[pilif]

I know my opinion is probably not popular, but if there was a way for Apple to physically install a firmware on a single device to allow for brute-forcing and if Apple did that in response to a direct court order, then this is probably the best compromise we can get.

I really believe that there should be a way for law-enforcement to get access to specific devices in response to a court order as long as the solution doesn't involve weakening the encryption for everybody else.

I'm absolutely against backdoors, secret* keys or similar crap. But physically access a single device in order to make brute-forcing it possible, that seems acceptable to me as that won't affect any other device.

That would be similar to a court order allowing law enforcement to enter your premises and take out the safe in order to pry it open at some other location where specialised equipment is available.

If this is all law enforcement wants, then maybe it's time to hand this over before law enforcement wants even more which will doubtless pave the way for mass surveillance of devices.

* until they leak. Then everybody has access.

[bjacobel]

> maybe it's time to hand this over before law enforcement wants even more which will doubtless pave the way for mass surveillance of devices.

The FBI is already paving that way with this case. They don't overly care about access to this particular iPhone. They're taking this case through the courts so that they can establish a precedent that allows them to force manufacturer cooperation to unlock any phone.

Edit: If they really cared about access to this individual phone, they wouldn't be going through the courts to get it; they'd be talking to the NSA TAO or other LEO with advanced forensic capability. As several people have pointed out, this iPhone 5C does not have a Secure Enclave and probably does not present a significant challenge to forensically analyze, to people that know what they're doing. They're going through the courts on this so they can get carte blanche to access iPhones 5S and above, which no LEO currently has capabilities to inspect.

Further edit: This is Farook's work phone. His main, personal phone was found destroyed in a dumpster near the site of the attacks. I find it incredibly unlikely the FBI really cares much about the contents of this individual phone, they just want a high-profile test case to expand their surveillance capabilities.

[Amezarak]

> They don't overly care about access to this particular iPhone. They're taking this case through the courts so that they can establish a precedent that allows them to force manufacturer cooperation to unlock any phone.

This is an analysis, not an objective and demonstrable fact.

I could just as well argue that yes, the FBI really does care a lot about this particular iPhone, and that's why the asked-for update is to be keyed to this iPhone and only this iPhone.

At the same time, even assuming that is true, we're talking about the FBI going through a legal process, reviewed by a judge, to get the data off one phone at a time. If that's how it works every time, I don't see a problem; that is how the system is supposed to work. I am kind of baffled as to why we're cheerleading the fact that Apple is refusing to perform what appears to be a perfectly reasonable request that is being made in accordance with the law. If you are operating under the presumption that the government is always a bad-faith actor, then we have much, much bigger problems.

Also, apparently this 'precedent' has already been set; according to a link in the article, Apple had previously offered custom firmware images to law enforcement after a court order that bypassed the lock screen on earlier iPhones.

http://www.cnet.com/news/how-apple-and-google-help-police-by...

[oxymoron]

US law enforcement has an impressive track record of extending their authority through unilateral reinterpretation of the US code. Once it's been established that Apple are able to extract data, what's to prevent agencies from slapping Apple with gag orders and forcing them to comply under completely opaque proceedings, that may not even have a way of appeal? I think Apple is right in resisting while it's still in the open. For all we now, this might really be about forcing them to demonstrate the technical capability to cooperate for use with in one or several secret cases we do not now.

[rconti]

Every comment I've read so far has said that Apple should help in this instance, so I don't see the cheerleading-- yet. Except now I may provide it. I just read Apple's letter to customers, and now I agree with them that the very creation of backdoor software -- even if it's only meant to help in specific instances -- is a dangerous thing. Applying specialized knowledge that Apple has about iOS and iPhones, plus Apple's engineers, to creating an innovative backdoor that does not exist today, means that it can never be un-designed. It will never have fewer people aware of it, unless you kill them after they create the software. The knowledge will only spread. The software can only leak. The engineers can only get conveniently hired by a competitor or foreign government or our own government. I agree, it is troubling.

[uxp]

> creating an innovative backdoor that does not exist today, means that it can never be un-designed

Wasn't it just yesterday a story was published about an upcoming documentary about the STUXnet virus that claims that the US and Israel developed it in secret together and had a very successful, but very limited use for it. Only when Israel allegedly went off on their own to modify and deploy it did it spread wide and far, popping up on the radar of anti-malware companies and getting researched and publicized.

Like what you said, after the exploit/backdoor/software is designed, it can never be un-designed. It will exist as a tool that can only be mitigated, but not destroyed.

[sliverstorm]

The knowledge will only spread. The software can only leak.

Then why don't we have Apple's private keys yet?

Plenty of companies keep a lot of things very secret, including things like powerful debug modes, for a long time. At least long enough that everybody forgets the details and the software has long since rotted away.

[dottedmag]

Because it's Apple who keeps them, not FBI.

Nobody in FBI would give a damn about leaking the patched OS image: it's Apple's reputation on stake, not FBI's.

[pilif]

But. The FBI doesn't want the keys in this case. They not even want a build that works for on any phone but the one in question.

There is nothing of value for the FBI to leak.

This is the huge difference between this order (which I can live with) and blanket encryption backdoors using key escrow or other crap (which I'm absolutely vehemently against and willing to fight to the teeth)

[tertius]

The original argument is that if an bruteforcy firmware were created that there are now more people who have knowledge and they (Apple employees) are at great risk of exposing the capability in a real way.

Not LEOs.

[jljljl]

If Apple rotates their keys, that means that their private keys can be unlearned, whereas a method to backdoor iPhones could not be unlearned in the same way.

[yorwba]

If the backdooring method uses a special firmware update that needs to be signed by Apple, rotating their keys means that it could be unlearned as well.

[ec109685]

Replying to the reply: the FBI doesn't want this leaked because it would jeopardize their own agent's apple devices.

[chishaku]

> This is an analysis, not an objective and demonstrable fact.

No. You don't have to assume that law enforcement or intelligence agencies are bad faith actors to see they are constantly seeking to expand their powers.

http://thehill.com/policy/cybersecurity/235910-fbis-hacking-...

https://www.eff.org/issues/national-security-letters

http://www.latimes.com/nation/nationnow/la-na-nn-fbi-using-d...

https://epic.org/foia/fbi/lpr/

[scott_s]

Amezarak is not (necessarily) assuming they are bad faith actors. Amezarak is pointing out, I think correctly, that the parent poster is inferring intent of an organization from its actions. Without specific documents from that organization spelling out that intent, I agree that such inference is analysis and not fact. It may be reasonable or even probable analysis, but that does not make it fact.

[themartorana]

Also we don't have to assume it because we know it for a fact - they are bad faith actors.

[rfrank]

> If you are operating under the presumption that the government is always a bad-faith actor, then we have much, much bigger problems.

Given what we know about government surveillance programs, why would one assume the government is a good faith actor when it comes to encryption?

[settsu]

> If you are operating under the presumption that the government is always a bad-faith actor, then we have much, much bigger problems.

It needn't be "always", just (perceived as) too often. It seems fair to say the broad sentiment is that the national security arms of U.S. government have broached that barrier.

[gozur88]

>At the same time, even assuming that is true, we're talking about the FBI going through a legal process, reviewed by a judge, to get the data off one phone at a time. If that's how it works every time, I don't see a problem...

And how will we ensure that's the case? Once they have the firmware they need they can install it on other phones.

[delroth]

Maybe that would force manufacturers to be in a position where they can truthfully say "we can't do that". I'd prefer that to the current situation where Apple basically has a backdoor they're just trying to keep for themselves.

[zaphoyd]

As the original article mentions, it sounds like Apple has already engineered a situation where they can't get into their own phones. This Apple only backdoor option exists only in equipment that predates the secure enclave hardware (such as the phone in this case).

[delroth]

Except that there is no proof of this. It was stated as false by John Kelley, an ex Embedded Security engineer at Apple: https://twitter.com/JohnHedge/status/699882614212075520

For all we know so far, Apple could still provide a signed firmware bypassing the bruteforcing delay implemented by the Secure Enclave.

[jarin]

The only way to bypass the brute forcing delay would be to increase computing power, since it's a function of the encryption method used. It basically goes through a number of iterations chosen to make it take about 80 ms per attempt.

[st3v3r]

Such a thing does not currently exist, though. They would have to develop one.

[venomsnake]

They always can. Microcode updates come to mind. While apple have the ability to keep their ecosystems locked, they also have the capability to unlock them.

Probably not easy and not on mass scale. It may even need to have to see inside the silicone itself. Which is expensive and hard. But as long as the keys are on the device or in possession of apple - they can be extracted.

[scarface74]

The private keys are not in the possession of Apple though. The key is in the secure enclave.

[chillacy]

Worse case, you disassemble the die and read the bits off with an electron microscope. It's still possible, just expensive, painful, and maybe dangerous if you damage the chip.

[venomsnake]

As long as there is no law that mandates that a phone must be unlockable to be sold in US (which probably FCC has authority to insist for) - if there is technical capability for a device to be unlocked - it is manufacturers' fault and they must comply.

Apple chose themselves to have total control over the device, signing and ecosystem - now it backfires.

[16bytes]

> That would be similar to a court order allowing law enforcement to enter your premises and take out the safe in order to pry it open at some other location where specialised equipment is available.

I would think it's more similar to the following: the government has gone to the safe manufacturer to help it open a safe it has a warrant for, has access to and can move, but can't open.

The government is asking to develop a method to modify the safe so that it can be opened. The safe manufacturer says that it they did so the same method would be able to be used on all of their safes, and thereby make all of their products less secure.

I would imagine that a reasonable safe manufacturer would bring up the same objection.

[mikeash]

The mere fact that the safe manufacturer is able to make such a modification already means the safe is not very secure. The development of the modification is almost incidental at that point.

If the safe manufacturer doesn't want to be put in this position, it should make it so there is no such modification possible. Which as far as I understand it is what Apple did with their safes^H^H^H^H^Hphones starting with the A7 CPU, but this phone is older.

[tobylane]

The firmware for the Safe Enclave can be updated, but only with the Apple private key. Which is as secure as it's possible to get in a consumer product that gets improved upon after sale.

[mikeash]

Merely requiring an Apple private key is insufficient. The OS as a whole requires that too, but as we see here that just puts Apple in the position of potentially being forced to sign an update which removes security.

I'm guessing that the secure enclave not only requires a private key from Apple, but that it wipes the crypto keys it contains (effectively wiping the device) if it's updated without first being unlocked with the user's passcode. That would prevent even Apple from cracking it, barring an exploit of the secure enclave's software, or some sort of highly advanced attack on the physical hardware.

[tobylane]

I got the impression that that isn't the case, but as they want to improve in ways that would be unhelpful to LEOs, what you described will be the setup soon.

[Natsu]

> I really believe that there should be a way for law-enforcement to get access to specific devices in response to a court order as long as the solution doesn't involve weakening the encryption for everybody else.

This requirement is self-contradictory. The device has no way to determine whether the attacker trying to gain access is a good or bad guy, nor can it.

[Zigurd]

>there should be a way for law-enforcement to get access to specific devices in response to a court order as long as the solution doesn't involve weakening the encryption for everybody else

Which law enforcement? The FBI? Really? how about the DEA? TSA? How about the federal police in China? Venezuela? Saudi Arabia? Syria?

[Spoom]

The FBI's backup in this case to Apple agreeing to work with them might just be to force Apple to disclose their signing key for iOS disk images, which could potentially be worse since it would enable the FBI and not Apple to control on which device(s) the image was installed. From a PR standpoint, that might be better for Apple since they could argue that they did not cooperate in creating a bypass, but from a technical perspective, it would be much worse.

Were I in Apple's position, I would probably do what Apple is doing here... but it's a harder question than just "should we cooperate?" They have to ask, "what if we don't?"

[pilif]

I was of the opinion that apple is actually signing individual OS installs (using https://en.wikipedia.org/wiki/SHSH_blob), so ultimately, apple would still be very much aware, if not totally in control of what firmware is installed where.

[the8472]

> But physically access a single device in order to make brute-forcing it possible, that seems acceptable to me as that won't affect any other device.

Sure, they can try brute-forceing it, or even break open the chips and try to extract keys with an electron microscope. That's all within their domain. But why should anyone be forced to assist them?

[st3v3r]

Except that it isn't possible. Once it's done for one device, it can be done for all. If Apple caves in this one time, then there's no reason they shouldn't cave in (or be compelled to cave in) the second time, and the third time, and so on.

[spdustin]

I don't think the safe analogy holds up, maybe someone can help me understand why it would, given:

A safe is a container filled with physical objects: property. Property is subject to search and seizure with appropriate warrants, levies, writs, orders, wants, etc.

A phone is a container filled with information. The only physical property relevant to evidence consists of the electromagnetic state of the memory on the device. This would be no different from the bioelectric state of the neurons in the human brain, which coincidentally, also is a container filled with information. In both cases, there seems to be easy precedent to state that the information in those containers represents protected information, as it pertains to the possibly incriminating testimony of that information.

A safe can be physically removed and brought to a place where there are more specific tools available to access its physical contents. I stipulate to that.

A phone can also be physically removed and brought to a place where ... What? What tools exist to interrogate the electromagnetic state of the phone that aren't already accessible? Asking Apple to create some software allowing them to unlock and read the information is tantamount to asking a neuroscientist to create software allowing them to unlock and read your mind.

Not trolling, these are my sincere beliefs. Are they wrong?

[MatthewWilkes]

Crucially, anyone with sufficient technical skill can open a safe, therefore the manufacturer offering that service isn't a violation of customer rights.

Nobody can bypass the security on an iPhone but Apple, requiring them to do so isn't requiring a company to assist in a search, it's requiring a company to use its unique position as the manufacturer to damage their product.

[evgen]

And if I built a physical safe that was so complex that only I could safely open it and then sold the safe to an alleged criminal, would the court have the power to force me to reveal the secret to opening this safe? Sorry, but the law is not exactly on our side here. The courts have legitimately exercised such warrants before and will do so again, as is their right and authority.

Unfortunately, I think this sort of example paints you into a corner. The court is not requiring the company to permenantly damage the product, any more than a locksmith who opens a locked door to assist in the execution of a warrant is damaging the door. Once the court has what it requests it is trivial to reinstall the original firmware.

There is an old saying that hard cases make bad law. This is a hard case. The defendants are both heinous and deceased; they lack standing to resist and few will support such an effort. Apple is a third-party here and is on such shakey legal ground that they are left defending themselves in the court of public opinion because they know they are going to lose in an actual court. Bad things tend to come out of situations like this.

[michaelmrose]

Going with the safe analogy given reasonable suspicion and a court order its clearly within the governments powers to say drill the safe, it MIGHT be in the governments power to force the individual to open it depending on how they see it. It is hard to see how a 3rd party not involved in the crime ought to be compelled to work on the governments behalf just because they happen to have made the original safe and possess the know how to break into it.

Can you explain how that duty comes to be?

[evgen]

Because not stepping up when asked to perform such a task opens you to obstruction of justice charges. Is a building super somehow not compelled to open a door in a building if they have the key and the agents of the government present a valid warrant? When they have a warrant you do not get to decide if you think what they ask for is justified, that ship has sailed already. You get the choice of do as asked, or potentially go to jail while your legal team tries to have the warrant quashed or at least your involvement in same. Best of luck on that...

And since you asked, I would bet that most of the people sitting on a jury deciding if you go to jail or not for impeding the execution of the warrant probably think that your duty to act in such a situation is considered a part of the price of admission to civil society.