Apple vs. FBI

I must not even understand the problem as solution seems simple to me:

FBI gives the phone to Apple. Apple in their most secure room, does the tricks that makes phone's contents available and copies them. Apple destroys phone and gives the content that was in it to FBI.

What am I missing?

 

Log in or Sign up to hide all adverts.

That would probably require due process and law, possibly even obtaining a court order.
As I understand the Government would like it if Apple gave them (the FBI) the ability to access every phone, any time, any place, via a backdoor. Essentially, the legal right to spy on all Americans who own a smart phone, Apple being the most popular, but all the others as well. As well as any other person in the world who connects to the internet.

You know, like the arrangement that Government has with Microsoft and Google via Window OS and Android.

 

Log in or Sign up to hide all adverts.

Well, right now they don't have that trick - intentionally. I am sure with their skill they will eventually figure it out.

Once they do that, the next day the FBI will be back, saying "this guy MIGHT be a drug dealer. So do it to his phone."
The next day the FBI will be back with 200 phones, saying "one of these guys might be a drug dealer; statistically it's likely. So do it to all their phones."
The next day they will be back with another subpoena, requiring Apple to tell them how to do it.

And meanwhile, overseas, China will do it as a matter of course to all their citizens. "Look, Apple, we know you can do it, so teach this government guy how to do it, or no more Apple sales in China."

 

Log in or Sign up to hide all adverts.

My only question is how our intelligence services aren't able to do this themselves.

In that context, this seems more like the U.S. government telling Apple to kneel and obey.

To a certain degree, yes, we should expect these corporations to respect civilized society and participate constructively. However, to the one, that's not what Americans generally want in public-private relations, and, to the other, I just don't see the benefit in shouting from the mountaintops that Apple can defeat our intelligence services so easily.

 

The phone has a two-step security. First there is an intrusion detection system. If this detects an attempt to force access, it will delete all the data.

Second, the data is encrypted. So if one bypasses the intrusion detection, one still only has encrypted data (and not even apple can decrypt that without the password or PIN).

The sort of encryption used is made to take a long time for breaking. It is known to be breakable, but it is "hardened" to the extend that makes brute force decryption a time (and energy) consuming process.

Furthermore, if you have "decrypted" parts of the contents by force, you are not quite sure if they are correct. At times there are decryptions which look like sensible data, but you just hit an unfortunate "second key", that decrypted into something sensible looking, but still wrong. Thus you need to verify the decrypted data, to be correct, since more than one key can "decrypt" the data and you never know if you have the right key - and therefore the "true" decryption.

At time there is "salt" added in between the data, so that all encryptions will contain gibberish parts, even the correct one, because the salt always will ruin parts of the decryption. Only using the right key, and knowing the salted parts (to cut them out), you can be sure to have it all correct. This way even the correct decryption might look suspiciously similar to wrong decryptions.

I still think the FBI can do all the steps. But not easily and not quickly. They want the data now, and not in three years, or five.

 

For this particular phone, they have that court order.

 

I have no problem with that, but note, they must show probable cause (of serious crime) to a judge to get the court order - they can not just ask Apple to open a phone they have.

 

I think they must get it right in the first 9 tries or else phone is wipped clean* - returned to condition before any one used it. Apple has made it hard to open.

* I assume that requires the phone has a battery in it, so why not take it out as the first step. Then taken out all of the memory chips, if they are separate from rest of soft ware. Then map out their data (1s & 0s)** Give that map to NSA to decode.

Even if the OS and other things are all in one chip with memory, give that total map to NSA to unscramble and then decode. I bet NSA can do it, but it may take many years of intensive work.

** if reading the state of a bit requires enough voltage to change that state, then cut all the interconnect lines on the chip with fine laser first so most bits can not be errased / set to 0 / by the "wipe clean" soft ware."

 

The Patriot Act changed all that. Now under the "roving surveillance authority" clause an agency can get an order to allow them to open any phone that has been called, texted or sent Internet information by a suspect. (For example, if anyone who was a suspect in a serious crime has posted here, and you looked at this website with your Iphone, then your Iphone can be opened under an order directed at the original suspect.) And in general, under the Patriot Act, all you need to do is mention "terrorism" and you can get a warrant for whatever you like.

 

I doubt it is as easy to violate privacy as you imply, but if it is we need that changed.

A man growing pot in his attic was discovered by fact his roof was warmer than all the others (seen by IR sensitve camera). Judge Scalia (and others) over turned his conviction as there was no court order with probably cause for the IR search. I.e. he ruled that all though the founders of the US never dreamed of that IR technology, it was none the less an invasion of his right to privacy. Thus I think privacy is more protected than you suggest.

 

Google "Brandon Mayfield" as an example.

Agreed, but anyone who attempts that is labeled a terrorism supporter, someone who is on the side of criminals.

 

To install the new software, Apple must sign it with the company's most protected digital keys, because cryptography also protects the OS download site and the individual software packages, although they might be able to load it via physical media and bypass the OS download site.

http://www.scribd.com/doc/299600485/Judge-s-order-on-the-Apple-case

based on https://www.law.cornell.edu/uscode/text/28/1651 dating in principle back to at least 1789.

// Edit -- It's the revised form of the All Writs Act of 1789. http://www.latimes.com/local/lanow/...privacy-national-security-20160218-story.html

The 1940 28 USC 377 read: “The Supreme Court and the district courts shall have power to issue writs of scire facias. The Supreme Court, the circuit courts of appeals, and the district courts shall have power to issue all writs not specifically provided for by statute, which may be necessary for the exercise of their respective jurisdictions, and agreeable to the usages and principles of law.”

So there ought to be plenty of precedent on what orders are "necessary or appropriate", and which are "agreeable to the usages and principles of law".

Ordering someone to create a copyrightable derivative work with specific changes and sign it with their company secrets might be new ground.

If I were Apple's lawyers, I would argue against this order on Amendment XIII grounds (a novel form of involuntary servitude) and on Amendment V's takings clause (Apple has a right to be paid if the government-sought order trashes the value of its iOS and trade secrets) and also on Amendment I (freedom of speech mean the government can't tell you what works to author) and copyright law (as copyright holder, Apple is the sole authority as to which derivative works can be made).

Ruckelshaus v. Monsanto Co., 467 U.S. 986 (1984). https://www.law.cornell.edu/supremecourt/text/467/986

 

I did not know of that case (of mistaken ID) which was very likely hard to undo, even with Spain telling FBI that the finger print was not his, as he was a convert to the Muslim religion.

Mistakes do happen, even in the non-reversible death penalty cases (mostly to poor blacks). I don't support either the death penalty or the mis-named "patriot act." but at least the courts made fair compensation for two weeks in jail and character damage:

November 30, 2006: The U.S. government agreed yesterday to pay $2 million to settle a lawsuit filed by an Oregon lawyer who was arrested and jailed for two weeks in 2004 after the FBI bungled a fingerprint match and mistakenly linked him to a terrorist attack in Spain. Plus all the information on his personal life obtained via the patriot act was destroyed. At the time it was obtained, the FBI had "probable cause." - Just their facts were false.

 

Does anyone know how the candidates for POTUS stand on the patriot act and the death penality? That would influence my vote, much more than their stand on abortion etc.

 

Expectation of privacy.

The reasonable expectation of privacy is an element of privacy law that determines in which places and in which activities a person has a legal right to privacy. Sometimes referred to as the "right to be left alone," a person's reasonable expectation of privacy means that someone who unreasonably and seriously compromises another's interest in keeping her affairs from being known can be held liable for that exposure or intrusion. - See more at: http://injury.findlaw.com/torts-and...tation-of-privacy--.html#sthash.S8ZZsfQX.dpuf

Crack this sucker open, and all future similar expectations of privacy are moot.-----for everyone.
Also, if the phone was purchased with the expectation of privacy, then looking behind the curtain could be considered an unlawful intrusion.

 

This may work against a naive attack, but not against a professional one. In this case, the data will be simply copied (in yet encrypted form) before trying to decrypt them.

 

Republicans seem to be universally endorsing it. They are pretty much all on board with bringing back torture (i.e. waterboarding and worse) as an interrogation device.

 

And how would you do that?

 

This is not the question - I'm not the professional for Apple.

The question is how could Apple prevent this. There has to be physical storage, the technology of this physical storage is known to professionals, so it can be copied. What Apple can do is to use good encryption for this. But this has boundaries too, if the passwords to access the phone are short enough, a brute force attack can do it. Not?

 

You obviously know less about this than I do, which is suprising as my knowledge is at level zero. (You gain a negatvie level by asserting as fact falsehood.)