Apple vs US Government

[Johan]

Tim Cook Says Apple Won’t Create Universal iPhone Backdoor For FBI


Apple CEO Tim Cook has confirmed that the company will appeal a California judge’s order to unlock an iPhone belonging to one of the terrorists involved in the San Bernardino shooting. Following the request, Cook argued, would “threaten the security of our customers.”

The device in question — an iPhone 5c — was in the possession of Syed Farook, who, alongside his wife, carried out a mass shooting during a training event at the San Bernardino County Department of Public Health, where he worked, last December. The phone was owned by the agency and assigned to Farook. He and his wife were later killed by police in a shootout.

Authorities want access to data on the phone and are seeking Apple’s help to crack the passcode (PDF) by creating software which, when loaded onto the device, would circumvent the security system. That’s because, beyond the passcode itself, Apple’s security measures include an ‘auto-erase function’ which, if activated by a user, will erase all data on a device if the passcode is entered incorrectly 10 times.

In a letter to Apple customers, Cook said Apple has provided “data that’s in our possession” but it will not develop a “backdoor” for its software:

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Cook also criticized authorities for using the All Writs Act and not Congressional legislation to make the request, which he labeled “a dangerous precedent” that would seriously weaken Apple’s security system:

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

There’s been plenty of comment over whether, in making this ruling, the FBI is essentially asking Apple to create a backdoor solution that it can use in similar cases. Opinion is divided, however. Techdirt argues that the ultimate goal of the order is a backdoor, while research organization Errata Security claims that’s an overly active interpretation of the ruling.

What is for certain is that the case once again throws down the tension between security user data and providing information to assist authorities. Cook has been forthright in his belief that products and services must be encrypted.

In a speech at EPIC’s Champions of Freedom event in Washington last June, the Apple CEO said:

There’s another attack on our civil liberties that we see heating up every day — it’s the battle over encryption. Some in Washington are hoping to undermine the ability of ordinary citizens to encrypt their data.

We think this is incredibly dangerous. We’ve been offering encryption tools in our products for years, and we’re going to stay on that path. We think it’s a critical feature for our customers who want to keep their data secure. For years we’ve offered encryption services like iMessage and FaceTime because we believe the contents of your text messages and your video chats is none of our business.

This latest news illustrates the important role that technology companies play as the gatekeeper of information in cases of national security and legal proceedings.

Update: The EFF has now said it will be supporting Apple’s appeal against the court order by submitting an amicus brief. “We are supporting Apple here because the government is doing more than simply asking for Apple’s assistance,” writes the EFF’s Kurt Opsahl today.

“For the first time, the government is requesting Apple write brand new code that eliminates key features of iPhone security — security features that protect us all. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security.”

Turning to the question of technical feasibility, security blog Trail of Bits’ Dan Guido has suggested that in his opinion Apple could comply with the court order to provide access to a specific iPhone 5c.

“I believe it is technically feasible for Apple to comply with all of the FBI’s requests in this case. On the iPhone 5C, the passcode delay and device erasure are implemented in software and Apple can add support for peripheral devices that facilitate PIN code entry. In order to limit the risk of abuse, Apple can lock the customized version of iOS to only work on the specific recovered iPhone and perform all recovery on their own, without sharing the firmware image with the FBI,” he writes.

However Guido’s suggestion that a backdoor could be created for the specific iPhone 5c in the case has been refuted by former Apple employee John Kelley, who spent four years working as an embedded security engineer at Cupertino. In a series of tweets earlier today discussing the issue Kelley makes the point that Apple could in fact also be forced to modify its Secure Enclave firmware — thereby backdooring the hardware security feature (i.e. the Secure Enclave) which more modern iPhones have but which the iPhone 5c in this case lacks.

So the suggestion is that Apple is indeed correct when it says that a government request to backdoor security in the case of a single iPhone comes with “no guarantee” that such moves could be limited to just one iPhone. Because, if Kelley’s take is correct, there is no technical blocker — at a firmware level — to prevent Apple being forced to build a backdoor into even more modern iPhones, which do have its hardware Touch ID security feature. Hence the necessity of a principled defense in the face of government agencies trying to use the law to brute force Apple to hack its own security systems.

http://techcrunch.com/2016/02/17/ti...or-to-unlock-san-bernardino-attackers-iphone/

US Department of Justice calls Apple’s refusal to give backdoor access as a ‘marketing strategy’


The U.S. Department of Justice filed a motion on Friday seeking to compel Apple Inc to comply with a judge’s order to unlock the encrypted iPhone belonging to one of the San Bernardino shooters, portraying the tech giant’s refusal as a “marketing strategy.”

In response, a senior Apple executive, speaking with reporters on condition of anonymity, characterized the Justice Department’s filing as an effort to argue its case in the media before the company has a chance to respond.

The back and forth escalated a showdown between the Obama administration and Silicon Valley over security and privacy that ignited earlier this week.

The Federal Bureau of Investigation is seeking the tech company’s help to access shooter Syed Rizwan Farook’s phone by disabling some of its passcode protections. The company so far has pushed back and on Thursday won three extra days to respond to the order.

Another senior Apple executive said Congress is the right place for a debate over encryption, not a courtroom.

The executive said Apple was stunned that such a legal request had come from the U.S. government rather than a country with weaker traditions of protecting privacy and civil liberties.

The motion to compel Apple to comply did not carry specific penalties for the company, and the Justice Department declined to comment on what recourse it was willing to seek.

In the order, prosecutors acknowledged that the latest filing was “not legally necessary” since Apple had not yet responded to the initial order.

The clash between Apple and the Justice Department has driven straight to the heart of a long-running debate over how much law enforcement and intelligence officials should be able to monitor digital communications.

A federal court hearing in California has been scheduled for March 22 in the case, according to Thom Mrozek, a spokesman for the U.S. Attorney’s Office for the Central District of California.

The Justice Department said its Friday motion was a response to Apple CEO Tim Cook’s public statement Wednesday, which included a refusal to “hack our own users and undermine decades of security advancements that protect our customers.”

“Rather than assist the effort to fully investigate a deadly terrorist attack … Apple has responded by publicly repudiating that order,[/i]” prosecutors wrote in the Friday filing.

“Apple’s current refusal to comply with the court’s order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy,” prosecutors said.

ID CHANGE POSES HURDLE

The two senior Apple executives said the company had worked hard to help investigators and tried multiple avenues including sending engineers with FBI agents to a WiFi network that would recognize the phone and begin an automatic backup if that had been enabled.

They criticized government officials who reset the Apple identification associated with the phone, which closed off the possibility of recovering information from it through that automatic cloud backup.

San Bernardino County reset the password on the iCloud account at the request of the FBI, said county spokesman David Wert.

The government first disclosed the identification change in a footnote to its filing Friday. The Apple executives said that the reset occurred before Apple was consulted. The Justice Department declined to comment on that contention.

The two sides have been on a collision course since Apple and Alphabet Inc’s Google began offering default end-to-end encryption on their devices in 2014, a move prompted in part by the surveillance revelations from former National Security Agency contractor Edward Snowden.

But the Justice Department struggled to find a compelling case where encryption proved to be an insurmountable hurdle for its investigators until the Dec. 2 shooting rampage by Farook and his wife in San Bernardino, California, which killed 14. Authorities believe the couple was inspired by the Islamic State.

Some technology experts and privacy advocates backing Apple suggest Farook’s work phone likely contains little data of value. They have accused the Justice Department of choreographing the case to achieve a broader goal of gaining support for legislation or a legal precedent that would force companies to crack their encryption for investigators.

The case has quickly become a topic in the U.S. presidential race. Republican frontrunner Donald Trump on Friday called for a “boycott” against Apple until the company complied with the court order.

The two Apple executives said they felt in good company, noting that Trump has faulted many other groups and individuals.

The debate will also play out on Capitol Hill. Bipartisan leaders of the U.S. House Energy and Commerce Committee late Friday invited Apple’s Cook and FBI Director James Comey to testify at an upcoming hearing on encryption, though a date was not set.

The House Judiciary Committee is also planning an encryption hearing for March and has invited Apple to attend, according to a congressional source.

http://tech.firstpost.com/news-anal...or-access-as-a-marketing-strategy-300432.html

 

[Jack Davenport]

I side with Apple on this one. The locked phone is a symptom of open borders and lax vetting. Solve that problem and there is no need for court orders to open phones.

 

[Will E Worm]

This one time they should give them the information. Only for dead people who have committed crimes.


Everything they know should fall under freedom of information, and shouldn't take that long to get.


On the other hand doesn't the NSA spy on everyone? Shouldn't they have the information?

Websites have to stop collecting information. Especially keeping information.

http://www.wired.com/2012/03/ff_nsadatacenter/

 

[BlkHawk]

Go go Apple. Whatever their motivations they are standing up for the fourth amendment. No matter what the FBI says if a backdoor is created it will be abused by the government, hackers, and foreign governments.

 

[ChefChiTown]

I can see both sides of this argument.

On one side, Apple is doing the right thing by refusing to violate their company policy (let alone the law) which prohibits them from breaking into a client's phone. Yes, the client just so happens to be a terrorist, but Apple is doing the right thing by sticking to their guns on this one. If they cave for one scenario, they have to cave for them all - and that is just a can of worms this world doesn't need.

On the other side, Apple is preventing the United States government from possibly obtaining critical information which may or may not help them prevent future attacks on American soil.

Like I said, I see both sides of this. However, there is one solution that the government could've easily implemented but they ruined it by making this such a clusterfuck in the media - they should've just used one their expert hackers to get into the system without publicizing anything. But, since they already spread this shit all over the news they've pretty much fucked themselves.

 

[Straight Shooter]

The subpoena was issued under the All Writs Act. A law that was passed in 1789. Let that sink in for a moment

 

[knowone]

Yesterday I caught a teaser (but not the news story) on a local (N Cal bay area) channel that: FBI may already have the software/tools to open up the Cell phone. Should be very interesting if this turns out to be true.

 

[bobjustbob]

Go go Apple. Whatever their motivations they are standing up for the fourth amendment. No matter what the FBI says if a backdoor is created it will be abused by the government, hackers, and foreign governments.

This is what happens. Government decides what is, "in the best interest of the people". Apple created this security and government wants to override it. Fuck you. Government has security agencies. Do your job on your end and find your own security codes to break them.