Support NeoGAF

[Syriel]

A federal judge has ordered Apple to help the government unlock the iPhone used by one of the shooters who carried out the Dec. 2. San Bernardino, Calif., terrorist attacks after the government said that Apple failed to provide assistance voluntarily.

The order, signed Tuesday by a magistrate judge in Riverside, Calif., does not ask Apple to break the phone’s encryption, but rather to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password. That way, the government can try to crack the password using “brute force” — attempting tens of millions of combinations without risking the deletion of the data.

The order comes a week after FBI Director James B. Comey told Congress that the bureau has not been able to open one of the killers’ phones. “It has been two months now, and we are still working on it,” he said.

The FBI’s efforts may show just how impervious the new technology is to efforts to circumvent it. According to industry officials, Apple cannot unilaterally dismantle or override the 10-tries-and-wipe feature. Only the user or person who controls the phone’s settings can do so.

However, magistrate judge Sheri Pym noted in her order, Apple can write software that can bypass the feature. Federal prosecutors noted in a memo accompanying the order that the software would affect only the seized phone — not any other phone of the same model or using the same operating system.

Source:
https://www.washingtonpost.com/worl...b903ee-d4d9-11e5-9823-02b905009f99_story.html

It will be interesting to see how this plays out as Apple has long maintained that it does not have any special "backdoor" access to the iPhone.

If true, then the government is basically asking a private company to do its forensic work for it for free.

If false, then Apple's whole "everything is encrypted" promise comes crumbling down like a ton of bricks.

 

[infiniteloop]

It will be interesting to see how this plays out as Apple has long maintained that it does not have any special "backdoor" access to the iPhone.

If true, then the government is basically asking a private company to do its forensic work for it for free.

If false, then Apple's whole "everything is encrypted" promise comes crumbling down like a ton of bricks.

Your article states they just want Apple to remove the passcode wipe limit so they just can try every iteration of the passcode that's possible. They're not asking Apple to decrypt the phone.

 

[Mimosa97]

Oh wow. Apple wasn't lying.

I have to admit that I always thought there were backdoors on every phone. Iphones included.

 

[GoldenEye 007]

Commendable by Apple I admit for this stance. And this is actually a reasonable ruling from the court.

 

[Griss]

I don't think it's unfair to let the government try to brute force it if they want but I'm uncomfortable with making apple to some of the 'work' required to get the data.

 

[Sho_Nuff82]

I don't think it's unfair to let the government try to brute force it if they want but I'm uncomfortable with making apple to some of the 'work' required to get the data.

They built the fucking thing, and it's a public service to aid in a murder/terrorism investigation?

 

[GavinGT]

Why is the judge so sure that they can write software to disable this?

(I can't read the full article because LOL Washington Post)

 

[Box]

I don't have an iPhone but how it seems like what Apple is asked to do might as well be breaking the encryption. The phone is either secure or not.

 

[CrudeDiatribe]

Why is the judge so sure that they can write software to disable this?

(I can't read the full article because LOL Washington Post)

IIRC there was a security vulnerability last year (?) that if you timed things right you could get a lot more than ten chances to guess the password, so perhaps that's the thinking?

 

[The Real Abed]

Your article states they just want Apple to remove the passcode wipe limit so they just can try every iteration of the passcode that's possible. They're not asking Apple to decrypt the phone.

The question is would that even be possible? You can't update the software without unlocking anyway so it's not like they could release a special update for it to do that. And it's not like the limit is a variable stored on a server that's always checked.

Either way, the limit can't just be removed. You'll still need to unlock it to update software. They're stuck. I don't see how Apple can magically disable a setting on the phone remotely like that.

How do they expect Apple to magically write software to remove it. As I said above they'd have to release a special one-use version of the OS with the feature removed and update the phone with it, which is impossible since you still need to unlock the phone to even install an update. iTunes won't even connect to an iPhone until it's unlocked.

So it all comes down to whether or not Apple has a secret backdoor. If they do, then everything I said is false.

 

[YoungFa]

They built the fucking thing, and it's a public service to aid in a murder/terrorism investigation?

Isnt it even a criminal offense not to help in such cases? Everyone has a responsibility to the public and to the society we live in. That includes companies.

 

[Gordon Shumway]

They built the fucking thing, and it's a public service to aid in a murder/terrorism investigation?

I can't even figure out what else there is to say. Folks are funny, man..

 

[Jack Random]

Isnt it even a criminal offense not to help in such cases? Everyone has a responsibility to the public and to the society we live in. That includes companies.

slippery slope there. where does Apple's "responsibility" to aid in investigations end if you're saying they have one? There are 31 million iphones in the US, do they need to make a department so they can aid in every police investigation that involves one?

Caution is very much advised here.

 

[shinobi602]

rather to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password.

The fuck? Had no idea this was a thing...

 

[GoldenEye 007]

Isnt it even a criminal offense not to help in such cases? Everyone has a responsibility to the public and to the society we live in. That includes companies.

Apple or some other third party simply sold a phone to a person. Not sure why, unless they were actually involved in the crime, they have any obligation to aid in any sort of criminal investigation.

That being said, I do think this particular order is a good compromise. If there is no workaround, I don't think Apple should be forced to break any sort of encryption. It should be treated as if the criminal destroyed the device as that is what could have happened anytime anyway.

 

[Cipherr]

I don't have an iPhone but how it seems like what Apple is asked to do might as well be breaking the encryption. The phone is either secure or not.

Exactly. It's secure or it isn't. Playing a game of semantics is really silly here. Letting the FBI with their massive amount of resources freely brute force it with no wipes forever is the same as handing them the key with the distinction of time only.

Its really sad. Admirable that Apple legitimately tried to offer security, but it's all for naught because if it truly comes down to it, it won't really matter.

 

[Mimosa97]

Why is the judge so sure that they can write software to disable this?

(I can't read the full article because LOL Washington Post)

open it in a private tab on chrome

 

[BeforeU]

The fuck? Had no idea this was a thing...

Same.

This was a thing on old blackberry but had no idea it still there on a modern smartphone.

 

[Ether_Snake]

A court should be able to order it. What shouldn't be allowed is for the police to just start looking at everything they want, but under court order it should be allowed. Same reason they can search your house or car or whatever.

 

[Dishwalla]

The fuck? Had no idea this was a thing...

It's a feature on all Apple devices.

 

[The Real Abed]

The fuck? Had no idea this was a thing...

Yeah. It's for when your phone gets stolen and you can't get to a computer in time to sign into Find My iPhone to remote wipe it. If the person who stole or found it types a wrong passcode 10 times it just erases the phone. Usually however it's used for good.

It's optional however. By default they can input a wrong passcode as much as they want. So someone with enough time could just keep putting in 0000, 0001, 0002, 0003 until they get to 9999 or find the right code. Though I believe newer device installs have a 6-digit code now by default (And might not even be allowed to switch to 4-digit. Personally I never saw an option for 6 digits and still use 4.) so it would take a bit more time for someone to eventually get it.

 

[subrock]

They built the fucking thing, and it's a public service to aid in a murder/terrorism investigation?

Put me on the side of privacy at all costs, even if the crime is deemed terrorism. It's a slippery slope to force companies to break encryption, and in my opinion, the terrorist boogeyman isn't a good enough reason. You start moving into future-crime territory if every private detail of someone's life is accessible to government (even with a warrant)

 

[GoldenEye 007]

Put me on the side of privacy at all costs, even if the crime is deemed terrorism. It's a slippery slope to force companies to break encryption, and in my opinion, the terrorist boogeyman isn't a good enough reason. You start moving into future-crime territory if every private detail of someone's life is accessible to government (even with a warrant)

Yeah, this is basically my stance. 30 years ago someone could just burn the papers or tapes and you'd just have to deal with it as a police/government force.

 

[Ether_Snake]

Put me on the side of privacy at all costs, even if the crime is deemed terrorism. It's a slippery slope to force companies to break encryption, and in my opinion, the terrorist boogeyman isn't a good enough reason. You start moving into future-crime territory if every private detail of someone's life is accessible to government (even with a warrant)

The problem here is having every detail recorded to begin with, that would be dubious. But the court isn't telling Apple to store information it doesn't want to store, just to unlock a device. There is a big difference.

Yeah, this is basically my stance. 30 years ago someone could just burn the papers or tapes and you just have to deal with it as a police/government force.

Err, if the evidence wasn't burned, how is saying it could have been burned an excuse to act as if it had been? The phone exists, it has data on it; allow the police to get to it.

 

[The Real Abed]

Put me on the side of privacy at all costs, even if the crime is deemed terrorism. It's a slippery slope to force companies to break encryption, and in my opinion, the terrorist boogeyman isn't a good enough reason. You start moving into future-crime territory if every private detail of someone's life is accessible to government (even with a warrant)

Yeah, this is basically my stance.

I kind of agree. If you give the government too much power they'll just keep going.

 

[Dishwalla]

Yeah. It's for when your phone gets stolen and you can't get to a computer in time to sign into Find My iPhone to remote wipe it. If the person who stole or found it types a wrong passcode 10 times it just erases the phone. Usually however it's used for good.

It's optional however. By default they can input a wrong passcode as much as they want. So someone with enough time could just keep putting in 0000, 0001, 0002, 0003 until they get to 9999 or find the right code. Though I believe newer device installs have a 6-digit code now by default (And might not even be allowed to switch to 4-digit. Personally I never saw an option for 6 digits and still use 4.) so it would take a bit more time for someone to eventually get it.

The Apple codes still have a hindrance of preventing a person from trying to unlock the phone for a period of time after a certain amount of wrong entries, for instance after ten wrong entries you are locked out from trying for a minute and so on. Not sure about anymore but it used to be after a certain number you had to connect it to the desktop iTunes that the phone was associated with, and if you couldn't the phone would be reformatted anyways, or else remain a locked brick.

 

[Sho_Nuff82]

The fuck? Had no idea this was a thing...

Same.

This was a thing on old blackberry but had no idea it still there on a modern smartphone.

What do you think encryption is? Every time your phone is locked, all of the data is essentially locked and scrambled behind that security wall. Without the password, the data cannot be extracted in a usable form.

slippery slope there. where does Apple's "responsibility" to aid in investigations end if you're saying they have one? There are 31 million iphones in the US, do they need to make a department so they can aid in every police investigation that involves one?

Caution is very much advised here.

How many of those phones are key pieces of evidence in murder investigations? It'd be one thing if they asked Apple to do this remotely on people being monitored, it's another thing entirely when the phone has been entered into evidence and the accused is in custody. Again, the encryption is not being cracked here. Only, potentially, the ability to guess the encryption key.

 

[Ether_Snake]

The Apple codes still have a hindrance of preventing a person from trying to unlock the phone for a period of time after a certain amount of wrong entries, for instance after ten wrong entries you are locked out from trying for a minute and so on. Not sure about anymore but it used to be after a certain number you had to connect it to the desktop iTunes that the phone was associated with, and if you couldn't the phone would be reformatted anyways.

I hope my iPhone doesn't do that. My friend tried to unlock mine to take a photo of me while I was playing soccer once, but she forgot the code. To think it could have wiped it!

 

[Stinkles]

I can't even figure out what else there is to say. Folks are funny, man..

People sometimes kinda fetishize information freedom. If you can't drop the indignation for a murder and terrorism investigation that would STILL require ridiculous brute force tech effort, then god forbid you ever meet the relative of a victim.


Slippery slope is a logical fallacy, btw. (Jack Random post above)

 

[Dishwalla]

I hope my iPhone doesn't do that. My friend tried to unlock mine to take a photo of me while I was playing soccer once, but she forgot the code. To think it could have wiped it!

What I meant was if you tried to unlock it via computer that the phone doesn't recognize you can reformat it, but you can not unlock it. If you do not reformat it it remains a locked brick.

I don't see how they are going to get into this phone, unless Apple does indeed have a back door option they haven't let anyone else in on.

edit: just did it to my iPhone 6, after ten wrong codes it disabled itself for one minute. After that minute was up I tried one more wrong code and it disabled itself for five minutes. Figure if I do it again I'll have to plug it into my computer.

 

[Future PhaZe]

Why not just use the dead guys finger to unlock it?

 

[BeforeU]

What do you think encryption is? Every time your phone is locked, all of the data is essentially locked and scrambled behind that security wall. Without the password, the data cannot be extracted in a usable form.

I know about that, I was surprised by wiping out all the data for entering 10 wrong tries.

 

[sangreal]

The problem here is having every detail recorded to begin with. The court isn't telling Apple to store information it doesn't want to store, just to unlock a device. There is a big difference.

They aren't just telling Apple to unlock a device either -- they are compelling Apple to design and write software that will allow the FBI to brute force the device. This isn't software Apple already has on hand

I think this is probably a reasonable use of the all writs act considering nobody but apple can provide the assistance the court needs in executing the warrant, but at the same time it sets worrying precedent

 

[Stinkles]

Why not just use the dead guys finger to unlock it?

Phone maybe didn't have touch ID?

 

[GoldenEye 007]

Err, if the evidence wasn't burned, how is saying it could have been burned an excuse to act as if it had been? The phone exists, it has data on it; allow the police to get to it.

Shouldn't be any party's responsibility to help the police do anything if they were not directly involved or implicated in the crime. Especially if there legitimately isn't a technical path to help out and the government is requiring development of new methods or technology to help out. If there legitimately isn't a way to push an update to either decrypt or unlock, what can Apple do anyway? Why should it be their job if they don't want it to be? Will they be reimbursed for this? Who is paying for this research and development? What happens if Apple can't do anything? Are they now criminally liable? What precedent is now set for uninvolved parties?

Maybe the better analogy is dropping a boat full of evidence into the ocean. Sure it technically exists, but there is little to no hope of actually finding it. No company should be compelled to help the government find the boat.

 

[Casimir]

People sometimes kinda fetishize information freedom. If you can't drop the indignation for a murder and terrorism investigation that would STILL require ridiculous brute force tech effort, then god forbid you ever meet the relative of a victim.

A distraught person is not sufficient reason nor argument to give up rights or freedoms, especially when they are there protect the individual from government persecution.

 

[Velcro Fly]

I think I'm good with this.

 

[Timedog]

Does the judge give in detail exactly how Apple is supposed to help? Does the judge know anything about programming or engineering?

 

[Stinkles]

Shouldn't be any party's responsibility to help the police do anything if they were not directly involved or implicated in the crime.

Maybe the better analogy is dropping a boat full of evidence into the ocean. Sure it technically exists, but there is little to no hope of actually finding it. No company should be compelled to help the government find the boat.

No, in this case the company has the gps location of the boat to within a mile and the boat is full of children who may starve if not found.

 

[Simon Belmont]

Does the judge give in detail exactly how Apple is supposed to help? Does the judge know anything about programming or engineering?

I imagine the FBI asked specifically for that remedy

 

[Box]

Slippery slope is a logical fallacy, btw. (Jack Random post above)

It isn't. You can have fallacious arguments that take the form of a slippery slope argument but that doesn't make the technique fallacious.

 

[Dishwalla]

Why not just use the dead guys finger to unlock it?

Believe the finger has to be warm and/or have a pulse going through it, don't think a cold dead finger unlocks it.

 

[Stinkles]

A distraught person is not sufficient reason nor argument to give up rights or freedoms, especially when they are there protect the individual from government persecution.

I didn't say anything about a distraught person being the justification, I inferred that making a security exception for the data of a dead terrorist to potentially stop or discover future terrorist acts is reasonable and indeed rational.

 

[Yaboosh]

The phone wasn't owned by him, it was owned by the company, and they consented to let the government go to town on it to unlock it.

That makes it free reign.

Otherwise, nuh uh.

 

[GavinGT]

Believe the finger has to be warm, don't think a cold dead finger unlocks it.

Warm that shit up then.

EDIT: Aww, nm:

http://mashable.com/2013/09/15/severed-finger-iphone-5s/#0pb140YmJiqs

Still, I'd think the FBI could figure it out.

 

[ValkyrUser]

I'm not exactly against this. I just wonder if Apple can actually make such a specific change to a locked iPhone.

 

[Casimir]

I didn't say anything about a distraught person being the justification, I inferred that making a security exception for the data of a dead terrorist to potentially stop or discover future terrorist acts is reasonable and indeed rational.

People sometimes kinda fetishize information freedom. If you can't drop the indignation for a murder and terrorism investigation that would STILL require ridiculous brute force tech effort, then god forbid you ever meet the relative of a victim.


Slippery slope is a logical fallacy, btw. (Jack Random post above)

Learn how to read and remember your own posts.

 

[paskowitz]

Believe the finger has to be warm and/or have a pulse going through it, don't think a cold dead finger unlocks it.

Microwave...

 

[Fat4all]

Believe the finger has to be warm and/or have a pulse going through it, don't think a cold dead finger unlocks it.

dunk it in coffee

 

[Pristine_Condition]

Oh, so now the federal courts need something from Apple?

Yeah, I'm sure after the way the federal court handled the Samsung case and shamelessly railroaded them on the iBooks case with a prejudiced judge, Apple just can't wait to help them out...

LOL.