I'm no Apple fan, but...

Story: Encryption isn't at stake, the FBI knows Apple already has the desired keyTotal Replies: 34
Author Content
dotmatrix

Feb 21, 2016
7:20 PM EDT
There is so much misinformation regarding this controversy. It's painful to watch as so-called 'experts' pretend to know what is or isn't at stake.

This current controversy has nothing whatsoever to do with encryption or keys or breaking everyone's security or creating a government backdoor into everyone iPhone.

This ARS report is one of the closest I have read to being mostly accurate.

I have no love for the police or mass collection of data or government backdoors into all persons digital lives. And, in this case, the government is not requesting any of that. Apple is out of line, and will lose their protest. And I agree that, in this case, Apple has put marketeering before citizen safety and the public good.

Before commenting, it's a good idea to read the government's latest filing:

http://www.scribd.com/doc/299796180/Department-of-Justice-motion-to-compel-Apple-to-work-with-FBI

And then also to read about how ecryptfs works:

https://wiki.archlinux.org/index.php/ECryptfs

And then think about the government request as analogous to trying a passcode which unwraps the passphrase -- which then accesses the crypto key stored on the local device for decryption.

Once you see the connection, it will become quite clear that iPhone's everywhere are not going to be at risk of being an open data link to the government.
notbob

Feb 22, 2016
12:09 PM EDT
think everyone is missing the point. That point being, some corporation is finally telling the US govt, "we will do what we want" . Oh, the gen pop has been watching it happen fer yrs. Big corporations infiltrating the govt (USDA, FDA, etc) to keep their business interests on track and the gen pop ignorant (Monsanto, Halliburton, etc). We're talking the tobacco's industry's playbook, dummies!

Now, finally, one big corp is telling our US govt to "eff off". Apple is not expecting to load the FCC with pro-Apple ppl or pay any of its millions to stupid politicians, They're jes telling the govt --a govt of laws (snicker)-- we are above the law. We do not have to submit cuz it will upset our user base. IOW, kinda like what big Ag and big Pharma have been telling the consumer, fer yrs, and the govt parroting their every word.

Well now, since the govt is not getting any insider access or even plain ol' dirty lucre, Apple's stance is an affront to our "govt of laws" and our politician's pockets.. Unless a whole lotta money changes hands, real quick, our govt may tend to become a bit perturbed by Apple's, "let's see you make us", attitude on this issue. I mean, it's one thing to manipulate our govt with blatant cronyism and dirty lucre, but to jes throw out a "no", with no explanation or at least a little "dirty lucre". That's not how things are done, here!

Regardless, this is gonna be real fun to watch.
jdixon

Feb 22, 2016
1:06 PM EDT
Apple doesn't want the precedence set that the government can demand they take any actions required to decrypt a phone at the government's request. That's essentially what the government is demanding. I can't really argue against that, regardless of the merits of any individual case. Especially as it was the government's fault these people were in the country, not Apple's.
number6x

Feb 22, 2016
1:15 PM EDT
Apple has repeatedly said that they will cooperate when they get a court order or a law stating what they should do.If the court order or law is vague, Apple may appeal the order or go to Court over a vague law.

Apple is merely engaging in some legal CYA. They are not rolling over without being given some cover to defend themselves from lawsuits that will follow from users.

The ARS article linked by dotmatrix is pretty good, but I'd love to still have Groklaw for issues like these.
skelband

Feb 22, 2016
2:00 PM EDT
> Apple has repeatedly said that they will cooperate when they get a court order or a law stating what they should do.

It is my understanding that the FBI do have a court order.
number6x

Feb 22, 2016
4:05 PM EDT
Apple is challenging that the order covers what the FBI wants. Apple already offered to help the FBI get all of the information automatically backed up on iCloud. It has turned over all it has backed up. The phone was last backed up a few weeks ago and the latest data is missing.

Apple also suggested that the FBI put the phone in range of a wifi system that the phone is set to trust for a few hours, the phone would connect, sync a new back up, and then Apple could turn over the latest data. This didn't work. At first Apple was 'mystified'. After investigating it found that someone had changed the suspect's icloud password after the investigation started. This prevented the phone from syncing with iCloud, because the phone needs to be un-locked so the password can be updated to the new password in order for the sync to happen.

It turns out that someone at the County Health Services (the suspect's employer) reset the password at the FBI's request! http://arstechnica.com/tech-policy/2016/02/apple-we-tried-to...

So the FBI would already have most of what it wants, if it didn't screw up!

Apple turned over what it has, that it believes is covered by the court order. Apple is not willing to do what it believes is not covered. Get a court order to cover what else is needed, and show that it is legal, and Apple will do more. As long as the T's are crossed and the I's are dotted, Apple will gladly give your private data to the FBI.

This isn't a fight over individual rights and privacy as much as it is some kind of dog and pony show.
skelband

Feb 22, 2016
4:34 PM EDT
@number6x

Wow, what a litany of screw ups! Thanks for that summary.
dotmatrix

Feb 22, 2016
7:02 PM EDT
@number6x and skelband:

There may have been a good reason to have the iCloud account password reset. One really good reason is to lock out any potential deletions of data by an unknown other party who may have had instructions to delete, modify, or access the account after the attack.

It seems that an awful lot of people are making spurious and incorrect claims while appealing to the emotional masses.

The reality is:

The code modifications required to give the FBI what it is requesting are most likely very minor, akin to a few hours of work by a few engineers. The code signing process is quite simple, and that's almost the only part the FBI can't do themselves. If you take the time to read through the links I posted, you'll see that the government has offered to pay for any software development time and has limited the scope of the work to this singular phone and has also told Apple that Apple can retain complete custody of the custom code while giving the FBI remote access to the phone to try passcodes.

In light of the events, past legal rulings on third party participation in assistance in gathering evidence, and the likelihood of the phone containing time sensistive material which may save American lives and possibly lives in other countries as well --- I strongly say that Apple is well out of bounds and the general public's reaction has been inappropriate.

I understand that this post will probably not make me popular -- however, that doesn't make it incorrect.
gus3

Feb 22, 2016
7:26 PM EDT
Having worked in InfoSec, I know one thing for certain:

There is no master key.

Apple is too big a company, with too many people having access to too many different parts of the software, to take that risk. People aren't perfect, people aren't incorruptible. The only way to guard against the high risk of just one person giving in to temptation, is to make sure there is no master key. A centralized safeguard is just a single point of failure: compromise that, and it's game over for the entire system.

For Tim Cook's part, if he weren't saying what he's saying, there would be a stockholder revolt by next weekend. iPhone/iPad/iWhatever users may be Apple fanbois, but the Apple brand has value. Part of Cook's job is to protect the value of that brand. Giving in, just one time, sets a bad precedent, and all present and future trust of Apple evaporates.

And, dotmatrix, I suggest you watch the movie Minority Report. Because that is what you are advocating.
dotmatrix

Feb 22, 2016
7:40 PM EDT
>And, dotmatrix, I suggest you watch the movie Minority Report. Because that is what you are advocating.

I've seen the movie. Great movie. About the only Tom Cruise movie I can stomach. I don't understand the reference here.

>There is no master key.

This is somewhat correct and somewhat incorrect. There are multiple keys in the discussion.

There's the code signing key. And that belongs to Apple and never leaves Apple.

There's the user data encryption key. And that is generated on the phone and never leaves phone. And there is not master key for the user data.

The FBI wants Apple to write about 10 lines of code, sign that code, and copy to the specific phone. Apple is the only party that can accomplish this task because they own the code signing key.

By definition, the requested solution has one and only one application and is categorically not a 'backdoor'. Furthermore, the whole thing might not even work if the dead owner of the phone used a lengthy alpha-numeric passcode.

Now... if the FBI was requesting that Apple hand over the code signing key... that's another story altogether.
jdixon

Feb 22, 2016
8:13 PM EDT
> The code modifications required to give the FBI what it is requesting are most likely very minor, akin to a few hours of work by a few engineers.

Immaterial. It sets a precedent Apple doesn't want set.

> ...you'll see that the government has offered to pay for any software development time

Also immaterial. This isn't eminent domain.

> Now... if the FBI was requesting that Apple hand over the code signing key... that's another story altogether.

And yet it would far closer to within their rights that what they're attempting.
dotmatrix

Feb 22, 2016
8:30 PM EDT
@jdixon:

There is already precedent. There was a crime committed. There is evidence locked away somewhere. LE needs assistance to get to the lock.

Sorry guys and girls, this is an open and shut case. The government's argument is not only based on years of evidence gathering, but is the same method that has been used throughout much of the modern era.

Again, I encourage everyone to read the 20 some odd pages of double-spaced wide-margin actual government written text here:

http://www.scribd.com/doc/299796180/Department-of-Justice-motion-to-compel-Apple-to-work-with-FBI

The argument has zero applicability to encryption or backdoors or mass data gathering or setting some 'new' precedent for requiring a company to help the government gather evidence. In fact, if the government's argument is shut down by the courts that would set a new precedent.
jdixon

Feb 23, 2016
5:34 AM EDT
> There is already precedent.

Apple obviously doesn't agree. And they have the money and lawyers to fight it, so that's what they're doing. That's what the court system is for.
dotmatrix

Feb 23, 2016
8:00 AM EDT
> There is already precedent.

>>Apple obviously doesn't agree. And they have the money and lawyers to fight it, so that's what they're doing. That's what the court system is for.

AFAIK Apple as not responded within the legal system as to the government's claims that precedent has already been set and agreed on by the courts since at least the last '70s. Thus making Apple's position pandering and posturing and not a legal argument against compelling a third party to assist in evidence gathering.

However, I've stated my arm-chaired thoughts -- and while it all seems logical to me, only time and the courts will shine light on the solution.
jdixon

Feb 23, 2016
8:57 AM EDT
> AFAIK Apple as not responded within the legal system...

You rally think Cook would risk a contempt of court charge? They'll file whatever paperwork is necessary. In the meantime they'll be trying to sway public opinion and delay as long as possible.
dotmatrix

Feb 23, 2016
9:23 AM EDT
>In the meantime they'll be trying to sway public opinion and delay as long as possible.

My point is: In order to sway public opinion, Apple needs to argue that the government was wrong when the courts indicated that POTS phone company of the 1970s were required to install government requested changes to the system in order to collect evidence.

>You rally think Cook would risk a contempt of court charge?

I have no idea, I'm not him and I don't work for Apple and I'm not a decision maker for Apple. I do know that companies and individuals make silly and/or illogical errors in life. I really don't see how Apple wins in court with their argument as presented in the Cook public letter. About the only way Apple may 'win' would be:
  1. to convince an Appeals court to side with them... probably will not happen
  2. and then push the appeal to the divided SCOTUS... might happen anyway
  3. which then votes 4-4... somewhat likely, but definitely not definite
  4. which would mean that the lower court favorable appeal stands
  5. but without precedent.
jdixon

Feb 23, 2016
1:23 PM EDT
> I really don't see how Apple wins in court with their argument as presented in the Cook public letter.

Cook's not their lawyers. :) They'll be the ones working on the court case, not him. Let's let the system work it's way through and see what happens.
linuxscreenshot

Feb 23, 2016
2:52 PM EDT
DOJ now wants in to 12 more iPhones. Who couldn't see this coming?
dotmatrix

Feb 23, 2016
3:47 PM EDT
>DOJ now wants in to 12 more iPhones. Who couldn't see this coming?

If the phones may contain evidence related to a crime and there are valid search warrants, then I don't see a problem.

The abuse of power is when there is no warrant and/or the phone has not been used in a crime.
jdixon

Feb 23, 2016
4:51 PM EDT
> The abuse of power is when there is no warrant and/or the phone has not been used in a crime.

Have you looked into the FISA warrants fiasco? A warrant is supposed to have strict court scrutiny. The FISA court is effectively a rubber stamp on whatever fishing expedition the current administration wants to pursue.
dotmatrix

Feb 23, 2016
5:03 PM EDT
>Have you looked into the FISA warrants fiasco? A warrant is supposed to have strict court scrutiny. The FISA court is effectively a rubber stamp on whatever fishing expedition the current administration wants to pursue.

And this is the problem... you can't win an argument about a specific case by applying a generalized bogeyman.

Is the specific FBI warrant a FISA warrant?

Are any of the 12 'newly found' warrants FISA warrants?

Are any FISA warrants not simply a rubber stamp on fishing expeditions?

Are at least some of them valid and in the public interest?

One can argue that restraint of power is a good thing -- but total abandonment of state power is a mistake.

The police are not on your side, but if you are the victim of a crime -- who else you got?

"Search and Seizure" is a valid state power. And when exercised properly with restraint is definitely in the public good.

And Apple is wrong to argue that this particular case is an abuse of that power.
jdixon

Feb 23, 2016
6:31 PM EDT
> And this is the problem... you can't win an argument about a specific case by applying a generalized bogeyman.

I wasn't arguing a specific case. I was arguing the general case I quoted in my response. A "legally issued" warrant can still be an abuse of power.

> Are any FISA warrants not simply a rubber stamp on fishing expeditions?

You'd have to ask the people who are authorized to see them. The general public isn't.

> Are at least some of them valid and in the public interest?

Based on the limited evidence that has been provided to me, I'd have to say no.

> The police are not on your side, but if you are the victim of a crime -- who else you got?

In our world today, I have far more to worry about from the police and government that I do from any criminal. It's a sorry state of affairs, but it's the world we live in.
dotmatrix

Feb 23, 2016
7:09 PM EDT
>In our world today, I have far more to worry about from the police and government that I do from any criminal. It's a sorry state of affairs, but it's the world we live in.

I'm not so sure this could possibly be accurate.

In my own life, I have suffered far more at the hands of my fellow citizens than I have at the hands of Law Enforcement. I have suffered far more at the hands of corporations than at the hands of my government.

  • I have had my expensive property stolen by other citizens.
  • I have had my life threatened by other citizens.
  • I have had my personal information held unprotected by corporations.
  • I have had my personal information stolen from the shoddy protections of corporations.
  • I have had my personal freedom held at risk through knowingly untruthful statements by other citizens.
  • I have been insulted and ridiculed by other citizens.


Meanwhile...
  • I have been given a fair shake by the government when it was my 'turn' to get the speeding ticket on the highway filled with speeding cars.
  • Police and detectives listened to my identity theft story and apprehended the criminals.
  • Police and detectives listened to my side of the untruths told about me in other cases, and could easily see that my story was correct.
  • In more than 85% of my various brushes with the law, I have been treated fairly if not kindly.


Of course, I'm white... so my treatment history may be biased. However, it has been my experience that government and law enforcement are generally not the problem. And certainly, my fellow citizens have inflicted far more pain, suffering, and damage to me than the government or law enforcement.

This is not to say that "I don't care about privacy because I have nothing to hide." ... I think that's also a mistake.

This is not to say that the police on your side either. I don't believe that to be true... but even mass murders generally get their day in court -- even if the accused is innocent and being targeted by the DA because the DA wants an upgrade in career.

The idea of America [post-racist, slave owning, mass-murdering Columbus] was to create a government that was less corruptible, but still effective...
linuxscreenshot

Feb 23, 2016
7:17 PM EDT
Quoting:The police are not on your side


The government steals our hard earned money, through taxes, to pay the police to protect that same government.

The government now wants into our personal devices to find people that don't like the government, for doing things like stealing from us.

Don't pay your taxes and the police are sent by the government to put you in a cage.
dotmatrix

Feb 23, 2016
7:21 PM EDT
>The police are paid with our money (taxed earnings) to protect the government. How much more perverted can it get?

The police are paid to 'serve and protect' ... this does not translate into 'to forgive and forget.'

If a crime occurs, the police are paid to find and punish the criminal... even if that criminal happens to be a taxpaying citizen.

***Edit: I can't hit the moving target.... should I refashion my posting to match the reworded one above?

I suppose my ideas are anomalous... agree to disagree and so forth.
linuxscreenshot

Feb 23, 2016
7:31 PM EDT
Quoting:The police are paid to 'serve and protect'


Most police are out looking for people 'committing' victimless crimes, like driving too fast, or smoking a non government approved plant, so a fine can be paid, in turn to keep the police funded. This is why most violent crimes are not convicted.

The government wants into iPhones to find people plotting against them.
linuxscreenshot

Feb 23, 2016
7:44 PM EDT
The government likes to get it's foot in the door, like they did with a 1% income tax. Since that door was opened look what has happened to us.

Now they want into our private devices. Once they get in, and they will, eventually backdoors for the government will become mandatory across all devices.
dotmatrix

Feb 23, 2016
9:36 PM EDT
@linuxscreenshot:

There was a prior call for me to see the movie "Minority Report" ... you should watch "Cube" ...

http://www.imdb.com/title/tt0123755/

And if it's OK to post youtube stuff... here's the apropos line:

https://www.youtube.com/watch?v=o4HdF1lqVVw

BTW: Once upon a time I was a government engineer... perhaps my work was part of the real Cube

= þ
cybertao

Feb 24, 2016
7:37 AM EDT
Can't say I'm convinced by anti establishment based argument with a Tom Cruise movie (that was an aweful interpretation of Philip K Dick's story) for a reference.
linuxscreenshot

Feb 24, 2016
10:11 AM EDT
Quoting:BTW: Once upon a time I was a government engineer


Are you saying you have some insider information that guarantees the FBI has honourable intentions this time around, and is not again interested in monitoring our mobile devices.?

Don't be naive.

Do you really think this case may go to the supreme court just so the FBI can get into this one phone, when they already have plenty of other incriminating evidence? It's most likely the FBI wants into this iPhone - wait, now it's 13 iPhones, so that a precedent is set, so it can next get into all phones and devices, including Linux based ones :(
jdixon

Feb 24, 2016
11:37 AM EDT
> I'm not so sure this could possibly be accurate.

I can only wish you were correct. But more detailed discussions would derail us into TOS violation territory, so we'll have to let both assertions stand and let people research for themselves to make up their own minds. The information on government abuses of power is fairly easy to find, as are the crime rates in various areas. I should note that I live in a very low crime rate area (city data crime index of 39.5 in 2007, versus a national average of 319.1, and that's the highest rate in the prior 5 year period).

> I suppose my ideas are anomalous... agree to disagree and so forth.

Not really anomalous, no. Misinformed, perhaps, but even that is debatable. But agree to disagree, certainly. It's not like I'm always right.
dotmatrix

Feb 24, 2016
11:43 AM EDT
>Are you saying you have some insider information that guarantees the FBI has honourable intentions this time around, and is not again interested in monitoring our mobile devices.?

Whether the FBI is interested or not in monitoring citizen mobile devices, the actual paper document that the FBI wrote contains a request which does not provide for that capability.

>Don't be naive.

I'm definitely not naive.

>Do you really think this case may go to the supreme court just so the FBI can get into this one phone, when they already have plenty of other incriminating evidence?

The phone may contain information which may help to solve other crimes and/or prevent other attacks. The FBI is not looking for evidence of the current crime -- the bullets, guns, explosives, and dead people provide enough of that. The FBI is looking for information about possible unknown accomplices and/or activities about other terror cells.

>It's most likely the FBI wants into this iPhone - wait, now it's 13 iPhones, so that a precedent is set, so it can next get into all phones and devices, including Linux based ones :(

I'm sure the FBI probably has a growing stack of phones to search. I don't think this is any more of problem than the FBI having a growing stack of any sort of other kinds of evidence of crimes.

What exactly are you asking the FBI to do or not to do?

If there ever was a legitimate use for the FBI, it would be to investigate crimes of the sort and magnitude of San Bernardino. As I wrote earlier, the legal framework for the FBI's request has been in place since at least the 1970s -- so either you gotta say that that framework is wrong and go back to vacate those legal decisions, SCOTUS opinions, and legislation -- or you gotta say that the framework is valid for the FBI's current request.

BTW:

In my opinion -- and again this going to be controversial -- it is the individual citizen's responsibility to protect personal information. There are hard lessons to be learned, but corporations can not be and should not be trusted to provide that personal information or data protection...

A corporation is essentially an instrument of the state. Although, some people may argue it's the other way around -- that government is an instrument of the corporations. However, if you have an iPhone and are using its transparent encryption option - you are not protecting your data and Apple can not and should not protect your data from lawful and warranted access by LE. Doing so, in an active way, makes Apple an accomplice to the crime.

If, on the other hand, you as a private citizen encrypt your own data with your own key and do the key management correctly -- you can protect your data and cannot be made to provide the key for the data. You, as a private citizen, have the right not help LE and not provide self-incriminating information. However, corporations are under a different set of laws regarding your information.
jdixon

Feb 24, 2016
11:53 AM EDT
> What exactly are you asking the FBI to do or not to do?

The people who made the decisions that allowed these people into the country in the first place share much of the blame. Why are they and the government agencies involved not being investigated and forced to provide the documentation about their decisions?
dotmatrix

Feb 24, 2016
12:02 PM EDT
>> What exactly are you asking the FBI to do or not to do?

>The people who made the decisions that allowed these people into the country in the first place share much of the blame. Why are they and the government agencies involved not being investigated and forced to provide the documentation about their decisions?

Now that's something I can agree with...

However, I think that discussion will definitely go over into the political realm... In the encryption debate, I can at least call out "It's all about FOSS... see GPG? see openssl?" ... etc...

As far as vetting foreign persons entering the country: Hindsight is always 20/20 or at least 20/40... Foresight is generally around 20/200. Crimes are going to happen.
jdixon

Feb 24, 2016
2:10 PM EDT
> However, I think that discussion will definitely go over into the political realm

You think? :) But you asked, so I answered. I don't plan on going any farther with that discussion either, for exactly those reasons.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!