Viewing 40 posts - 281 through 320 (of 379 total)
  • Apple v the FBI
  • Superficial
    Free Member

    I haven’t looked up what the All Writs act (of the 1700s) entails but I’d wager that it wasn’t created with iPhone data hacking in mind.

    Sandwich
    Full Member

    this sums up my objections

    GrahamS
    Full Member

    “New York District Attorney Cyrus Vance said today his office has 175 iPhones it can’t open because of encryption.”
    http://abcnews.go.com/Technology/york-da-access-175-iphones-criminal-cases-due/story?id=37029693

    But yeah, it’s all about this one iPhone, not a precedent.. 😕

    Superficial
    Free Member

    Presumably though, Apple can change the software so that there’s no backdoor like this even possible. Ie as part of the next ios, they introduce better security so that it’s completely impossible to bypass encryption just by multiple guesses of the pass code (which has a max 10,000 possibilities). With touch ID they could make owners use long passwords for unlocking (only required on start up so not a huge inconvenience). That would theoretically take the issue out of their hands completely – though might be seen as a snub by the FBI.

    slowoldman
    Full Member

    iPhone 5s an upwards have 6 digit pins. That’s 1000000 combinations.

    DrJ
    Full Member

    GrahamS
    Full Member

    introduce better security so that it’s completely impossible to bypass encryption just by multiple guesses of the pass code

    It already is – on untampered iOS the phone increases the delay between pin entries and locks you out if you try too many times – that’s why the FBI require a software change to allow multiple guesses.

    iPhone 5s an upwards have 6 digit pins. That’s 1000000 combinations.

    The other part of the change they want is to allow PIns to be entered electronically – if you do that and remove the delays then you can blow through 1000000 combinations pretty quickly.

    By the way, here is some nice technical background to all this from Will Strafach, one of the iOS jailbreak crew who is now the CEO of a mobile security firm:
    Legendary iPhone hacker weighs in on Apple’s war with the FBI

    funkynick
    Full Member

    I believe the 5s and newer use a secure section of hardware in the processor to control this, which is not supposed to be modifiable…

    But then again, I’m sure that not long ago Apple were saying similar things about the 5c. I also seem to remember them claiming that bricked phones with the Error 53 problem could not be fixed as it wasn’t possible to update the software until it had booted properly.

    I wonder how soon there will be a class action suit in the US from owners of bricked handsets who were told by Apple they had to buy a new phone… but now it appears they have had the ability all along!

    jambalaya
    Free Member

    But yeah, it’s all about this one iPhone, not a precedent..


    @Graham
    has anyone ever said its about just one Phone ? Certainly not me its all about a precedent which should apply to all tech companies

    Thanks for that link, very interesting reading. It does however re-iterate that Apple’s responces are primarily marketing / PR related.

    Superficial
    Free Member

    It already is – on untampered iOS the phone increases the delay between pin entries and locks you out if you try too many times – that’s why the FBI require a software change to allow multiple guesses.

    I realise that. My understanding is that the phone will basically scramble data / make it inaccessible if it detects 10 incorrect password guesses. The 10 guesses is a feature of the software not of the encryption per se which is why it could potentially be hacked. But if Apple were to say that data was inaccessible / encrypted at all times and requires a pass lock to UNencrypt it, then that data would be inaccessible without knowing the passcode and wouldn’t be subject to hacking in the same way. Ideally they could also demand a higher level of security than just 10,000 (or 100,000) possible combinations.

    Surely it’s like any bug in software? Once the exploit had been identified (either by hackers, by Apple or even just in principle) then the manufacturers will aim to plug the leak.

    funkynick
    Full Member

    Superficial… the data on the phone is all encrypted with some pretty strong encryption from what I understand (256-bit AES?). If this wasn’t the case then the FBI would have just downloaded the memory contents by now.

    To allow the contents to be unencrypted the user of the phone needs to input a 4-digit pass code. This pass-code then allows the processor access to the strong encryption key hidden within another part of the processor which can then read the contents of the phone.

    However, in the case of the 5c, the software which controls the input to the pass-code, checks it, and tries to stop anyone brute-forcing it, runs on another part of the processor. It is this code that the FBI want Apple to modify for them.

    On the 5s and above, this section of code which is able to be modified on the 5c is held in yet another secure part of the processor, and this part is not supposed to be accessible in the same way. So theoretically, the 5s and above are not vulnerable to this style of attack.

    Or something like that anyway…

    GrahamS
    Full Member

    @Graham has anyone ever said its about just one Phone ? Certainly not me its all about a precedent which should apply to all tech companies

    A few have yes.

    aracer has argued that this case won’t set a precedent that allows access to anything else by other means. And that other cases wanting to use these means will still need to prove they are similar enough to this one to benefit from the precedent this one sets.

    aracer:
    You think the FBI don’t know what they’re doing regarding PR and going public on this particular case – why do you think this is the case they’re trying to set the precedent with? An no, they don’t want the keys to anything – as would be obvious if you’ve been paying attention.
    ..
    Apple can take any future order all the way to the Supreme Court to make the FBI prove it is comparable – that’s the sort of precedent it sets
    ..
    My opinion might well change if the FBI were asking for some of the things you lot are suggesting – but they’re not, and this case doesn’t set any sort of precedent for them getting anything else.
    ..
    Though the point I was making regarding precedent was about this providing a precedent for them getting further reaching powers, which is a different argument.

    And plenty of others have argued that it is not a “slippery slope” and that this is purely about access to this one iPhone and not any others. Not going to quote all of them but:

    timba:
    The Court Order is very specific to that particular phone only, and in the circumstances I think that it’s appropriate because the request isn’t for a single key that unlocks every iPhone

    Matt24k:
    This is all about the FBI wanting to look at one phone belonging to one person that killed 14 people.
    ..
    The FBI aren’t asking to get into every widget manufacturers employees iPhone
    ..
    The FBI is asking for access to one phone on this warrant and they will need another warrant for another phone.

    Danny79:
    The request is very specific tied to a single phone the firmware update would be tied to it via serial number and the FBI wouldn’t be able to reuse as they can’t cryptographically sign the firmware.

    thisisnotaspoon:
    It’s not a blanket “we want access to all iPhones”, they’re asking for this specific one to be unlocked, or proof that it’s not possible. Not asking for backdoor to be created

    etc etc

    CountZero
    Full Member

    IT seems that the company who actually owned this particular iPhone had available paid-for software that would have allowed full access, monitoring, and warnings if the app was removed or tampered with.
    But never installed it on this phone or made its installation across all departments compulsory:
    http://www.chicagotribune.com/news/nationworld/ct-apple-fbi-san-bernardino-iphone-20160221-story.html

    GrahamS
    Full Member

    Thanks for that link, very interesting reading. It does however re-iterate that Apple’s responces are primarily marketing / PR related.

    Yes and no.

    Apple have never claimed they can’t technically do this.

    In fact if Bruce Schneier’s analysis is correct then Apple worked with the FBI on the wording to make sure what feds asked for was technically possible, so that it could be argued on legal merits alone.

    Their objections are ethical, and yes, definitely market-driven because they obviously believe that consumers value this level of security and privacy.

    But they are also taking a heavy hit on this in terms of American right wingers who get eye-twitches at the word “civil liberties” and see Apple as loony lefties that are siding with the terrorists.

    DrJ
    Full Member

    etc etc

    Yes, but apart from them.

    slowoldman
    Full Member

    But they are also taking a heavy hit on this in terms of American right wingers who get eye-twitches at the word “civil liberties” and see Apple as loony lefties that are siding with the terrorists.

    Not to worry, they can all have Androids.

    jambalaya
    Free Member

    @Graham thanks for comments, I didn’t twig you where reffering primarily to STW-ers

    Junkyard
    Free Member

    But they are also taking a heavy hit on this in terms of American right wingers who get eye-twitches at the word “civil liberties” and see Apple as loony lefties that are siding with the terrorists.

    POssibly also acquiring an equal number of conspiracy theory government hating hipsters gun toting rednecks 😉

    GrahamS
    Full Member

    Not to worry, they can all have Androids

    Interestingly that New York DA complained about Apple and Google playing “sherrif”. So they are on the hook too.
    And some other tech companies are coming out to back Apple.

    I didn’t twig you where reffering primarily to STW-ers

    I was, but from what I’ve read the debate is broadly similar in other places.

    Kelliesheros
    Free Member

    So reading and listening about this I have come to my own conclusion. However these were the salient points for me.

    It was a government issued phone, and the “terrorist” had over phones at his disposal, all of which he burnt apart from this one.

    The FBI have access to the Icloud backups as there is a clause in whichever amendment which states that if you share the information with a third party you forfeit your amendment rights.

    So basically the only data on the phone they do not already have is the encrypted I message data. I struggle to believe a terrorist would text message his handlers on a government issued phone, and if he had been so stupid why did he not destroy it with the other phones.

    This is in.my opinion an attempt to weaken personal encryption by making gain Out of a terrible event in order to achieve political aims.

    Cougar
    Full Member

    I’ve just caught up and was going to wade in but, really, what Graham said. Listen to this man, he knows of what he speaks.

    Superficial
    Free Member

    This is in.my opinion an attempt to weaken personal encryption by making gain Out of a terrible event in order to achieve political aims.

    This.

    Sandwich
    Full Member

    @Superficial. Given the FBI headman is on record that he regards strong encryption as a bad thing should we be surprised.
    Mr Comey should concentrate on making sure his IT staff know how to do their jobs effectively and sometimes you have to choose the hard road.

    jambalaya
    Free Member

    Apple and FBI to testify at a special Congressional Hearing next week. My feeling is this will be sorted via legislation, Obama doesn’t want it on his watch as a Democrat (too interested in his legacy / image) but the Republican majority may try and force the issue

    Macrumors Story

    mattyfez
    Full Member

    This is purely to gain access to mass personal data.. Anyone who thinks otherwise is sadly misleaded.

    They are trying to do the same thing in the UK with Theresa Mays so called snoopers charter..

    It really is Orwells 1984.

    GrahamS
    Full Member

    Obama doesn’t want it on his watch

    Why? Is it an Apple Watch?

    aracer
    Free Member

    GrahamS
    Full Member

    Do you honestly think it is all about this one iphone aracer?

    What did you make of that New York DA saying he had 175 iPhones waiting to be unlocked? (link up there ^^)

    aracer
    Free Member

    I don’t think the FBI are going to get mass personal data off 175 phones.

    I don’t think I’ve ever suggested this will only ever get used on one phone, but there are some crazy extrapolations being made – it will only ever get the data off phones which are taken in to Apple for help with unlocking in cases where the FBI can get a court order. I doubt they will get court orders for all 175 of those anyway.

    It is completely different to the snooping stuff May is proposing.

    GrahamS
    Full Member

    That’s 175 phones just in New York.
    I’m sure there are eager DAs in the other 93 districts waiting to see the outcome too.

    But yes I understand your point and I agree it’s not “mass” as such.

    However I think if the Congressional Hearing decides that yes, the state can legally force a company to produce software to break its own security, then it certainly opens one of the doors towards (more) mass surveillance.

    aracer
    Free Member

    I presume you’re suggesting some completely different process for that, just following the same legal principle of forcing a company to do something. Because I think we’re both sane and agree that this particular exploit isn’t going to result in that.

    I admit I didn’t initially realise the number of phones they were looking to do this with once they’d opened the door – but my argument, that they’ll have to get a court order for each one holds. From that perspective it simply puts things back to where they were before and Apple were extracting data given a court order, which didn’t threaten mass personal data, or the data of anybody who hasn’t had their phone seized by the US legal authorities any more than this does.

    The data of anybody who hasn’t had their phone seized by US legal authorities with a warrant to seize the phone is still just as secure against attacks by the bad guys, or indeed against snooping by the other guys.

    GrahamS
    Full Member

    I presume you’re suggesting some completely different process for that, just following the same legal principle of forcing a company to do something

    Yep. As I understand it, one legal defence that Apple have is that previous ruling have said that “code is a form of speech” and as such is protected by the same free speech laws as any other writing. Which means they can’t force them to write code.

    Overturning that would mean they could be forced to write other code – with the appropriate legal justification of course. But I think once that door is open it won’t take too long for wider justifications to be given “for the sake of national security” of course.

    it simply puts things back to where they were before and Apple were extracting data given a court order, which didn’t threaten mass personal data

    True enough, but the sheer amount of data on smartphones has increased dramatically since those days and the lines between what is and isn’t “on the phone” have blurred too. Which was why Apple (claim) they hardened the security.

    Junkyard
    Free Member

    MMM its certainly more complicated than it initially looked and whilst I Am tempted to sit on a fence i still dont think its wrong in principle to allow the authorities to access phone data via a court order. Whether i trust those authorities [ not really] is a separate issue and i don’t think it means everyones phone is at risk

    aracer
    Free Member

    I’m not sure you, me and Graham are hugely in disagreement. I don’t think any of us trust the authorities, or that any of us think that this directly puts everybody’s phones and data at risk (as I suggested earlier in the thread, let’s discuss the court case which does that if and when it happens).

    Junkyard
    Free Member

    I’m not sure you, me and Graham are hugely in disagreement

    We certainly favour different aspects of the argument but I do agree we are all rational and fact based if not quite unanimous.

    GrahamS
    Full Member

    I concur. Hurrah! 😀

    Sandwich
    Full Member

    The data of anybody who hasn’t had their phone seized by US legal authorities with a warrant to seize the phone is still just as secure against attacks by the bad guys, or indeed against snooping by the other guys.

    I admire your optimism. Once the backdoor is in place some clown at the FBI (see the item about changing the iCloud password and losing access to the new back-ups) will either sell it or lose it while out and about. The problem is not so much FBI and other 3 letter acronym agencies having access it’s this who will gain access as a result of the exploit being available.

    The FBI have now admitted it is all about setting precedent, I suspect that there is nothing new to be gleaned from the phone and they have chosen a “dog-whistle” case to push it through. I am disappointed in the lack of noise from the US press on the erosion of civil rights and the mendacity of the bureaucrats. (I’m not surprised though). iOS 10 is probably going to be really secure so don’t forget your password (11 character alpha numeric takes about 1200 years to crack with current technology)!

    jambalaya
    Free Member

    People keep saying/assuming the fbi will be “given the key”, it can remain at Apple and they open phones at the court’s request

    aracer
    Free Member

    I’m optimistic that the judge won’t tell Apple to do anything the FBI aren’t asking for. I’m optimistic that Apple won’t do anything they’re not told to do. I’m even fairly optimistic that Apple won’t release their signing keys to the outside world, let alone the FBI – they have somehow managed that for the last X years.

    Do you actually understand exactly what is being requested here? Or how about a more general, but very relevant one – do you understand encryption and digital signing?

    Sandwich
    Full Member

    I understand what they are asking through the courts, my misgivings are with previous deeds and pronouncements from those in public prosecution and the head of the FBI.

    The key will remain with Apple, until a judge with an improper understanding of what the FBI/law enforcement are about orders the surrender of the key. And that is the direction the FBI are trying to steer things in.

    So far there has been a steady “no that’s not what we want” from the FBI. Followed by “oh actually we do want that” a couple of days later. It’s like watching a toddler push the boundaries and going a bit further each time.

    I am not willing to sacrifice any of my/our/their privacy for a little more security. If the investigators have to go without because they messed up then tough, suck it up buttercup and do it properly next time. Oh and fire the clown who made the cock-up, you had one job matey and it was an important one.

    As for signing, encryption et al I know enough to be very concerned when someone suggests that a backdoor (lets call it what it is) is a good idea. Broken encryption is very bad mkay. It would appear that some within security do not have a proper grasp of the subject either which is of more concern than my little knowledge.

Viewing 40 posts - 281 through 320 (of 379 total)

The topic ‘Apple v the FBI’ is closed to new replies.

Thanks for popping by - why not stay a while?IT'S FREE

Sign up as a Singletrack Member and you can leave comments on stories, use the classified ads, and post in our forums, do quizzes and more.

Join us, join in, it’s free, and fun.