The government is asking Apple to give it the password to Syed Rizwan Farook’s iPhone and iCloud account. Apple is refusing to do so based on its First Amendment rights. This seems to me to be a very weak argument. Just ask Judith Miller. And there really is very little difference. Apple will have to spend $100,000 to comply and all Judith Miller needed to do was name a source. But Apple’s case involves a national security threat to each and every American whereas Judith Miller’s involved only an implausible threat to Valerie Plame who chose to garner all kinds of media attention thereafter. If there were a safe deposit box the government wanted opened, it would go to a court and get an order for the bank to drill the locks out so that the box could be removed. The bank would comply. Apple will lose.
And if Apple does not lose, the matter will go, as its pleading requests and as it may, even if it loses, now that Apple has made such a ruckus, from the fairly rational precincts of the judiciary to the fully irrational floor of the Congress. Let’s suppose that before legislation is completed there is another domestic terror incident in the US and the terrorist used an Apple iPhone. What kind of legislation would Apple get after that? While not yet widely known, Apple has likely put a back door into every Chinese iPhone via a Chinese designed chip added to the iPhone at China’s insistence for phones sold in the PRC. If this is confirmed, Congress would go even more non-linear.
And what other things might the government do if Apple were to prevail? Well, in the extreme it could ask GCHQ or some other foreign service to crack the iPhone in general. No device is uncrackable. It could also signal the Chinese that it would not be aggressive in pursuing IP violations by China in the case of Apple products. Apple is refusing to cooperate with its government in the first responsibility of that government, to protect its citizens. There would be consequences. Is it really good legal advice to let your client take such risks?
Apple should have quietly cut a deal with the government that would offer its customers the maximum security and quietly complied with court orders until a truly offensive order was received. Barring that, Apple would have a far better argument saying that ordering it to break its phones would lower their value to customers, lowering Apple’s revenues, and lowering Apple’s market cap. This would constitute an uncompensated taking by the Federal government of enormous monetary value from every Apple shareholder for which Apple should be compensated.
With existing technology, you have no privacy. Products are in development that will allow retailers to know how long you look at an item on a shelf, if you pick it up, if you return it to the shelf, how long you look at it and if you buy it. And if you wear an iWatch or other wearable, it will know how much your pulse and bp increased at each step of engagement. If you use gmail, as almost everyone seems to, Google knows the content of every email you send and receive. Who is more likely to release or resell your email, Google or the FBI? The Silicon Valley forces lining up against the government are the most probable threat to what you think is your privacy. It’s been almost 20 years since Scott McNealy said “You’ve got no privacy. Get over it.”
Apple will be made out to be protecting the ability of terrorists to communicate in secret. We are at war with these terrorists. They will kill any of us where ever they can. Article III, section 3 of the Constitution states,”Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort.” That sounds a lot like what Apple is seeking to do under protection of the first amendment’s emanations and penumbras.
Tim Cook is engaging in the same kind of magical thinking that has dominated the boomer elite and led to so many tragedies for the last 24 years. Losing wars has consequences.
Apple doesn’t know the password to the iPhone. It knows how to get in to the iCloud account and has already opened it up for the FBI. To get into the iPhone, the FBI got a judge to order Apple to *write software* to circumvent their security system and cross-their-heart and hope to die, the FBI will never ask for that on a general basis and will keep that purpose built software safe.
Pull the other one. It’s got bells on.
There has to be a limit to the ability of a judge to coerce free labor with a 3rd party writ. Apple sold a company an iPhone. The company gave the iPhone to their employee who ended up committing a terrorist act. How that creates a liability for Apple to create a new software product version on pain of being convicted as traitors is something you’re going to have to explain both as a matter of justice and also to run through the constitutional issues. We don’t usually get a lot of 13th amendment stuff as most people shy away from that instinctively but not the FBI.
I imagine that neither the government’s nor Apple’s intentions are entirely as meets the eye. Still, weighing up the relative risk to US citizens of having (i) a terrorist phone unhacked, versus (ii) giving the US government – and hence the Chinese government, Russian government, the Mob, and God knows who else – unlimited access to their phone, I can’t help but suspect that (ii) is the greater risk.
TM
Apple can get the pass word to the iPhone. A reasonable deal from Apple would have been to agree to deliver the pass word if the USG presented the iPhone, a warrant, and a check for $100,000 to write and run the necessary patch. When the USG breaks into the safe deposit box, I’m sure it pays the locksmith who drills out the lock.
I am sure the FBI will ask Apple to perform this service every time it can get a judge to issue a warrant for a specific phone. What is wrong with that? I presume Apple will keep the software just as the locksmith keeps his drill.
Apple does not have to produce a new product. It has to produce a new tool that it can use. No one should be coerced to provide free labor. I’m sure the judges do not force the lock smith to drill the SD box for free, nor do I have any reason to believe they are trying to coerce Apple to provide the password for free. Apple should be due to be paid what it costs to produce the pass word.
Dearieme
That’s a strawman argument. I have not suggested giving unlimited access to anyone’s phone to the USG. Though Apple has apparently apparently has no trouble giving the ChiComs access to all Chinese iPhones.
A better analogy would be this:
A safe manufacturer offers a feature that will destroy the contents in event of attempted forced opening. It incorporates a friction mechanism to make turning the knob slower than normal, backed up by a counter which will trigger the destruction mechanism if more than N unlocking attempts are made without success. This security feature is an important selling point of the product.
The government desires access to the contents of one of these safes. The Pineapple Safe Company does not have a way to open the safe directly: it does, however, have the ability to unlock the mechanism compartment at the back of the safe and substitute a new mechanism which would remove the extra knob friction and negate the self-destruction counter.
True that, but it takes longer to write and doesn’t materially change the points in dispute.
“I have not suggested giving unlimited access to anyone’s phone to the USG.” You haven’t, Mrs D, but that’s what the government will be after, won’t it? Because that’s the sort of thing governments do.
A a general rule on privacy, anytime you use a networked device like the internet, a phone, or simply are logged onto a network where you work, you are being monitored. Every mouse click, every word you type, every file you touch is recorded. It probably is not being seen, because there are terabytes of data screaming around the networks of the world. It may be getting monitored more closely if the network is automatically scanning for key words or if you are accessing a website that is under surveillance. This is not new technology.
In the 1990’s when I worked for Lockheed, we were told straight out that a software system called Big Brother (not kidding) was installed across the entire corporate computer and phone network for security and its basic capabilities were explained to me by a network administrator. Even then there were constant probes from outside trying get inside and access their data, not to mention the insider threat that always exists and is potentially most dangerous.
The danger to the wider population is that someone with political motives will access that data to do harm to you. It is also a vast depository of information should we ever go full totalitarian police state.
Specifically on the Apple issue, if the police have a warrant Apple should unlock that specific phone. Apple should NOT give the police the keys just because they want it.
Will Apples phones be able to protect your precious privacy? Not if the government can force Apple to crack them on demand.
That’s about it.
Lutas is correct, the author does not understand the technical details involved.
What the government wants is for Apple to write a program that will allow it to crack the PIN that is requested by the phone when the it is turned on. Apple has no way of knowing what that PIN is. The PIN is a number with a maximum of 6 digits (0 — 9), so there are at most 999,999 PINs. A computer could run through all of those combinations in a few seconds. That would be what is known as a brute force attack. In order to protect the phone from brute force attacks, Apple has an instruction that locks the phone if ten unsuccessful tries are made within in a certain time frame. The software that implements the lock is part of the the phones operating system.
The amount effort required to get around that part of the operating system is not public. But, not matter whether it is small or large, somebody must pay cash for a skilled os programmer to to do it. Why Apple should be that person is not at all clear to me. A court order to Apple to undertake that labor raises real issues under the 5th (no uncompensated takings) and 13th (no slavery) amendments.
Further, the government has physical possession of the phone. Any one who has physical possession of a computer (including a smart phone) can get around blocks implemented in the OS. In the old days, I would remove the hard drive from the case, reset the pins from master to slave which would prevent the errant os from working, and plug the drive into another computer which would see the drive as an external data drive. I have never tried to do anything like that on a smart phone. They are not designed to be repairable. But, the principle obtains.
None of this gets to the question of data encryption, which is thornier and deeper.
BTW, the people who are committing treason are in the White House, not Cupertino California.
Ms Davis.
I’ve lurked hera a long time with occasional comments, and have found much of what’s here to be eye opening and informative.
So, as a guy in tech who is also likely far more to the right than you are (hey, my crowd includes rabid as well as Sad puppies, and vile faceless minions of the supreme dark lord of the evil league of evil, and I regularly hang out at the demense of the International Lord of hate, the Evil Space Princess, and the Brain in a jar) – this is the first time in years I’d seen an article here that I could define as “ignorant”
Worse, you doubled down.
We’ve got two issues – access to cloud services and backups, and the phone.
As to the first, Apple already gave the FBI access to data that existed in the most recent backups that were from 30 days before the shooting. The FBI can freely work with that data, or restore that backup to a new phone and see what information was stored by third party apps.
Because the icloud password tied to the phone was that of the suspects work email address, they also have access to reset that icloud password.
This brings us to the first “oops”
The idiots who handed the suspect the work provided phone did NOT install any form of mobile device management on it. This certificate-based system is explicitly there to ensure the owner of the phone – the business or agency – retains ultimate control and can reset or clear the device passcode. I say idiots because any business handing out more than three or four of these should absolutely do that. This is even MORE important in a day and age when such supervised content management is the only way to reactivate a phone that did not use a corporate email address for its icloud account to allow a password reset.
With that in place, resetting the passcode would have taken a few seconds or minutes of work to send the reset command.
The second oops was in resetting the icloud password. Why? For some reason there were no backups for thirty days. Since automatic backups require the device to be on a familiar wifi network, locked, and plugged into power, with valid adn current icloud credentials, resetting the password prevented the government from simply taking the phone back to the suspects house and plugging it in. There is a solid chance that doing so with the household internet adn wifi active would have triggered a backup, which apple could have recovered, or so could the FBI by THEN resetting the password.
By resetting the password prematurely, that backup could no longer run.
I’ll cover the phone itself and the passcode in a separate comment.
“None of this gets to the question of data encryption, which is thornier and deeper.”
I haven’t followed the story of encryption recently.
At one time, I recall that PGP (“Pretty Good Privacy”) was considered so strong that the NSA was interested in it and how to crack it.
Any updates ?
So – the phone.
the phone is locked with a passcode. Depending on the settings chosen, this could be a 4-digit pin, a 6-digit pin, or fully alphanumeric.
Every phone since the 5s has an encrypted store used to store passcodes and apple-pay / touchID data. This data is only accessible when the proper authentication is provided. You can’t even USE touch ID until you unlock the phone at least once using the passcode. Since this passcode is the easiest “weak point” to access and unlock the encrypted data stores of all the apps, it has several security features.
It cannot be entered programmatically by an outside application, it has to be entered by the touch screen. This and internal time limitations prevent someone from quickly hammering the phone with thousands of options to force an unlock. Finally, the ability to set a “wipe on x number of wrong guesses” makes simply guessing a dangerous proposition, even if one does see the smudges of where the phone was most commonly touched.
There is no outside “key” apple can provide to retrieve the passcode from the encrypted store (for much the same reasons that passwords are stored in encrypted one-way hashes). There is no master key to authenticate it. Due to the design of the store, there is no way apple can even build one.
It IS possible to update the device with a whole new OS by hooking it up to a computer with an updated version waiting to upgrade it.
So how does this help?
While it still cannot unlock the data on the phone because the code is needed to unlock the data store, it allows loading a version of the iOS that does NOT include the “wipe if too many guesses are wrong” setting, cuts out the wait time, and and could also allow entering the code via bluetooth or the hard cable.
In short, it bypasses the features built into the OS and device that prevent someone from applying an electronic lockpick to force the lock and break the code by brute force in anything short of years of manual typing.
Why a whole new OS? because that’s the only way to disable the features already on the phone, and then to run the third party applciations to read the data stored on it.
So yes, apple is being asked to develop a tool that does not exist, to create a less secure version of their operating system, that is validly signed to be loaded onto a phone, that can be loaded into any iphone to allow easy electronic password guessing, and disabling security measures put in place so people and businesses can trust their data to be kept safe. THIS CANNOT BE SIGNED FOR JUST ONE PHONE, and even if the signature and cert are immediately revoked, the tool will now exist.
Given we live in a world where the NSA has pulled shipping routers and servers to install backdoor chips, and injected backdoor code into the router/switching operating systems of major networking companies like Juniper, and where governments are actively attacking the rights of people and businesses to securely and privately transmit and store their data, the “well the government WILL abuse it” argument is a strawman. Apple can certainly keep changing their validation certificates for the OS downgrade, but governments – and criminal organizations – will surely then be given or obtain access to them.
So no. I don’t think obtaining the last thirty days of data off of a phone that, if used to coordinate contacts for the attack, likely had that information on there for far longer, is worth handing overa tool with such dangerous possibilities as it is antithetical to the entire concept of “you can trust us to try and protect your data” that has been a central selling point of apple in comparison to google for years. It certainly is antithetical to open computing and freedom of communication free from prying eyes.
People have a right to the privacy of their property and affairs.
I have no doubt there are others on this site and in Cupertino who know more about the technical details than I. But they are irrelevant to the issues I raised; the strength of the legal arguments being raised by Apple, and the business judgement demonstrated in allowing them to be raised.
Feel free to raise all the personal privacy issues you like, but the majority of people in the country see this as a national security issue. The heart of Apple’s argument is that “the Ninth Circuit has squarely rejected the notion that ‘the district court has such wide-ranging inherent powers that it can impose a duty on a private party when Congress has failed to impose one. To do so would be to usurp the legislative function and to improperly extend the limited federal court jurisdiction.’” (Italics in original)
Does Apple really want to force this out of the courts where rationality tries to prevail and throw it onto the floor of Congress where it rarely does? Be careful what you wish for; you just might get it. And in the current mood of the country, Apple might well get a result it sorely regrets.
At the end of the day, the probabilities are overwhelming that the Apple will retrieve the password or put the government in a position to use brute force methods to do so, whether through judicial or legislative action. Its reputation for the security of its phones will have been damaged and it will have gained nothing except higher standing amongst libertarians. This seems like poor business judgement to me. Apple, its customers, and the public would have been much better served had Apple cut a deal with the FBI before either set foot in a public court room.
Sure – when your first two sentences in the article is nonsense – apple does not have a password to give, and no security conscious outfit serious about protecting their or their own data has stored unencrypted passwords for decades.
Apple is being compelled not simply to provide information that they have, but to to take the time create tools that do not exist in order to break their own product. This in spite of the fact that they HAVE provided aid to the government AND the fact that the governmetn on several levels screwed up by the numbers.
It’s one thing when you have contractual authority (by employment or agreement, or “you enlisted, bub, suck it up”) to force someone to meet obligations they have accepted, or to provide information requested through proper legal channels that they have. It’s another to force them to spend days working to provide a solution they don’t have on hand.
And what are you going to get once you force someone to do a job they don’t want to do? I am sure I’m not the only one who knew people who would spit in the food, or worse, of customers they rightly or wrongly deemed assholes. Do you really want a bunch of very smart guys who are the only ones who can fix your problem to be mad at you for forcing them to break their own stuff and destroy the work they’ve done?
And it IS a national security issue. The very same tools that can bypass the security on your phone or computer and mine are the same tools that can bypass the phones used by businesses and government agencies by other powers or companies. Just like people, the government has its secrets too. Such tools cut both ways, and in this case, the government, of which I have been a part and at one time been privy to secrets, had better be careful of what tools they create to be weilded against them.
A different angle on all this from Sultan Knish:
http://sultanknish.blogspot.com/2016/02/immigration-or-iphone_26.html
I’ve had this question on my mind since this controversy erupted and I’ve never seen anyone address it. Why can’t the FBI clone the phone, or the storage media, and brute force the pass code by working through multiple phones until the lock up via failed attempts and then move onto the next cloned phone, all the while leaving the original phone untouched until one of the cloned devices yields a correct pass code?
A different angle on all this from Sultan Knish:
I agree. I’ve been making the same argument for a decade or more. Having a Muslim in the US, even if he is my friend, isn’t worth the trade-off of my civil liberties. I dated a Muslim girl when I was younger. No hard feelings about her but I’d be much happier not to have known her because she was never here than to continue to suffer the rape of my civil liberties that are required to facilitate her presence here.
I’d amend Sultan Knish to say we’ve got a muslim 15-45 problem. Doesn’t matter whether they immigrate or are home grown. In fact 2nd gen might be worse.
I am not a tech wizard by any means. I have been doing computers for a long time [my first was a Coleco ADAM] and because I have been a writer for various defense journals I have acquired a certain knowledge of the parameters of how little I really know by osmosis, if nothing else.
That said: first, I have to agree with both TM Lutas [who is probably stunned with shock at reading that] and Last Redoubt as to the technical issues involved. You cannot produce what does not exist. I admit that I have a certain amount of surprise that No Such Agency cannot hack into it, but then again under the current regime a lot of our capabilities have been deliberately and severely degraded.
Second, it may or may not be that Apple is telling the truth about their capabilities. I have no great faith in Apple, as they have built and turned over back doors to their computer OS’s to the NSA [and the Chinese Public Security Bureau] routinely. Phone OS’s are a bit more complex. My sense is that they are, but I am not a boffin. This is reinforced by the intense panic by the Federales over forcing Apple to “do something”. The combination of a relatively new encryption method and the KISS principle “wipe if too many guesses are wrong” barrier [plus the incompetence of the SysAdmin that issued the phone] could well be insoluble.
Third, noting that I am a retired Peace Officer, I know that in the modern day and age, Federal LEA’s are only tangentially concerned with either catching criminals or law enforcement. Their main focus today is following the political orders of their superiors regardless of the law and Constitution.
I don’t trust Apple, because they may well be lying. I absolutely know that I cannot trust the Federal government because they lie routinely and are not bound by any limits.
In its pleading Apple said a team of 6-10 people putting in a substantial portion of their time could produce results in 2-4 weeks.
It is inconceivable that the NSA is unable to “clone” all the data from that phone and then find out all this is on it.
The entire technical specs on ANY are cheaply available at the Hua Qaing electronics market in Shenzhan China. See Wired August 2015 article about what happens when Moores Law meets its physical limit.
Does Apple need the US anymore?
It has gobs of cash parked outside the US as well as most of its physical plant. I suspect that Apple can play hardball with the USG because it can afford to lose this particular case.
In its pleading Apple said a team of 6-10 people putting in a substantial portion of their time could produce results in 2-4 weeks.
OS engineers probably cost a minimum of $3,000/week, what with salaries and benefits.
6 × 2 × $3,000 = $36,000
10 × 4 × $3,000 = $120,000
I submit that to require Apple to do that much work without compensation is a violation of its rights under the 5th Amendment.
Apple is not alleged to have committed a crime, nor is it a witness to anything. The government could not obtain a screw driver to pry the case of the phone open by subpoenaing Lowe’s.
The case should not be close.
The estimated cost of this project is far less than that for compliance with a subpoena involving extensive document searches.
I want to add something on the general idea of backdoors. That is a method by which the government could obtain the key to an encryption program that would allow it to decrypt a cypher text with very little effort. There are a couple of killer problems with the idea.
1. If there is a backdoor that the US government could walk through, the Chinese Government, or the Russian government, or a Russian script kiddie could go through it, for purposes of espionage, or for theft, or just for giggles and grins. If that happens, say good bye to on line banking and online transactions through the computers with back doors.
2. One time pads work and cannot be broken. See: One-time pad on Wikipedia. If a key has an entropy that is ≥ the entropy of the plain text, and the entropy of the key is nontrivial (256 looks pretty good right now, 1024 is probably bullet proof), the cypher cannot be reasonably expected to be broken within the remaining thermodynamic life of the universe. The problem with one time pads has been their creation and distribution. However, a 32 GB micro SD card can be had for $8.00. My guess is that obtaining the random numbers to be the key will be more expensive than storing and copying them. See Random.org.
Therefor, even with a backdoor, non crackable cypher texts can be generated and transmitted at a low cost.
3. Once backdoors are known to exist, they will only be useful in catching the unwary. True enemies, can be expected to use technologies that the backdoor will not be able to penetrate such as one-time pads.
4. Far fewer than all of the people in the world are American citizens. Why any of them would want to open their communications up to the USA is way beyond me. I would expect that Non backdoored devices will be produced and sold all over the world. The US cannot keep drugs out of the country, and it cannot keep illegal immigrants out of the country, why do you think that it could keep non-backdoored communications devices out of the country?
Beyond that, backdoors are a great idea, if you are a government official who does not know anything, cannot think, and believes that he is smarter than everybody else, which pretty much describes almost all government officials.
Mr. Schwartz,
Look at the documents.
The order clearly states in point five “Apple shall advise the government of the reasonable cost of providing this service.” Clearly payment is assumed.
The Motion to vacate mentions the Fifth Amendment only to make due process claims not takings claims. The Thirteenth Amendment is not mentioned.
Red herring argument.
LastRedoubt got the tech stuff right. Here’s some legal stuff that needs consideration:
If Apple does eventually write a new set of code that allows DOJ to bruteforce the passcode, then DOJ is going to walk into court with a claim that they know what’s in the phone, and a desire to prosecute someone because of what’s in the phone.
At which point, a defense attorney is going to tell the court that DOJ just made up all of their claimed phone information.
At which point, according to our legal rules, DOJ is going to have to prove, publicly, that their proffered information really DID come from the phone. This means they are going to have to show all of the steps they took to retrieve that information, including how they opened the phone up.
Meaning, whatever code Apple writes to accomplish this is going to be out of Apple’s hands, and in the hands of the DOJ, because DOJ will need to be able to disclose this info in court in order to provide the technical foundation for their claim that the data really did come out of the phone.
And then maybe someone emails that info to Obama or Clinton, in which case the Chinese and the Russians have it, too.
There is no way that this new break-in code can stay in Apple’s control, or that it won’t be used repeatedly by and as is convenient to Law Enforcement once it’s written.
Please, Apple, fight on. Frankly, our current DOJ scares me personally more than do terrorists.
I have been searching for years for an alternate method to fix our schools other than to park someone in front of everyone with a sign, “you are being robbed” and other messages that explain simply how the system is stealing the dreams of entire generations of americans. That strategy would probably do it. It would also, predictably, result in poorly socialized people committing violence as they learn how much the system has screwed them, ironically, in part, by not socializing them sufficiently not to be violent.
I view raising a thirteenth amendment claim against the federal government to be similar in that it will predictably provoke exactly the sort of backlash that could very well make things worse for a company. This cost/benefit analysis is independent of whether or not the thirteenth amendment claim is correct.
The question at issue is whether creating something new is ever a normal civic obligation of a citizen. I would say invention is not something the government can legally coerce and the invention of something new in the field of the arts is especially dangerous. Code is a peculiar form of speech and the government here is commissioning the creation of a new work of art whether the creator likes it or not. The precedent set here is quite bad and predictably will happen again in future.
This seems like poor business judgement to me
I’m curious what you think the value of the company will be the day after fbiOS has been created? Throwing away the value of the company to read a dead man’s email seems like poor business judgment to me.
I’d prefer unbreakable encryption to any government having the power to read any computer at any time. And like my ancestors, the Founding Fathers, these intolerable intrusions by wannabe tyrants, should end in revolution.
The estimated cost of this project is far less than that for compliance with a subpoena involving extensive document searches.
Depends on who does the counting. Loss of valued employees (who refuse, now and in future to work for Apple): $100 million; loss of reputation, $25 billion (minimum); loss of market share worldwide, now and in the future, $1 trillion (minimum); loss of….
ErisGuy….I was referring to direct costs: indeed, there are marketing issues at stake at well.
Regarding “loss of valued employees”…how many of these employees resigned over Apple’s putting in spying hooks as requested by the Chinese government?
“Clearly payment is assumed.”
Assume nothing. Payment could be ordered, and it was not.
Actually there is no distinction between a taking claim and a due process claim. The takings clause and the due process clause of the 5th amendment are parts of the same sentence. Takings has been held to apply to real and to personal property, not to labor. But, due process covers both.
As for my argument being a red herring, it is not. A red herring is a distraction.
Due process is not a distraction, it is to me the guts of the case.
The first amendment, is in my opinion, a bit of a red herring, but I believe that Apple had good reasons to bring it out. Lawyers do not always expect to prevail on all of our arguments. It is enough that we prevail on one.
“The estimated cost of this project is far less than that for compliance with a subpoena involving extensive document searches.”
True, and irrelevant.
The law is clear. A party to litigation must give the court all relevant evidence. It must search high and low for the evidence, and it must provide to the court and the parties. Cost is a lesser consideration, although the courts do not entirely ignore it.
Apple is a party to nothing, except selling a phone, most likely indirectly, to an organization that employed a terrorist, and gave him a phone.
Apple is a witness to nothing. It is not being subpoenaed to give evidence. The law is that anyone who is a witness must give his testimony.
Apple has no duty under court rules, or common law to give the government anything.
The magnitude of the cost is not material, as I said, the government could not subpoena a screw driver from Lowe’s
I have been searching for years for an alternate method to fix our schools
If by “fix our schools” you mean something about student outcomes, sort outcomes by race, compare internationally, and the urgency is significantly diminished.
With respect to Apple’s interests, if forced to comply this could be a boon for Apple as they play victim and spread the word far and wide, everyone upgrade from the compromised model of the iPhone to the uncompromised model.
“I’ll decrypt the San Bernardino phone free of charge so Apple doesn’t need to place a back door on its product” by John McAfee on Feb. 18, 2016
http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2
“The NSA’s back door has given every US secret to our enemies” John McAfee on Feb. 26, 2016
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2
McAfee is the man who invented anti-virus software.
McAfee is both a nutcase and a genius. Sometimes hard to tell which.
There would be no problem if the FBI had not killed the 2 people who owned the iphone.
The FBI could have captured them alive and kept them alive and tortured then until they revealed everything. Then follow up and torture all the people identified in the first round. The FBI can still torture the brides family and the grooms family plus all their contacts to 5 generations.
Right now the FBI can shut apple down and place all the apple employees into a special labor camp. They known too much and they endanger national security.
LR: Would you take his offer?
My diagnosis is that the government is not really serious about getting into the phone. If the phone contained real actionable intelligence, they would have taken it back to the lab and using the tools available to them gotten into that day, or perhaps the next.
If the name of any co-conspirator is on there, he has been a cool breeze for weeks.
Litigation is the painfully slow way of getting anything done. When I taught law, I made the students read the first few lines of the case report and figure out how long the plaintiff had been broke and injured before the court issued the final judgment. The lesson is that law suits, even if you win, are almost always cold comfort.
Ergo, I believe that the government is going through this kabuki with Apple for political purposes. They figure, if they win, they have a precedent, if they lose, they can go to Congress and ask for legislation. Apple, for its part, wins by dragging things out and by using the litigation as a PR opportunity. Folks, we are looking out for you.
Final point: After reading the McAfee piece about back doors, I wonder how safe any of our devices are.
If you are really paranoid, should you use OpenBSD? Or should you only use roll your own?
And what about cell phone software. can we really trust Apple? Google? Is there a cellphone analog of OpenBSD? Is CyanogenMod trustworthy?
Can someone with technical chops please explain to me what I’m not seeing? What’s wrong with the plan I’m going to detail.
-I read that there are 10,000 possible passwords. Is this true?
-The phone will erase the information after 10 failed attempts.
Why not clone 50 phones, keep the original intact, run sequentially through 500 passwords, wipe the phones, reclone them, run through another 500 passwords, rinse and repeat until you get the correct password and then apply the password to the original phone.
This seems so simple to me that I’m assuming that there must be a glaring flaw which is obvious to everyone else but me, so what is that glaring flaw?
Regarding “loss of valued employees”…how many of these employees resigned over Apple’s putting in spying hooks as requested by the Chinese government?
A worthwhile question… and yet Apple’s employees live in the USA and are subject to its government. Alas, distance makes problems seem smaller, even when they’re not. I’m melancholy about CNN, Google, Apple, GM, Ford, et. al. cooperation with tyrants, but that doesn’t make surrender more appealing here; e.g. because a company helped harm Jews in Germany or dissidents in the USSR, doesn’t mean the company should cooperate in the same endeavors at home.
This seems so simple to me that I’m assuming that there must be a glaring flaw which is obvious to everyone else but me, so what is that glaring flaw?
There’s a rat hole to jump down. At the first level, the phone can’t be cloned without the password. Not sure of the time involved to bit copy the contents of chip pulled from a disassembled iPhone and mounted on a custom motherboard.
Apple loses if the government is ever serious. The feds can simply seize the company with its eminent domain power, put a trustee in charge (Jack Ma of China would be a great way to rub this into the eyes of the tech guys), and sell Apple to the highest bidder to pay off its former shareholders. While the trustee has Apple’s staff do what the feds want.
This is perfectly legal (it’s my day job) and won’t cost the feds a dime save for their own employees’ time.
The geeks and lefties are perfectly free to migrate to some other galaxy. But, while they live in the great state of reality, no private for-profit entity can openly defy the government in national security matters.
This is Political Power 101.
No company is too big to fail in this way.
All a President has to do is ask Cook, “Are you feeling lucky?”
Sure there will be short-term political consequences. Among those will be that no company will again defy the US government concerning national security.
Why it would be delicious to make Jack Ma the trustee of Apple in this scenario:
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/02/25/deposing-tim-cook/
I suspect you’re close, but I’d start from a different point. I believe the government reasonably believed they had precedent. Then they went to Apple and Apple decided to say precedent, schmesedent, we aren’t cooperating this time. Why would they do that for a few months of folks we’re looking out for you when this is going to end with folks, we can’t look out for you quite as well as you used to think? Seems like bad advice and judgement to me.
I would be more sympathetic if Apple had not given up its virginity to China already.
Zerohedge has an article that explains everything called:
“We Just Found Out The Real Reason The FBI Wants A Backdoor Into The iPhone”
http://www.zerohedge.com/news/2016-02-24/we-just-found-out-real-reason-fbi-wants-backdoor-iphone
The FBI wants the I phone to take pictures of everyone you meet and send them to FBI
The FBI wants copies of all conversations made on the phone and in the presence of the Iphone.
Everyone is a potential terrorist. No one is above suspicion. “Free people have nothing to hide because they are loyal, trustworthy, honest, helpful, faithful, and good enough to be Americans “.
Only terrorists can object to these simple FBI requirements.
Health to our Leader Obama!
^^ Brer Rabbit likely has the gist of it. The government wants a tool to break into any phone; its been whining about encryption for some time. This is the case that will deliver it to them. If Apple builds the unlocker, they win; if not, they go to Congress and get legislation demanding such in the future and again, they win.
I don’t trust the government. It’s been thoroughly weaponized against its citizens.
Do you doubt for a moment that if someone like Lois Lehrner had such a tool at her disposal, she wouldn’t hesitate to use it?
The idea that the FBI is flummoxed by a 6-digit passcode is laughable.
What’s the first thing a LEA does when it seizes a hard drive? Make a copy! Phones are no different. If the FBI doesn’t already have a clone of that phone, they are simply incompetent. If all else fails, you can simply remove the FLASH memory chips from the phone, mount them on a custom board, make a copy and then run as many attempts to decrypt it as you want. Modern surface-mount technology makes that a little tricky, but it is very doable. Technically, there is absolutely nothing preventing the FBI from brute-forcing that passcode. My technical skills are a little rusty, but I could do it and I’m absolutely positive I could find someone with more up-to-date skills (and the proper hardware and software) who could do it in a couple of weeks or less. Any decent computer forensics expert should be capable of doing it.
The question nobody is asking: Why this case? They’ve seized dozens of Iphones before, in cases ranging from organized crime, murder, and drug trafficking to child pornography. What makes this case unique? Nothing, except for the high body count. It is tailor-made for a well-crafted, political ploy to destroy strong encryption in the hands of private citizens. They are counting on fear of terrorism and widespread technical ignorance (especially about encryption) to win the public-relations battle. I don’t think they really care whether they win the Apple case. They are playing the “long game” and are positioning themselves to win in Congress.
And they ARE winning the public-relations game. Mention “terrorism” and too many people just completely lose their minds. I am extremely disappointed in the many who are normally skeptical of government power who’ve swallowed the DOJ’s claims hook, line and sinker.
“At the first level, the phone can’t be cloned without the password.”
No. You can disassemble the phone, pull out the SDRAM chip, attach it to a carrier with a USB output, and plug it into a computer that can “mount” the Chip as a non booting partition. At that point it will look to the computer like a file system. The computer runs its own OS, not the phones. The pass code would be irrelevant. As I said above, we used to do this to malfunctioning DOS drives all the time.
“Not sure of the time involved to bit copy the contents of chip pulled from a disassembled iPhone and mounted on a custom motherboard.”
I would guess that if they had a skilled technician, with the right tools, it would take less than an hour. I would hope that the government keeps the tools on hand. The worst case should be sending it to Fort Meade where NSA hangs its hat.
This is too simple. That is why I said the whole thing is a Kabuki. If the government really needed or wanted the information on the phone to catch a evil jihadi, or to prevent other attacks, they needed it weeks ago. Litigation is time consuming. Therefore the government has no real need for the information.
Scottie: you posted that while I was writing my reply to TangoMan. I completely agree with you, except that I cannot believe that it would take a good tech with the right tools more than a couple of hours.
Mrs. Davis you remind me of the time that the Client meet with my litigation partner and me. He told us to meet with the opponent’s lawyer(OL) and explain the Clients case to OL. He was sure that once OL understood Client’s case, he would tell opponent that Client was right, and opponent would do what client wanted opponent to do ASAP.
We counseled gently with the Client, who was in a highly emotional state, as new litigants often are. Look, we said, ever case has two sides. You have yours, and we have done our best to explain it to the court in our pleadings and motions. But, Opponent has his case and he apparently doesn’t agree with yours, or we would not be at law now.
We know OL, he is a good lawyer. He knows the law, he is diligent in investigating the facts, and, he, no doubt, has a substantial retainer from opponent. If he concludes that opponent will lose the case, he will counsel with opponent, and at some point there will be settlement talks. But we cannot accelerate that time by meeting with him. All that he can say after a meeting is: “Thank you for your time counselor, I have heard what you said, and I will bear it in mind as I study the facts and the law. At the appropriate time I will counsel with my client, review the facts and the law with him, and we will plan a course of action. I will provide you with an answer and appropriate responses to your motions in due course. Have a good afternoon.”
At any rate we do not expect OL to throw in the towel unless and until his retainer is exhausted.
We told the client that litigation is time consuming, lengthy, and no one can ever guarantee an outcome. There is a 10% chance that even the tightest case will be lost. We will do our best to obtain the result he wants in a timely efficient manner, and we had every rational expectation that he ought to prevail, based on what we know right now. But, that was not bank money yet, and only time could tell.
The case dragged on for a while. There were depositions and hearings. Client lost his enthusiasm. A trial date loomed. Settlement negotiations were entered into and were concluded. The case was dismissed, Client was not ecstatic, but he was satisfied that things had worked out as best they could. Both law firms got paid.
Mrs. Davis: I would not entertain the position that Apple is poorly advised. They are not stupid people, and they know their own business infinitely better than you, or I, or any other blog commenter. They have $250 Billion in cash on hand, and no material non current debts.
They could win. I don’t think it impossible. The could lose, any litigant can lose. The process is at best chancy. Or, they could run out the clock. The current administration leaves office in 10 months and three weeks, more or less. The next administration may or may not be interested in this case. Several prominent anti-trust cases were quickly terminated after a change in administration.
One of Hussein’s most annoying habits is explaining why a course of action that he wants, but others do not want, is in their best interest, and he understands their best interest better than they do. Don’t adopt that that type of argument.
I’m sure the chip can be pulled and mounted. At that point you have a large file or partition that looks like random garbage.
RS, I was just being conservative with my time estimate. The most time-consuming part of it would be physically removing the memory chips. Once the chips are removed and the data is copied, brute-forcing the passcode would be a matter of hours, at most.
The technical issues are non-controversial. I’ve yet to hear from any technically skilled expert who says it can’t be done. The legal issues, while interesting to lawyers, are not that important. Note, even a third-party can be compelled to spend millions of dollars complying with a subpoena, with no financial recourse (as my wife’s company discovered a few years ago).
This is foremost a POLITICAL operation. It is simply the first step in what will be a sustained political attack on strong encryption in private hands. The government has resisted any private encryption going back to the 1980’s. They have tried, repeatedly, to weaken or prevent encryption in private hands. Remember the Clipper chip? Remember the attacks on Phil Zimmerman and PGP? Remember their opposition to 256-bit encryption in the 90’s? As Snowden revealed, the only reason why the government dropped their opposition to 256-bit encryption was because the NSA had cracked it.
They have not given up. They’ve been waiting for just such an opportunity (mass casualties + encryption) and they will it use to maximum effect. Sadly, too many well-meaning people have fallen for it…
No. You can disassemble the phone, pull out the SDRAM chip, attach it to a carrier with a USB output,
You said ‘no,’ then answered ‘yes.’ My point stands: At the first level, the phone can’t be cloned without the password.” Which is why I followed up with stating exactly what you repeated to contradict me but actually repeated (in greater detail) what I wrote.
Sure there will be short-term political consequences.
I’d like to hope that those short-term consequences included mass executions of politicians and government employees.
I would be more sympathetic if Apple had not given up its virginity to China already.
I know: CNN reported what the tyrant Hussein allowed, therefore CNN should report only what the USG allows. Krupp built concentration camps, therefore Krupp should do for anyone now.
I know of no morality, ideology, philosophy, or religion that states that once you’re morally compromised good deeds are beyond your reach, or others should refuse you aid to perform good deeds or condemn you for doing good deeds.
RS,
You raise an interesting point, is Apples adversary in this instance Hussein or the intelligence community. I have assumed the intelligence community. But perhaps Hussein has inserted himself so that he is the roadblock. Interesting.