Apple Refuses FBI Demand to Build a "Backdoor" For iPhones

[Steve the Pocket]

Heh...hey, i didn't mean to buy a windows phone. It was merely an unfortunate series of events. Anyhow, to the first point, a bit of deduction was needed; is this the first terrorist attack that the perpetrators owned a phone? Is the the first time the FBI has ever thought to check any phones? How great is Microsoft's track record for respecting customer's privacy? How entwined are large US corporations with US politics? Granted, there are other phone companies out there who also have never spoken up. But MS first sprung to mind as the Xbone reveal was a very memorable moment for their willingness to force a constant prying technology as a pro-consumer move.

Ah. You're thinking about all the terrorists over the years who undoubtedly had Windows computers. Well, knowing Microsoft, this probably never came up before with them because desktop Windows has never been secure enough to keep the feds from getting the owner's information off it in the first place.

 

[nomotog_v1legacy]

I didn't see anyone mention this, but this is something that Apple did. See you use to be able to contact apple and have them unlock your phone for you. They had their own backdoor to it. They changed that a bit ago removing their ability to unlock phones because they didn't want to be compelled to unlock phones by court order. (It's a but like cutting off your hands so no one can force you to give a high five.)

I have no idea the legal foundation for this case. It's going to be interesting to see how it shakes out.

 

[Gethsemani_v1legacy]

There isn't one. I would do that. You, on the other hand, seem quite opposed to it. Do you have something to hide?

It's not a flawed idea. It is complete common sense. Unfortunately, lots of people like to think the government is out to get them.

I work in a psychiatric ward. Our Psychiatrists have the right to order a body search on anyone wishing to enter the ward, to prevent dangerous objects and drugs from getting onto the ward. This means that our current Chief Resident could tell us to strip search everyone who entered the ward "just to be safe". Would you be alright with being strip searched every time you wanted to visit your mother or if you yourself had to receive qualified psychiatric care? We could of course tell people who refused that "you don't need to worry as long as you have nothing to hide", but the truth is that every time we strip search someone we are violating their integrity. That's why people are protesting the "you are safe if you have nothing to hide": Because it is not about whatever the government would find something illegal if they tapped my cellphone, it is about the fact that they are violating my personal integrity on very loose grounds when they decide to do it.

Hacking cellphones and strip searches can both be warranted actions to stop criminals or harm from befalling someone else, but not as routine actions performed against people who aren't suspected of anything.

 

[Adam Jensen_v1legacy]

I don't think it is an entirely bad idea.

Oh really?

A phone can tell you a lot about a person

This is exactly why it's a bad idea. You cannot allow the government to have that kind of power. This is the kind of power that will absolutely without any doubt be abused. The real FBI and the real police are not like in TV shows and movies where they're portrayed as the ultimate good guys. We're talking about human institutions with plenty of incompetent, power hungry and nasty people. Even the best of them aren't necessarily interested in the truth so much as they're interested in what they perceive to be truth. And we're just talking about police gathering of data here. We're not even discussing the judicial system and how absolutely fucked up that is once they have you on trial.

That's why people are protesting the "you are safe if you have nothing to hide": Because it is not about whatever the government would find something illegal if they tapped my cellphone, it is about the fact that they are violating my personal integrity on very loose grounds when they decide to do it.

That's not the worst of it. People can think that they have nothing to hide, but that doesn't mean they haven't broken any laws. If the police or FBI want to find something incriminating, chances are they will. And having the "I have nothing to hide" mentality is what they're counting on. It makes their job easier. I strongly encourage everyone to watch this video to understand just what you're up against when you give the cops what they ask for:


I know it's a long video, but it's so highly informative and entertaining to watch. Especially when they bring the detective to speak. And yes, it's about literally talking to the police, but it extends to allowing someone free access to your personal data. You shouldn't have to do it for the same reason that you shouldn't have to talk to the police. 4th and 5th amendment of the US constitution. Know your rights people, if you have the misfortune of living in that fascist country, you absolutely have to know your rights.

TLR version: any piece of information that the police has on you is NEVER used to help you. And that is a legal fact. I can't stress this enough. So stop being stupid and stop relying on "I have nothing to hide" mentality. You don't know that.

 

[Schadrach]

That is actually a really clever system. Obviously, you'd have to use public key cryptography to protect the stored key otherwise it'd be trivial to reverse engineer the software to find the symmetric key. You'd encrypt the password with the Gov'ts public key and they can gain access gained with the private key. However, it doesn't solve the political/human issues of the Gov't abusing this key, or of what happens if this key gets leaked.

That's the general idea -- the "real" private key is encrypted using the LEO public key and left in space that would otherwise contain, well, whatever happens to be there. The idea was inspired by the hidden volume feature in software like TrueCrypt and VeraCrypt.

If the private LEO key leaks, then you mention a "serious security breach" which you already have a patch to resolve ready to deploy, give no further details to the public, and release an update with a new LEO public key and reencode the user private key by the new public LEO key at the first opportunity.

You are right that it doesn't solve the political/human issues involved, but technological solutions to political/social problems tend not to work in the long run. In this case, Gov't abusing the key is a feature, not a bug, at least from the perspective of the Gov't that's making you do it and accordingly there's no reason to *try* to fix it.

 

[Phil the Nervous]

They don't even have to have something illegal- saving a word document on a government computer counts as modifying files. Hell- if someone have wireless access to your smartphone they can upload illegal files to it and change the date modified. What the FBI's asking for here is the ability to arrest anybody with no balance or counter except "Trust Us"

 

[aegix drakan_v1legacy]

They don't even have to have something illegal- saving a word document on a government computer counts as modifying files. Hell- if someone have wireless access to your smartphone they can upload illegal files to it and change the date modified. What the FBI's asking for here is the ability to arrest anybody with no balance or counter except "Trust Us"

That's another good point. Say they really think you're guilty of something, but can't prove it. What's stopping an overzealous prosecutor/agent from planting evidence?

It happens already with actual evidence, we don't need to make it easier for digital evidence.

 

[Veylon]

I think people are missing the point of this. Encryption is mathematics. Very advanced mathematics, but still follows the basic rules of mathematics. It is impossible to create an algorithm that is both incredibly strong, and incredibly weak.

What the FBI are asking for (and every other government too. The eminently punchable David Cameron waffled something about this earlier) is a mathematical impossibility.

If a backdoor code or software exists, then it exists for everyone.

In my opinion this is analogous to saying that a good lock cannot be created. A lock will by definition be weak since you must be able to unlock it, but like locks require keys encryption requires code, or codes, finding the right code is quite an issue for most hacker/cracker types. And on the note of math, even astrophysics is math, just doesn't mean that anyone can do it. The NSA isn't hacked every tuesday, google isn't constantly brought to its knees. I probably wouldn't be easy, but don't tell me that it couldn't be made.

Wonderful. We will make this super key and give it to the FBI, who will give it to Robert Hanssen, who will sell it to Russia. And we will all sleep safe and sound knowing that Vladimir Putin would never, ever do anything unethical with it.

 

[Revnak_v1legacy]

That is actually a really clever system. Obviously, you'd have to use public key cryptography to protect the stored key otherwise it'd be trivial to reverse engineer the software to find the symmetric key. You'd encrypt the password with the Gov'ts public key and they can gain access gained with the private key. However, it doesn't solve the political/human issues of the Gov't abusing this key, or of what happens if this key gets leaked.

That's the general idea -- the "real" private key is encrypted using the LEO public key and left in space that would otherwise contain, well, whatever happens to be there. The idea was inspired by the hidden volume feature in software like TrueCrypt and VeraCrypt.

If the private LEO key leaks, then you mention a "serious security breach" which you already have a patch to resolve ready to deploy, give no further details to the public, and release an update with a new LEO public key and reencode the user private key by the new public LEO key at the first opportunity.

You are right that it doesn't solve the political/human issues involved, but technological solutions to political/social problems tend not to work in the long run. In this case, Gov't abusing the key is a feature, not a bug, at least from the perspective of the Gov't that's making you do it and accordingly there's no reason to *try* to fix it.

The other big human issue would be who in the FBI has access to this key. The FBI's fucking huge, and I wouldn't be surprised if there would be enough misuse or poor storage to cause it to get leaked at some point. Ideally, I think you actually came up with a pretty excellent solution. It's nothing like what the FBI is actually asking for, which are actually massive security holes (I mean, if you remove the automatic wipe after ten failed attempts you may as well not have the damn thing encrypted at all given how fast you could brute force a device with only 10000 possible passwords). I still don't think it would be even slightly as secure as the key to every Apple product in existence should be, but its a really nice hypothetical.

 

[the.chad]

Maybe there's more to this then I am reading...

But just like any attempt to recovery data in the IT world.

Couldn't the FBI contract Apple to try their best effort to pull the information from the phone?
Surely they have a senior tech at Apple that they trust "to hold the keys of kingdom"?

As others have already said, that way FBI are only provided with the data and any backdoor to iOS would stay in-house at Apple.
Surely someone at Apple could have thought of this and the entire story could of had no media coverage or public record?

 

[crimson5pheonix]

Maybe there's more to this then I am reading...

But just like any attempt to recovery data in the IT world.

Couldn't the FBI contract Apple to try their best effort to pull the information from the phone?
Surely they have a senior tech at Apple that they trust "to hold the keys of kingdom"?

As others have already said, that way FBI are only provided with the data and any backdoor to iOS would stay in-house at Apple.
Surely someone at Apple could have thought of this and the entire story could of had no media coverage or public record?

I'm sure they did, but the court order asks for Apple to turn over this backdoor to the FBI for their own use away from Apple.

 

[pookie101]

I really don't get why the FBI is trying to pull this in this particular case. It should be effortlessly easy to just get a warrant and subpoena the contents of the phone through purely legal means.

I would have thought the answer is obvious, it's not this phone they're overly interested in breaking into, it's the next phone.

Once you have that software, you can copy it, you can install it on anything you want. Why wait for legal due process when oh look the phone isn't locked, fancy that. Given the FBI's long and storied history of illegal surveillance this isn't exactly a surprise, the ghost of J.Edgar still stalks the halls it would seem.

not to mention the possible link with the NSA's skynet program thats been giving false positives and getting innocent people killed

 

[FoolKiller]

The FBI doesn't have a hacker to do this? I'm shocked.

 

[spartandude]

Here's a questions. If Apple did agree to this, would it also effect Iphones sold outside the US?

 

[CaitSeith]

Here's a questions. If Apple did agree to this, would it also effect Iphones sold outside the US?

Most likely. The encryption algorithms are the same, and there is nothing telling us that the FBI's hunt won't end up overseas.

 

[deadish]

Not sure what's the point of this. Wouldn't terrorist and criminals just use non-approved devices that don't have a backdoor?

The only ones that will get screwed over are law biding citizens whose devices can now be assessed nitty willy by the FBI.

 

[Makabriel]

That's not the worst of it.

Spoiler

People can think that they have nothing to hide, but that doesn't mean they haven't broken any laws. If the police or FBI want to find something incriminating, chances are they will. And having the "I have nothing to hide" mentality is what they're counting on. It makes their job easier. I strongly encourage everyone to watch this video to understand just what you're up against when you give the cops what they ask for:


I know it's a long video, but it's so highly informative and entertaining to watch. Especially when they bring the detective to speak. And yes, it's about literally talking to the police, but it extends to allowing someone free access to your personal data. You shouldn't have to do it for the same reason that you shouldn't have to talk to the police. 4th and 5th amendment of the US constitution. Know your rights people, if you have the misfortune of living in that fascist country, you absolutely have to know your rights.

TLR version: any piece of information that the police has on you is NEVER used to help you. And that is a legal fact. I can't stress this enough. So stop being stupid and stop relying on "I have nothing to hide" mentality. You don't know that.

Interesting video, but there is one key part of that which is important. It's the last thing the cop said in his speech.

He tries not to send innocent people to jail. Most of the people who say "I've got nothing to hide" are people who are innocent. If you are innocent, then there is nothing to hide.

If the police are coming after you, they probably have a pretty strong reason. *probably* being the key word.

 

[maninahat]

There are a lot of slippery slope arguments about this, based on the idea that if apple complies, what's to say the FBI won't abuse this power to breach privacy whenever it likes? That's true, but then with all slippery slope arguments, you can't really assume that will happen. For all we know, the FBI would use the software for that one case, and will need court orders to ever use it again, on a case by case basis.

What interests me more is that a corporation can turn around to the courts and simply say "no". On one hand I might have worried about privacy violations, on the other I am concerned that private companies might be potentially allowed to violate court orders. Doubly so when violating that court order potentially prevents a government from catching/convicting terrorists.

 

[Worgen]

Nice to see Apple cares more about 'customer privacy' than helping protect against terrorism. But hey, apparently most people can't quite grasp the fact the government doesn't give a shit about your info, provided you are not doing illegal.

"If you've done nothing wrong you have nothing to fear"
That's a very old and flawed ideal. Even if in most individual cases, the right to privacy from government is irrelevant, its massively important to have as a society. Your right to privacy is your right to yourself, the right to choose what other people can know about you without cause. You might as well submit all your letters, email and web activity to the government as well, you're probably not doing anything illegal, so whats the problem?

There isn't one. I would do that. You, on the other hand, seem quite opposed to it. Do you have something to hide?

It's not a flawed idea. It is complete common sense. Unfortunately, lots of people like to think the government is out to get them.

Keep in mind it wasn't that long ago when we were in the Mcarthy era. When Joseph Mcarthy did a fantastic job of ruining lives with his list of communist and communist sympathizers. I trust the fed more than my state government but we should never allow it to be easy for them to look at our private data. Doing so should always cost time and man hours, it should never be as easy as a button press.

 

[AMMO Kid]

An important thing to remember that is seldom brought up in this discussion is that Apple wasn't present when the order was made for them to create this new software, which is denying them their faithful representation in court.