Apple Refuses Court Order because "Data Integrity"

Discussion in 'World News & Debates' started by Blarrg, Feb 17, 2016.

  1. Blarrg

    Blarrg Well-Known Member

    Short Background: The FBI have been attempting to get the information out of the phone of one of the San Bernardino shooters. After months of failing, Apple was ordered by the court to do the following:

    [nqb]Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

    Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.

    If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
    The order also sets out that:
    To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order.[/nqb]

    S: https://www.techdirt.com/articles/20160216/17393733617/no-judge-did-not-just-order-apple-to-break-encryption-san-bernardino-shooters-iphone-to-create-new-backdoor.shtml


    Apple have refused this action, and even made a public letter about it (full of misinformation, which I will elaborate on later). Here it is:

    [nqb]February 16, 2016 A Message to Our Customers
    The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

    This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

    The Need for Encryption
    Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

    All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

    Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

    For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

    The San Bernardino Case
    We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

    When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

    We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

    Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

    The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

    The Threat to Data Security
    Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

    In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

    The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

    The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

    We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

    A Dangerous Precedent
    Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

    The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

    The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

    Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

    We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

    While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

    Tim Cook[/nqb]

    S: http://www.apple.com/customer-letter/

    _____________________________________________________


    First, I would like to bring up the argument of encryption that Apple makes. The court order says nothing about breaking the encryption, they are asking for software that will get around having to break the encryption by getting into the phone "normally" (entering the correct passcode). Even if they wanted to, Apple would be unable to make software that "breaks" this encryption.

    People think this is some sort of huge security issue. But I'll explain why it is not. If Apple is capable of writing code over the OS that can bypass the 10 attempt data wipe security measurement, why doesn't anybody else do it? If Apple can do it, any adept developer can do it. The only limitation stopping them is that Apple has the digital signature required to overwrite the OS. So even if this software went public, it would be unusable in the hands of anybody except Apple; and even on the off chance something goes wrong, a regular consumer (who's phone got stolen by a group of salty Apple employees bent on getting their data) can easily get around this by disabling their phone through their provider and changing passwords on their relevant accounts.

    Through this public letter, Apple are attempting to seem like the "good guys" by siding with data integrity and using the ignorance of the public to try and influence the government decisions. It really is a pathetic way of going about this in all honesty (I personally don't expect much more from Apple, they thrive off abusing customers).
     
  2. Z01d

    Z01d Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    Weren't they one of the first companies with Microsoft to join the big NSA party?

    Even for US standards, asking for the golden key to everything is pretty absurd.
     
  3. Blarrg

    Blarrg Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    I wouldn't know.

    Asking for the golden key for everything is asking for Apple's digital signature, allowing the government to write anything they want onto any Apple device.

    However, this is not what is being ordered. They are simply being asked to do this to a single phone. The software to actually break it is already possible, so the government having that is no danger, they just need Apple to do it because of the required digital signature.


    Basically the FBI wants to look into a criminals mailbox, but it requires a key (which only Apple has). All the FBI wants to do is use the criminal's key to get into the mailbox; however, Apple is making it out to be that the FBI is trying to get the entire key ring to unlock all his neighbors mailboxes. This is untrue.
     
  4. TwoHourMotel

    TwoHourMotel Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    Aren't they obligated by law to comply with a police investigation? Since when do big companies care about the data of criminals? What are they trying to hide here?
     
  5. Blarrg

    Blarrg Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    According to the fourth amendment, yes. This is a search and seizure of a known criminal.

    I feel like their thought process is going one of two ways.

    1. They actually do believe this to be a public data integrity issue.

    2. They are pulling a stunt to publicize themselves, with a side effect of making government look bad.


    I don't believe they are dumb enough for number one.
     
  6. MWaser

    MWaser Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    They're pretending that they care about customer privacy for free publicity?

    Note how accordingly to what Apple states in the public letter, the FBI is ?apparently? asking Apple to create a "backdoor" software that could be used to access any phone, not just the one involved in the current investigation.
     
  7. Blarrg

    Blarrg Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    After thinking about it more another possibility is that they don't want to ruin their reputation with other countries by complying with the US government on this. This is actually a pretty reasonable excuse, but it won't bypass the law.
     
  8. r0xo

    r0xo Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    I probably don't understand what exactly it is that the government wants apple to do here but doesn't it come down to them wanting to see the communication and data on the phones?

    Cause there was a case not long ago that a murderer's phone was sent to apple to see whatsapp conversations between him and the victim that he removed.

    Isn't that the same thing that they want here?
     
  9. DrFrank_

    DrFrank_ Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    I think Apple sees this as setting a precedent they don't want to encourage. Today it's "hey look this is a terrorists cell halp us break it wheres your patriotism you sikhs" tomorrow it's "young male black citizen #345551-R9 might be in leage with them Navy Blue Jaguars, let's call USApple and have them hack the phone and go through his personal, private, constitutionaly protected messags to dig for possible connections". Don't care either way, the Govt probably already knows everything about everyone at this point.

    Also, they aren't asking Apple to hack the phone, only that they introduce a software into the phone that (a) allows them unlimited tries to unlock the phone, (b) removes the cooldown between the tries and (c) allow them to do both without the phone deleting personal data which is what's supposed to happen if you input the wrong password too many times. They are also (d) satisfied with Apple doing this in the privacy of their own HQ/offices, and then deleting the phone/software after they'e done with what the Govt has asked them to do.

    Again, it seems harmless enough but it still sets a dangerous precedent. Also, this kind of technology can end up biting legitimate interests in the ass if the wrong people get their hand on it.
     
  10. HydraLord

    HydraLord Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    Basically, a backdoor is a break or a fault into the system which only the manufacturer knows about. It's made in case of emergencies, where someone takes over your system and you need a way to take it back, so you use the backdoor which you created and only you have knowledge of. In this case, the government wants the backdoor for a legal case, but apple refuses to give it to them because they say it's to value privacy. That's kinda the gist of it.
     
  11. IHateLeavers

    IHateLeavers Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    I dont believe them. You know, this whole action could be a reward for "silent help to government". Apple gets free Adds while government gets data.
     
  12. Blarrg

    Blarrg Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    If you've committed a crime you've lost your right to privacy for the most part. If they have probable cause that breaking into your phone can reveal very useful data, then they have every right to crack your phone security.

    ---------- Post added at 06:26 PM ---------- Previous post was at 06:23 PM ----------

    If Apple can develop the software to break into a device, anybody can. If a backdoor exists, then there is already a security flaw in the phone, so was it ever safe in the first place? Technically no, the only thing that keeps it from getting cracked by a real cracker is the fact that you need Apple's digital signature to write over the OS.
     
  13. r0xo

    r0xo Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    A, thanks for the explanation. So it is more a case of the government wanting the way to access info whenever they want rather than asking Apple to reveal it when it is necessary?




    I agree with you for the most part but I won't put it beyond the US government to use it for really small "terrorist" fears. And if they can just do it whenever they please then I don't see them only doing it when they have a warrant (when I think it should be allowed). I mean look at the NSA stuff.
     
  14. HydraLord

    HydraLord Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    They get the method to spy on you, yes, but they say that it's only for a very certain case where criminals are involved and by law it's allowed for government figures and police to investigate as much as they want when it's a legal case. In my opinion, the government already spies on you 24/7 so idk why are they trying to act heroic by not cooperating with the government, like mwaser said I feel like it's just a ploy to get a better image.
     
  15. DrFrank_

    DrFrank_ Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    Maybe in Egypt or soddy ayy rub, didn't know the US was an autocracy. I could be wrong though.

    That's a pretty dumb argument. Just because fuck-uppery can happen doesn't mean you should contribute to it in the first place.
     
  16. HydraLord

    HydraLord Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    It's the law practically everywhere that in a legal case where a murder or theft has happened, then the police has full authority to investigate anything linked with the case, which in this particular case is the shooters' phones.
     
  17. dewouter

    dewouter Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    I'm generally against pro data collection against terrorism but the fbi is asking apple to make their product insecure by leaving an exploit that can be found by everyone and that's the problem if I understood it.
     
  18. mrfokker

    mrfokker Well-Known Member

    They are asking apple to give them full access to that partucular device IIUC. I am pretty sure there are backdoors anyways, and I understand why Apple wouldn't want to reveal that there are any.
     
  19. Blarrg

    Blarrg Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    No it is not. This is actually the number one argument in data security. If it can be broken into, it will be broken into. The reason it is a safe security measure is because, once again, Apple have the digital signature to write over the OS.

    The software itself is not secure, period. It is not an argument to say its secure just because nobody has developed the means of cracking it YET (and once again, if Apple's developers have the capability to, then I'm sure the government also does), anyone can develop the software that can crack it, the installation is what they (the FBI) are asking for.

    In fact, when it comes to security, you WANT people to break into your shit. Why? Because then you know its insecure, you can learn why its insecure, and you can fix it from there. People hire professional hackers to break into their shit for that reason exactly.
     
    Last edited: Feb 20, 2016
  20. HydraLord

    HydraLord Well-Known Member

    Re: Apple Refuses Court Order because "Data Integr

    The insecurity is already there. The government isn't asking apple to add anything, but to just give them the insecurity so they can get some info on the shooters.
     
    Last edited: Feb 20, 2016