Community Reacts to Apple vs FBI Story

[Vanadium 50]

y, the FBI has to agree to it.

This was unclear. The FBI has veto power over what Apple does. Not that the FBI must agree to what Apple does.

 

[russ_watters]

Does anyone agree that the FBI should be kept out of the shooter's phone? I don't think so.

I don't think you should presume to speak for other people on that issue. But I do accept that it isn't your concern.

The debate is whether Apple should deliver technology to the FBI under this pretext that will allow them (and anyone else who acquires the technology) to get into any iPhone.

This is not a matter of a search warrant. It is more akin to the FBI wanting the combination to every safe a company has made because they need to search one that may contain evidence related to a crime.

Well then I submit that such people are debating a conspiracy theory, because it doesn't appear to me that that's on the table. The motion (it is linked in the Wired article) says, in big, bold letters, "the SUBJECT DEVICE only". The motion includes several possible ways of accomplishing this and makes it crystal clear that the FBI is willing to work with Apple to find a mutually agreeable solution. It sounds perfectly reasonable and not at all ominous to me -- except for the can of worms this creates for Apple.

From your post #11:

But my feeling is that the FBI really wants...

Could we please discuss what is actually being proposed instead of something you are just imagining?

 

[russ_watters]

See previous posts.

What previous posts? I've read all posts in this thread. As I said to Dr. Courtney, it appears to me this issue ruffled peoples' feathers and caused them to argue against their imaginations, not the reality of the issue.

 

[Astronuc]

The debate is whether Apple should deliver technology to the FBI under this pretext that will allow them (and anyone else who acquires the technology) to get into any iPhone.

As I understand the situation, the FBI is not asking for the technology, only that Apple unlock the phone and provide the FBI with access to the content. The FBI would compensate Apple. Of course, once the technology is developed, it is readily available the next time. That's why the FBI goes through the process of getting a court order and/or warrant, i.e., due process.

I don't think the government is giant monolith. It seem that the courts are interested in maintaining the privacy of law-abiding citizens.

 

[russ_watters]

Are you really unaware that the FBI has asked for broad backdoor access into citizen's cell phones on prior occasions?

I'm aware. And by the way, I support it in principle. But that isn't being asked for here. You are arguing against something that isn't at issue and even if you were right about what they "really want", it still wouldn't be relevant to/connected to the discussion.

What about the due process for all the citizens whose phones get hacked by the same technology without due process?

What people? Hacked by who? That's very vague.

 

[Dr. Courtney]

I'm aware. And by the way, I support it in principle. But that isn't being asked for here. You are arguing against something that isn't at issue and even if you were right about what they "really want", it still wouldn't be relevant to/connected to the discussion.

Apple claims that the only way in is to create a back door that could be used much more broadly. Are they lying? How do you know?

 

[russ_watters]

Apple claims that the only way in is to create a back door that could be used much more broadly. Are they lying?

No, of course they are not lying. But again: "could be" is an entry point into imagination. The FBI isn't asking for it to be used broadly. You are speculating that they want to, despite what they have actually said to the contrary. You're in essence claiming the FBI lied on the motion they submitted to the court. And again, even if they had, what you suggest isn't on the table: if the FBI wins and Apple complies, they still don't get what you claim they want.

Apple isn't alleging a nefarious motive by the FBI, you are. If anything, Apple is expressing worry about their own ability to fulfill the request safely.

 

[Dr. Courtney]

No, of course they are not lying. But again: "could be" is an entry point into imagination. The FBI isn't asking for it to be used broadly. You are speculating that they want to, despite what they have actually said to the contrary. You're in essence claiming the FBI lied on the motion they submitted to the court. And again, even if they had, what you suggest isn't on the table: if the FBI wins and Apple complies, they still don't get what you claim they want.

Apple isn't alleging a nefarious motive by the FBI, you are. If anything, Apple is expressing worry about their own ability to fulfill the request safely.

Only a very small minority of FBI employees need to be careless or act with nefarious motive for the Apple's concerns to be realized.

The FBI has asked for the broad abilities to access all cell phones in the past, so it is not unreasonable they still want it now. How many times have government employees been imprisoned for carelessness or overreaches regarding citizen privacy? How many NSA employees were fired or put in jail?

How well placed is your trust in government that a reasonable need in the present is not extended to broad privacy intrusions in the future? How is the FBIs history on respecting the privacy of citizens?

http://www.huffingtonpost.com/2014/01/20/martin-luther-king-fbi_n_4631112.html

http://www.slate.com/articles/news_...ved_the_nsa_s_surveillance_program_topic.html

 

[russ_watters]

As I said, this is a complicated issue, but there are things about Apple's letter I don't like. Along the current line of discussion, but broader:

Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The first two sentences are true (though the first part is mostly in Apple's control). The conclusion/claim is nonsense (though I guess that makes me unreasonable to them ). The police/FBI don't need master keys "in the real world" because physical locks are breakable and they usually don't have to break them anyway because people just open the doors for them. Apple is like the superintendent of an apartment building claiming that it is a bad idea for them to have a master key to the rooms in their own building (not perfect, but it is their choice of analogy). That's nonsense.

In both the real world (apartment building: obvious) and the computer world, Apple's action is actually highly unusual and itself somewhat dangerous/risky:

Most computerized devices/accounts have back-doors, sometimes physical and sometimes electronic, because people are human and they often forget their passwords. By not creating a back-door, they remove the fall-back/protection people have to be able to recover lost information when needed. That's a substantial danger/risk/limitation.

 

[Dr. Courtney]

Most computerized devices/accounts have back-doors, sometimes physical and sometimes electronic, because people are human and they often forget their passwords. By not creating a back-door, they remove the fall-back/protection people have to be able to recover lost information when needed. That's a substantial danger/risk/limitation.

I don't have a problem with it as long as the limitations are clear, and their customers are making an informed choice.

I've also had the combinations changed on my physical safes so that neither the locksmith or the safe company knows them. It is a risk I am willing to take for the enhanced security.

One may choose to buy an iPhone for the same reason. Unless Congress passes a law that mandates a back door for electronic devices or for high end safes, the FBI should not be demanding one.

Even the director of the FBI has stated:

I believe that Americans should be deeply skeptical of government power. You cannot trust people in power. The founders knew that. That's why they divided power among three branches, to set interest against interest.

I don't trust the FBI more than their director.

 

[russ_watters]

Only a very small minority of FBI employees need to be careless or act with nefarious motive for the Apple's concerns to be realized.

No. The motion explicitly states that the FBI is willing to work with Apple to come up with a mutually agreeable solution. It is within Apple's power to comply with this request in a way that utterly prevents the FBI from gaining the tool itself.

The FBI has asked for the broad abilities to access all cell phones in the past, so it is not unreasonable they still want it now.

Of course. But that has nothing to do with this case, because that isn't on the table. It isn't a possible outcome of this case.

How well placed is your trust in government that a reasonable need in the present is not extended to broad privacy intrusions in the future? How is the FBIs history on respecting the privacy of citizens?

Reasonable need? What Apple has done is totally unprecedented as far as I can tell* - at least I've never heard of a computer company not installing a back-door to their software. I consider the need to conduct reasonable searches and seizures to be a "reasonable need".

For the FBI, yeah it isn't perfect. There's really no way around that -- it is inherently impossible for any large organization including the FBI to be perfect, especially if we include past records in the calculus. The only way to fully ensure the FBI won't violate citizens privacy would be to disband it. Blocking reasonable search and seizure is not, in my opinion, a reasonable alternative.

It is also noteworthy that there is after-the-fact recourse here. If the police/FBI seize something they were not entitled to, the courts can still render it inadmissible. It isn't an uncorrectable wrong.

Anyway, as I've said before, I'm not a big believer in secrecy/anonymity. There is literally nothing I wouldn't be willing to tell/give the FBI access to, warrant-free. I did once even invite the FBI to tap my (land line) phone after receiving a number of strange voicemails.

*I said "most" in my previous post, but am amplifying here because the more I think about it, the more I think I've never seen/heard of such a thing.

 

[russ_watters]

I don't have a problem with it as long as the limitations are clear, and their customers are making an informed choice.

I've also had the combinations changed on my physical safes so that neither the locksmith or the safe company knows them. It is a risk I am willing to take for the enhanced security.

One may choose to buy an iPhone for the same reason. Unless Congress passes a law that mandates a back door for electronic devices or for high end safes, the FBI should not be demanding one.

There's no need that I can see to request a back door for high end safes: As far as I know, there is no such thing as an uncrackable safe. And I believe that uncrackable encryption is a bigger security risk than privacy benefit. So I would support such a law.

 

[Dr. Courtney]

There's no need that I can see to request a back door for high end safes: As far as I know, there is no such thing as an uncrackable safe. And I believe that uncrackable encryption is a bigger security risk than privacy benefit. So I would support such a law.

That's fine. Support the law. As soon as Congress passes such a law, I would support compliance by companies such as Apple.

But John McAfee thinks that the iPhone isn't really uncrackable. If the FBI can't crack a safe, should a court order the manufacturer to teach them how and give them the tools? Even if a third party locksmith offered to crack it for free?

 

[russ_watters]

How is the FBIs history on respecting the privacy of citizens?

http://www.huffingtonpost.com/2014/01/20/martin-luther-king-fbi_n_4631112.html

http://www.slate.com/articles/news_...ved_the_nsa_s_surveillance_program_topic.html

Both of those things happened before I was born - and I'm 40. To me, that's a spectacularly good history. Probably more to the point, everyone's opinions are based on what they know and have experienced and having never experienced things that haven't happened since before I was born, it is easy for me to set them aside as being no longer necessarily relevant/true to today.

 

[russ_watters]

But John McAfee thinks that the iPhone isn't really uncrackable. If the FBI can't crack a safe, should a court order the manufacturer to teach them how and give them the tools? Even if a third party locksmith offered to crack it for free?

Yes, in general. And for the specific case we're discussion, I don't trust John McAffee any more than I can throw him!

 

[Dr. Courtney]

No. The motion explicitly states that the FBI is willing to work with Apple to come up with a mutually agreeable solution. It is within Apple's power to comply with this request in a way that utterly prevents the FBI from gaining the tool itself.

Of course. But that has nothing to do with this case, because that isn't on the table. It isn't a possible outcome of this case.

Reasonable need? What Apple has done is totally unprecedented as far as I can tell* - at least I've never heard of a computer company not installing a back-door to their software. I consider the need to conduct reasonable searches and seizures to be a "reasonable need".

The government has done a really poor job lately keeping the info they have secure. It is entirely foreseeable that any back doors they have into electronic communications will also be accessed by third parties with criminal intent. It is widely agreed in the technical community that making back doors only the good guys can access is impossible.

 

[Dr. Courtney]

Both of those things happened before I was born - and I'm 40. To me, that's a spectacularly good history. Probably more to the point, everyone's opinions are based on what they know and have experienced and having never experienced things that haven't happened since before I was born, it is easy for me to set them aside as being no longer necessarily relevant/true to today.

The FBI director mentioned in an interview that he is aware of more recent illegal intrusions by the FBI, and everyone knows about the NSA.

 

[russ_watters]

The government has done a really poor job lately keeping the info they have secure. It is entirely foreseeable that any back doors they have into electronic communications will also be accessed by third parties with criminal intent. It is widely agreed in the technical community that making back doors only the good guys can access is impossible.

Agreed.

The FBI director mentioned in an interview that he is aware of more recent illegal intrusions by the FBI...

I'd be interested to hear about them and can't judge them without explanation.

...and everyone knows about the NSA.

Certainly. And everyone also knows they are not a party to this case, so we probably shouldn't be discussing them here.

 

[Dr. Courtney]

It is also noteworthy that there is after-the-fact recourse here. If the police/FBI seize something they were not entitled to, the courts can still render it inadmissible. It isn't an uncorrectable wrong.

But if private information is made public, that cat cannot be reversed. There is also very little recourse for recovery of criminal uses of back doors.

Anyway, as I've said before, I'm not a big believer in secrecy/anonymity. There is literally nothing I wouldn't be willing to tell/give the FBI access to, warrant-free.

Personally, I am much less worried about the honest government agents than criminals.

*I said "most" in my previous post, but am amplifying here because the more I think about it, the more I think I've never seen/heard of such a thing.

The idea for tighter security and encryption without backdoors became more popular after the Snowder revelations about the NSA abuses.

The new Android OS also has the capability.

A number of open source efforts are underway to provide systems without back doors.

 

[Dr. Courtney]

Certainly. And everyone also knows they (the NSA) are not a party to this case, so we probably shouldn't be discussing them here.

Are you really so naive as to believe that abuses that went unpunished in the NSA will not crop up in other government agencies? The NSA abuses were a motivation for many to improve the security in the first place.

Do you really think the precedent set in this case will not be extended to other government agencies?

 

[russ_watters]

Personally, I am much less worried about the honest government agents than criminals.

I want to point something out here and I'm not even really asking for an explanation, I just want you to be aware: your worldview and mine are so different from each other, that I'm honestly having trouble even understanding your position. Privacy? Security? Indentured servitude? Honest government agents? Government criminals? Non-government criminals? These issues seem so vague and in many cases disconnected from each other to me that I'm having a lot of trouble getting a handle on the specific issues that you are concerned about and why. I don't really understand what is important to you, much less why, much less how important it is. I guess I have one question from that I'd like an answer to, with or without an explanation:

Do you believe that peoples' personal privacy/security is better or worse today than it was 50 years ago when a person could pick-up their party-line phone and listen to their neighbors' phone call and police didn't need to crack encryption to place a bug on it?

Me personally, I think in general privacy/security is better today, but the risks are different. It is essentially impossible for my neighbor to listen in on my phone calls today, but there is a risk of someone from far away (in California or China) stealing my credit card. They are also harder to identify/quantify/counter, which in my perception plays into and raises vague fears.

 

[russ_watters]

Are you really so naive as to believe that abuses that went unpunished in the NSA will not crop up in other government agencies?

Well, I'm still hopeful Snowden and Assange will be brought to the USA to face justice for their abuses in the NSA.

I'm not naive about broad risks. I just don't assume/pre-judge negatives about people's actions or motives without evidence. To me, it seems like you are doing to the FBI what you believe they are doing to you: assuming everyone could be a criminal. I don't see any way to deal with such a fear beyond living permanently in a panic room.

Do you really think the precedent set in this case will not be extended to other government agencies?

Of course precedents get extended to other similar circumstances. That's what "precedent" means! But it seems to me that you aren't looking at precedents, but rather are looking at slippery slopes. Precedents are not slippery slopes. I'll be specific:

If Apple cracks this phone and gives the data on the phone to the FBI but not the tool for cracking the phone, the precedent set enables them and the police - but not the NSA - to do it again, with exactly the same scope and method: getting a warrant/court order and getting the vendor to crack just the one phone for them. It would not allow (or even enable!) the FBI to crack phones themselves, intercept our calls and emails without a warrant or do any other nefarious thing that I'm having trouble even imagining.

 

[Dr. Courtney]

Are you really so naive as to believe that abuses that went unpunished in the NSA will not crop up in other government agencies? The NSA abuses were a motivation for many to improve the security in the first place.

Do you really think the precedent set in this case will not be extended to other government agencies?

Do you believe that peoples' personal privacy/security is better or worse today than it was 50 years ago when a person could pick-up their party-line phone and listen to their neighbors' phone call and police didn't need to crack encryption to place a bug on it?

If a citizen doesn't take care, their privacy and security are likely worse than they were 50 years ago.

If a citizen takes due care, there are opportunities for their privacy and security to be much better.

I don't have an iPhone. I'm not sure if the phone I have even has the capability of being locked with a pass code. But knowing this, I take due care not to have info on the phone that can be used to harm me or my family if it gets lost or stolen.

But a lot of folks have much greater info on their phone, including credit card, ssn, and direct banking info. If I did this, I would prefer an iPhone with the autowipe feature after 10 failed pass codes. Backdoors tend to be exploited by criminals.

See: https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004–05

 

[Dr. Courtney]

I'm not naive about broad risks. I just don't assume/pre-judge negatives about people's actions or motives without evidence. To me, it seems like you are doing to the FBI what you believe they are doing to you: assuming everyone could be a criminal. I don't see any way to deal with such a fear beyond living permanently in a panic room.

Of course precedents get extended to other similar circumstances. That's what "precedent" means! But it seems to me that you aren't looking at precedents, but rather are looking at slippery slopes. Precedents are not slippery slopes. I'll be specific:

If Apple cracks this phone and gives the data on the phone to the FBI but not the tool for cracking the phone, the precedent set enables them and the police - but not the NSA - to do it again, with exactly the same scope and method: getting a warrant/court order and getting the vendor to crack just the one phone for them. It would not allow (or even enable!) the FBI to crack phones themselves, intercept our calls and emails without a warrant or do any other nefarious thing that I'm having trouble even imagining.

I have posted ample evidence. Further, the FBI doesn't want Apple to crack the phone and give them the evidence. (This would be a more reasonable position, and help to dispel concerns of future abuses.)

The FBI wants Apple to give them the tools to hack the phone themselves. Why do they need this if they truly only want the info on THAT phone rather than the broader capability to hack other phones? If they accept a compromise that allows Apple or McAfee to crack the phone and pass along the data without the tools, it would appear they are only interested in this single phone (at least for now). If they continue to insist that Apple give them the tools to hack the phone or if they circle back around and start asking for back doors again, their real motives should continue to be questioned.

 

[russ_watters]

I have posted ample evidence.

What you've posted just plain isn't how "evidence" in criminal wrongdoing works. You can't convict someone of a crime because someone else, 50 years ago, committed one!

The FBI wants Apple to give them the tools to hack the phone themselves.

You've said that before and I don't think that's true. Please provide a quote from the motion or court order that states that.

...McAfee...

You mentioned McAfee before and even setting aside the murder allegations, I don't think hiring him to crack it would be legal/ethical. He's a 3rd party business owner who represents a separate security risk and financial interest counter to Apple's.

 

[russ_watters]

Just in case we cross-post, a separate one:

You've said that before and I don't think that's true. Please provide a quote from the motion or court order that states that.

Here's what the FBI says they want (and I submit since this is the only thing before the court, speculation on what else they might want is irrelevant):

In sum, the government seeks an order that Apple assist in enabling the search commanded by the warrant by removing, for the SUBJECT DEVICE only, some of the additional, non-encryption barriers that apple has coded into its operating system, such as the auto-erase function...

While the government proposes a specific means of accomplishing this, the government requests that the order allow Apple to achieve the goals of the order in an alternative technical manner if mutually preferable.

I see no indication that the FBI is requiring that they be provided with the tool (they want it created and used by Apple, not provided to the FBI) and they are explicitly stating they are open to other options. It seems most amenable to me.

One of the reasons I object to pre-judgements is that I think it gets in the way of actual judgement. There are other possible reasons here for the FBI offering the things that are actually on the table. For example, by asking Apple to install a tool to reduce the security, they relieve Apple of the responsibility for the additional step of actually cracking the phone. It may or may not be a meaningful distinction to Apple, but it could be, so I think it is worthwhile to offer it merely to be amenable to Apple's potential concerns.

 

[Dr. Courtney]

I see no indication that the FBI is requiring that they be provided with the tool (they want it created and used by Apple, not provided to the FBI) and they are explicitly stating they are open to other options. It seems most amenable to me.

Here's the text of the order:

Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

That definitely has Apple handing over the tools to the FBI for the FBI to crack the phone.

 

[russ_watters]

That definitely has Apple handing over the tools to the FBI for the FBI to crack the phone.

Please explain in more detail. I don't see any form of the word "tool" or its implication anywhere in the quote. I see "Apple...will bypass..." not "Apple will provide a tool to the FBI enabling it to bypass..."

 

[Kilo Vectors]

This "hacking a phone" is not difficult for any skilled hacker and elite organisation like the FBI.

I really cannot help but chuckle at apple and other big companies, they claim to resist such encroachments but it has been seen that they collaborated with these same agencies to plant backdoors in these technologies. I already know all too well the capabilities of hackers, it would not be difficult to do this. So, the one of the biggest spying organisation in the world can't even hack a phone? xD (their brother, the NSA can surely break into almost anything)

It all seems like another well orchestrated fraud/PR stunt to seem like they actually bother protecting consumer data/privacy and freedoms.

 

[zoobyshoe]

Please explain in more detail. I don't see any form of the word "tool" or its implication anywhere in the quote. I see "Apple...will bypass..." not "Apple will provide a tool to the FBI enabling it to bypass..."

From Greg's link:

So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Although the FBI isn't asking for a tool, what it want to accomplish has to be accomplished by means of a tool, a tool that Apple would have to create and install on the phone. The FBI would receive the phone back from Apple with the tool, specifically "a crippled version of the firmware," installed on it.

 

[russ_watters]

From Greg's link:

Although the FBI isn't asking for a tool, what it want to accomplish has to be accomplished by means of a tool, a tool that Apple would have to create and install on the phone. The FBI would receive the phone back from Apple with the tool, specifically "a crippled version of the firmware," installed on it.

Basically correct.*

*Caveat 1: I would say "used on it", not "installed on it". I think the difference matters. What is installed on the phone isn't the tool itself it is modifications made by the tool (a patch tool).
Caveat 2: The FBI has proposed alternatives such as Apple keeping the phone and opened the door to other alternatives Apple might propose.

 

[russ_watters]

The more I think through this issue, the more I side with the FBI. Originally, I had some sympathy for Apple over compliance breaking a promise to their customers, but that is waning. The promise Apple has made, as applied here, is the ability/tool to evade a legal search warrant. I think such a tool should be illegal. As it happens, Apple made a flawed tool, one they can still bypass, which means that now it is Apple itself who is evading a legal search warrant. That sounds like a prosecutable obstruction of justice crime to me.

There's still a way out for Apple, and that is compliance after losing their court case. Then they can somewhat truthfully claim to their customers that it isn't their fault and they had no choice.

 

[Dr. Courtney]

Well, I'm still hopeful Snowden and Assange will be brought to the USA to face justice for their abuses in the NSA.

Fact check: When was Julian Assange ever "in the NSA"?

Further, why should foreign journalists who are neither US Citizens nor residing nor even present in the USA, be subject to the laws of the USA?

Should the US hand it's journalists over to foreign countries in cases where those foreign countries claim our citizens have broken their laws in cases where our citizens were never even in the foreign country when the laws were purportedly broken?

 

[anorlunda]

The consequences that could follow this case may be more important than the details of the order or the alternatives.

Reportedly, attorneys General and local cops are preparing for their own orders. Foreign governments may demand more than the FBI. The more onerous Apple makes the procedures for this case, the bigger the army if Apple employees they'll need for future cases.

The select few Apple employees who know how to break iPhone security will have their personal security compromised for years. For self defense, they will be motivated to leak the secret to the internet.

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

 

[zoobyshoe]

The consequences that could follow this case may be more important than the details of the order or the alternatives.

Reportedly, attorneys General and local cops are preparing for their own orders. Foreign governments may demand more than the FBI. The more onerous Apple makes the procedures for this case, the bigger the army if Apple employees they'll need for future cases.

The select few Apple employees who know how to break iPhone security will have their personal security compromised for years. For self defense, they will be motivated to leak the secret to the internet.

Device manufacturers will be motivated to outsource security to foreign entities not subject to usa jurisdiction.

Clarify your second sentence for me. You are saying there are reports that attorneys General and "local cops" are waiting in line behind the FBI to issue orders to Apple to unlock other cell phones? And that foreign governments would be able to do this as well? What's the source of such reports?