DOJ To Court: Hey, Can We Postpone Tomorrow's Hearing? We Want To See If We Can Use This New Hole To Hack In
from the oh-really-now? dept
So, this morning we wrote about a new flaw found in the encryption in Apple’s iMessage system — though it was noted that this wouldn’t really have impacted what the FBI was trying to do to get into Syed Farook’s work iPhone. However, just a little while ago, the Justice Department asked the court to delay the big hearing planned for tomorrow afternoon, because of this newly disclosed vulnerability:
Since the attacks in San Bernardino on December 2, 2015, the Federal Bureau of Investigation (?FBI?) has continued to pursue all avenues available to discover all relevant evidence related to the attacks.
Specifically, since recovering Farook?s iPhone on December 3, 2015, the FBI has continued to research methods to gain access to the data stored on it. The FBI did not cease its efforts after this litigation began. As the FBI continued to conduct its own research, and as a result of the worldwide publicity and attention on this case, others outside the U.S. government have continued to contact the U.S. government offering avenues of possible research.
On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook?s iPhone. Testing is required to determine whether it is a viable method that will not compromise data on Farook?s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (?Apple?) set forth in the All Writs Act Order in this case.
Accordingly, to provide time for testing the method, the government hereby requests that the hearing set for March 22, 2016 be vacated. The government proposes filing a status report with the Court by April 5, 2016.
This could mean a variety of different things… including that the DOJ is looking for a way “out” of this case without setting the precedent it doesn’t want, after discovering that the case and public opinion didn’t seem to be going the way the DOJ had hoped it was going to go when it first brought it last month. Either way, there’s never a dull moment in this case…
Update: And the judge has accepted the request, meaning the hearing is off. The DOJ put out a statement trying to spin this as being about how they’re just really interested in getting into this one phone and not about setting a precedent:
Our top priority has always been gaining access into the phone used by the terrorist in San Bernardino. With this goal in mind, the FBI has continued in its efforts to gain access to the phone without Apple’s assistance, even during a month-long period of litigation with the company. As a result of these efforts, an outside party demonstrated to the FBI this past weekend a possible method for unlocking the phone. We must first test this method to ensure that it doesn’t destroy the data on the phone, but we remain cautiously optimistic. That is why we asked the court to give us some time to explore this option. If this solution works, it will allow us to search the phone and continue our investigation into the terrorist attack that killed 14 people and wounded 22 people.
Of course, that statement is more misleading bullshit from the DOJ. It’s pretty clear that the DOJ is just trying to get out of this case as it’s realized that the original plan completely backfired, and they were likely to lose.
Update 2: Okay, the court has officially posted its decision to grant the DOJ’s request. You can see it below as well.
Filed Under: all writs act, court, doj, encryption, fbi, going dark, hacking, syed farook, vulnerability
Companies: apple
Comments on “DOJ To Court: Hey, Can We Postpone Tomorrow's Hearing? We Want To See If We Can Use This New Hole To Hack In”
Is there was a way that a party to a lawsuit could get a judgement even if the other party wanted to drop it?
If so, Apple might want to do that, even if it costs them more now, just so they (and the rest of us) don’t have to do this every couple of years.
Re: Re:
If Apple hadn’t filed a response the FBI could move to dismiss and the Court would typically let them.
However in this case there’s a response and a motion and so they can delay (with the Court’s approval) but in the end unless they sweet-talk Apple then Apple’s reply and motion will be heard.
Re: Re: Re:
I’m not so sure about that.
The case is, at least at this point, about this one phone. And Apple is a third party, not a defendant. If the FBI says it no longer needs Apple to help with the phone, I don’t think Apple can press the issue – at that point, they’ve won. Courts are for deciding actual controversies – once both sides say the phone isn’t needed, that’s that.
Re: Re:
Apple has the keys to your phone and everything you do. Every device that has an update feature, has a backdoor. Don’t let Apple fool you into who is the bad guy here.. Its APPLE.
Re: Re: Article conflict.
Apple may be a bad guy. And yes, if some big Apple official needed an iPhone opened, it’d be opened.
But Apple is hardly the bad guy.
Hint: There are no good guys in this game.
Re: Re:
There is such a thing as a Declaratory Judgement, but I’m not sure if it could be used in this situation.
Bullshit. The US DOJ knows it is in an uphill battle to get the court to agree to what it was seeking from Apple and the precedent they hoped a win would get them as a door to use a favorable ruling in other cases where devices were encrypted and rather than face a decision they would have to abide by if they lost, they now want to tuck tail and run.
The US Doj put on the full court press and lambasted Aplle every chance they got and made sure they put it to the courts and especially the public that Apple was thumbing it’s nose at Law Enforcement and was on the side of criminals and terrorists with it’s failure to give the US DOJ what it wanted.
If it wasnt for the weight of the tech companies, the EFF and others throwing their weight behind Apple would the US DOj really be backing down, I doubt it. The US DOJ was hoping to get Apple to buckle under the pressure, and Apple did not.
I really hope the court does not allow the US DOJ to back peddle it’s way out of this when they are the ones who pushed for this to get rules upon. It would be nice to get the court to put a ruling in place and set the ground rules so the US DOJ can not continue to trample all over people and companies rights because they have or seem to believe they have the power to.
Re: Re:
Alternatively, this is a convenient excuse to delay things in the hope that the public furore dies down.
Re: Re:
This smells of the DOJ surrendering. They lost key elements of public opinion and pretty much anyone who has fair understanding of cryptography. They also made it imperative the tech industry should push back in Congress which could really make their lives deservedly miserable.
I very much doubt anything can prevent the Fibbies from backing out if that’s what they want.
(1) The judge has already asked them if they’d pursued all the options available using federal resources….
(2) … implying that was a relevant question.
(3) But the only way that question could be relevant would be for an negative answer to weaken the government’s case enough to cause the judge to not issue the warrant.
(4) At the time the fibbies equivocated “We don’t have to ask EVERY federal agency”… realizing the ramifications of the question.
(5) So a negative answer provides a face-saving way of getting the warrant squashed without setting any precedent.
In a month or three the fibbies can truthfully say, in court, what anyone could reasonably have said at the beginning, “we’ve investigated this phone’s data and metadata and usage patterns enough to be reasonably certain the hate criminals (not really “terrorists”, just ordinary hate-your-neighbor misanthropes with violent tendancies) did not use that phone to make their plans AND didn’t need help from anyone else to perpetrate them.”
That leaves the question open “Did they really crack the phone?” because … hey, everyone expects that the criminals used their own phones (not their work phone) to make their plans, and destroyed those phones before perpetration.
Re: Re:
I think choice 1 is the most important. With the release of a new security hole, the judge could easily say that the phone is hackable as it is, get to work.
Note that it wouldn’t be a win for Apple, rather a bit of a loss. The FBI isn’t going forward for the moment because apparently Apple’s OS has a big enough hole in it that they should be able to walk right in. Apple certainly is not a winner if that is the case.
Re: Re: Re:
FBI isn’t going forward for the moment because apparently Apple’s OS has a big enough hole in it that they should be able to walk right in.
How ironic that they seem to have “found” it right before the court date.
And if it’s that big of a hole (your words), you’d think they WOULD’VE found it before going through the courts in the first place.
So you say it isn’t a win for Apple, but they didn’t have to commit any internal resources so the FBI could go out for coffee & donuts, instead of doing some fucking work them fucking selves. I fail to see how that’s a loss.
Re: Re: Re: Which is a shame
Because the sub-departments that do that kind of work, be they NSA, FBI, CIA or industrial love their jobs.
It’d be like telling a behavioral research specialist that he has to interview Hannibal Lecter. Most of them would be drooling from the salivation.
If the postponement is granted, just watch .. in a few weeks, there will be an announcment that, with additional research, based “in part” on the new vunerability, the FBI was able to determine that there is no useful data on the phone and, for this reason, they have no further interest in persuing their suit against Apple.
This is a ploy to save face while backing out of a situation that exploded in their faces beyond their worst PR nightmares.
Mar 22 Hearing Vacated
CIVIL MINUTES – GENERAL
The courts should not have granted this request. Just proves, once again, that the U.S. Supreme Court is bowing down to the Obama Administration. SET THE PRECEDENT ALREADY.
Re: Re:
Um… This case isn’t before SCOTUS.
Re: Re:
Sorry, I see it the other way. Apple should not have held off. It should have published what they were doing. Now some “Joe shmoe” has figured out, some other method of undoing apples magic. Apple said we are the only ones who can do this, and we don’t want to. TC basically thumbed his nose at the US, and gave in to China on terrorism. Now, wannabes attacked Brussels, and somebody comes forward, and says try this. I’m sorry, those who assist/enable terrorists should be punished.
How do you punish someone whose ego is that they can do no wrong?
This is actually bad news
I predict another “terrorist” attack soon and the FBI will say “told you – encryption!”
Re: This is actually bad news
And they’ll know the communications were encrypted because they set the whole thing up.
Re: This is actually bad news
Posponed until when?
Indefinitely? Until the DOJ feels like it?
Hey, look over there, a conveniently placed distraction!
On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone.
So, does this mean John McAfee won’t be eating his shoe on live TV now?
Look Me in the Eye and Say It Again
Exactly one month ago, the FBI was all “we can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead.” Now they’re like, “Hey survivors, just settle for an unproven hack of the terrorist’s iMessages and forget we ever asked for access to the rest of the data on the phone, mkay?”
Maybe i am just naive, but that seems alot like asking for a stay of court solely so they can break the laws they are currently trying to get overturned.
Re: Re:
Maybe i am just naive, but that seems alot like asking for a stay of court solely so they can break the laws they are currently trying to get overturned.
What laws are they trying to get overturned?
More importantly, after the FBI have read all the data from the phone will they share the details of the vulnerability with Apple so they can fix the issue?
There is no hole...
C’mon, people.
Apple bucked the FBI and stood fast, right up to where they were looking at a huge win against the government.
Suddenly, the government “finds a hole” in Apple’s SECURITY and announces it to the public.
It’s a “screw you, Apple!” move. What they REALLY just did is announce to the world that Apple’s security isn’t actually secure. It’s going to cost Apple a lot of money.
And I suspect the “exploit” doesn’t really exist.
Re: There is no hole...
This is my leading theory as well. It’s an “F you” to Apple, designed to shake customer and shareholder confidence and cost them a fortune.
Re: Re: There is no hole...
“U.S. says it may not need Apple to open San Bernardino iPhone”, by Joseph Menn, Reuters, Mar 22, 2016
Matt Blaze – Research Summary and Bio.
Re: Re: There is no hole...
“My Take on FBI’s ‘Alternative’ Method”, by Jonathan Zdziarski, Zdziarski’s Blog of Things, Mar 21, 2016
Jonathan Zdziarski.
Re: There is no hole...
I am doubtful that this revealed exploit will cost Apple lots of customers or money.
It is the very nature of the business that exploits will be found. Not just with Apple, but anybody in the business. Google, Microsoft, Facebook, Samsung, etc… What matters is how quickly Apple issues patches to their users to fix exploits found.
Re: There is no hole...
I suspect the “exploit” doesn’t really exist.
Then you’re a fool.
Security holes are found (and publicly announced) in Apple’s products about once a quarter. It won’t affect Apple’s market because it happens, and it’s known to happen to everyone. Apple will patch it, and life moves on.
That’s not the same as knowingly keeping a backdoor to give the “Democratic People’s Republic of America” access to your information, which WOULD hurt their sales.
Re: Re: There is no hole...
Do you drive a main battle tank around town everyday?—to go to work, do your errands, shopping, and so on?
No one in their right mind gets too bothered that mass-market vehicles from Ford and Toyota won’t withstand “Cartridge, Caliber .50, Saboted Light Armor Penetrator, M903”.
Instead, people would rather pay for things like battery-operated passenger vehicles. Or 0 – 60 mph. They’re not as worried about certain causes of holes.
It’s a car analogy. The iPhone is a battery-operated, consumer device. No one expects their bank to use an iPhone to replace an expensive, dedicated Hardware Security Module.
Re: Re: There is no hole...
“exploit”..as in the exploit claimed by the fbi.
im with bamboo. it doesn’t exist.
this is gaming by the fbi so that the door doesn’t get closed on coercing a company to do something against its will. they’ll be able to take another shot at it one day.
but my guess is you’ll never hear from the fbi about the case again.
Re: Re: There is no hole...
“I suspect the “exploit” doesn’t really exist.
Then you’re a fool.”
What does that make you? The particular exploit the effabeeI is speaking of may not exist. You my foolish friend do not know for sure do you?
Re: There is no hole...
” What they REALLY just did is announce to the world that Apple’s security isn’t actually secure. It’s going to cost Apple a lot of money.”
How is this any different to all the other times vulnerabilities are found and patched in ALL phone’s (not just iPhones). Did they all cost the manufacturers a lot of money too? Why do you think this one’s so different?
I see two possible outcomes
1. The FBI breaks into iMessage and declares success. Even though they did NOT actually get control of the entire phone.
2. The FBI is unable to break iMessage but declares that in so attempting they ‘accidentally’ destroyed the phone.
Either way, this issue is now moot. No more need to order Apple to break into this phone. Thank you for playing.
Now the FBI can regroup and focus on their next attempt to get unlimited access into anyone’s phone at any time without supervision. That is what this was about, after all.
If I was Magistrate Pym, I’d be furious. This stinks of gamesmanship. If she wasn’t trying to run from this as quickly as possible, some hard questions could have been asked instead of granting the request ex parte:
Was the FBI previously aware of this approach?
Has the FBI tried this approach before?
If the FBI was previously aware, why was it not tried before filing the initial motion?
Did any government agency the FBI contacted recommend this approach before?
Why is this being tried now?
Is the party with this method a private or government entity?
If a government agency, was this one previously contacted?
If a government agency, and not contacted, why not?
Who initiated the contact with the other?
When was contact first made?
When was the offer to “hack” the iphone by the party first made?
When was the offer to “hack” the iphone accepted?
Two completely separate issues
I’m pretty sure the iMessage encryption flaw being found has nothing to do with this. It looks like the flaw in iMessage is about performing a MITM attack to decrypt the data sent between the phone and the server, not unlock the phone.
Re: Two completely separate issues
Matt Blaze tweet:
The less-sophisticated public views these technical things more fuzzily than security experts like Matt Blaze. Inevitably, large segments of the public will confuse “Chosen Ciphertext Attacks on Apple iMessage” with the FBI’s undisclosed potential method.
The timing of the two announcements may be purely coincidental. However, one should not be too quick to discount the possibility that the timing is more than fortuitous—the FBI/DoJ PR game() has been in full swing.
() Apple’s PR has been in full swing too, but while they may have been able to influence the timing of the release of the Johns Hopkins paper, it seems less likely that Apple PR alone (in the absence of collusion with DoJ) would have had the capability to influence the timing of the DoJ CDCal Motion.
Re: Re: Two completely separate issues
That may be, however there have been solutions published for weeks, including one on the ACLU website that have pointed out that Apple’s assistance wasn’t required yet the DOJ only now is claiming to have noticed that their are other options. They don’t exactly say what the option is they noticed leaving it up to the public that is paying attention to wonder and possibly be confused. The DOJ is like that though.
Wouldn’t it be nice if Apple or somebody, could somehow turn the tables and force this case onto the courts agenda, setting the proper precedent in law to keep the tri-letter, corporate-run, federal fascist ass-holes from just hiring another muslim-leaning moron or two to blow up another city, so the ass-holes could just run the same scam again later.
Dream on eh. You’d have to be in a democratic country to pull that kind of shit off.
Transcipt of Telephone Conference
United States District Court – Central District of California
In The Matter Of The Search Of An Apple iPhone Seized During The Execution Of A Search Warrant On A Black Lexus IS300, California License Plate 35KGD203
Reporter’s Transcript of Oral Proceedings
Monday, March 21, 2016, 4:00 p.m.