on commercial and marketing strategy. This is a huge opportunity to give both their existing and potential customers a nice warm feeling; the knowledge that their treasured iPhone is secure and even the FBI can't crack our security.
Last edited by vagabond; 18th February 2016 at 09:55.
Let's see if they still say "NO" when there's the threat of some jail time.
Eddie
Whole chunks of my life come under the heading "it seemed like a good idea at the time".
Good for Apple.
But a rooted device (probably not iOS in practice) running your own encryption software is still likely more secure precisely because there is no company who can (ultimately) be strongarmed to unlock it in any way, either to bypass encryption or bypass automatic data deletion. In this case, it is Apple that is the weak link ultimately (no matter their ostensible good intentions).
tl;dr: Competent terrorists don't use Apple products (or at least don't rely on Apple's built in encryption or security tools). ;-)
** edit **
P.S. For similar reasons, competent terrorists don't rely on Microsoft's, Google's, or any other corporate entity's built in encryption or security tools. It's not just Apple.
Last edited by markrlondon; 18th February 2016 at 12:07.
Good for Apple.
Not too far removed from the Truecrypt story.
https://en.wikipedia.org/wiki/TrueCrypt#Legal_cases
An excellent piece of software which, rumour has it, the developer was coerced into ceasing development of by the US security forces. Of course Apple has a lot more money to throw at the problem.
(Is?) The sub story here is that a nation state cannot brute force the raw encrypted data.
I'm not sure if I am surprised at that or not. What is the cipher used?
"Bite my shiny metal ass."
- Bender Bending Rodríguez
The report I saw yesterday said that Apple's lawyers were confident that the action against them was illegal and unconstitutional and would be dismissed as soon as they took it to a higher court.
I suspect that this will blow over eventually ( and probably quietly) but not any time soon given the media frenzy.
The documentary on Edward Snowden ( with him in person speaking candidly) is also quite interesting if anyone wants to get some background on this.
The law enforcement agencies in the US are arguably more constrained by due process and adherence to the enshrined laws of the land that protect the individual than those in the UK. I know a few US law enforcement professionals and they are all completely dedicated to ensuring that the rights of the individual are protected within the absolute limits of the law. They are far from the mindless government sell swords of liberty that the media often depicts.
Snowden himself used to work for them.
It will be interesting to see what transpires.
It's a natural and understandable rumour but it has no persuasive evidential basis as far as I can tell -- not that anyone outside of the devs can really be sure. ;-) The rumour was, of course, effectively encouraged by the really weird way and very odd wording with which the developers announced the cessation of development (which realistically looked to have ceased several years earlier).
It seems more likely to me that they simply got bored of a product that was very difficult and time consuming to develop further, that ideally needed a re-write to modernise it, that needed (and still needs) a lot of work to get full system encryption to work with modern, large hard disks, and that had no source of funds coming in. In short, I think they grew up and got (probably well-paying) day jobs!
What with the code audit, it seems to me there was never much chance of the devs planting a backdoor in it that would not be found (e.g. a mathematically weakened algorithm would be seen), so it seems unlikely that the powers that be would have demanded such a thing. It would have been pointless (although I suppose that government agencies are not unknown for doing pointless things, of course).
The weakness of Apple's products, in comparison, is that there is already in effect a backdoor that Apple can be strongarmed into exploiting by the US government and, subsequently, any other government that wants to do it.
Well yes, but he did leave because they were acting both immorally and illegally, didn't he. ;-)
I am sure that many individual law enforcement personnel are as you describe, but corporately there might be a systemic problem (despite the fact that I do believe, as you say, that US agencies are more thoroughly constrained than are UK ones).
The problem with such constraints is that they come to be seen as obstacles to be worked around (hence things like UK-USA cooperation with legal sidestepping in terms of spying on each other's citizens).
Last edited by markrlondon; 18th February 2016 at 12:02.
The actual threat posed by islamic extremists to the west is massively disproportionate than the media scaremongering makes out. ( yes they have killed people I know that before anyone jumps in)
What is more worrying is certain sections of the government ( US or otherwise ) would use the actions of a handful of fanatics to sanction the deliberate weakening of laws that protect the individuals' right to privacy. These are the sort of laws that can be legally got around during times of war however that is not the case here despite the media and certain members of the government trying to convince society otherwise.
^^^ I fully agree.
No, it's that presumably the phone has 'erase data' enabled within the settings — meaning that after 10 attempts, it's gone.
There's more than sufficient capability to rapid fire the numerous passcode permutations, but there's a delay between attempts — something the court order asked to be removed also.
Yes I agree . And it doesn't help that self-interested politicians and individual powermongers insist on associating themselves with issues they seemingly have little appreciation or understanding of , beyond merely using them as a platform for their own publicity.
The whole antagonism towards the Islamic fanatics is predicated on them representing the polar opposite of the western societies that enshrine the rights of the individual above those of the state. The whole point of the democratic governments that we in the west are familiar with is to afford the maximum realistic amount of freedom to its citiziens to benefit the largest majority of people.
When governments start to use vague ideas of protectionism as an excuse to curtail practical aspects of freedom it renders them ideologically more aligned with the "enemies" that they claim to want to protect us from. They undermine their own position of moral correctness in how their society operates.
It end up being a zero sum game. We end up no better than the exagerated bogeyman fanatics that predicated all this in the first place. Start acting like the bogeyman and you become the bogeyman.
I have to say I've spent more time worried about some of the opinions expressed and acted upon by my own government and others in the west than I ever was by the potential to be killed by a terrorist. That is scarier than anything.
http://www.bbc.co.uk/news/technology-35595840
Without intending any disrespect to Lee Rigby's family , this is an example of the sort of unhelpful media jockeying that happens. I seriousy doubt that the person who made this article/interview gave two hoots as to the relevance or helpfulness of putting this together beyond readership.
The reason that we have voted in a system of justice that require impartial courts is because its patently obvious that its unfair to expect people who suffer terrible loss to make impartial clear decisions. I wonder if today the journos thought once upon this as they were slapping each other's egos about their audience figures over their boozy pub lunch.
In addition to other responses about removing the retry limits, it should be noted that it is in fact likely that even the NSA would be unable to brute force the encrypted data, as long as a decent password was used. However, most users more often than not use short, easily bruteforced passwords, and this is especially true on mobile devices due to understandable practicality reasons.
So if Apple can be forced to remove the retry protection, the odds are that the phone can be bruteforced, as long as the user chose a relatively short password. If the user did in fact use a long password (or passphrase) that has few easily findable words or phrases then the powers that be will probably still be stumped for the foreseeable future.
What's the betting that someone , somewhere will be displaying an apple logo with blood dripping off it in the next 24 hrs?