Lorenzo Franceschi-Bicchierai, writing for Motherboard:
On Wednesday, at the the International Conference on Cyber Security in Manhattan, FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues’ investigative work harder. For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.
I’m glad his work is made harder and I can’t help but wonder what smartphone he uses privately and if he would want it to be unencrypted.
If the bill becomes law, Apple and other companies will have a much harder time resisting similar legal demands. Essentially any hard encryption — that is, encryption that cannot be broken by the company providing it — would be in violation of the proposed measures, presenting a massive problem for a broad range of tech companies.
I did not expect to see a bill this quickly. Quite frankly, I expected people to be intelligent and not even try to pass this sort of garbage.
This means that if any group of people uses the latest version of WhatsApp—whether that group spans two people or ten—the service will encrypt all messages, phone calls, photos, and videos moving among them. And that’s true on any phone that runs the app, from iPhones to Android phones to Windows phones to old school Nokia flip phones. With end-to-end encryption in place, not even WhatsApp’s employees can read the data that’s sent across its network. In other words, WhatsApp has no way of complying with a court order demanding access to the content of any message, phone call, photo, or video traveling through its service. Like Apple, WhatsApp is, in practice, stonewalling the federal government, but it’s doing so on a larger front—one that spans roughly a billion devices.
I can’t help but wonder if/when encryption will be illegal in the United States, UK, and France — these three countries seem to be the ones who want it gone most. It should of course never come to that. And I truly hope it doesn’t.
Also: Wired’s title is completely baffling. We should never forget about the Apple vs. FBI kerfuffle.
Paweł Jońca is an amazingly talented illustrator. He creates one comic every month for our iMagazine (it’s in Polish), and usually publishes them online too. This month’s creation is absolutely epic, and he graciously published an English version of it — you can see it above, in the header image.
You can find more of Pawel’s work here or check out his prints on Etsy.
Some people already suspect that it was Apple who unlocked the phone for the FBI. This isn’t proof, but it’s a start.
Rene Ritchie posted Apple’s statement on iMore:
From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.
We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.
Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.
This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion.
Though this particular case is over, the war goes on, and I’m certain this issue will appear in the news sooner or later.
After months of work, the FBI finally has a way into the San Bernardino iPhone. In a court filing today, prosecutors told the court the new method for breaking into the phone is sound, and Apple’s assistance is no longer required. “The government has now successfully accessed the data stored on Farook’s iPhone,” the filing reads, “and therefore no longer requires assistance from Apple.” The filing provides no further details on the nature of the new method. Still, the result effectively finishes the court fight that has consumed Apple since February.
Question is: will they now go after Congress to ban encryption, or try to weaken it by law?
John Markoff, Katie Benner & Brian X. Chen:
Apple employees are already discussing what they will do if ordered to help law enforcement authorities. Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created, according to more than a half-dozen current and former Apple employees.
Among those interviewed were Apple engineers who are involved in the development of mobile products and security, as well as former security engineers and executives.
I can’t help but wonder how far this will go.
I haven’t watched it yet, but knowing John, this is going to be gold.
As with the first round of the crypto wars, the stakes could not be higher. Once again, the government is seeking to control that genie first released by Diffie and Hellman. But the physics of computer security have not changed. Last July, a panel of fifteen eminent security specialists and cryptographers — many of whom are veterans of the first crypto war — released a report confirming there was no way for the government to demand a means of bypassing encryption without a dire compromise of security. It just doesn’t work.
There is no middle ground.
President Barack Obama said Friday that smartphones — like the iPhone the FBI is trying to force Apple Inc. to help it hack — can’t be allowed to be “black boxes,” inaccessible to the government. The technology industry, he said, should work with the government instead of leaving the issue to Congress.
“You cannot take an absolutist view on this,” Obama said at the South by Southwest festival in Austin, Texas. “If your argument is strong encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value.”
I’m disappointed in Obama. I also don’t think he knows exactly what he’s talking about.
Security is an endless race — one that you can lead but never decisively win. Yesterday’s best defenses cannot fend off the attacks of today or tomorrow. Software innovations of the future will depend on the foundation of strong device security. We cannot afford to fall behind those who would exploit technology in order to cause chaos. To slow our pace, or reverse our progress, puts everyone at risk.
This is not just about protecting the data on our phones. This is about keeping all of our lives and data private, which we store on miniature computers in our pockets.
But the idea that Farook might have used the phone to transmit a “lying-dormant cyber pathogen” into county data systems is a new one. Ramos’ office, however, cited it in a court filing Thursday among several other reasons to support the government’s position.
“This was a county employee that murdered 14 people and injured 22,” Ramos said. “Did he use the county’s infrastructure? Did he hack into that infrastructure? I don’t know. In order for me to really put that issue to rest, there is one piece of evidence that would absolutely let us know that, and that would be the iPhone.”
The argument drew condemnation from one software expert who has signed a brief in support of Apple’s position.
“Ramos’s statements are not only misleading to the court, but amount to blatant fear mongering,” independent software researcher Jonathan Zdziarski wrote in a post on his personal blog .
Other security experts who haven’t taken sides also discounted the scenario. “It’s definitely possible, technically, but it doesn’t seem to me at first glance to be likely,” said David Meltzer, a computer security expert and chief research officer at Tripwire, a commercial IT security firm. He said Apple’s iPhone operating system is a relatively closed environment that’s designed so users can’t easily introduce their own programs.
Ramos, meanwhile, said he’d heard about social media posts that mocked the term “cyber pathogen,” which is not generally used by tech experts. “When they do that,” he said, “they’re mocking the victims of this crime, of this horrible terrorist attack.”
Using the victims of a terrorist attack to further their own agenda however, that’s much worse.
Maricopa County Attorney’s Office:
Effective immediately, the Maricopa County Attorney’s Office will discontinue providing iPhones as option for replacements or upgrades for existing employees. Maricopa County Attorney Bill Montgomery announced the decision today, first communicated to applicable staff on Sunday, February 21, citing Apple’s recent refusal to cooperate in unlocking an encrypted iPhone used by individuals involved in the recent San Bernardino shootings.
“Apple’s refusal to cooperate with a legitimate law enforcement investigation to unlock a phone used by terrorists puts Apple on the side of terrorists instead of on the side of public safety,” Montgomery said. “Positioning their refusal to cooperate as having anything to do with privacy interests is a corporate PR stunt and ignores the 4th Amendment protections afforded by our Constitution.”
There are currently 564 smartphones deployed throughout the office, 366 of which are iPhones.
This just gets better and better.
William J. Bratton and John J. Miller:
The phone in the San Bernardino case stopped uploading data to the cloud about six weeks before the killings. That suggests there may be information inside the device that was deliberately concealed. That could include the identities of terrorists who influenced or directed the attack; such information, if pursued, could prevent future plots. Or the iPhone might contain nothing of value. It is Apple’s position that we should never know.
The phone could also contain the plans of the Death Star, but since the FBI screwed this up, we might not ever find out if they’re on there.
The Justice Department is pursuing court orders to force Apple Inc. to help investigators extract data from iPhones in about a dozen undisclosed cases around the country, in disputes similar to the current battle over a terrorist’s locked phone, according to people familiar with the matter.
The other phones are at issue in cases where prosecutors have sought, as in the San Bernardino, Calif., terror case, to use an 18th-century law called the All Writs Act to compel the company to help them bypass the passcode security feature of phones that may hold evidence, these people said.
The specifics of the roughly dozen cases haven’t been disclosed publicly, but they don’t involve terrorism charges, these people said.
This is going to get a whole of a lot uglier before it gets better. If it gets better.
The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn’t happened, Apple said, a backup of the information the government was seeking may have been accessible.
The FBI has claimed that the password was changed by someone at the San Bernardino Health Department. Friday night, however, things took a further turn when the San Bernardino County’s official Twitter account stated, “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”
This is either ridiculous or planned. I’m thinking they should know what they’re doing, so the latter seems a better fit. Especially since the iPhone in question has probably little to no relevant information.
Katie Benner and Nicole Perlroth:
Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity. The result was the letter that Mr. Cook signed on Tuesday, where he argued that it set a “dangerous precedent” for a company to be forced to build tools for the government that weaken security.
Like I said a few days ago, the FBI most probably doesn’t care about Farook’s phone. They’re all in for getting access to all iPhones.
The Apple executive also noted that no other government in the world — including China — has ever asked it to perform the kind of iPhone cracking that the FBI is asking it to do. But, if it were to comply, those requests would surely not be far behind.
This is going to get a whole lot worse before it gets better. I am starting to wonder if the US will not actually make ‘unbreakable’ encryption illegal, to solve all their headaches.
If I had to bet, Apple is probably working double time to lock it down even tighter. Its reply to the next order of this type is likely to be two words long. You pick the two.
Despite my being delicate in the title, I assume that Panzer had two entirely different words in mind.
Dan Guido :
I initially speculated that the private data stored within the SE was erased on update but I now believe this is not true. After all, Apple has updated the SE with increased delays between passcode attempts and no phones were wiped. In all honestly, only Apple knows the exact details.
A lot of ideas have been thrown out there over the past few hours. I wonder what the next few will bring — this is all extremely interesting.
Could Pichai’s response be any more lukewarm? He’s not really taking a stand, and the things he’s posing as questions aren’t actually in question. I’m glad he chimed in at all, and that he seems to be leaning toward Apple’s side, but this could be a lot stronger.
Glad I’m not the only one in thinking that his response was weak.
I didn’t read his tweets that way — Sundar Pichai just said that this ‘could be a troubling precedent’ and that he’s ‘looking forward to a thoughtful and open discussion on this important issue’.