White House Is Either Lying About Apple Order Or Doesn't Understand What A Backdoor Is

from the semantic-bullshit dept

During a White House press briefing on Wednesday, Press Secretary Josh Earnest apparently kept brushing aside questions about the order to Apple to remove certain security features that would enable the FBI to brute force the passcode and decrypt the contents of Syed Farook’s iPhone. However, eventually he insisted that the DOJ is not asking for a backdoor:

In a briefing with reporters, White House spokesman Josh Earnest deferred to the Justice Department but said it’s important to recognize that the government is not asking Apple to redesign its product or “create a new backdoor to its products.”

Earnest said the case was instead about federal investigators learning “as much as they can about this one case.”

But that’s bullshit — and thankfully, at least some in the media are pointing this out.

As FBI Director James Comey has done saying he wants “front doors” rather than “back doors,” the White House is playing word games that suggest they’re either being deliberately misleading or they don’t understand the basics of what’s happening. Neither scenario makes the White House look very good.

The application and the order absolutely are about forcing Apple to create a backdoor. It is a specific backdoor, but the whole point is to undermine key security features that protect the users of the devices. The fact that it would just be targeted towards this one phone is basically meaningless in this context. The issue is that a court can order a tech company to deliberately undermine its own security and expose content on a device. That’s a backdoor.

And, importantly, it’s a backdoor that other countries will demand as well. China has already been using the US “debate” over backdooring encryption to support its own demands for backdoored encryption, and the results of this legal fight will absolutely be used by plenty of authoritarian countries to argue that they, too, can demand such backdoors.

As the NY Times notes, China is quite interested in this particular fight:

China is watching the dispute closely. Analysts say that the Chinese government does take cues from the United States when it comes to encryption regulations, and that it would most likely demand that multinational companies provide accommodations similar to those in the United States.

Last year, Beijing backed off several proposals that would have mandated that foreign firms provide encryption keys for devices sold in China after heavy pressure from foreign trade groups. Nonetheless, a Chinese antiterrorism law passed in December required foreign firms to hand over technical information and to aid with decryption when the police demand it in terrorism-related cases.

Any move towards deliberately forcing tech companies to undermine security and privacy protections for users absolutely is a backdoor and will be used by countries with much less regard for the privacy of its citizenry.

Filed Under: , , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “White House Is Either Lying About Apple Order Or Doesn't Understand What A Backdoor Is”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Any move towards deliberately forcing tech companies to undermine security and privacy protections for users absolutely is a backdoor and will be used by countries with much less regard for the privacy of its citizenry.

Given the USG has absolutely no ‘regard for the privacy of it’s citizenry’, I’m not sure if this is possible actually.

Anonymous Coward says:

Re: Re:

“Regard for the privacy of its citizenry” is becoming a weakness internationally. As states around the world are jockeying for protecting national interests, privacy is the easiest target to flatten since many people of the Facebook-generation doen’t care.

That massive invasion of privacy, media-control and torture are the main courses for dictators to keep their population from insurrection, is not a coincidense: If you distrust your population invasion of privacy is what is needed to protect the authorities from the people.

Anonymous Coward says:

Re: Easy enough choice for me

Android may or may not be better, but it will be much easier to find software that will help to defeat the govs intrusion than it would be on the Apple app store.

You might want to re-think this.

Apple is a big company, with a suite of lawyers, defending its code.

The developer of your encryption application is almost certain to be smaller, less well funded, fewer lawyers, and MUCH less “government-resistant”.

And mind… the FBI is currently outside the phone looking in, and asking Apple to help them get in. Any application-level solution only applies once they have access to the phone’s contents. They’ve already got all the metadata from the phone, as well as anything not specifically locked down.

All this notwithstanding, encrypting your data separately, even with whole disk/device encryption, is still a good idea. One more hurdle to overcome. But it may be too little, too late.

Anonymous Coward says:

Re: Re: Easy enough choice for me

The protection on open source code is that anyone can look at it, and any government can be sure that all other governments look at security critical code, as they can use any exploits that they find. Also a private citizen in a different and non friendly jurisdiction could find the backdoor and publish it, whereupon it gets removed, at least in downstream copies of the code.

Anonymous Coward says:

Re: Re: Re: Easy enough choice for me

Valid points, but more relevant to the original comment than to the reply.

And, of course, dependent upon the code installed on the device being the same as that whose source is being examined. And the only surety of that is to do it yourself: build, install, with your own tools.

For the truly – and sometimes justly – paranoid, Reflections on Trusting Trust is relevant. IE, what guarantee do you have that the application you “installed” on the device did not get adulterated by something else currently on the device?

CanadianByChoice (profile) says:

[…] just be targeted towards this one phone […]

Only an idiot would actually believe that. This is about whether or not Apple is capable of compromising their devices and whether or not they can be compelled to do so on demand. Once it’s proven that they can do it and can be compelled to do so, this door is forever open for abuse.
It also proves that it can be done – so how long before some ingenious hacker figures out how to do it in the wild?

Hans says:

It's all about precedent

The DOJ has very carefully constructed this case by picking a highly emotional event, and by asking for just this “very narrow” thing from Apple. It’s a test, an attempt to set precedent. They want to make Apple look unreasonable for not “helping” catch “terrorists.”

We can be nearly certain there is likely very little of value for catching terrorists on this phone, because we know that the DOJ has all the metadata for every contact in and out of it. The metadata tells them more than the data. If they had any evidence of further terrorist “connections” with this phone, they would have presented it to bolster their case here. There’s nearly no reason to keep such information secret. Therefore, they have nothing.

This is nothing more than a cynical attempt to use the acts of a mentally imbalanced person, and the deaths of 14 others, for the DOJ to get its foot in the door. And they’re doing a great job of hyping it in the press.

klaus says:

Re: It's all about precedent

That’s also my take on this. There must be ample evidence to convict both Farook and Malik. Cracking open their phones will add nothing. This as a test case; in this battle of wills, if they can force Apple to comply with backdooring their flagship product, it will solidify the principle that state security overrules personal security.

“If you have nothing to hide” be damned. It doesn’t help that lazy and inept blowhards in the press are compliant with this travesty.

Anonymous Anonymous Coward says:

Contradictory Question

Should there be something that cannot be accessed with a properly conceived and executed warrant?

I do not know the answer to that question. Here is some background discussion.

One part of me says why not. Encryption is good and not everything should be available to the government. That will just lead to the whole thought crime debacle.

Then my imagination starts to conjure up scenarios where access to some encrypted info might be critical to actually saving, maybe millions, of lives. I am moving beyond where the behavior of the US government, or governments in general, or mankind’s inhumanity in general is right or wrong and just thinking in terms of short term ‘let’s prevent NY or LA or some other major city(s) from becoming a…well let’s call it a nuclear or biological wasteland. It might be preventable if only…and not in the way the haystack encumbered agencies mean it, but actually preventable.

The need is time sensitive, it is needed now. Time for debate is over. Should there be a way, or is privacy, or the need for privacy so strong that it should thwart even the most rational legitimate need of some government?

Jason says:

Re: Contradictory Question

There are all kinds of quotes or cliches or whatever that touch on this (“those who sacrifice freedom for temporary security”, we should just put CCTV cameras in everybody’s home, etc.) but what the question boils down to for me is this: where do you draw the line? No one wants to be killed in a terrorist attack, but when it comes right down to it what amount of freedom are you willing to give up in exchange?

Even if we hand over everything the government asks for, there’s no way they can prevent every single possible attack. Sooner or later something will get through. So, what was the point, then? Even if I thought that living in a totalitarian, 1984-esque state was a fair trade for being safe, I’m still not safe and I’ve given all of that up for nothing.

And then there’s the added wrinkle of abuse… even if I think that yes, there are some situations where the government should be able to access what they want when they want it, the potential for abuse is massive. They want to see inside this one phone today, but what about tomorrow? What about the next time something happens, or there’s a guy taking shots on the freeway, or someone goes missing? We can pretty much guarantee from history that this kind of power will be abused. Maybe not overtly, at first… but surely the person being stalked by their NSA-employed ex is just as much victim of an abuse of power as a wrongful arrest based on shoddy search results.

Everyone has to make up their own mind, of course; that’s what freedom is all about too. But for me, I would choose genuine freedom over illusory safety. If that means there are some things the government just can’t do—even, in the worst possible case, protecting me—then I guess that’s the way it is, and I’m okay with that.

Anonymous Coward says:

Re: Contradictory Question

To answer your question, yes there already is, it’s called your knowledge…

Why not just get a warrant to force Syed to give up his password? Oh, you mean it’s not possible to compel speech with a warrant? I think you have your example of information that can not be compelled by a warrant (at least at this time).

Until the government is able to read our thoughts and minds, there exists information that can not be compelled by a warrant. Now if I chose to store some of my critical knowledge in a secure environment, does that mean the government should be allowed to get a warrant to retrieve it? Does the storage medium matter? What if it’s my 6 year old son and I pass on my secrets to him, should the government be able to “brute force” the information out of him? What if it’s written down in a code that only I know how to read, should they be able to ‘brute force’ me into providing the key?

When did ‘brute force’ become the rule of law?

John Fenderson (profile) says:

Re: Contradictory Question

“Should there be something that cannot be accessed with a properly conceived and executed warrant?”

This question is equally asking “should there be thoughts that are illegal to think?” and “should there be math that is illegal to perform?” and a myriad of other things.

My answer is yes, there should, for the simple reason that to say there shouldn’t is to inescapably say that there are a whole host of legitimate, ethical, moral things that you are forbidden from doing.

It is true that the existence of privacy means that terrible things can hide as well. But terrible things always find a way to hide, and we should not be so quick to jettison fundamental liberty in a rush to attain something that cannot be attained.

Michael (profile) says:

Re: Contradictory Question

Should there be something that cannot be accessed with a properly conceived and executed warrant?

That is exactly the wrong question to be asking. I’m pretty sure everyone having a rational discussion about this would tend to agree that a backdoor to any electronic device that could only be accessed with a proper warrant and did not otherwise compromise the security of the device would be a good thing for law enforcement.

However, this unicorn doesn’t exist. Every reputable security and encryption expert that I have heard from on the subject (and I read a lot) has said that anything done will compromise the security of the devices in ways that can be exploited and abused by the government as well as by criminal and terrorist organizations.

The question is: Are the speculative positives for such a security compromise a large enough benefit for the risks involved? Traditionally, we have had limits (a camera in every bedroom would pick up some criminal activity).

That One Guy (profile) says:

Re: Contradictory Question

The need is time sensitive, it is needed now. Time for debate is over. Should there be a way, or is privacy, or the need for privacy so strong that it should thwart even the most rational legitimate need of some government?

If we’re going to spin ‘what if?’ scenarios, then the other side has significantly more weight too it. Much, much more likely than the ‘what if…’ scenario you depict where encryption stops the government/police from preventing some disaster is what will happen if encryption is weakened such that there’s a ‘good guys only’ backdoor installed in otherwise secure systems.

With such a glaring weakness it’s not a matter of ‘if’ but ‘when’ it’s found and exploited by those with nefarious intent, and the damage that would cause would be huge. Bank account, email(and by extension everything connected to it), sensitive personal data… weakening encryption makes all of that vulnerable, and the potential harm from doing so is both larger, and more likely to occur, than some hypothetical disaster or attack.

The government and police are welcome to employ reasonable methods to prevent and solve crime, but they are very much not welcome to do so using methods that make everyone less safe in the process.

Hans says:

Re: Contradictory Question

“Should there be something that cannot be accessed with a properly conceived and executed warrant?”

It’s not a matter of should there be, because there are such things. Things laws can’t change, and you can’t pretend the don’t exist by passing such laws.

“The need is time sensitive, it is needed now.”

Oooh, scary words! Citation needed. Nothing about this case is either of those things. Your argument is by your own admission based on your imagination. I think the idea that anything needs to change, let alone encroach on our liberty and privacy, based on what you conjure in your imagination is patently absurd. You’re going to have to do far better.

Anonymous Anonymous Coward says:

Re: Contradictory Question

Thank you all.

I had a feeling this is the kind of response I would get, and you affirm my basic position. The Founders only had physical locks and safes to contend with and may or may not have considered the various methodologies for attaining what is within a human mind.

I agree, what is in my head only gets out if I want it to get out. It is also my choice to decide to store some of that on my encrypted device and not turn it over to some government. Too bad privacy isn’t codified in the constitution, and even if it was, would any of the three branches give a damn?

Torture might get it out of me (no one can resist forever), but only if they know the right questions to ask. If what is in my head or on my device is something I made up, then the likelihood of them knowing the right questions to ask is pretty damn low. If it isn’t something I made up, then those questions they ask will lead me to answers that are more than likely NOT true, but placating in nature just to stop the abuse. So they don’t win, either way.

That background discussion over at Simple Justice brought the question to my mind as to whether or not there could be a legitimate government interest in everything. In the instant case I cannot see where there is any interest at all, other than forcing the backdoor open as Hans points out.

Anonymous Coward says:

Re: Contradictory Question

Should there be a way, or is privacy, or the need for privacy so strong that it should thwart even the most rational legitimate need of some government?

That’s a good question, how about we ask a student in Tiananmen Square, a Jew in WWII era Germany or nearly any North Korean citizen?

The point is the more trust that gets placed in an authoritarian the more authoritarian it becomes. The US government it swallowing up all the freedoms that once made America great. If you don’t live in the US don’t worry about being left out, if the US government ever obtains totalitarian control it will come for you too.

beltorak (profile) says:

Re: A different perspective

That’s an interesting article to be sure, but I think it’s falling into the false dichotomy fallacy. Apple isn’t fighting to gain more control – “to become our lord and master” (if I may abuse the wording therein), but to allow the individual to retain control. Apple is arguing that it should not be forced to wrest control out of the hands of an individual.

And that is a true dichotomy. Either the individual has complete control, or they don’t. They can, individually, choose to cede control, but it should still be their control to cede.

And if I understand correctly, there are still things that the US government cannot just ‘writ’ to obtain. If a person is ordered to divulge information by the judge, and the person refuses, the judge may hold the individual in contempt and impose a sentence for the purpose of coercion. But no amount of legal coercion can force a person to divulge the information. That information is out of the judge’s hands for so long as the contemnor resists the coercion. To say that nothing should be out of reach of the judge is to allow the suspending the rights of the individual and applying greater coercion than our current legal system affords.

Anonymous Coward says:

Re: Re: A different perspective

Apple is arguing that it should not be forced to wrest control out of the hands of an individual.

Would that be the same Apple that exercises a prudish control over the contents of app that can be loaded onto IOS devices? Colour me cynical, but Apple wants to control what users can do, its just that allowing a government to undermine their security would hurt their business model.

beltorak (profile) says:

Re: Re: Re: A different perspective

Yes, that would be the same Apple. And you can point out the hypocrisy. But that doesn’t change the fact that this argument is about whether or not Apple should be forced to wrest control from the user. I don’t blame you for being cynical, but your viewpoint contradicts the official narrative in this instance:

Mr. Cook and other Apple executives resolved not only to lock up customer data, but to do so in a way that would put the keys squarely in the hands of the customer, not the company.

It would have been interesting to know what Jobs would have done about a great many things starting with the Snowden revelations.

Anonymous Coward says:

Can the engineers refuse?

Let’s assume this court order stands and Apple is compelled to ‘backdoor’ their OS. I can see where the govt might get their way and compel Apple the corporation but could the govt compel individual Apple employees if they refused to do the govt’s bidding? What if an engineer is assigned to the task but says ‘no thanks, I quit.’? Could engineers in Apple legally refuse to do the work?

beltorak (profile) says:

Re: Re: Can the engineers refuse?

As I understand it, the court cannot extend the punishment beyond what is required to coerce the individual into complying, correct? So if the person refuses and also wipes their access from the system such that they cannot comply (basically nukes their profile from whatever database is used to store their login and permissions), what happens? Surely there would be some minimal sentence involved, but how severe would it be?

Uriel-238 (profile) says:

It still looks like the phone is already backdoored.

If they’re only asking for the guess limit to be lifted, and this is something that pixie dusts the iPhone, then that means that iPhones are already golden unicorned. All someone needs to do is determine the secret magic algorithm that Apple uses to determine an AES key from a 4-to-10-digit pin, and then it’s happy fun unicorn hacker time for everyone!

This should be a moot point in court. Apple shouldn’t be defending saying it won’t help the FBI, but rather saying that it all of Apple’s help to the FBI is moot since the all the cracking efforts would be in vein due to robust encryption. That there is debate about this means there’s already unicorn pixies about, that the encryption on the iPhone is not secure enough.

Precedents on golden keys and their relationships to warrants and court orders are well and good, but that doesn’t stop China or identity thieves from cracking your phone’s unicorn-dusted encryption, and I’d rather we got used to the idea that unicorn keys were unsafe, even if the FBI promised not to use the pixie gold except when in the most dire of circumstances.

Pronounce (profile) says:

Rating of Country's Abuse of its Citizen's Privacy

“will be used by countries with much less regard for the privacy of its citizenry.”

Compared to other countries on Earth how far does the U.S. have to go down the list before they can find countries abusing privacy worse than the U.S. government?

Well if you find any now, just give it time, because they are racing as fast as they can to the bottom of that list.

Anonymous Coward says:

Actually, they don’t want a back door. A back door is something that’s already in place which will allow them to gain access. Unless you’re suggesting that apple actually included a back door, and is just reluctant to use it because the feds have a court order telling them to. Why, just yesterday they weren’t capable of fixing “error 53”, which bricked i-devices when some people got work done by “unauthorized” sources, and today, WHAM, new version of IOS will apparently un-brick them, thanks to public outcry and apple’s resultant humiliation. Likewise, the other day supposedly apple couldn’t get into this phone in question because it wasn’t possible, and then many security experts came out and said that in fact, apple COULD get in, and it wouldn’t even be difficult or expensive. So now the question is just one of whether a court has the authority to order this or not, a legal one rather than a technological one. Further exacerbating this is the fact that the one who locked the phone is dead, and wasn’t even the phone’s actual owner. So it’s not even a privacy question anymore. I think, what it comes down to, is if they can unlock THIS particular phone, and not provide access to all the others via the same route at the same time, then they’d legally have to comply. Can they force an IOS update to one particular device and not the others? Especially since such an unlock wouldn’t affect those newer phones that include touch ID? Heck, it’d even be a selling point for those with older iphones to upgrade! BTW, doesn’t Tim Cook already let people in the backdoor?

Anonymous Coward says:

This the wrong debate

The idea to serve apple the warrant is the backdoor!

In theory:
If they want to search you house they convince a jugde that writes a warrant naming where and what they are allowed to search.
The serve you the warrant and after reading it and maybe contacting you lawyer, you let them in you or you lawyer supervise to make sure they only search where and what the warrant allows.

Instead they want to serve a warrant to the lock manufacturer to get the key to you house and then go in without telling you.
Now the protection off your rights,(fighting unreasonable or over broad warrants i.E.) is up to a company that as has never heard of you and has no obligation or incentive to spend money and time to protect you.

You just come home and your house ist yellowtaped or turned inside out. Or you are arrested because they claim the found something, even so they had now business locking for it in the fist place.

Why is anybody taking like that normal when it commes to computers and information?

leaving a side the actual practice of police searches and what it really take to get a warrent.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...