FBI Hacker Says Apple Are ‘Jerks’ and ‘Evil Geniuses’ for Encrypting iPhones →

January 12, 2018 · 10:29

Lorenzo Franceschi-Bicchierai, writing for Motherboard:

On Wednesday, at the the International Conference on Cyber Security in Manhattan, FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues’ investigative work harder. For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

I’m glad his work is made harder and I can’t help but wonder what smartphone he uses privately and if he would want it to be unencrypted.

New Bill Would Require Companies to Decrypt Data on Demand →

April 10, 2016 · 13:00

Russell Brandom:

If the bill becomes law, Apple and other companies will have a much harder time resisting similar legal demands. Essentially any hard encryption — that is, encryption that cannot be broken by the company providing it — would be in violation of the proposed measures, presenting a massive problem for a broad range of tech companies.

I did not expect to see a bill this quickly. Quite frankly, I expected people to be intelligent and not even try to pass this sort of garbage.

My bad.

WhatsApp Just Switched on Encryption →

April 6, 2016 · 21:24

Cade Metz:

This means that if any group of people uses the latest version of WhatsApp—whether that group spans two people or ten—the service will encrypt all messages, phone calls, photos, and videos moving among them. And that’s true on any phone that runs the app, from iPhones to Android phones to Windows phones to old school Nokia flip phones. With end-to-end encryption in place, not even WhatsApp’s employees can read the data that’s sent across its network. In other words, WhatsApp has no way of complying with a court order demanding access to the content of any message, phone call, photo, or video traveling through its service. Like Apple, WhatsApp is, in practice, stonewalling the federal government, but it’s doing so on a larger front—one that spans roughly a billion devices.

I can’t help but wonder if/when encryption will be illegal in the United States, UK, and France — these three countries seem to be the ones who want it gone most. It should of course never come to that. And I truly hope it doesn’t.

Also: Wired’s title is completely baffling. We should never forget about the Apple vs. FBI kerfuffle.

Apple’s Statement on Closing of the San Bernardino Case →

March 29, 2016 · 07:20

Rene Ritchie posted Apple’s statement on iMore:

From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.

We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.

Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.

This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion.

Though this particular case is over, the war goes on, and I’m certain this issue will appear in the news sooner or later.

Apple’s San Bernardino Fight Is Over as FBI Gains Access to iPhone →

March 29, 2016 · 05:52

Russell Brandom:

After months of work, the FBI finally has a way into the San Bernardino iPhone. In a court filing today, prosecutors told the court the new method for breaking into the phone is sound, and Apple’s assistance is no longer required. “The government has now successfully accessed the data stored on Farook’s iPhone,” the filing reads, “and therefore no longer requires assistance from Apple.” The filing provides no further details on the nature of the new method. Still, the result effectively finishes the court fight that has consumed Apple since February.

Question is: will they now go after Congress to ban encryption, or try to weaken it by law?

Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist →

March 18, 2016 · 19:07

John Markoff, Katie Benner & Brian X. Chen:

Apple employees are already discussing what they will do if ordered to help law enforcement authorities. Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created, according to more than a half-dozen current and former Apple employees.

Among those interviewed were Apple engineers who are involved in the development of mobile products and security, as well as former security engineers and executives.

I can’t help but wonder how far this will go.

Facebook, Google and WhatsApp Plan to Increase Encryption of User Data →

March 14, 2016 · 20:38

Danny Yadron:

Silicon Valley’s leading companies – including Facebook, Google and Snapchat – are working on their own increased privacy technology as Apple fights the US government over encryption, the Guardian has learned.

The projects could antagonize authorities just as much as Apple’s more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.

Within weeks, Facebook’s messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool.

Snapchat, the popular ephemeral messaging service, is also working on a secure messaging system and Google is exploring extra uses for the technology behind a long-in-the-works encrypted email project.

At this point in time I would like to see more action from the other tech companies — this is obviously a delicate situation, but too much is at stake.

The Sequel to the Crypto Wars →

March 14, 2016 · 20:13

Steven Levy:

As with the first round of the crypto wars, the stakes could not be higher. Once again, the government is seeking to control that genie first released by Diffie and Hellman. But the physics of computer security have not changed. Last July, a panel of fifteen eminent security specialists and cryptographers — many of whom are veterans of the first crypto war — released a report confirming there was no way for the government to demand a means of bypassing encryption without a dire compromise of security. It just doesn’t work.

There is no middle ground.

Barack Obama: ‘Smartphones Can’t Be Allowed to Be Black Boxes’ →

March 13, 2016 · 10:38

Justin Sink:

President Barack Obama said Friday that smartphones — like the iPhone the FBI is trying to force Apple Inc. to help it hack — can’t be allowed to be “black boxes,” inaccessible to the government. The technology industry, he said, should work with the government instead of leaving the issue to Congress.

“You cannot take an absolutist view on this,” Obama said at the South by Southwest festival in Austin, Texas. “If your argument is strong encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value.”

I’m disappointed in Obama. I also don’t think he knows exactly what he’s talking about.

Warrant-Proof Places →

March 13, 2016 · 10:13

Jonathan Zdziarski:

We, as everyday Americans, should also encourage the idea of warrant proof places. The DOJ believes, quite erroneously, that the Fourth Amendment gives them the right to any evidence or information they desire with a warrant. The Bill of Rights did not grant rights to the government; it protected the rights of Americans from the overreach that was expected to come from government. Our most intimate thoughts, our private conversations, our ideas, our -intent- are all things our phone tracks. These are concepts that must remain private (if we choose to protect them) for any functioning free society. In today’s technological landscape, we are no longer giving up just our current or future activity under warrant, but for the first time in history, making potentially years of our life retroactively searchable by law enforcement. Things are recorded in ways today that no one would have imagined, even when CALEA was passed. The capability that DOJ is asserting is that our very lives and identities – going back across years – are subject to search. The Constitution never permitted this.

Craig Federighi on iOS Security for the Washington Post →

March 7, 2016 · 09:57

Craig Federighi:

Security is an endless race — one that you can lead but never decisively win. Yesterday’s best defenses cannot fend off the attacks of today or tomorrow. Software innovations of the future will depend on the foundation of strong device security. We cannot afford to fall behind those who would exploit technology in order to cause chaos. To slow our pace, or reverse our progress, puts everyone at risk.

This is not just about protecting the data on our phones. This is about keeping all of our lives and data private, which we store on miniature computers in our pockets.

FBI & DA Misleading Courts and Public for their Own Agenda →

March 6, 2016 · 10:53

Brandon Bailey:

But the idea that Farook might have used the phone to transmit a “lying-dormant cyber pathogen” into county data systems is a new one. Ramos’ office, however, cited it in a court filing Thursday among several other reasons to support the government’s position.

“This was a county employee that murdered 14 people and injured 22,” Ramos said. “Did he use the county’s infrastructure? Did he hack into that infrastructure? I don’t know. In order for me to really put that issue to rest, there is one piece of evidence that would absolutely let us know that, and that would be the iPhone.”

The argument drew condemnation from one software expert who has signed a brief in support of Apple’s position.

“Ramos’s statements are not only misleading to the court, but amount to blatant fear mongering,” independent software researcher Jonathan Zdziarski wrote in a post on his personal blog .

Other security experts who haven’t taken sides also discounted the scenario. “It’s definitely possible, technically, but it doesn’t seem to me at first glance to be likely,” said David Meltzer, a computer security expert and chief research officer at Tripwire, a commercial IT security firm. He said Apple’s iPhone operating system is a relatively closed environment that’s designed so users can’t easily introduce their own programs.

Ramos, meanwhile, said he’d heard about social media posts that mocked the term “cyber pathogen,” which is not generally used by tech experts. “When they do that,” he said, “they’re mocking the victims of this crime, of this horrible terrorist attack.”

Using the victims of a terrorist attack to further their own agenda however, that’s much worse.

Apple Files Motion to Vacate the Court Order to Force It to Unlock iPhone →

February 26, 2016 · 01:04

Matthew Panzarino:

Apple’s reasoning in the brief rests on three pillars. First, that forcing Apple to write code that weakens its devices and the security of its customers constitutes a violation of free speech as protected by the Constitution.

Second, that the burden the FBI is putting on it by requesting that Apple write the software and assist in unlocking the device is too large. Apple argues that it would have to create the new version of iOS, called GovtOS, which requires coding, signing, verification and testing. It would then have to create an FBI forensics laboratory on site at its headquarters and staff it. The burden would then extend to what Apple views is the inevitable onslaught of additional devices that would follow after the precedent was set.

In addition to free speech, Apple argues that the Fifth Amendment’s Due Process clause prohibits the government from compelling Apple to create the new version of iOS. Apple argues that there is no court precedent for forcing a company to create something new, like GovtOS.

“But compelling minimal assistance to surveil or apprehend a criminal (as in most of the cases the government cites), or demanding testimony or production of things that already exist (akin to exercising subpoena power), is vastly different, and significantly less intrusive, than conscripting a private company to create something entirely new and dangerous. There is simply no parallel or precedent for it,” reads the filing.

Maricopa County Attorney’s Office Will Discontinue Providing iPhones for Employees →

February 25, 2016 · 15:59

Maricopa County Attorney’s Office:

Effective immediately, the Maricopa County Attorney’s Office will discontinue providing iPhones as option for replacements or upgrades for existing employees. Maricopa County Attorney Bill Montgomery announced the decision today, first communicated to applicable staff on Sunday, February 21, citing Apple’s recent refusal to cooperate in unlocking an encrypted iPhone used by individuals involved in the recent San Bernardino shootings.

“Apple’s refusal to cooperate with a legitimate law enforcement investigation to unlock a phone used by terrorists puts Apple on the side of terrorists instead of on the side of public safety,” Montgomery said. “Positioning their refusal to cooperate as having anything to do with privacy interests is a corporate PR stunt and ignores the 4th Amendment protections afforded by our Constitution.”

There are currently 564 smartphones deployed throughout the office, 366 of which are iPhones.

This just gets better and better.

How Is the Public Supposed to Understand Apple’s Fight for Privacy
if the Reporters Themselves Don’t Have a Grasp on the Issue? →

February 23, 2016 · 15:37

William J. Bratton and John J. Miller:

The phone in the San Bernardino case stopped uploading data to the cloud about six weeks before the killings. That suggests there may be information inside the device that was deliberately concealed. That could include the identities of terrorists who influenced or directed the attack; such information, if pursued, could prevent future plots. Or the iPhone might contain nothing of value. It is Apple’s position that we should never know.

The phone could also contain the plans of the Death Star, but since the FBI screwed this up, we might not ever find out if they’re on there.

Justice Department Wants to Force Apple to Unlock a Dozen More iPhones →

February 23, 2016 · 15:29

Devlin Barrett:

The Justice Department is pursuing court orders to force Apple Inc. to help investigators extract data from iPhones in about a dozen undisclosed cases around the country, in disputes similar to the current battle over a terrorist’s locked phone, according to people familiar with the matter.

The other phones are at issue in cases where prosecutors have sought, as in the San Bernardino, Calif., terror case, to use an 18th-century law called the All Writs Act to compel the company to help them bypass the passcode security feature of phones that may hold evidence, these people said.

The specifics of the roughly dozen cases haven’t been disclosed publicly, but they don’t involve terrorism charges, these people said.

This is going to get a whole of a lot uglier before it gets better. If it gets better.

How the FBI Fumbled the Ball →

February 20, 2016 · 23:52

John Paczkowski:

The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn’t happened, Apple said, a backup of the information the government was seeking may have been accessible.

The FBI has claimed that the password was changed by someone at the San Bernardino Health Department. Friday night, however, things took a further turn when the San Bernardino County’s official Twitter account stated, “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”

This is either ridiculous or planned. I’m thinking they should know what they’re doing, so the latter seems a better fit. Especially since the iPhone in question has probably little to no relevant information.

The FBI Is Going All in →

February 20, 2016 · 03:26

Katie Benner and Nicole Perlroth:

Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity. The result was the letter that Mr. Cook signed on Tuesday, where he argued that it set a “dangerous precedent” for a company to be forced to build tools for the government that weaken security.

Like I said a few days ago, the FBI most probably doesn’t care about Farook’s phone. They’re all in for getting access to all iPhones.

Nobody Apart From the FBI Has Ever Asked This of Apple →

February 20, 2016 · 03:03

Matthew Panzarino:

The Apple executive also noted that no other government in the world — including China — has ever asked it to perform the kind of iPhone cracking that the FBI is asking it to do. But, if it were to comply, those requests would surely not be far behind.

This is going to get a whole lot worse before it gets better. I am starting to wonder if the US will not actually make ‘unbreakable’ encryption illegal, to solve all their headaches.

Compromising Apple →

February 20, 2016 · 02:56

Jonathan Zdziarski:

Not only is Apple being ordered to compromise their own devices; they’re being ordered to give that golden key to the government, in a very roundabout sneaky way. What FBI has requested will inevitably force Apple’s methods out into the open, where they can be ingested by government agencies looking to do the same thing. They will also be exposed to private forensics companies, who are notorious for reverse engineering and stealing other people’s intellectual property. Should Apple comply in providing a tool, it will inevitably end up abused and in the wrong hands.

‘Go Away’ →

February 18, 2016 · 02:20

Matthew Panzarino:

If I had to bet, Apple is probably working double time to lock it down even tighter. Its reply to the next order of this type is likely to be two words long. You pick the two.

Despite my being delicate in the title, I assume that Panzer had two entirely different words in mind.

Speculation on Whether the Secure Enclave Is Secure →

February 18, 2016 · 02:17

Dan Guido :

I initially speculated that the private data stored within the SE was erased on update but I now believe this is not true. After all, Apple has updated the SE with increased delays between passcode attempts and no phones were wiped. In all honestly, only Apple knows the exact details.

A lot of ideas have been thrown out there over the past few hours. I wonder what the next few will bring — this is all extremely interesting.