Wednesday, February 17, 2016
A California Magistrate has issued an "Order Compelling Apple, Inc. to Assist Agents in Search" exactly as requested by the government, with the exception of the word "Proposed" crossed off in Order's title, that requires Apple to provide "reasonable technical assistance in obtaining access to data on the subject device." The subject device is an Apple iPhone seized from a black Lexus; this is the black Lexus that was driven by the so-called "San Bernardino shooters." The government's motion explains some of the technology involved and argues that the All Writs Act, 28 USC §1651, authorizes the Order.
The Order specifies that the "reasonable technical assistance" shall accomplish these functions:
- (1) it will bypass or disable the auto-erase function whether or not it has been enabled;
- (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE; and
- (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Apple is resisting the Order. In an "open letter" to customers, the CEO of Apple has stated:
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
Over at ars technica, Dan Goodin argues:
It would be one thing for the court to order Apple to brute force this one device and turn over the data stored on it. It's altogether something else to require that Apple turn over powerful exploit software and claim that whatever digital locks are included can't be undone by a determined adversary. That's why it's no exaggeration for Cook to call Tuesday's order chilling and to warn that its prospects for abuse of such a backdoor are high.
Although the Order is directed at one "subject device," Apple's compliance with the Order would make all our devices subject to government search.
Courts and Judging, Criminal Procedure, Current Affairs, First Amendment, Fourth Amendment, Privacy, Web/Tech | Permalink
I don't know the specifics of the security features of this particular phone. but I know how they could be done that would make it impossible to comply with the court order, discussed next.
There is an old maxim of law: Lex non intendit aliquid impossibile. The law intends not anything impossible. 12 Co. 89. What the FBI is demanding is essentially impossible, not perhaps theoretically, but practically, at a reasonable cost. It is clear that that is not understood by the FBI or by the judge.
Once a strong keypair is generated, which is done by hardcoded algorithms, the cyphertext produced is essentially unhackable. The user passcode is not part of that strong keypair generation. The codes in a keypair are deleted after each conversation. The passcode provides access to use the local member of a current keypair, but not to past, deleted ones. About he only way to install a back door would be to install circuitry that would save every keypair used, and that would need to be done on both phones, if both used the same algorithm. Having only one phone wouldn't help. Knowing one key of a keypair doesn't enable finding the other. It is essentially impossible to recover past-used keypairs. That would require the reengineering of every phone sold, and a cottage industry of making phones secure by removing the key-capture circuitry. It is too late to try to put a back door in a single existing phone.
Other than refusing to try to help the feds, Tim Cook needs to explain the theoretical constraints, and why it is too late to recover conversations from a particular phone. They are not stored there. He should agree to cooperate and then report it impossible.
Posted by: Jon Roland | Feb 18, 2016 9:49:33 PM