I'm surprised that nobody on this thread has commented on the real substance of this response. It has nothing to do with Apple brute forcing iPhones for the police (which it has done for years, with a simple court order) - but instead, is Apple making it abundantly clear, that if they comply (or are forced to comply) with the All Writs Act of 1789 to create this particular back door, then that opens the floodgate moving forward for all sorts of requests to add backdoors/decrease security.
It's entirely possible, that the FBI can then use this precedent to simply have Apple remove all security from an iPhone in pursuit of an active investigation, which can be done with a straightforward firmware update - which IOS users tend to do without much thought.
> Apple making it abundantly clear, that if they comply (or are forced to comply) with the All Writs Act of 1789 to create this particular back door, then that opens the floodgate moving forward for all sorts of requests to add backdoors/decrease security.
I read it differently. Apple is saying that if they make this particular backdoor, then this very backdoor can also be used in other scenarios, to crack other phones (i.e. the backdoor would apply to all iPhones C, not just to this one).
I interpret as the OP does. The court document asks Apple to lock the particular image to a particular serial number, so if all goes according to plan, the same image could not unlock other iPhones. Obviously, writing security code on a short deadline does not make for the best security, so that's one worry.
But Apple's letter uses the expression "technique", which I think means they're worried the government will get another court to make them change the serial number and sign a new image "next time". Before you know it, Apple will have to have an entire department to make these one-off images. Someone will say, "you know, you could save yourself a lot of time if you just made it work on any phone." Then that image will be leaked, and their security guarantees will be dead. (One might also worry about the DRM implications.)
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession."
Apple's argument isn't about a deluge of one-off court orders creating a slippery slope to reducing security. Apple is claiming that complying with just this one request would make Apple's other iPhone users significantly less secure. There would be a piece of software, signed by Apple, that could potentially be used to unlock any iPhone you have in your physical possession.
"Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE."
"But Apple's letter uses the expression "technique", which I think means they're worried the government will get another court to make them change the serial number and sign a new image "next time""
Apple's letter directly claims that the particular piece of software created to comply with this request will reduce the security of it's users. Obviously this means that Apple does not think that the SIF being hardcoded with the unique identifier of the phone (sufficiently) mitigates the risk.
"make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."
Having re-read the OP more carefully, I think ghshephard is making a different claim than you. He is pointing out Apple's arugment about the 'unprecedented use of the All Writs Act of 1789'. If Apple can be forced to compromise their security via court order like this, the FBI gains the power to force Apple and any other US company to insert backdoors / decrease security.
"If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge."
The Apple 5C is an older phone not even manufactured by Apple anymore, and, for the longest time, Apple had capabilities that allowed them to brute force iPhones under direction of a court order. Apple has some concern, clearly, about it's customer's security, but doesn't care as much about this particular iPhone Model's security, as it does about the general principle that, without explicit legislation such as [1]CALEA 47 USC 1001-1010), that technology companies such as Apple would then come under the whim and direction of all sorts of requests - there is no explicit restraint in the All Writs Act of 1789 - they can now be told by police agencies to do effectively anything necessary to the pursuit of an investigation - and you know, with 100% certainty, that once the "good cases" are used as an excuse for this, the crappy follow on scenarios will also be making use of the All Writs Act of 1789.
It's massive, massive overreach - and if Apple doesn't draw the line here, it will quickly spin out of control.
I don't understand — if the iPhone 5C is so simple to brute force, why aren't Apple simply doing this for the FBI in this particular case? Why request an entire iOS modification when Apple could do what it has done for previous court orders and just brute force the phone.
My understanding is that the iPhone 5C is not _simple_ to brute force as sold from the store. The FBI is asking Apple to weaken the software in this particular one enough for them to be able to brute-force by creating custom software that would allow them to try millions of passcode combinations rapidly.
In the past law enforcement could use their own tools and Apple didn't have any legal way to say "it is beyond our ability to break it so we can't help you" anyway. After their name showed up on that slide in the Prism leak without their cooperation (meaning they had been stepped around by the FBI. Some of the earlier companies had willingly volunteered data), they stepped up their game and deployed end-to-end encryption and secure enclave to have the ability to say 'we can't help' when forced to.
This technique wouldn't be possible on the iPhone 6 due to the encryption keys being in the hardware secure enclave but they are putting their foot down now so that a legal precedent isn't established forcing them to weaken other models too. That's my understanding of it right now.
> After their name showed up on that slide in the Prism leak without their cooperation (meaning they had been stepped around by the FBI. Some of the earlier companies had willingly volunteered data)
I know it's a bit off topic but I'm really curious about this - do you have a source that shows which companies willingly volunteered data and which were stepped around? I wasn't aware that anything like that had come out.
> I wasn't aware that anything like that had come out.
You're not aware of nothing like that ever come out. The guy just made it up (or it's just his wishful thinking). We still don't know which companies cooperated with the NSA.
We do know that Google didn't intend for its traffic between data centers to be scooped up - and that has been fixed in the meantime - but that doesn't prove that Google didn't cooperate in other matters.
Same with Apple. For all we know, they are all gagged due to NSLs.
Because it sets an awful future legal precedent. If Apple did it once and didn't challenge it, you can be sure that all future government cases involving decryption will cite this case as the new standard of law.
> The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Once there's a backdoor, the legal precedence and technical capability will exist to use it on any device. The precedence would also exist to request support in backdooring other parts of the OS.
It's FBI Director Comey's explicit goal[0] to destroy the notion of strongly secured encryption for civilians. From an an address to Congress July 2015:
> Thank you for the opportunity to testify today about the growing challenges to public safety and national security that have eroded our ability to obtain electronic information and evidence pursuant to a court order or warrant. We in law enforcement often refer to this problem as “Going Dark.”
[...]
> We would like to emphasize that the Going Dark problem is, at base, one of technological choices and capability. We are not asking to expand the government’s surveillance authority, but rather we are asking to ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to us to keep America safe.
In other words, encryption makes it harder for the FBI to collect people's information. They therefore want to make sure encryption as implemented can't block the FBI.
Further on:
> The debate so far has been a challenging and highly charged discussion, but one that we believe is essential to have. This includes a productive and meaningful dialogue on how encryption as currently implemented poses real barriers to law enforcement’s ability to seek information in specific cases of possible national security threat.
[...]
> We should also continue to invest in developing tools, techniques, and capabilities designed to mitigate the increasing technical challenges associated with the Going Dark problem. In limited circumstances, this investment may help mitigate the risks posed in high priority national security or criminal cases, although it will most likely be unable to provide a timely or scalable solution in terms of addressing the full spectrum of public safety needs.
Encryption, when implemented in a way that legitimately secures a person's data from unauthorized access, the FBI can't just get in and take the data. Comey would like Congress to support policy and tools that can get around that, because terrorism.
The Apple situation feels very foot-in-door to me.
And it'd seem to open the floodgates for certificate authorities to be compromised as well. What's to stop the FBI from compelling a CA to create a special MITM certificate for a criminal investigation of a Yahoo user?
What makes you think the FBI, or a certain assisting agency, don't already have CAs in their pocket? They only need one. The 'rogue CA' threat that encouraged the development of HPKP covers this scenario. Hell, DNS TLSA records (which are a part of the now dead DANE concept) let you pin to any combination of PKI CA, public key, or certificate. One day we'll regret not deploying this stuff.
HPKP at least is growing and getting attention. I would have prefered to do the pinning on TLS level instead of http level. Sadly Tack (see tack.io) was to late and HPKP was already to far along and supported by google.
DNSSEC has some value, and DANE does as well, but sadly both are stuck in a strange limbo. Pinning can be deployed now and add a huge amount of security. Even if we had DANE, we would still want to have pinning.
There are interesting ideas how you could scan the internet and it pins and publish this information in a secure way. Then you back this trusted site pin into your browser. Its a similar ideas like Certificat Transparancy. A browser could then load itself with all the needed pins or verfy them on demand. One could also get preloaded pins from a trusted party, or use network vision to check with many different parties on first use. Lots of options once everybody has TOFU.
This combination of Network Vision and TOFU would be quite nice and CA could be replaced, at least for non EV.
I don't doubt that they do, but having the rogue CA threat established as a legal precedent that can be used effortlessly by the police scares me a lot more.
But how do you get the firmware updated on a locked phone? My understanding is all updates (historically) have required the phone to be unlocked and connected to the internet?
If in pursuit of an active investigation (i.e. the devices are still in active use), a police agency could invoke the All Writs act of 1789, and have Apple be instructed to introduce security vulnerabilities, with the next regular upgrade of iOS, such that after the phone is upgraded, it can be captured by the FBI, or whatever police force is involved, and the data recovered.
A large percentage (and presumably the the target in question) will willingly (at least today) upgrade their iOS to whatever Apple pushes out - we don't (for the most part) even question whether the purpose of that security patch is to reduce security.
The only thing that secures an iPhone is the iOS following the rules of security such as the security enclave - it can just as easily (in a new release of iOS) be instructed to ignore it.
What Apple/Tim Cook are doing here, is standing up for the importance of not being required to hodge-podge be at the whims and mercies of police agencies that demand they do whatever is required of it.
Tim Cook doesn't offer an opinion about how possible that might be. As a matter of principle, he doesn't believe that Apple should be forced to make the attempt.
That doesn't stop anyone else from doing so, however. And I suppose that the FBI could seek discovery on all requisite information, take depositions, etc, etc. However, I vaguely recall that discovery can't compel production of new work product. But maybe that's just a limitation in civil litigation.
* I guess I figured if they simply can't do it why not say "it's impossible by design," rather than argue the principle?*
Because the larger principle is what's really at play here. Whether Apple can do what the FBI asks, or not, is irrelevant. What is relevant is that what the FBI asks is bad. Even if Apple can unlock this phone because of shortcomings of the 5C (versus later model), it sets a bad precedent for later, especially if Apple truly cannot unlock the 6s and beyond ("you could do it on the 5, why not an iPhone 7?").
I'm no lawyer, but I'm of the opinion that this is a legal crowbar for later cases, and the Feds are using a tragic incident to drum up support ("you don't support terrorists, do you?")
It is, of course, possible; any iPhone can be forced to enter the restore mode or the DFU mode (don't remember which one) and be erased/reflashed via iTunes.
It won't get unlocked by that, because as soon as the new iOS takes over, it will detect the activation lock and require the Apple ID password to be provided. Also, going through iTunes erases all the data.
But presumably a custom DFU update can only replace the OS without replacing the data. The iPhone doesn't try to protect against valid updates, and will happily run anything signed by Apple; the locked/unlocked state is only about the encrypted user data on the device.
This is my question, too. Can iOS updates be applied to a locked phone? Seems like it should be a simple yes/no answer (and I thought the answer was 'no') but I can't find any clarity here or elsewhere.
It's entirely possible, that the FBI can then use this precedent to simply have Apple remove all security from an iPhone in pursuit of an active investigation, which can be done with a straightforward firmware update - which IOS users tend to do without much thought.