Tim Cook Opposes Order for Apple to Unlock iPhone

Discussion in 'General Discussion' started by Garand69, Feb 17, 2016.


  1. Garand69

    Garand69 Monkey++

    I have never been an "Apple" person, but their steadfastness regarding the security of their customers may win me over.

    Tim Cook Opposes Order for Apple to Unlock iPhone, Setting Up Showdown
    By KATIE BENNER and ERIC LICHTBLAUFEB. 17, 2016


    "SAN FRANCISCO —Apple said on Wednesday that it would oppose and challenge a federal court order to help the F.B.I.unlock an iPhone used by one of the two attackers who killed 14 people in San Bernardino, Calif., in December.

    On Tuesday, in a significant victory for the government, Magistrate Judge Sheri Pym of the Federal District Court for the District of Central California ordered Apple to bypass security functions on an iPhone 5c used by Syed Rizwan Farook, who was killed by the police along with his wife, Tashfeen Malik, after they attacked Mr. Farook’s co-workers at a holiday gathering."


    YMMV

     
    Altoidfishfins likes this.
  2. AD1

    AD1 Monkey+++

    I disagree with them stonewalling.

    They have a court order, its a know terrorist case.

    Develop the sofware, crack the phone but DONT give the FEDS access to the source code. Keep it in house.
     
    T. Riley likes this.
  3. Garand69

    Garand69 Monkey++

    It is sort of an ISH kinda thing for me. The definition of Terrorist in the legal system is always defined by the government. If the Federal gov was not completely asleep at the wheel and knocked off their PC B.S and did their job it would have never happened. They are too busy watching Patriots (whom they also refer to as Terrorists) to bother with the islamic threat standing in front of their faces.

    YMMV
     
    Ganado, Altoidfishfins and AD1 like this.
  4. melbo

    melbo Hunter Gatherer Administrator Founding Member

    A Message to Our Customers
    The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

    This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

    The Need for Encryption
    Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

    All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

    Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

    For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

    The San Bernardino Case
    We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

    When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

    We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

    Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

    The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

    The Threat to Data Security
    Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

    In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

    The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

    The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

    We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

    A Dangerous Precedent
    Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

    The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

    The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

    Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

    We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

    While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

    Tim Cook
    Customer Letter - Apple
     
    Garand69 and Motomom34 like this.
  5. Jeff Brackett

    Jeff Brackett Monkey+++

    Gotta admit, I'm a little surprised that the gooberment doesn't already have a backdoor in.
     
    Altoidfishfins likes this.
  6. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Not even Apple can see/read 'apple to apple' messages or video calls since they are end to end encrypted by the devices themselves.
     
    Gator 45/70, Garand69 and Dunerunner like this.
  7. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Apple will tie up the Feds, in Court for the next Century, on this deal.... They have the Money and the LawDogs, to do it, and so far have the Corporate Will, to do so.... They will take it all the way to SCOTUS if need be..... and if they should lose there, if will be so far down the road, that any Data the FEDs get, will be so dated, as to be useless....
     
  8. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    and Apple designed the IOS system, so that the Encryption Keys NEVER leave the Phone, and are never stored ANYWHERE, off the device.... What the FBI wants them to do is have there Engineers, Disassemble the Phone, then Write and install NEW Firmware, on that Single Phone, that would allow the FBI to input the 4 or 6 digit Security Code, via computer, and in the new Firmware, the 10 Wrong Input/Data Wipe, Security Routine would be eliminated.... so as to make the device easier to Brute Force the Security Code, that locks the Phone.... Apple will tie up the FEDs in court for the Next Century, and take it all the way to SCOTUS if need be.... They have the Money, the LawDogs, and apparently the corporate Will to do so.... Good for them.... and Hurrah for Personal Privacy....
    Remember, if they can do it to THEM, they can do it to YOU....
     
  9. Jeff Brackett

    Jeff Brackett Monkey+++

    I understand. And don't get me wrong, I'm VERY happy that this appears to be the case. It's just that my cynicism and distrust of the government is so strong that I was honestly surprised.
     
    Dont, Seepalaces and Altoidfishfins like this.
  10. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    So were many of us Jeff, but Steve Jobs, was a Privacy Nut, and his spirit still is leading Apple....
     
  11. Garand69

    Garand69 Monkey++

    Exactly. They know everyphone in use in the area during those "missing minutes" , wasting time here is pointless.
     
    Seepalaces likes this.
  12. Tikka

    Tikka Monkey+++

    Ditto.

    Apple should offer to retrieve the data and put in on a CD and give it to them. That would not share Apple's propitiatory codes; nor show the Fed how to do it themselves. Apple cooperates with the court order yet shares nothing other than what the court order decrees.
     
    T. Riley, Seepalaces and AD1 like this.
  13. Garand69

    Garand69 Monkey++

    While I am not a gadget guru, I beleive the issue is that there is no back door at all, not simply a case of witholding the key....

    From the article--

    Why can't Apple decrypt your iPhone?

    "Which leads to the following question? How does Apple avoid holding a backdoor signing key that allows them to extract the UID from the Secure Enclave?

    It seems to me that there are a few possible ways forward here.

    1. No software can extract the UID. Apple's documentation even claims that this is the case; that software can only see the output of encrypting something with UID, not the UID itself. The problem with this explanation is that it isn't really clear that this guarantee covers malicious Secure Enclave firmware written and signed by Apple.

      Update 10/4: Comex and others (who have forgotten more about iPhone internals than I've ever known) confirm that #1 is the right answer. The UID appears to be connected to the AES circuitry by a dedicated path, so software can set it as a key, but never extract it. Moreover this appears to be the same for both the Secure Enclave and older pre-A7 chips. So ignore options 2-4 below.
    2. Apple does have the ability to extract UIDs. But they don't consider this a backdoor, even though access to the UID should dramatically decrease the time required to crack the password. In that case, your only defense is a strong password.
    3. Apple doesn't allow firmware updates to the Secure Enclave firmware period. This would be awkward and limiting, but it would let them keep their customer promise re: being unable to assist law enforcement in unlocking phones.
    4. Apple has built a nuclear option. In other words, the Secure Enclave allows firmware updates -- but before doing so, the Secure Enclave will first destroy intermediate keys. Firmware updates are still possible, but if/when a firmware update is requested, you lose access to all data currently on the device.
    All of these are valid answers. In general, it seems reasonable to hope that the answer is #1. But unfortunately this level of detail isn't present in the Apple documentation, so for the moment we just have to cross our fingers."
     
    Seepalaces likes this.
  14. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    This will not work. It breaks the chain of evidence.
     
    Seepalaces and Garand69 like this.
  15. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    I do not use apple products. But I applaud this action. People use Thier phones as an extention of themselves, taking, notes, pics, numbers, data, and it is private. Raw data used to make decisions, plans, emails, texts ,it is a memory bank for the individual.
    In my opinion, forcing the use of your phone's data, is a form of self prosecution. I believe it should be covered under the 5th amendment.
     
    Garand69, Dont, Seepalaces and 3 others like this.
  16. Dunerunner

    Dunerunner Brewery Monkey Moderator

    As I understand the technology, Face time is (Apple's Skype) has even heavier encryption...
     
    Seepalaces likes this.
  17. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Yes, the FaceTime and Messages App is end to end Encrypted with the Keys held and negotiate is real time, for each session, and when that session is over the Keys are BIT Erased from Ram, in each device, so there is NEVER any chance of a reuse of an previously used Key. The Key is a derivative of the iDevice's Master Key, that is used to Lock and Encrypt the entire contents of the iDevice, and that Key is NEVER Transmitted, or never Leaves the iDevice itself....
     
    Garand69, Seepalaces and Dunerunner like this.
  18. Tikka

    Tikka Monkey+++

    I guess I should have stayed at the Holiday Inn Express. ;)

    After quite a few events; I have lost trust in the FBI and others not to abuse their powers.
     
    Dont and Seepalaces like this.
  19. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    I believe abuse of power is a factor anytime there IS power.
     
    Seepalaces likes this.
  20. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Threads merged (Mine into this one)

    See below iOS 9.0 Security Guide
     

    Attached Files:

    Garand69 and Seepalaces like this.
  1. CraftyMofo
  2. Ganado
  3. HK_User
  4. Motomom34
  5. Motomom34
  6. Motomom34
  7. BelBol
  8. Bishop
  9. Yard Dart
  10. Asia-Off-Grid
  11. Yard Dart
  12. Seacowboys
  13. oil pan 4
  14. Thunder5Ranch
  15. Eagle's Nest
  16. arleigh
  17. GOG
  18. Airtime
  19. Yard Dart
  20. GhostX
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7