I'm surprised there's no thread on this as it seems we're on the threshold of an incredibly important event. Congress seems like it's asleep at the wheel wrt to legislation on technology. Encryption, drones, 3-D printing, robotics, data mining, etc. This idea that law enforcement, even with a warrant from a judge, can't search something is pretty troubling to me. Poll coming. Interesting article. THE APPLE-FBI FIGHT ISN’T ABOUT PRIVACY VS. SECURITY. DON’T BE MISLED http://www.wired.com/2016/02/apple-fbi-privacy-security/ Throughout the ongoing fight between Apple and the FBI over custom access to an iPhone used by one of the two terrorists who killed 14 people in San Bernardino, the government has framed the argument as a simple trade-off: You must surrender a little privacy if you want more security. The scales don’t balance quite so neatly, though; there’s nothing secure about giving the FBI their way. Still, it’s been an effective way for the government to win over the public, on its way to trying to win over the courts. FBI director James Comey most recently pushed the dichotomy in an op-ed for Lawfare. “We have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety,” he writes. “That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living.” It also should not be framed as an absolute. Doing so presents the issue to the American public in a way that makes the FBI’s request palatable while obfuscating the potentially dangerous precedent it would represent. Added Insecurities The case against the FBI’s insistence that it is not asking for all that much has been made repeatedly, both here and elsewhere. In fact, a team of researchers offered a version of it last year when they published the prescient paper “Keys Under Doormats.” [.pdf] “As computer scientists with extensive security and systems experience, we believe that law enforcement has failed to account for the risks inherent in exceptional access systems,” the group wrote in July. The risks of that type of backdoor include adding complexity to an already intricate system that’s difficult keep secure, and the impossibility of creating access that would be used solely by the FBI. Any backdoor accessible to law enforcement can and also would be used by a hacker for any number of nefarious reasons. “It would be great if we could make a backdoor that only the FBI could walk through,” says Nate Cardozo, an attorney with the Electronic Frontier Foundation. “But that doesn’t exist. And literally every single mathematician, cryptographer, and computer scientist who’s looked at it has agreed.” The current Apple case doesn’t involve a backdoor in the traditional sense. The FBI is asking Apple to create a tool that would circumvent a feature that deletes all of the information on the phone after 10 failed password attempts. “We don’t want to break anyone’s encryption or set a master key loose on the land,” Comey wrote. But the authority it would grant the FBI could be used again across a range of scenarios that weaken our privacy, sure, but our security as well. “The precedent isn’t that they unlock one phone,” says Jake Williams, CEO of Rendition Infosec. “There’s no reason down the road they can’t go to Microsoft, or anyone else, for that matter, to create some intentionally vulnerable applications.” In the scenario Williams envisions, the FBI could force Microsoft to send out a malicious Windows update to any machine connected to a specific IP address, like the Wi-Fi at a coffee shop. In truth, you don’t need to look as far ahead as that. In a newly unsealed court brief, Apple lawyer Marc Zwillinger reveals that the company has challenged at least a dozen recent FBI requests to unlock iPhones by various means. In some cases, Apple could extract the requested data without creating a new tool. In four instances cited in the brief, though, the iPhones in question run iOS 8 or later, the operating system a new tool would be designed to circumvent. Not only, therefore, is this not just about “this one phone,” as the FBI has insisted. It’s not even about hypothetical future cases. The ruling, or at least the precedent it sets, could assist the government in at least four instances Apple is currently fighting. It also could apply beyond our borders, in countries with far governments that might have even more nefarious things in mind. “If China [today] demanded that Apple put in a backdoor, Apple would say no,” says Cardozo, adding that the company could threaten to pull its products from the market, creating a public relations nightmare for the Chinese government. “That equation changes once Apple accedes to an FBI order. If the FBI can compel Apple to do it, and it’s publicly known that Apple has given the FBI this key, then China has a very different calculus … The PR around a Chinese demand gets a lot better for China, and a whole hell of a lot worse for Apple.” And increasingly, it’s the PR that matters. Massaging the Message What’s important to understand about the San Bernadino iPhone case is that its very existence is a public relations maneuver. “The FBI chose this case very, very carefully,” says Cardozo, who argues that law enforcement sees it as the “perfect case” for litigating the issue in the absence of backdoor-friendly legislation from President Obama and Congress. That it’s a terrorism case, in particular, spurs sympathies to align with law enforcement, regardless of how much benefit the FBI would actually get from the access it has requested. “I think if the FBI said hey, we want to architect backdoors into devices so that we can get access to whatever we need, whenever we need it—need being a relative term there—I think the public in general would not be for that,” says Williams. So far, buoyed by the specter of terrorism and the false duality of privacy and security, the public in general is buying what the FBI is selling. A recent Pew Research poll found that 51 percent of Americans think Apple “Should unlock the iPhone to assist the ongoing FBI investigation,” while 38 percent say Apple should not. (The rest had no opinion.) Even the survey itself shows how effective the FBI’s messaging has been. Apple is not being asked to unlock an iPhone; it’s being asked to create software that would help the FBI unlock it. After which, there’s every reason to expect Apple and every other tech company will be asked to create more software that could be used to diminish even more civil liberties. At the same time, the FBI has managed to attack Apple’s posture of altruism, saying in a recent court filing that the company’s resistance was rooted in “its concern for its business model and public brand marketing strategy,” not larger security concerns. It’s an odd construction in that it assumes the two are mutually exclusive. Security has long been part of Apple’s sales pitch, but that doesn’t diminish its importance. For its part, Apple has posted both a strident defense of its opposition and an FAQ for customers, which reiterate largely the same points: That compliance would open the door to a host of security and privacy oversteps. It has also reached out directly to the press, both to clarify its position and embarrass its opponent. In many ways, Apple’s is the tougher sell, because the way computer security works means that it has to be absolute. Any precedent that says a company can be compelled to weaken its security will have injurious consequences, full stop. There are no shades of grey, no matter what politicians and law enforcement might suggest. “You hear over and over and over again, from the pro-backdoor camp, that we need to strike a balance, we need to find a compromise,” says Cardozo. “That doesn’t work. Math doesn’t work like that. Computer security doesn’t work like that … It’s kind of like climate change. There are entrenched political interests on one side of a ‘debate,’ and on the other side is the unanimous scientific and technical community.” The Void of Legislation Ultimately, the reason this debate is happening at all is that there’s no legislative guidance around encryption. The All Writs Act that the FBI has cited dates to 1798, and even the most recent supporting precedent dates to 1977. Until Congress acts, the FBI will continue to attempt to gain access through the courts. “These issues will be decided in Congress,” Bill Gates said in a recent Bloomberg TV interview, attempting to clarify previous comments that had been wrongly interpreted as him favoring the FBI. “You don’t want to just take the minute after a terrorist event and swing that direction, nor do you want to swing away from government access when you get some abuse being revealed. You want to strike that balance.” That resolution may be forthcoming. In an open letter to Comey today, US Representative Ted Lieu, a California Democrat, asked that the FBI withdraw its case in favor of letting the legislative branch do its job. “We should all take a breath and talk to each other,” he writes, echoing Comey’s call that Americans “take a deep breath” about the debate, “rather than use a lawsuit to circumvent the critical and necessary policy discussions.” Lieu, one of four sitting federal lawmakers with a computer science degree, has dabbled in encryption legislation before, having recently proposed a bill that would preempt states from haphazardly passing their own anti-encryption laws. At the time, he was hesitant about introducing legislation that would have a broader impact, but his stance appears to have possibly evolved. “The precedent set in this case would essentially enact a policy proposal to weaken encryption that has not yet gained traction in Congress and was previously rejected by the White House,” says Lieu. “Let Congress, stakeholders, and the American people debate and resolve these difficult issues, not unelected judges based on conflicting interpretations of a law passed 87 years before Alexander Graham Bell invented the telephone.” And when those debates do happen, let’s also make sure they’re not framed by misleading dichotomies like “privacy versus security.” We can’t give up one without presenting a grave threat to the other.
Why? The Idea that the Government can pry and control every minute aspect of your life is troubling to me. Basically . . .you saying you trust the government more than the average man. Once one part of government has it . . . . it will poliferate I do not trust government like that I don't trust corporations like that either Once they give the lpower to the local PD/State Pd/Every law enforcement agency and agent . . . You trust they will NEVER use if illegally or more often improperly? No! I don't trust them like that Knowledge and information is the currency of the new millineum He who controls it. . .will control the world Rocket River
Law enforcement and government is severely behind in technology. There is a need for established protocols for government to lawfully get what they need without risk of breaching security. Prior to that, I reluntantly side with Apple for this case. Potential impact is too great.
The judicial system is supposed to be the check on law enforcement. If you don't believe a judge can authorize a search based on the evidence presented to him (in this case a terrorist attack with many people dead) then what on earth do you believe? That's how our government is supposed to work.
Cops violate . . . go around . . . . and bend the law all the time 'TO GET THEIR MAN' or 'FEAR FOR THEIR LIVES' or 'IT WAS INCONVIENT TO DO IT THE RIGHT WAY' So no . . . .Our Government is not suppose to poison thousands of people in Michigan . .. but it did! It's suppose to protect the people but it more protects itself and if it needs a human shield . .well THE PEOPLE will serve Rocket River
I'm with Apple too, this could be a huge mess (maybe not in this one case, but if security is circumvented it'll make it easier for others via backdoor), and a lot more easy (than it already is) for the gov/police to overstep their boundaries anytime they want.
I agree with you that there need to be criminal consequences for these type things you've mentioned but I think this is a different issue.
The issue is right now apple might not even be able to decrypt it, I mean unless they force some update on it (I mean if encryption was done right)... But in doing so it will weaken their security if it falls into the wrong hands. Which with the leaks that have happened at companies would make it highly likely.
I think the biggest problem is that while we have faith our judicial system is working properly and Apple should abide the order, Apple and other tech companies get these kinds of requests (and worse) from places where the courts are very corrupt. Once Apple is forced to acquiesce, expect Chinese and Russian courts to also issue "legal" orders to insert back doors, decrease encryption protection, or worse. I really think that is what Apple is fighting: the precedent. It could be that they are protecting the element they use to distinguish themselves from Facebook and Google, privacy, but I think this is really just Cook knowing what comes next from China and Russia, once they install a software update facilitating the brute force decryption.
They don't have to decrypt it. What the FBI want Apple to do is to do an update to the OS the removes the automatic wipe after several password attempts. That way they could brute force unlock the phone. Apple could totally do it but why should they legally have to.
I don't think that there is a reasonable expectation of security when it comes to using cell phones so in this instance I side with the FBI. So long as they get a warrant, they should be able to recover that information.
The issue is more about how the fbi wants the update. They want apple to give them the update so they can do what they want with it. In other words, it can be used on other phones. They aren't willing to give the phone to apple so they can unlock it for the fbi.
I don't think any gov't should be able to force Apple to create a key or backdoor that they can use to access phones. I do think that the gov't can and should get the data de-encrypted on the phone to assist with a criminal investigation. Apple should decrypt the data on the phone and hand the data and nothing else over to the gov't. Whatever means used to do that should be destroyed by Apple. The gov't should foot the bill for it too
When, Where and on what. . . is there a 'reasonable expectation' of privacy for you? In your closet in the corner hunched down with a sheet over your head. Just because something is 'easy' to breach doesn't mean you should breach it Rocket River
I think you have a reasonable expectation of privacy in very few instances if you are a suspect in a crime and there is a proper warrant. I don't see why anyone should expect information on a cell phone or computer would be private. Conversations with clergy or shrinks, maybe. Now if there was no warrant, then that changes things drastically. It's like phone tapping, if you have the proper warrant for it, then rock on, if you just do random wire tapping then that's wrong.
Right, I guess what I meant is once you circumvent the system and allow automated password attempts that don't trip the counter (via brute force etc) it basically makes the encryption useless.
I don't see this. The U.S. can't be held hostage by the fact there are bad actors in other countries. If Apple doesn't want to be held to the standard of our laws then they shouldn'the sell their phones here.
