FBI Insists It's Not Trying To Set A Precedent, But Law Enforcement Is Drooling Over Exactly That Possibility
from the going-to-court-to-force-you-to-hack-your-customers dept
In Jim Comey’s defensive blog post over the weekend, he insisted that the FBI was absolutely not doing this to set a precedent or to do anything other than get into a single phone:
The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message….
The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land.
Yeah, except that’s clearly bullshit. They absolutely want the precedent, and if the FBI’s PR strategy is to now insist this precedent won’t be useful beyond this case, perhaps it should have coordinated those talking points with others in law enforcement. Because if you talk to them, they’re happy to tell everyone just how badly they want this precedent so they, too, can demand Apple build hacking tools into iPhones. Jenna McLaughlin at The Intercept has put together examples of law enforcement people practically drooling over the possibilities that will be opened up should the FBI win.
In Suffolk County, Massachusetts, district attorney?s office spokesperson Jake Wark said prosecutors ?can?t rule out? bringing their own case of a locked cellphone before a judge, too. ?It may be a question of finding the right case,? he told the Wall Street Journal.
?It?s going to have significant ramifications on us locally,? Matt Rokus, deputy chief of Wisconsin?s Eau Claire Police Department, told the city?s Leader-Telegram newspaper on Monday.
In South Dakota, Minnehaha County State?s Attorney Aaron McGowan told the Sioux Falls Argus Leader that ?the court?s ruling could have a significant impact on conducting sensitive criminal investigations.?
And then of course, there’s Cyrus Vance, the Manhattan DA who also has been quite vocal in asking for backdoors into encryption, who has admitted that he basically wants the same power the FBI is now trying to exert. And, meanwhile, Senator Richard Burr used the Apple case as a keying off point to try to push for legislation he’s been working on for a while that would effectively mandate such backdoors.
So it’s fairly difficult to believe the FBI and Director Comey when not only does everyone know he’s lying, but his friends and colleagues in law enforcement can’t even be bothered to play along with the script.
Update: Oh, and even the DOJ is off-script as well. It’s now being reported that the DOJ is currently seeking similar orders on 12 more iPhones. So, yeah, Comey’s flat out lying.
Filed Under: cyrus vance, doj, encryption, fbi, going dark, james comey, law enforcement, police, precedent
Companies: apple
Comments on “FBI Insists It's Not Trying To Set A Precedent, But Law Enforcement Is Drooling Over Exactly That Possibility”
"Dangit you lot, you're supposed to wait before celebrating!"
I imagine Comey is more than a little annoyed at all the law enforcement people talking about how eager they are to start using the ‘totally not designed to set a precedent, honest’ case for their own gains before it’s actually run it’s course.
Just a little difficult to get people to buy the ‘There’s no point in focusing on what the precedent from the case might do, that’s not important right now’ argument after all when you’ve got people chomping at the bit to use that very precedent, making it very much an important consideration.
We're going to need a chart here...
… to track the # of phones requested to be cracked vs the drop in Apple stock price/market share. Hyperbolic curve downward, methinks.
The Floodgates Open
One of today’s WSJ headlines says that the DoJ is preparing another 12 orders for iPhones in totally separate cases. That didn’t take long.
Re: The Floodgates Open
They are having real trouble pretending they care about citizens rights lately…
Re: Re: The Floodgates Open
Since they don’t call us citizens in internal documents anymore, that really isn’t surprising.
Re: Re: Re: "They don't call us citizens in internal documents anymore"
Bugsplats?
Re: Re: The Floodgates Open
Since they don’t call us citizens in internal documents anymore, that really isn’t surprising.
Re: The Floodgates Open
What I’m curious about — suppose China, Russia, Pakistan, whichever, were to demand Apple provide them the same backdoor that the USA is demanding. And possibly not even Apple, just a hardware provider in general.
Suppose that hardware provider is also a defense contractor. The foreign country then uses the backdoor they are given to break into secure US military or government systems.
Who is guilty of espionage if that happens? Certainly the foreign government is, but is the hardware manufacturer also guilty?
And how much harm could unfettered access to top secret databases cause before the backdoor could be pulled again? This isn’t just the wet dream of law enforcement here, this has national security consequences as well.
Lets forget a moment who the FBI is and give them the benefit of the doubt and pretend that they also lived in a cave and were born just 5 minutes ago.
Weather they plan for it to be a precedent or not, it will become one as the iron has barely warmed up, we see they are already chomping at the bit to do it with more cases.
No Suprise
This is the defacto state of the US since 9/11… fear and propaganda to strip liberty at every possible opportunity.
No matter how much people bitch about it they keep voting for it. If people actually gave a shit about liberty more candidate like Rand Paul would still be in the race.
Either way, this nation is heading out the door, we are nothing like we once where. Things have been so damn peaceful and nice we are not even able to see what true evil is and plan to give every last part of this nation to that evil for political and social expedience.
Re: No Suprise
early 1930’s Germany parallels.
Not bothering to play along
Unfortunately, if it is hard to believe the FBI, it is also hard to believe Apple. Rather, I think that there’s a significant probability that the FBI is colluding with Apple to sell a lie to the American people.
Law enforcement, lately, has become famous for “parallel reconstruction”. Apple, though, is noted for the famous Apple “reality distortion field”.
Do we want real security — or do we want marketing hype? If the smartphone pin does not have enough entropy to prevent a brute force attack on data at rest, then there’s a non-ignorable threat to the privacy of that data at rest. Are all these people really going to try to sell me on the idea that the NSA can’t crack that phone without Apple’s help? I’m not buying it.
It seems fairly likely to me that the government already knows what’s on that phone. Now Apple and the FBI are just trying to come up with a cover story for how the government already knows what’s on the phone. Or a cover story for how the government denies it knows what’s on the phone, and must have acquired the intelligence some other way. Either way, a cover story that’ll help preserve Apple’s market position. Either way, a cover story that’ll have people buying into the lie that Apple phones protect their privacy.
Insecurity from a pin without enough entropy meets “parallel reconstruction” and “reality distortion field”. Most people can’t do the math.
But why should people who can do the math bother to play along?
Re: Not bothering to play along
You’re right that a PIN doesn’t provide much entropy. But it’s on the user to choose to use a PIN or password (or an even weaker swipe pattern or nowadays there’s fingerprints).
Apple has helped to mitigate this entropy with other security features such as delays between attempts and “self-destructing” data after too many attempts. Those features reintroduce entropy into the mix by stretching out how long it takes to crack that PIN or by forcing them to give up as it becomes unrecoverable.
Re: Re: Not bothering to play along
Bullshit.
Re: Re: Re: Not bothering to play along
The standard of “bits of entropy” means it takes longer for the encryption to be cracked.
Delays between attempts makes it longer for the encryption to be cracked.
Data self-destruction makes it longer or impossible for the data to be recovered.
At least that’s been my understanding. Where am I wrong in that? (And I ask that not out of spite, if I’m wrong, I do want to know how.)
Re: Re: Re:2 Not bothering to play along
You’re not thinking outside the box. (Or, in this case, the cellphone enclosure.)
Look, there’s the data to to be decrypted. That encrypted blob can be captured and preserved.
There’s the weak pin. That can be brute forced.
There’s the algorithm to derive the key from the pin and a hardware secret. That’s known. Or at least sufficiently knowable.
All that’s left is the hardware secret. You’re telling me that you can’t obtain the hardware secret from the hardware? Bullshit. If worst comes to worst, you can pull out every functional block except for the key derivation, and probe against that, not worrying about destroying the data which you preserve elsewhere.
Re: Re: Re:3 Not bothering to play along
They should hire you to do the decryption. There are 12 other devices they will need after this.
Re: Re: Re:4 Not bothering to play along
No.
They have better people than me. I’m acquainted with a few of them.
Re: Re: Re:2 Not bothering to play along
Entropy is a measure of unpredictability in the pinspace. There’s also entropy in the hardware-id-space.
When we’re dealing with actual values selected from the pinspace and hwidspace, we should talk about “surprisal”.
Re: Re: Not bothering to play along
And I shouldn’t need to mention, but will —for the benefit of all the CS undergrads who don’t quite get it— the phone’s hardware can be simulated.
What a slimeball
If apple gives in on this, there will never be another apple product in my home.
Foot in the door and all that
It is like everything else, once they get their foot in the door, you will never get it closed again. It will open up the floodgates from local law enforcement, to state and federal agencies.
Is it possible for Apple to perfectly secure their phones?
It seems the conventional wisdom has been that no one, not even Apple, could break into one of their phone’s encrypted data. I guess that’s not the case. It may be Apple can’t guarantee such a level of security and this knowledge will one of the most important results of this episode. Perhaps the best way to prevent anyone getting at your data is to physically destroy the phone with an industrial strength shredder and/or a high temperature blow torch focused on its parts.
Re: Is it possible for Apple to perfectly secure their phones?
Apple cannot guarantee that you can memorize a secret that can’t be guessed.
Most people may not be willing to memorize something like:
(Just generated with 126 bit strength.)
Even if people are willing to memorize a meazly 21 characters (modified base64), they may not be willing to type it in on a smartphone keypad.
So where does that leave us? Apple could make it possible for you to carry around a secret like that on a second piece of hardware. Perhaps a micro-USB dongle. But if that hardware falls into the wrong hands, it’s still game over.
Re: Re: Is it possible for Apple to perfectly secure their phones?
Apple could make it possible for you to carry around a secret like that on a second piece of hardware. Perhaps a micro-USB dongle. But if that hardware falls into the wrong hands, it’s still game over.
What the iPhone does instead, is make the user key in her password on phone startup and then she can log in via thumbprint.
That’s when the fridge-logic hit me: you never want your extremity (or an eye) to be worth more than you are.
Re: Re: Re: Is it possible for Apple to perfectly secure their phones?
Not the iPhone at issue in this case. It’s an older one. See Trail of Bits Blog:
Crosscheck with the various court documents to verify model 5C. Also crosscheck with Apple docs to verify that 5C lacks TouchID.
Re: Is it possible for Apple to perfectly secure their phones?
Apple have this problem, if they cannot update firmware, they are risking a massive recall if they find a bug. Unless they write and install suitable firmware, which I believe they have not yet done, they cannot break into devices.
Re: Re: Is it possible for Apple to perfectly secure their phones?
Get it firmly into your mind that Apple’s code signing key is not necessary for NSA to simulate the device on different hardware.
Neither is Apple’s code signing key necessary for China, or Russia. Probably not needed for the UK, Germany nor France, as well. And who knows who else? I don’t discount Arab contributions to mathematics, although that was mainly in the midieval period, when Europe was stagnant. Oh, yeah, don’t forget India. There have been some very good Indian mathematicians, and their engineering is good enough to get to Mars these days.
Re: Re: Re: Is it possible for Apple to perfectly secure their phones?
Apple have buried one part of the actual encryption key inside a special device, and that cannot be extracted from that device. The passcode is protected by a mechanism that prevents brute force attacks, limited tries with increasing delays between tries. Apple could write new code to remove that protection, but that just allows the FBI to try and brute force the passcode. If the owner of the phone is has used a long passcode, they could still be out of luck.
Re: Re: Re:2 Is it possible for Apple to perfectly secure their phones?
Absolute bullshit.
Re: Re: Re: Is it possible for Apple to perfectly secure their phones?
Get it firmly into your mind that Apple’s code signing key is not necessary for NSA to simulate the device on different hardware.
Neither is Apple’s code signing key necessary for China, or Russia. Probably not needed for the UK, Germany nor France, as well.
References for any of that?
Re: Re: Re:2 Is it possible for Apple to perfectly secure their phones?
Do you have a technical degree, or equivalent experience and learning?
Sorry, but I can’t take you through a CS or EE education in a few comments. I’m not even going to try. It takes a few years of hard work to learn the basics.
If you don’t have the fundamental background, then you’re just stuck with taking things on faith here. In which case, you might as well just believe the marketdroids. The vast majority of people will anyhow. And I guess there’s safety in numbers for y’all.
Otoh, if you’re comfortable with emulation and simulation and so on, then here’s a comment from someone over at Ars. I don’t know that guy, and maybe he does what he says he does, and maybe he doesn’t. But read the comment.
Re: Re: Re:3 TPMs
I’m now very curious about Trusted Platform Modules, one of which is the black box with the AES key to which the FBI can’t get on its own.
I figured that on start up it checks its own flashmem and if blank creates a pseudo-random UID, and the idea is that no-one ever gets to see the UID. You just enter the user’s PIN and it creates an AES key if all other conditions are nominal.
So (and this is just a guess from an old-timer) the matter is tricking the TPM to think conditions are nominal after you drop it in an emulator…or to trick it into thinking you’re just doing some diagnostics.
That’s the thing. Computers can’t tell if you’re an Apple tech, and FBI tech or a black hat, which is why I expect any given TPM design will only be secure for a limited amount of time before someone hacks it.
Re: Re: Re:4 TPMs
Engineer shows how to crack a ‘secure’ TPM chip
Re: Re: Re:5 TPMs
Well, that didn’t take long.
Thanks for the link.
Re: Re: Re:6 TPMs
Considering that TPM hardware started being place in computers in 2006, that means it took four years. A bit longer than usual…
Re: Re: Re:7 TPMs
Soo…doable but expensive.
Which is usually considered an acceptable level of security.
Though this guy was inventing the process as he went, so it raises the question of how slow it will be with a functional process.
Still, it gives us hope that we can have difficult-to-unlock data storage where even the manufacturers can’t bust in.
But I think an actual going dark would be a benefit to society.
Re: Re: Re:8 TPMs
An acceptable or unacceptable level of risk always depends on your threat model.
Re: Re: Re:9 TPMs
True. Generally, for us ordinary shlubs, we want it to be difficult enough for the police or the Chinese hacker army to get our data that they won’t bother for a meager fishing exhibitions. Maybe we want it tough enough to stop the district attorney on a bender.
If you’re not an ordinary shlub, say a VIP or a terrorist, then your data is worth more, and agencies / hackers might be more inclined to go the extra mile.
The problem is when robust security becomes easy to crack, due to an exploit or a new technique… which is exactly what Apple is trying to prevent by refusing to cooperate with the FBI.
If we can’t live in a society in which justice prevails, I think we at least want consistency.
Re: Re: Re:10 TPMs
But Apple is cooperating with the FBI in trying to sell us a very clumsy “misstatement of the current state of the art.”
GIGO.
Re: Re: Re:11 Misstating the state of the art
Maybe, but I was referring to their refusal to write signed code to bypass their security features.
Apple can cooperate with the FBI in one way, and refuse to cooperate in another way without it being inconsistent.
I may agree with Hitler that every family should be able to afford an automobile, yet disagree with him that some people are unworthy of living and should be massacred.
Re: Re: Re:12 Misstating the state of the art
In general, sure. But, given the specific situation at hand, no.
If Apple really doesn’t want to write and sign code for the government’s hack in this case, then it would further that interest to point out that the government doesn’t require Apple’s assistance to obtain the decrypt.
Re: Re: Re:13 [Apple could] point out that the government doesn't require Apple's assistance to obtain the decrypt.
Doing so would reveal that the agency is being pretty dense.
I am not privy to all of Apple’s motivations nor how conscious the company is being. I do know it has neither moral obligation nor community-related cause to give FBI any help.
Rather, Apple has plenty of reasons to avoid helping the FBI in any way (or US law enforcement in general), except when it is forced by law and gunpoint to do so.
Re: Re: Re:14 [Apple could] point out that the government doesn't require Apple's assistance to obtain the decrypt.
That’s an awfully broad statement: “any”.
Let me narrow it: Apple has no moral obligation to tell the American people that if they choose a pin from a pinspace with insufficient entropy, that Apple has the power to protect their secret anyway. Apple, as a corporate citizen, has no moral obligation to lie about the state of the art in reverse engineering, nor to lie to people about mathematics.
If the pin is too short, and the hardware falls into the hands of a major nation-state adversary, it’s game over.
Re: Re: Re:15 ...if they choose a pin with insufficient entropy...
Ah, but Apple has motivation to stay in good standing with its customer base, not that this has slowed them down (or other companies, for that matter) when they can’t help but choose a jackassier course.
I’m not sure if password hygiene is common enough smartphone protocol that Apple should need to advise those who are likely targets.
My experience since 2013 has been that few people really care that much about being surveilled by the NSA (or by the FBI for that matter) and don’t care enough to concern themselves with encrypting their phones unless they have vested interests in their secrets (such as with a business phone, or paranoids like myself who think state-subversive thoughts).
It took a while to get people aware that they had things to hide. It took them a while to realize that they can, even if not doing anything criminal, can still wind up victims of Law Enforcement.
So the folks in Apple have to guess at what is publicly apt as well as what is good for them as a company.
Re: Re: Re:3 Is it possible for Apple to perfectly secure their phones?
Do you have a technical degree, or equivalent experience and learning?
Yes.
Otoh, if you’re comfortable with emulation and simulation and so on, then here’s a comment from someone over at Ars.
I don’t do hardware so I didn’t totally follow everything, but interesting. And reading the article and some of the other comments gives a clearer picture of what’s going on (for me at least).
Re: Re: Re:4 Is it possible for Apple to perfectly secure their phones?
But you’re comfortable with emulating a machine’s instruction set on another machine? (which perhaps has a completely different instruction set)?
Then too, you understand that a simulation of one machine is not necessarily an exact emulation of that machine? So that if one machine has a check for signed code, a simulation might leave that check out?
Re: Re: Re:5 Is it possible for Apple to perfectly secure their phones?
But you’re comfortable with emulating a machine’s instruction set on another machine? (which perhaps has a completely different instruction set)?
The difficulty in this case is not making or using an emulator, it’s in getting the secret out of the target device.
Re: Re: Re:6 Is it possible for Apple to perfectly secure their phones?
The target in this case is an “Apple make: iPhone 5C, Model: A1532.“
• iPhone 5c Teardown, showing A6 processor.
• Apple A6 Teardown
Re: Re: Re:6 Is it possible for Apple to perfectly secure their phones?
The target in this case is an “Apple make: iPhone 5C, Model: A1532, P/N: MGFG2LL/A”.
iOS Security Guide, p.7
The target device has an A6, and thus, no “Secure Enclave”.
Re: Re: Re:7 Is it possible for Apple to perfectly secure their phones?
Sadly, the A7 teardown doesn’t call out the new “secure enclave” in the Chipworks-provided floorplan.
Re: Re: Re:8 Is it possible for Apple to perfectly secure their phones?
Neither does this comparison between the A7 and the A8.
Re: Re: Re: Is it possible for Apple to perfectly secure their phones?
Oh, and how did I neglect to mention Japan and South Korea? Sorry about that.
Not Destroyed, Data Recovered
I was surprised to learn from an article yesterday on http://www.emptywheel.net which referenced another article on Slate also by Marcy Wheeler that the personal phones may not in fact have been destroyed and that statements by Comey suggest they have all the data from them.
Since they apparently attempted to destroy those phones and not the one owned by SBC, THEY thought those had all the stuff they wanted to hide on them, and not this one. The logical conclusion from that information is that yes, Comey wants a precedent and does not actually expect to learn anything from breaking into this phone. Being allowed to get into this phone then allows them to get into, well, any phone with like issues.
“drooling”
I am trying to figure out a way you could lay it on any thicker, but I think you have gotten full and total bullshit coverage on this one.
Re: Re:
Mirrors. You sorely need them.
Re: Re:
Paul Duffy called. He wants to let you know he’s saving a warm seat for you where he is.
"Comey's flat out lying."
Yeah, just the kind of people we *don’t* need to be giving back-doors to.
Can you imagine what sort of rights citizens would have if there was no 2nd amendment.
I look at how law enforcement treats the rights of it’s citizens with open contempt. care almost nothing about the laws they enforce but constantly break themselves.
That’s third world country stuff right there. If there was no chance at all law abiding citizens could be armed I think things would be worse than soviet style russia for the average american.
Moot Point
I would think the FBI would select a better target device for this charade. The perps are dead. The perps took great pains to destroy their personal tech devices.
We all know “metadata” is there for the FBI’s taking — they already know who they communicated with –even on the destroyed devices.
What could possibly be in existence *only* on that employer-owned device that could be useful?
Re: Moot Point
I would think the FBI would select a better target device for this charade. The perps are dead.
Which means the 4th amendment doesn’t come into play. This could be their best chance.
Once we are all incarcerated they can all retire. Thankfully there are the Russians, Chinese, and whom ever the current boogie man is, to keep them in check. As long as we don’t run out of sons and daughters to sacrifice that is.