T&L Publications

Apple vs US Government...

Should Apple bend, or stand tight, on their decision to not hack the San Bernardino iPhone? Why/Why not?

What if:
...Apple really and honestly cannot unlatch or create a back door?
...Apple 'accidentally' dumps the phone's contents?
...Apple, or somebody else, gets in..and there's really nothing of value there.
...There's information that incriminates people in high government positions.
:
:
:
Technology and our legal system is like having a TV with the sound and picture on different channels.

I'm no programmer, but seems like a middle ground could be reached rather than, "Open all phone traffic to hacking" and "leave them all locked".
I'd like to hear from the crytos/coders as to what's possible.
Opinion- yeah, I think the Feds ought to be able to get into most everything, but with a search warrant.

By the delay elapsed from the San Bernardino incident until this subject surfaced, either the government tried and goofed something in that phone and now asks Apple for rescue, or they are way too slow to act.

If the phone contents are not extracted by Apple, terrorists will buy those. Gets them impunity. It is like arming them.

If the phone contents are extracted by the goverment experts, with no Apple help, it will be another hurdle to good citizens, as we have enough imposed by NSA.

If the phone contents are impossible to extract, that is the kind of phones crooks will buy. Gets them secure impunity.

I think Apple should extract the contents of that phone only, inside their Apple premises and give/let the government decipher whatever is in it outside Apple installations. Same for future cases.

If there is a law that applies for the situation, that law must be enforced (warrant?). Wondering about what desperate defenders of privacy have to hide in their phones. Anyone can check mine at anytime. Crooks must be stopped before they harm you.

What if:
...Apple really and honestly cannot unlatch or create a back door?
They can do it, the issue is not building the code, its authenticating it with Apples signature (a key in an encryption scheme). The Government programmers could probably build a new OS patch but it cannot be updated without the signature which only Apple has. I expect they would put this in a faraday box and upload the new update by spoofing a broadcast OS update to the phone which will process it and reboot. The phone would still be locked but now the FBI can brute force the PW with their own algorithm.

The FBI proposes a middle ground where Apple controls the code and is only applied to warranted phones but people argue its a Pandora's box nobody wants to be responsible for building. What if say the Chinese or Russians hack the Apple server and obtain a copy for example.

I'm not sure if the same issue would happen if the phone were Android. That OS is technically open source and not controlled by a single company like the Appleverse

...Apple 'accidentally' dumps the phone's contents?
Possible but unlikely. I wonder how many of the 10 attempts the FBI has already used. If they are up to 9, its just one pocket dial incident away from a wipe. Ironically if they had used fingerprint, they probably would have already unlocked the phone.

...Apple, or somebody else, gets in..and there's really nothing of value there.
Very possible, or that the intel is already known or of little value. Remember how we never found nukes in Iraq. More likely it will shed light on motives and thoughts (particularly the mysterious event that triggered the apparently early execution of their plan and what that plan might have been) but they really want to know if anyone else helped. Now, the person who did help them get the guns, called the cops and turned himself in even before the dust had settled. I don't think there's much more to the story that didn't die with them.


...There's information that incriminates people in high government positions.
That's pure conspiracy theory and I don't subscribe, No one in government stands to benefit from killing health workers and the risk of eventual exposure in this age is very high, almost certain.

Its a complex question and I'm not sure which side I am on now (mostly because I lack some facts and understanding of the technology). On the one hand I think terrorists should get the most intense scrutiny and that US companies should be willing to help but on the other hand this is potentially something that could set precedent in future privacy issues. Finally the whole issue could be rendered moot by a clever hacker who figures out how to hack at the hardware level (similar to mod chips in game consoles). Privacy is often most valued by these who have something to hide but we all benefit.

One risk is that if Apple would simply crack the door, extract the data, trash the phone, and turn over only the data, that still exposes a wide group of people, who have memories, to the cracking process and the contents of potential dangerous data.

"...There's information that incriminates people in high government positions"
I agree, this may well be conspiracy theory, but throughout history, governments have been infiltrated by malcontents, traitors and spies, for personal profit, revenge or fanatical goals. With today's society, almost anything is possible.

(One thing for sure...The posting increased somewhat)

The way I look at it is what do we want more? Give a safe haven to terrorists, with a known safe place to hide whatever it is the govt. thinks is on the phone. Or give up some personal space that really didn't exist a few years ago.
My opinion... If I have something to hide I'm not going to leave it in the bed of my truck, same as leaving whatever is on that phone. The phone, when in possession of the original owner, could get lost,stolen, dropped in a toilet, etc... So I certainly wouldn't leave anything of importance in there.
On the other hand I don't want big government in my business any more than anyone else.
Herein lies the problem.... I don't have a good answer..

Anytime the Government demands a 'back door' into a device that device becomes useless. If there is a back door the hackers always find it. Globally whichever country produces devices with no back doors will eventually get all the sales of those devices.

trooks

Whoo Hoo, look at those post's fly now
I guess it's about time for some Android geeks to step up and offer to crank open the door on that
Apple crate for the Feds. Whew, would sparks fly if they did, but wow, what a coup!

So,
Now that the smoke has cleared, and Apple is off the hook except for the huge costs fighting Uncle Sam, there has been no word on what, if anything, was 'discovered' on the phone...it all just went away!

Kind of like an expensive, political 'snipe hunt'. I'm sure we are all feel a bit safer now.

Ever notice that the big nuts, are at the top of the can?

just wait for the other shoe to drop, the update on the news today indicated they were still analyzing but didn't expect to find any major new evidence but instead some of the remaining pieces of the puzzle like final movements.

You can bet if there is another suspect to be learned of, we will not hear until they capture them or thoroughly fail in trying

Last I heard (and this was on the Internet so it has to be true) was that they got it unlocked and promptly dropped it in some water/liquid, basically destroying any chances of getting data. April Fools story? Maybe. I haven't been following it, anyway.

What bothers me about the whole thing is that every system has a safety built in for similar situations. For example, you put your phone down without locking it and sweet little toddler picks it up and starts pushing buttons etc. and locks you out. Take it to the store or get online with customer service and within 20 minutes you're back to where you were. So, I don't buy the whole bit from the beginning. It smacks of setting a precedent that will compromise ANYONE'S privacy. Sure, I don't have anything on my phone to get me in trouble, but that's not the point, is it? It's how far down that rabbit hole you want to go before the "gubmint" controls everything and there's nothing you can do about it.

That's the real issue.

CeaSaR

Edit**
I get done my commentary and what do I see?
https://www.yahoo.com/news/fbi-director ... iness.html

Privacy is an Illusion, it has been for quite some time

However since so many People (customers) value it, Its become a Marketing point for Apple and others to try and restore some of it where they can.

I've been seeing related interviews with companies that break into phones for all sorts of reasons, the top one they listed was to get Photos from a deceased loved ones phone. Others included data recovery from smashed phones etc. I chuckle when Apple tries to spin the dropped case a a victory, while they wipe egg off their face for having a failed encryption system

The best guess I heard from an expert was they copied the encrypted data directly from the main memory chip into multiple other chips and tried each one independently. Effectively cloning the phone at the hardware level and knocking off clones until they found one they could access. If this had not been a 4 digit passcode but instead a custom good security password then this would have been way harder. Ironically, fingerprint may have been the easiest to crack because they had a body. Clearly the firmware and hardware to do this is beyond the average hacker, they may need up to 1000 copies of the physical chip(s) at 10 tries a piece and a test bed phone modified with socket to operate it. Maybe they could reuse the chips so the total parts needed might not be so extreme.

The above general method could be applicable to any phone in a brute force attack limited only by the number of permutations in the password scheme. To thwart this attack, phone makers would need to wipe the phone on detection of hardware tampering which itself could probably be thwarted by other countermeasures. All you need is enough sacrificial phones to try your ideas until you find one that works.

All this applies to off the shelf encryption you might find in a consumer phone, Add another layer of encryption on top of that and the readout may have become truly impossible (or ultimately impractical)

Regarding perceived privacy...

Reminds me of a tale when pagers were the hot item.
A wife suspected her husband was up to something when he received pages at night, left the room and made calls to a 'buddy at work' or something like that. She bought a pager, identical to his. One night she swapped his with hers. She got all his pages, and to make it seem real, sent her pager the same numbers so he got the pages, just a bit later.
A complete number list was given to her divorce attorney.
--------------
During a rough period, the live in girlfriend was sent almost over the edge. She had family tracking on her phone so she could see where here boyfriend was while she was out double dealing. He got wise, charged his phone, and hid it in her car trunk whenever she went out. The tracking said he was always close behind her, but he sat at home, with a big grin,....while she got a stiff neck!