Attorney General Hopes Apple Will Comply With Court Order

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Again, for the record, I am not taking sides in this matter. I'm just commenting on how absurd it is that the Attorney General of the United States "hopes" Apple with comply with a court order. The average person would be in jail .5 seconds after refusing the very same court order. ;)

U.S. Attorney General Loretta Lynch said on Monday that she hopes Apple Inc. (AAPL.O) will still comply with the court order by a federal judge in California to unlock the iPhone used by one of the San Bernardino shooters.
 
Apple wins in the NY case. Apple does not have to comply:

A federal judge denied the United States government’s request to open an Apple iPhone in a drug case in New York, a move that gives Apple’s pro-privacy stance a boost and that has implications for other cases where federal investigators are trying to get data from tech companies.

http://www.nytimes.com/2016/03/01/t...column-region&region=top-news&WT.nav=top-news
IF this helps Apple, this will be appealed or fought in a different court.
 
I really don't understand why Apple or the government are both wrong on this. The 4th amendment specifically took care of this problem. Yes, Apple can unlock any iOS device it wishes. Their "we technically can't" argument is BS. No, the government shouldn't be asking for unlimited access to all phones (Which thanks to Edward Snowdens heroic whistleblowing, we know they already have), or be given the decrypting software/hardware that Apple has.

The government needs to get an individual warrant (which ironically would solve the illegal NSA mass spying BS too), and specifically say what they are searching for, where they are searching for it, and why. Once this warrant is approved by a judge, Apple should then decrypt ONLY THE PHONE, and hand ONLY the specified information over that the one individual warrant specifies.
 
I really don't understand why Apple or the government are both wrong on this. The 4th amendment specifically took care of this problem. Yes, Apple can unlock any iOS device it wishes. Their "we technically can't" argument is BS. No, the government shouldn't be asking for unlimited access to all phones (Which thanks to Edward Snowdens heroic whistleblowing, we know they already have), or be given the decrypting software/hardware that Apple has.

The government needs to get an individual warrant (which ironically would solve the illegal NSA mass spying BS too), and specifically say what they are searching for, where they are searching for it, and why. Once this warrant is approved by a judge, Apple should then decrypt ONLY THE PHONE, and hand ONLY the specified information over that the one individual warrant specifies.

But if Apple actually makes a hack to get into one phone, that hack will eventually end up available to everyone that wants to get it.

Whether it be the government stealing it or somebody else stealing it, it will happen.
 
I really don't understand why Apple or the government are both wrong on this. The 4th amendment specifically took care of this problem. Yes, Apple can unlock any iOS device it wishes. Their "we technically can't" argument is BS. No, the government shouldn't be asking for unlimited access to all phones (Which thanks to Edward Snowdens heroic whistleblowing, we know they already have), or be given the decrypting software/hardware that Apple has.

The government needs to get an individual warrant (which ironically would solve the illegal NSA mass spying BS too), and specifically say what they are searching for, where they are searching for it, and why. Once this warrant is approved by a judge, Apple should then decrypt ONLY THE PHONE, and hand ONLY the specified information over that the one individual warrant specifies.

There's no 4th amendment issue here because the phone doesn't belong to the shooter, it belongs to the San Bernardino County Public Health Department and they obviously consent to the search of it.

The problem is that Apple has sold a bazillion iPhones with certain software/hardware based security features that are supposed to prevent anyone from being able to brute force the simple 4-digit PINcode on the phone. If Apple engineers their way around those features then those bazillion iPhone owners didn't get what they paid for. Even if apple is the only one that can do it, they paid for phones that even Apple couldn't get into. The utility and value of the already sold devices and any future devices they may attempt to sell would be reduced.
 
Future news:

Apple forced to create backdoor, FBI finds terrorist's pokemon save file. In other news, 60 suspected CIA agents found dead in a Russian ditch.
 
I really don't understand why Apple or the government are both wrong on this. The 4th amendment specifically took care of this problem. Yes, Apple can unlock any iOS device it wishes. Their "we technically can't" argument is BS. No, the government shouldn't be asking for unlimited access to all phones (Which thanks to Edward Snowdens heroic whistleblowing, we know they already have), or be given the decrypting software/hardware that Apple has..
Apples newer phones have an encryption design that precludes even Apple having magic keys to just open it. Which is why the government wants to defeat the brute force protection which all phones have.

Once they have those tools, they can re-use them. And they don't need a warrant to open the phone with this method even if it belongs to someone. And since the phone is on your person and you may set it down in the open, etc there's plenty of opportunity to get the phone without a warrant.
 
I really don't understand why Apple or the government are both wrong on this. The 4th amendment specifically took care of this problem. Yes, Apple can unlock any iOS device it wishes. Their "we technically can't" argument is BS. No, the government shouldn't be asking for unlimited access to all phones (Which thanks to Edward Snowdens heroic whistleblowing, we know they already have), or be given the decrypting software/hardware that Apple has.

The government needs to get an individual warrant (which ironically would solve the illegal NSA mass spying BS too), and specifically say what they are searching for, where they are searching for it, and why. Once this warrant is approved by a judge, Apple should then decrypt ONLY THE PHONE, and hand ONLY the specified information over that the one individual warrant specifies.

Obviously you're not familiar with how the new iPhones - from both a hardware and software perspective - work: Apple has gone to great lengths to ensure that once an iPhone leaves their factories and ends up in the hands of consumers or whoever makes the purchase that the phone's internal storage is as secure as it can be given the technology they have to work with if the user enables it. They've done their part to provide for the security but in the long run the end user can make the choice to have it in play or not.

In this situation, they had it in play so no, Apple cannot just unlock the iPhone 5c in question here. If you work for Apple in one of their black labs and you're privy to some technical mumbo jumbo magic that regular people aren't aware of that's fine and dandy, but since Apple tends to publish a lot of their technical info about the iPhones and iOS - especially in how the security aspects work nowadays - it's pretty well established by even security experts that actually know what they're talking about they're fairly damned secure devices compared to most anything else except perhaps BlackBerry hardware and software.

As for the comment about the average person being in jail a half second after the order came down, the law does provide for an appeal on most anything and Apple availed themselves of that opportunity pretty much instantly - they'd already had the appeal in motion before the original order was even finalized, more than likely.

The win in the NY court on Monday is definitely going to have an effect on things in the long run. I hope that people strive to come to the understanding that this situation isn't about just that one iPhone and hasn't been for some time now: it's about a precedent being set that could affect every device, across any platform, in the future. I don't have a problem with Apple actually offering assistance - note I said offering it, willfully and as a way of helping out - but what I do have a major problem with is companies like Apple being forced to do something as that court order is attempting to do in the San Bernardino case which just crosses a line with the use of the All Writs Act.

There's just too much at stake here, vastly more than people realize and vastly more than most people are willing to make themselves cognizant of - it's much easier to just throw around terms like "terrorist" and "Apple supports terrorists" and other things that cause more strife and foul mouthing of a company doing what it feels it must do. I don't like Apple, or how they do things in general but in this situation I'm still on their side because it's the right place to be.
 
IF this helps Apple, this will be appealed or fought in a different court.



Yes, of course, and that judge's ruling can be over ruled. But what's worse, while Apple is going to congress to try and get the lawmakers to draw the line of what's right and wrong. Law makers are already lining up to p[ass a different set of laws and I don't think Apple is going to be happy with the outcome.

In Congress, House Homeland Security Committee Chairman Michael McCaul, a Texas Republican, and Senate Intelligence Committee member Mark Warner, a Virginia Democrat, have introduced a bill that would create a National Commission on Security and Technology Challenges, which would consist of 16 "experts representing all of the interests at stake so we can evaluate and improve America's security posture as technology — and our adversaries — evolve."

As I have been saying, Apple's posturing is going to drive Congress to dictate how things will be done and it's probably not going to work out well.

The Government has been asking the tech giants in the industry to work with them and Apple and the others refuse. Now the Government is going to create their own "Tech Experts" who will sit in the place of these industry "partners" and they will create the rules anyway. These rules will become laws. By refusing to play ball Tim Cook and others are throwing the game completely.
 
But if Apple actually makes a hack to get into one phone, that hack will eventually end up available to everyone that wants to get it.

Whether it be the government stealing it or somebody else stealing it, it will happen.

Why? Why is it Apple can't use the new tool to unlock the phone and destroy the code? Why do you guys insist that this can't be done? It's basically stupid beyond belief. The Court Order says they can do all this work in Apple's Own Lab and the computer used to brute force the phone can be an Apple computer still in their own lab. Apple has full control and what's more, Apple has the ability in the court order to recommend how best to actually do all this as long as the end result happens.

Shit Apple hasn't even officially replied in court to the court order yet.

Has the Judge refused Apple's motion to vacate the order yet?
 
McAfee weighs in.



Another McAfee interview all the "I have nothing to hide" people need to pay attention to.

 
Last edited:
It's truly stunning at how little McAfee seems to actually know based on that interview. I can't say I ever had any respect for the guy, never used his products in the past, laughed at all his stupid activities over the past few years, and now this interview just confirms to me that the guy doesn't have a fucking clue even in spite of him professing that America needs to get a clue.

And here I was thinking Trump was the worst stupidest most insane Presidential candidate in the history of the US, boy was I wrong on that one. ;)
 
Please elaborate. I'm not a hacker so don't know the nitty gritty of reverse engineering but the second video is on point and I like Mr. McAfee.
 
Last edited:
If the methodology to decrypt an iPhone's internal storage (because that's what's necessary here) was anywhere near as easy as McAfree claimed in the first video (I won't need to watch the second one) then the FBI, the DOJ, the NSA, the CIA, most skilled hardcore blackhat hackers and security folk - not to mention every government of most every country on the planet - would have been doing this for years now. The "secret code" isn't something that's stored internally in the phone like he seems to be thinking it is and just sitting there for someone to read.

Let me explain it to you in the simplest possible terms: if the "secret code" was somewhere in the internal storage of the device - it's not in the firmware but the read/writable user storage of the device - then reading it would be a trivial thing, that is entirely true but there's a problem there because the internal storage is encrypted. See how that works? How the hell is anyone going to be able to find something required to decrypt such a device if what's needed happens to be encrypted itself? See how that works? Part of the decryption process requires the UDID of the given device and that can be located easily (by design because that's used for also being able to install signed Apple firmware on an iOS device) but it also requires the passcode in conjunction with that UDID to do the cryptological hashing work to decrypt the internal storage but it's a mathematical function. If the necessary info is encrypted, you can't read it and it's far far from trivial as McAfee seems to think it is.

If I could meet him or talk with him I'd just say "It's encrypted, stupid."

As for you being a hacker, no, you don't say. :D

And as for you liking McAfee, a lot of folk seem to like Donald Trump nowadays - that's not really a positive thing, honestly. McAfee is for all intents and purposes taking Trump's exact game plan and just running his mouth 24/7 about this because it was easy for him to latch onto it and it's a situation dealing with technology and people seem to think he's got some great understanding of technology in general. He's not saying or revealing anything that Edward Snowden hasn't revealed, he's not pushing out any info that hasn't been available for a decade now for people in the know on the type of monitoring going on (not tooting my own horn but I happen to be someone with a strong interest in computer and technology security since the 1970s).

Protip: he's a buffoon milking this situation for press as much as he can as long as someone is willing to hand him a microphone or sit him down in front of a video camera.
 
He said it was stored in ram and not the internal storage, he also pointed out this whole thing may be a ruse of the government to get legal access to everyone's iPhone and that they may well know how to get access to the phone already. As for the second video it is about privacy and security in general and he makes some good points. He is also nothing like Trump. As for your need to insult me because I admitted I am not a hacker, well, that is what one would expect from gov. goons such as yourself.
 
They "hope"?

That's right up there with "wishing it was so".
 
It wasn't an insult, it was a point: if you were an actual hacker you wouldn't go around making a claim to be one, which you didn't, hence a self-fulfilling statement. As for the RAM thing: like I said, he's a buffoon more than anything else. While the decryption process itself may use RAM once initiated, RAM is volatile and you can be quite certain that iPhone has been turned off and on again a few times since it was acquired from that vehicle they found it in. If the passcode of the device was stored in RAM, the first time the phone was restarted (which I'm fairly confident has happened at least once in this situation) the key was lost and is now gone forever and not even Apple can do anything about that because if what McAfee claims is accurate (and it was with iOS 7 and 8 but not 9 from what I understand) - that the decryption key is stored in RAM once the passcode has been entered - it was lost once and for all when that iPhone 5c was restarted.

But, guess what: with iOS 8 and 9 it's not even necessary to reboot the device - simply locking it wipes the decryption keys from working RAM and I'll explain more about that below.

It's entirely possible that the iPhone has been on this entire time, under great protections to make sure it stays powered on, but at this point I have my doubts about that considering just how strongly the FBI is pushing to get Apple to comply with the court order and how far they've chosen to go. iOS 8 offered the potential to make something happen with that iPhone 5c as Apple has admitted (and some security researchers have commented on based on their understanding of the hardware and software security subsystems on that device per Apple's published developer documentation) but once iOS 9 got on the device that's when all bets were off.

If you think of the iPhone as a safety deposit box it might be easier to grasp - a traditional safety deposit box has two keys so I'll point out how they are analogous to this situation and I'll admit this is a pretty loose analogy at best but right now I can't think of anything better. There are 3 parts to this example: the iPhone 5c itself which we'll use as "The Box" meaning the safety deposit box itself. Then there's two "keys" basically: the UDID and the passcode.

The Box = as noted, that's the iPhone 5c itself, that's where the goodies are securely stored away that someone else wants to acquire.

Key 1 = Stays at the bank which is where The Box is, for safe keeping (no pun intended), nobody else has it and it's unique - this would be used in this example as the UDID aka the Unique Device ID of the actual iPhone itself so when I say it's unique I mean that Key 1 for let's say Bank of America won't work for the safety deposit boxes at Wells Fargo. Might be safety deposit boxes made by the same manufacturer, even, but the actual key itself is unique to that device and only that device meaning it only works for that device and only that device.

Key 2 = The passcode the end user aka owner of the device or the user (because in this situation the iPhone 5c was a work related device owned by San Bernardino County) chooses which allows for the unlocking of the device for usage. In the process of unlocking the device it also allows the decryption process to work as designed so reading/writing to the internal storage of the device, including the RAM which apparently is encrypted as well with iOS 9. The passcode isn't actively stored anywhere on the device - this is the part that McAfee isn't grasping on his own and since we can be fairly sure that iPhone has been rebooted at least once that's the ballgame once more. Key 2 isn't saved anywhere in storage on the device, not the Flash storage nor the firmware - it exists only for the user alone and entered when required to "unlock The Box."

There's an issue that needs clarification here:

If you take an iPhone running iOS 9 and it's unlocked and you press the Power/Sleep button (you're manually locking the device), as soon as it is actually locked (takes like 50ms) those decryption keys are deleted from RAM (this is part of the security spec since iOS 8). It's a concept on the iPhone known as "Complete until first authentication" and it means the device is completely encrypted (including the RAM which would be in the standby/sleep state during the locked period) until that passcode is entered and authenticated. This is part of the reason why even having a powered on (not totally cold powered off) but in sleep/standby mode iPhone can't be accessed even by Apple with a secure/trusted boot image (to boot the device from external sources not internal) - once those keys are lost by locking the device OR by powering it down/rebooting it, that's it, there's nothing they or anyone else can do at that point.

As far as the keys, you go to the bank to get into The Box aka the iPhone with Key 2 aka passcode and use it. Key 2 aka passcode is then checked in a mathematical computation along with Key 1 aka the UDID and the encryption algorithm does its magic - this would be akin to you having to show your own ID at the bank to get into the vault, in some respects, it's an authentication process you have to go through but on the iPhone it works a bit in reverse overall because all the authentication work happens after you supply the key - actually if you go to most banks in the real world they'll expect to see the key you have before they really begin the process of authentication at all so they know you're at least serious about the process of getting into the safety deposit box area.

Anyway, the safety deposit box itself is like the iPhone - it's either locked or unlocked, and when it's unlocked the keys remain in the box itself meaning in RAM so the operating system can actively make use of the RAM and the read/write storage of the device itself - you can't remove the keys (Key 1 and Key 2) of the safety deposit box until the door of the box is closed which is the locking process - that's by design actually for the physical safety deposit boxes. See what I'm getting at here with this specific point?

Once The Box aka the iPhone is locked, the keys are no longer in The Box (for technical purposes in this specific point, the RAM) for anyone to make use of, not even Apple.

It doesn't have to be a device that's never been turned off since it was acquired from the vehicle - it was acquired in a locked state and based on how the iPhone works, since the FBI has never been able to enter the correct passcode to unlock the device they never will without the passcode so McAfee's entire idea of "just hook it up and read the keys from RAM" bullshit hits a brick wall at a very high rate of speed.

That's how iOS 9 works and since we know the iPhone 5c in question is running iOS 9 as admitted by the FBI in the requests to Apple for assistance then Apple really can't do Jack Shit now to help - aside from the potential of writing the custom version of iOS that the FBI/DOJ/courts are attempting to force them to do but even that might not work - it won't work on the iPhone 5s which is similar but has some hardware differences, and newer devices like the iPhone 6 or later flat out can't be accessed, period, end of story.

On top of the colossal blunder by resetting the passcode when they gained possession of the iPhone and got permission from San Bernardino to search it, the FBI was basically doomed from the start on this endeavor but they're going to push it as far as they can and the courts will allow them to, sadly.

It's just one big clusterfuck of epic proportions, really.

As for me, private person here, never worked for the government of the US in any capacity although I offered my services in my earlier years, their loss.
 
Last edited by a moderator:
But if Apple actually makes a hack to get into one phone, that hack will eventually end up available to everyone that wants to get it.

Whether it be the government stealing it or somebody else stealing it, it will happen.

My opinion is NO access period.
It's really becomes a matter of national security not individual privacy in my book.
But not the way you might think of it, I'll explain.

Once any hack is written, China, N. Korea, Russia and lord knows who else would use
it as a further exploit into our networks. Their already doing a good job of it, why
would Apple create any backdoor that they could steal?

You know once it done, Apple would never be able to keep it secure.
We would be letting the proverbial genie out of the bottle, that could endanger everyone.
We can't trust the government to keep it safe either, if their given a copy.

So I think Apple should not give anyone any assistance in this matter.
 
If the methodology to decrypt an iPhone's internal storage (because that's what's necessary here) was anywhere near as easy as McAfree claimed in the first video (I won't need to watch the second one) then the FBI, the DOJ, the NSA, the CIA, most skilled hardcore blackhat hackers and security folk - not to mention every government of most every country on the planet - would have been doing this for years now. The "secret code" isn't something that's stored internally in the phone like he seems to be thinking it is and just sitting there for someone to read.

Let me explain it to you in the simplest possible terms: if the "secret code" was somewhere in the internal storage of the device - it's not in the firmware but the read/writable user storage of the device - then reading it would be a trivial thing, that is entirely true but there's a problem there because the internal storage is encrypted. See how that works? How the hell is anyone going to be able to find something required to decrypt such a device if what's needed happens to be encrypted itself? See how that works? Part of the decryption process requires the UDID of the given device and that can be located easily (by design because that's used for also being able to install signed Apple firmware on an iOS device) but it also requires the passcode in conjunction with that UDID to do the cryptological hashing work to decrypt the internal storage but it's a mathematical function. If the necessary info is encrypted, you can't read it and it's far far from trivial as McAfee seems to think it is.

If I could meet him or talk with him I'd just say "It's encrypted, stupid."

As for you being a hacker, no, you don't say. :D

And as for you liking McAfee, a lot of folk seem to like Donald Trump nowadays - that's not really a positive thing, honestly. McAfee is for all intents and purposes taking Trump's exact game plan and just running his mouth 24/7 about this because it was easy for him to latch onto it and it's a situation dealing with technology and people seem to think he's got some great understanding of technology in general. He's not saying or revealing anything that Edward Snowden hasn't revealed, he's not pushing out any info that hasn't been available for a decade now for people in the know on the type of monitoring going on (not tooting my own horn but I happen to be someone with a strong interest in computer and technology security since the 1970s).

Protip: he's a buffoon milking this situation for press as much as he can as long as someone is willing to hand him a microphone or sit him down in front of a video camera.


Jeeze, I don't know. You buy a new iphone, create your unlock code, the phone creates your encryption key with the unlock code being a part of that key, and the key is store where? It's not on ROM cause ROM can't be written to, it's not in the cloud and it's not sent to Apple, it's on the phone. So just how many handy little writable storage places are their for this key? If it's a new phone it's in an EPROM security module, if it's an older phone the key is stored in flash memory. Now does your explanation fit my reality?
 
............... As for the RAM thing: like I said, he's a buffoon more than anything else. While the decryption process itself may use RAM once initiated, RAM is volatile and you can be quite certain that iPhone has been turned off and on again a few times since it was acquired from that vehicle they found it in. If the passcode of the device was stored in RAM, the first time the phone was restarted (which I'm fairly confident has happened at least once in this situation) the key was lost and is now gone forever and not even Apple can do anything about that because if what McAfee claims is accurate (and it was with iOS 7 and 8 but not 9 from what I understand) - that the decryption key is stored in RAM once the passcode has been entered - it was lost once and for all when that iPhone 5c was restarted.

Not picking on you, you just hit on the subject. You can't assume that all RAM is volatile RAM, there is Non-Volatile RAM. You see an example every time you install an OS on most computers, data is read and sometimes variables are set, and nothing has been written to a drive yet, the machine does a reboot and using the data and sometimes drivers stored in non-volatile RAM, it completes the install process. It's because many newer systems manage to keep power to the RAM so it's data survives the reboot intact, therefore, non-volatile RAM.

Phones can do the same thing.
 
A Few Thoughts on Cryptographic Engineering: Why can't Apple decrypt your iPhone?

And iOS took it a step farther by ensuring that RAM itself is encrypted and the derived key is wiped when the device enters a locked state. Hence, the passcode isn't stored on the device, it's just used to create the derived key which will remain in RAM while the device is in operational mode aka unlocked for use. Lock it, wipe the key, the whole process has to be repeated every damned time without fail.

Phones can do the same thing.

Maybe, but we're not talking about a phone, we're talking about an iPhone.

(shit, that should get me a job with Apple Marketing, I swear) :D
 
My opinion is NO access period.
It's really becomes a matter of national security not individual privacy in my book.
But not the way you might think of it, I'll explain.

Once any hack is written, China, N. Korea, Russia and lord knows who else would use
it as a further exploit into our networks. Their already doing a good job of it, why
would Apple create any backdoor that they could steal?

You know once it done, Apple would never be able to keep it secure.
We would be letting the proverbial genie out of the bottle, that could endanger everyone.
We can't trust the government to keep it safe either, if their given a copy.

So I think Apple should not give anyone any assistance in this matter.


Another that ignores how bad Apple claims to want to not write this code and thinks that once written it's impossible to destroy.

Yet Apple is the only entity could possibly write this code. And if Apple can do it, no one else can, unless Apple does it first. Fucking please.

If Apple can do it then either it's all engineered so ONLY Apple can do it, or it isn't. One or the other, not both, maybe sometimes always.

If Apple is the only one that can do it, then it doesn't matter cause only Apple can do it. If Apple destroys it then it's gone and it isn't magically going to all of a sudden enable the entire world to recreate what Apple did.

Tell me, WHY Apple can't keep it secure?

The guys who actually write this stuff for Apple could write it at home correct?

And not a thing can stop them correct?

Correct me if I am wrong guys, the process of pushing an update to an iPhone is controlled by Apple because it's an encrypted connection and Apple holds the keys to it? That is the mechanism all this relies on right? It's a software update, a push to the phone. And Apple holds the keys to this do they not?

If so, it doesn't matter who get's possession of what code, unless you have Apples encryption keys to push an update, your not breaking that phone.

So correct me if I am mistaken please.
 
You are mistaken because phones can be spoofed to accept updates from non-Apple servers.
And once the code is out, it can also be modified to not check for that Apple key or be redirected to a non-Apple server.
 
If you have access to the hardware you have access to whatever is in it. The FBI just wants to be able to get into phones that they don't have physical access to. Don't do it APPLE! It may be the 4th amendment but is is sill a founding principal of our country, Protect it.
 
Another that ignores how bad Apple claims to want to not write this code and thinks that once written it's impossible to destroy.

Yet Apple is the only entity could possibly write this code. And if Apple can do it, no one else can, unless Apple does it first. Fucking please.

If Apple can do it then either it's all engineered so ONLY Apple can do it, or it isn't. One or the other, not both, maybe sometimes always.

If Apple is the only one that can do it, then it doesn't matter cause only Apple can do it. If Apple destroys it then it's gone and it isn't magically going to all of a sudden enable the entire world to recreate what Apple did.

Tell me, WHY Apple can't keep it secure?

The guys who actually write this stuff for Apple could write it at home correct?

And not a thing can stop them correct?

Correct me if I am wrong guys, the process of pushing an update to an iPhone is controlled by Apple because it's an encrypted connection and Apple holds the keys to it? That is the mechanism all this relies on right? It's a software update, a push to the phone. And Apple holds the keys to this do they not?

If so, it doesn't matter who get's possession of what code, unless you have Apples encryption keys to push an update, your not breaking that phone.

So correct me if I am mistaken please.

You are mistaken.
Once the code is written, it can be stolen and probably will be.

Grabbing a device on the web or network is not a problem for good hackers.
Ask Home Depot, Anthem and a host of others.

What set this apart is ONLY the means to break into it.
Once that decryption routine is created and complied it will be stored....in some cloud.
Hackers will penetrate the cloud, and it's all over.

Think about it.
 
What I am trying to get across is simple. In the world of absolutes, there is no such thing as an absolutely perfectly safe and unbreakable phone. That is because in the end, it all comes down to people, and people sometimes do things they shouldn't, like steal from their employers, or the competition, whatever.

So we are not dealing with
You are mistaken.
Once the code is written, it can be stolen and probably will be.
.

Let me get this straight.

You are saying that Apple can't take this phone into their lab where they control the entire electromagnetic spectrum. Take this new code, use their own test network in their lab and push this code to this one phone. Connect this one phone to their test network inside their lab and using one of their own computers, crack the phone, yank the data, burn the data and pass it to the FBI, and then wipe the phone and destroy all the code?

Is this what you are saying?
 
I think it's gone beyond being a question of what's technically possible (aka "can they do it") because in this instance there is a possibility that Apple can actually do what you just stated: basically push the custom iOS that removes the passcode entry limit as well as remove the time delays between entries and even potentially code up a little routine to test passcodes and get in there themselves but the court order isn't asking them or ordering to do that last aspect so that's on the FBI to handle which has admitted that's their responsibility.

I saw a quote a few days ago that sorta-kinda fit this situation albeit perhaps I'm the only one that would see it that way as related to this situation. It's taken from the scene in the movie "Jurassic Park" and it happens during the dialogue between John Hammond (the wealthy businessman that funded the park's creation and construction as well as all the research and development and creation of the now living dinosaurs) and Ian Malcolm (the somewhat eccentric Chaos Theoretician). They go back and forth a bit on the philosophical debate about bringing these creatures - which had their chance long ago and died out for whatever actual reason (could have been a meteor strike, could have been some biological reason, etc) - back into the modern world and when it comes right down to it they reach a high point that consists of this moment:

John Hammond: I don't think you're giving us our due credit. Our scientists have done things which nobody's ever done before...

Dr. Ian Malcolm: Yeah, yeah, but your scientists were so preoccupied with whether or not they could that they didn't stop to think if they should.

As noted, I think it's a perfect moment that fits this Apple/FBI situation near perfectly: Apple is being asked and ordered to do something that's never been done before and they're trying to make people come to the realization that perhaps - even in spite of it potentially being a technical possibility - that this simply shouldn't be done, period.

It's incredibly easy to focus on the mechanics as a lot of people are doing, and I admit I'm confident if Apple went to work on this they'd be able to accomplish it but, I personally don't think they should.

In terms of Pros and Cons it's pretty much this simple:

Pro: The FBI would gain access to the data on the phone.

Cons: I think there's a limit on how long a post can be on this forum so I won't even get started. :D

One Pro, innumerable Cons, at least in my own opinion. The info on the phone could prove useful but it could also prove absolutely meaningless: who knows, perhaps the user of the device had a moment of clarity before the shooting event and issued a reset on the device wiping it completely clean, we just don't know and never really will at this point.

I know people keep focusing on the "but it's just one phone, one time, etc..." POV but it's not about this one iPhone anymore as it should be abundantly clear: the FBI wants a precedent in the courts and the legal system put in place so they can do this over and over and over again if they feel the need to do so. The whole "terrorist" bullshit got out of hand a long time ago and it's just not going to stop anytime soon.

It ain't about one damned iPhone, it never was, and it ain't about whether it can be done either, it's about whether it should be done and I say it shouldn't.
 
What I am trying to get across is simple. In the world of absolutes, there is no such thing as an absolutely perfectly safe and unbreakable phone. That is because in the end, it all comes down to people, and people sometimes do things they shouldn't, like steal from their employers, or the competition, whatever.

So we are not dealing with


Let me get this straight.

You are saying that Apple can't take this phone into their lab where they control the entire electromagnetic spectrum. Take this new code, use their own test network in their lab and push this code to this one phone. Connect this one phone to their test network inside their lab and using one of their own computers, crack the phone, yank the data, burn the data and pass it to the FBI, and then wipe the phone and destroy all the code?

Is this what you are saying?
Show me a link to this saying the FBI will give up custody of the phone. Or never ask for this to be repeated? Or not hire away the people who can re-create the hack?
 
I think it's gone beyond being a question of what's technically possible (aka "can they do it") b....


No no no Tiberian, I am asking msny this question because he is claiming it's impossible to keep this code from getting out. I want to hear his argument supporting his claim in light of my post Thanx.
 
Give this a read and while your at it, give this comment some serious thought.

FBI admits it wants access to even more smartphones

Cybersecurity Professor Susan Landau of the Worcester Polytechnic Institute of Massachusetts testified that the FBI is still using 20th century technology in a 21st century world and urged the agency to adopt more high-tech strategies to combat crime, pointing to what national intelligence agencies are doing as an example.

This professor believes that the FBI needs to adopt more high tech strategies and suggest they follow along with what the national Intelligence Agencies are doing.

I definitely don't agree with this. The Intel Agencies play without gloves and the only great restriction they as a general rule follow, is that they don't play against Americans, just the other guys. We do not need Law Enforcement, or even the FBI who has international and domestic roles, to start approaching Law Enforcement problems with a DoD Intelligence Agency methodology. There is serious inherent danger in this. This Susan Landau is off the fucking reservation with this one.
 
Show me a link to this saying the FBI will give up custody of the phone. Or never ask for this to be repeated? Or not hire away the people who can re-create the hack?

The Court Order itself says the entire procedure can be conducted at an Apple Business location using only Apple systems and Even the President assured Apple that they don't have to give up the phone or the code used to crack it.

It's stupid to think it can't be required again, of course it can, it goes without saying. But since Apple get's to set "a reasonable fee for the service" it's just business for Apple. Re-creating the hack doesn't mean you can install the software. The "hack" has to be pushed like a software update and only Apple can do that cause only Apple has the encrypted keys used for the update process.

No one but Apple can push an update to any newer iPhone that has the hardware security module installed.
 
Looks like Congress is pretty displeased (at least those members that attended yesterday's encryption hearing were) with how the FBI and specifically Director Comey are handling the situation:

Congress Seems Pretty Angry About The FBI's Belief That The Courts Can Force Apple To Help It Get Into iPhones | Techdirt

I meant to watch it live but was otherwise occupied, it's on YouTube (all 5 hours of it) if anyone wants to see the FBI Director get grilled over some hot coals (the actual hearing starts at about 34:56 but I can't push a link directly to that time point so you'll have to scrub to that point):

 
Give this a read and while your at it, give this comment some serious thought.

FBI admits it wants access to even more smartphones



This professor believes that the FBI needs to adopt more high tech strategies and suggest they follow along with what the national Intelligence Agencies are doing.

I definitely don't agree with this. The Intel Agencies play without gloves and the only great restriction they as a general rule follow, is that they don't play against Americans, just the other guys. We do not need Law Enforcement, or even the FBI who has international and domestic roles, to start approaching Law Enforcement problems with a DoD Intelligence Agency methodology. There is serious inherent danger in this. This Susan Landau is off the fucking reservation with this one.
My optimistic vision shows me warrants and fines going through an automated process the moment these networks detect a crime was committed. Google how to buy coke and now everything you have gets a full sweep. Now it could be argued that if you don't commit crimes you will be okay, but let us be honest here, who could actually claim to be perfectly clean? Many myself included of course break laws we have no idea even exist, and ignorance is not a valid defense. Unless I understand that incorrectly, in which case, just ignore me or give me more coffee :D
 
I'll say it again. We do not want perfect encryption and privacy. It will do far more harm than good particularly in today's world.

We don't want all our secrets laid bare for anyone to take advantage of either.

There must be a reasonable middle ground, either absolute is disastrous.

The Industry can step up as asked and help the government find it, or they can play hard ball and have the government make up their own rules and shove them down our throats.

Which would you rather have?

Tim Cook working toward a solution, or Tim Cook being left out and told later how things are going to be?

Only a complete fool thinks that Apple can hold out against the government. Even if Apple wins in this court case it will only serve to make the government create a worse solution to the problem.
 
Looks like Congress is pretty displeased (at least those members that attended yesterday's encryption hearing were) with how the FBI and specifically Director Comey are handling the situation:

Congress Seems Pretty Angry About The FBI's Belief That The Courts Can Force Apple To Help It Get Into iPhones | Techdirt

I meant to watch it live but was otherwise occupied, it's on YouTube (all 5 hours of it) if anyone wants to see the FBI Director get grilled over some hot coals (the actual hearing starts at about 34:56 but I can't push a link directly to that time point so you'll have to scrub to that point):



Where was Congress for the last 20 years then because the courts have been ordering providers to pony up data from phone accounts for at least that long. Much longer if you go back to analog phone days.
 
"Even bad press is better than no press at all..."

So because things are different now from 20 years ago, where everything (almost) everything happens in an instant, and people know about it in that (almost) instant worldwide 24/7, being seen on C-SPAN or YouTube as someone railing for a point (Congressional members in that hearing) against the opposition (the FBI and the courts) it's good press for 'em and something they can bring up later on when they're running for re-election.

The courts ordering companies to pony up data is one thing and again I agree with you on most points, but in this specific situation Apple is not being asked (literally) to pony up data from a phone - they did get asked to provide info from the iCloud account associated with the phone and they did that but of course that was from (I think but could be wrong) 6 weeks prior to the actual shooting event and probably didn't provide anything useful from that time period).

Apple is being ordered to do something that's never been done before that will obviously have tremendous implications on personal (and even governmental) privacy everywhere on the planet, not just here in the US - the past events where Apple has complied are entirely different in scope than from what's happening right now in this situation.
 
Back
Top