Apple v FBI

[NW-Bound]

I never like Big Brother anything.

And I cannot help thinking Apple itself is acting Big Brother towards its customers, even after using just a single Apple product, an older iPhone discarded by my children.

Off-topic here, but I recently observe Google doing the same. They always say that they are doing it for my own good, to enhance my "user's experience" when they track where I have been on the Internet, what terms I have searched for in order to push advertisements. Of all big tech companies, Microsoft is now the least pushy, but then it is because they are losing leverage.

When it comes to making money, these businessmen are acting like Groucho Marx's joke.

"Those are my principles. If you don't like them, I have others" - Groucho Marx.

PS. They all want to control you, and do not want to share that control with the gummint, and that makes the latter angry.

 

[Alan]

+1. Agree except I think a precedent was already set with the NSA metadata & PRISM bulk data collection that Snowden disclosed. The NSA was routinely gathering bulk data, and 'the courts' were essentially rubber stamping the practice. Legislation has since slowed the NSA and tech companies are now trying to put the genie back in the bottle. All of this uproar stems from the Snowden affair.

• AT&T, Verizon and BellSouth were providing bulk phone data, without customers knowledge.
• The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.
• Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple."

My understanding is that phone calls with end to end encryption such as iPhone to iPhone cannot be wire-tapped. They can still collect all the meta data (when and where calls were made, length of time of calls etc) but cannot listen into phone calls or decrypt text messages such as those sent via iMessage. The companies themselves don't know the encryption keys used in the calls individuals make so they cannot decrypt them. I think that to create a backdoor would mean the companies (Apple, Google etc) would have to store the encryption keys (I'm guessing it's the user created phones' pass codes).

 

[M Paquette]

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple."
[/LIST]

This directly led to architecture changes for iCloud, FaceTime, and iMessage for Apple's iOS 8 and later releases, with the realization that there were attack paths being exploited. Other changes were also made as a result of internal inspections and evaluations.

The architectural changes involved moving to a public/private key system where key pairs are established for each device, with the device holding the private key, and the public keys distributed to other devices as they try to communicate with a user's device. That is, if I have three iGadgets all attached to get messages or FaceTime contacts, any device trying to contact me will get three public keys to encode the connection attempts with, and each device will use it's private key to decode the connection request and communications. This replaces the older "server decrypts from source and re-encrypts for the destination" approach, such as is used by HTTPS secure e-mail systems.



Sent from my iPad using Early Retirement Forum

 

[explanade]

The speculation is that Apple couldn't load a custom firmware on iPhone 6 or later because they have Secure Enclave chips where credit card info for Apple Pay and other private data are stored.

The chip also authenticates the boot process.

 

[ls99]

This shouldn't come as a surprise. Apple's been clear on their stance against Big Brother since the beginning:

I can't help but think today the zombies ARE the apple customers. Have not figured out what orgaziation the thrower represents ---Yet. I'm working on that.

 

[ls99]

I never like Big Brother anything.

And I cannot help thinking Apple itself is acting Big Brother towards its customers, even after using just a single Apple product, an older iPhone discarded by my children.

Off-topic here, but I recently observe Google doing the same. They always say that they are doing it for my own good, to enhance my "user's experience" when they track where I have been on the Internet, what terms I have searched for in order to push advertisements. Of all big tech companies, Microsoft is now the least pushy, but then it is because they are losing leverage.

When it comes to making money, these businessmen are acting like Groucho Marx's joke.

"Those are my principles. If you don't like them, I have others" - Groucho Marx.

PS. They all want to control you, and do not want to share that control with the gummint, and that makes the latter angry.

Agree.

 

[braumeister]

the owner of the phone can add an app that would make this whole discussion mute.

I can point to many discussions I would like to mute.

"Those are my principles. If you don't like them, I have others" - Groucho Marx.

My favorite equivalent is from Tom Lehrer.

If anyone objects to any statement I make, I am quite prepared not only to retract it, but also to deny under oath that I ever made it.

 

[ls99]

Well, this thread streched out way beyond anything I expected when posted it.

Most fascinating to me is that twice I noted that the shooter and his wife destroyed their personal phones. No one seemed to note.

Presumanbly they were savvy enough to keep thair plots off the company owned phone.

Thus the probablilty that there is anything useful regarding their scheme resides on the company owned phone IMHO is very close to zero.

And again I'll assert that the FBI and DOJ are simply using the situation as a convenient pretext to have apple do some dirty work for them. At least one person noted what I think at first blush to be the bumbling idiocy of the FBI to order the owner of the phone to change the password on the account's icloud.

As one who thinks that the FBI knew at the time of the order to change the password, that the shooters destroyed their own phones, this most likelkely was forward thinking to force apple to create some form of back door even if a partial one. Which once done could be exploited later to do more accessible backdoor exploit.

And again in spite of not being an apple fan, I'll root for apple to never give in. unless the supreme court rules that they must.

 

[GrayHare]

In situations like these, I generally prefer what's best for the country over the long term. Long term thinking has benefited most of us here in other matters such as FIRE. My sense is individual freedom and privacy have been keys in the development of the US. Those elements have been fostered by the founding fathers' minimization of a central power's delving into the affairs of its subjects. Since that approach has helped build a strong country it should be continued. On that basis, no central power should be tapping into the private communication of its citizens, and in this case means no extraction of information from smartphones or similar devices.

 

[cathy63]

...Most fascinating to me is that twice I noted that the shooter and his wife destroyed their personal phones. No one seemed to note.

Presumanbly they were savvy enough to keep thair plots off the company owned phone.

Thus the probablilty that there is anything useful regarding their scheme resides on the company owned phone IMHO is very close to zero.

And again I'll assert that the FBI and DOJ are simply using the situation as a convenient pretext to have apple do some dirty work for them. At least one person noted what I think at first blush to be the bumbling idiocy of the FBI to order the owner of the phone to change the password on the account's icloud.

As one who thinks that the FBI knew at the time of the order to change the password, that the shooters destroyed their own phones, this most likelkely was forward thinking to force apple to create some form of back door even if a partial one. Which once done could be exploited later to do more accessible backdoor exploit....

Yes, I noticed your comment, and I agree with you and every other analyst who's not in "the sky is falling" mode. It's extremely unlikely that there is anything of value to this investigation on the work phone, and the FBI is trying to use this case as leverage to force Apple to modify iOS 9.

I have not seen anywhere that it was the FBI who ordered the change of password for the Apple ID though. I thought it was the employer who did that, as part of a typical standard practice when employment ends. You don't need the phone to change an Apple password, so it could have been done by anyone anywhere regardless of the fact that the FBI had the phone in its possession (in fact, they could not have changed the Apple ID password from the phone without knowing the phone's passcode, which they don't have).

Even if it was the FBI who changed the password, I don't buy that they knew in advance that doing so could prevent the phone from creating new iCloud backups. Through my work, I've had a few interactions with the FBI and other federal and state law enforcement agencies over the years, and I have been unimpressed with the general technical knowledge on the front-line. I have no reason to think they could have connected the dots and realized that changing the password was a bad idea. And honestly, most IT folks I've worked with (and some were really brilliant) would not have made that connection either.

Also, the phone hadn't backed itself up for several months, although presumably the shooter brought his employer supplied phone to work and had it on the known network during that time; so he probably did disable cloud backup and it wouldn't have backed itself up even if the password hadn't been changed.

I also agree with Tim Cook that this is a slippery slope and there is no way that this demand will be limited to a single iPhone. In fact, if they do this, Apple absolutely must build a generic solution so they can test it on other phones before touching the shooter's phone. Anything else would be negligence.

And Apple definitely can do what the FBI is demanding. They have said they can install new versions of iOS on a 5c without knowing the passcode. They certainly have the ability to create a version of iOS that would bypass the auto-wipe and the increasing time intervals between passcode attempts. It might be harder to allow external devices to bombard the phone with a brute force attack to guess the passcode, but they can probably do that too. I think it's a couple months of work for a team of engineers and testers. It probably costs Apple about $250K in burdened salaries for the team that does the work, even more in legal costs, and maybe another $500K in opportunity costs. I don't know if they can force the government to pay for more than their direct costs though.

 

[redduck]

In situations like these, I generally prefer what's best for the country over the long term... My sense is individual freedom and privacy have been keys in the development of the US. Those elements have been fostered by the founding fathers' minimization of a central power's delving into the affairs of its subjects. Since that approach has helped build a strong country it should be continued. On that basis, no central power should be tapping into the private communication of its citizens, and in this case means no extraction of information from smartphones or similar devices.

This all sounds good in a philosophical sort of way. But, what if this same sort of situation occurs a half dozen times by June? (People killed, Apple Phones, FBI, etc.). I imagine a whole bunch of people may decide this long term view maybe doesn't need to be applied.

I also wonder if the long-term view would mean much to a parent who had children that were in immediate danger and the information on the phone would save them. I bet those parents wouldn't be all that concerned about China's eventually taking advantage of the Iphone's backdoor situation with the FBI.

 

[ls99]

......
I have not seen anywhere that it was the FBI who ordered the change of password for the Apple ID though. I thought it was the employer who did that, as part of a typical standard practice when employment ends. You don't need the phone to change an Apple password, so it could have been done by anyone anywhere regardless of the fact that the FBI had the phone in its possession (in fact, they could not have changed the Apple ID password from the phone without knowing the phone's passcode, which they don't have). .....

FBI confirms shooter's iCloud password reset - Tech Insider

You can read the FBI's full statement, which affirms that it was indeed working with San Bernardino county to reset the password, below:
STATEMENT TO ADDRESS MISLEADING REPORTS THAT THE COUNTY OF SAN BERNARDINO RESET TERROR SUSPECT’S IPHONE WITHOUT CONSENT OF THE FBI
Recent media reports have suggested that technicians in the county of San Bernardino independently conducted analysis and took steps to reset the iCloud account password associated with the iPhone 5C that was recovered

 

[zinger1457]

I also wonder if the long-term view would mean much to a parent who had children that were in immediate danger and the information on the phone would save them. I bet those parents wouldn't be all that concerned about China's eventually taking advantage of the Iphone's backdoor situation with the FBI.

You're right it wouldn't but if you let the 'victims' dictate laws and enforcement we end up with wild west justice, zero privacy and cops on every street corner. Way too much emotional involvement and not enough clear and logical thinking.

 

[redduck]

And, I agree with you, zinger1457. But, once the crimes become too large, or with a great frequency, or too personal, I think outlooks change and short-term views come on with a vengeance. Kind of reminds me of the time period right before the Great Recession where lots of folks thought they could easily handle a downturn. But, when it hit in real time and involved them personally, a whole bunch of investors became frightened, panicked, and bailed.

By the way, I have no answer to Apple v FBI.

 

[explanade]

Maybe it's something more craven like the next time there's a big attack, they'll say we couldn't stop it because they had encrypted iPhones that we couldn't tap.

You would figure something like 9/11 could cause some cops to lose jobs or mess up careers and if some other big attack wasn't prevented, there would be a lot of heat on all the agencies.

So maybe the personnel at the staff level have been complaining to their bosses and all the way up the command chain, that they're not getting results because smart phones are encrypted now -- never mind that they're not getting results via other means, such as traditional counter terrorism tactics.


Even if they can crack phones, it's doubtful terrorist are going to call, text or instant message other terrorists to outline time and place and the exact nature of their attacks over smart phones. So that the FBI could intercept these detailed communications and go play Jack Bauer.

 

[ls99]

This shouldn't come as a surprise. Apple's been clear on their stance against Big Brother since the beginning:

That was then, a commercial

This is Now

This image of Mark Zuckerberg says so much about our future | The Verge
"
The image above looks like concept art for a new dystopian sci-fi film. A billionaire superman with a rictus grin, striding straight past human drones, tethered to machines and blinded to reality by blinking plastic masks. Golden light shines down on the man as he strides past his subjects, cast in gloom, toward a stage where he will accept their adulation. Later that night, he will pore across his vast network and read their praise, heaped upon him in superlatives, as he drives what remains of humanity forward to his singular vision. "

 

[ERD50]

Maybe it's something more craven like the next time there's a big attack, they'll say we couldn't stop it because they had encrypted iPhones that we couldn't tap. ...

Is it "craven" if it is true? One could say it would be "craven" to NOT have these tools to help stop the attack.

And I don't know if it would have an effect or not, but until we know that, it seems a bit out there to call it "craven" (Contemptibly lacking in courage; cowardly).

Even if they can crack phones, it's doubtful terrorist are going to call, text or instant message other terrorists to outline time and place and the exact nature of their attacks over smart phones.

A number of plots have been stopped by what appeared to be pretty stupid moves by would-be terrorists. Maybe we need input from real professionals before we reduce this to TV drama levels?

-ERD50

 

[M Paquette]

Maybe it's something more craven like the next time there's a big attack, they'll say we couldn't stop it because they had encrypted iPhones that we couldn't tap.

They've been trying this for a while now, going so far as to blame phone and software makers for terrorist attacks.

http://www.wired.com/2015/11/paris-...hat-he-gets-wrong-about-encryption-backdoors/

http://www.capitalnewyork.com/artic...ows-danger-cell-phone-encryption-says-bratton

“ISIS, taking advantage of the technology that the head of the FBI has been complaining about, I’ve been complaining about, going dark, the ability to go dark, I think you’re going to see that playing a significant factor in this event"

The European investigators didn't find what the Usual Suspects claimed, though:

https://theintercept.com/2015/11/18...ypted-communications-between-terror-suspects/

Yet news emerging from Paris — as well as evidence from a Belgian ISIS raid in January — suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted.

After this came out, the Usual Suspects tried to pave this over by pointing out that some phones had WhatsApp or Telegram on them, programs which support messaging with encryption. Note that the French investigators already had the clear text messages about the attack sent via SMS at this time.






Sent from my iPad using Early Retirement Forum

 

[M Paquette]

It turns out that the really big budgets and high prestige jobs are in the data collection part of the spook biz. The analysis part, picking out the meaningful bits from the torrents of selfies and errand lists captured, not so much.

Would you rather have a budget of billions for construction, and frequent meetings with c-suite folks with little chance of embarrassing leaks, or would you like the challenge of interviewing, getting clearances, hiring, and training some 20,000 junior analysts a year to eventually get to the over 100,000 folks needed to dig through the data haul after the filters have tossed the dross? Knowing that one new Snowden in that city of new hires will sink your career?


Sent from my iPad using Early Retirement Forum

 

[redduck]

...Would you rather have a budget of billions for construction, and frequent meetings with c-suite folks with little chance of embarrassing leaks...
Sent from my iPad using Early Retirement Forum

M. Paquette, to get to the heart of your question: The older I become, the more I desire that the government spend big money on the prevention of embarrassing leaks. I am certain that I am also speaking for many other older Americans, both men and women, whom wish to reclaim at least some portion of their dignity.

 

[marko]

M. Paquette, to get to the heart of your question: The older I become, the more I desire that the government spend big money on the prevention of embarrassing leaks. I am certain that I am also speaking for many other older Americans, both men and women, whom wish to reclaim at least some portion of their dignity.

+1 Classic!!

 

[M Paquette]

M. Paquette, to get to the heart of your question: The older I become, the more I desire that the government spend big money on the prevention of embarrassing leaks. I am certain that I am also speaking for many other older Americans, both men and women, whom wish to reclaim at least some portion of their dignity.

I suppose it Depends...


Sent from my iPad using Early Retirement Forum

 

[ERD50]

I suppose it Depends...

And once again, we will find that the government Pampers and gives special treatment to large donors/supporters.

-ERD50

 

[ls99]

Things get more interesting each day.

If a company owns the phone you use, it can be unlocked if software to do so is installed. Cost? $4.00 per month. In this case it was paid for but not installed on the shooters phone.

Software could have unlocked San Bernadino shooter's iPhone after Apple refused | Daily Mail Online
The service, which costs just $4 per month, per phone, had been paid for by local government officials but was never installed on the phone.
County spokesman David Wert confirmed they had a contract with MobileIron Inc, but did not install it on any of the inspectors' phones.
He added that here is no countywide policy on the matter and departments make their own decisions.
MobileIron has also confirmed that if the software were installed on the iPhone, it would unlock it.

 

[Texas Proud]

M. Paquette, to get to the heart of your question: The older I become, the more I desire that the government spend big money on the prevention of embarrassing leaks. I am certain that I am also speaking for many other older Americans, both men and women, whom wish to reclaim at least some portion of their dignity.

Redduck, I would much rather that the gvmt actually stops doing things that are so out of bounds in the view of most people that a leak of it will embarrass them. If you do not do these things, there is nothing to leak.