Reply
Honored Contributor
Posts: 10,230
Registered: ‎12-22-2013

Re: Apple, the FBI and unlocking a customer's phone


@dooBdoo wrote:
@sunshine 919 wrote:

They have unlocked phones before.  I was listening to public radio and they have done this at least 70 times.  What makes this different is now they are concerned about image.  I think they should just unlock the phone.  I am pretty sure there is some genius out there somewhere that could get into that phone.  It would be better and safer if the company did it. 

 

 

 

Apologies for the length, but some posters don't like to click links and I think this article explains the situation well:

 

No, Apple Has Not Unlocked 70 iPhones For Law Enforcement

 

"The more highly technical the basis of a story, the more likely it is that some key detail will get jacked up by a journalist trying to translate it for the public. Call it Panzer’s Law.

 

It’s only natural, especially when it comes to stories about security and privacy, such as Apple vs. the FBI. There are a myriad of complex technical mechanics at play, fiercely difficult Gordian Knots of encryption and hardware solutions to unravel and a number of previous interactions between Apple and the government that have set one precedent or another.

 

But no matter how hard it is, it’s important to get this stuff right. The press has the ability not only to act as a translator but also as an obfuscator. If they get it and they’re able to deliver that information clearly and with proper perspective, the conversation is elevated, the public is informed and sometimes it even alters the course of policy-making for the better.

 

When it comes to the court order from the FBI to Apple, compelling it to help it crack a passcode, there is one important distinction that I’ve been seeing conflated.

 

Specifically, I keep seeing reports that Apple has unlocked “70 iPhones” for the government. And those reports argue that Apple is now refusing to do for the FBI what it has done many times before.

 

This meme is completely inaccurate at best, and dangerous at worst.

 

There are two cases involving data requests by the government which are happening at the moment. There is a case in New York — in which Apple is trying really hard not to hand over customer information even though it has the tools to do so — and there is the case in California, where it is fighting an order from the FBI to intentionally weaken the security of a device to allow its passcode to be cracked by brute force. These are separate cases with separate things at stake.

 

The New York case involves an iPhone running iOS 7. On devices running iOS 7 and previous, Apple actually has the capability to extract data, including (at various stages in its encryption march) contacts, photos, calls and iMessages without unlocking the phones. That last bit is key, because in the previous cases where Apple has complied with legitimate government requests for information, this is the method it has used.

 

It has not unlocked these iPhones — it has extracted data that was accessible while they were still locked. The process for doing this is laid out in its white paper for law enforcement. Here’s the language:

 


I. Extracting Data from Passcode Locked iOS Devices
For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions as data extraction tools are no longer effective. The files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.

For iOS devices running iOS versions earlier than iOS 8.0, upon receipt of a valid search warrant issued upon a showing of probable cause, Apple can extract certain categories of active data from passcode  locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 through iOS 7. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, iMessage, MMS, photos, videos, contacts, audio recording, and call history.  Apple cannot provide: email, calendar entries, or any third-party app data.

 

 

It’s worth noting that the government has some tools to unlock phones without Apple’s help, but those are hit and miss, and have nothing to do with Apple. It’s worth noting that in its statements to the court in the New York case, the government never says Apple unlocks devices, but rather that it bypasses the lock to extract the information.

 

The California case, in contrast, involves a device running iOS 9. The data that was previously accessible while a phone was locked ceased to be so as of the release of iOS 8, when Apple started securing it with encryption tied to the passcode, rather than the hardware ID of the device. FaceTime, for instance, has been encrypted since 2010, and iMessages since 2011.

 

So Apple is unable to extract any data including iMessages from the device because all of that data is encrypted. This is the only reason that the FBI now wants Apple to weaken its security so that it can brute-force the passcode. Because the data cannot be read unless the passcode is entered properly.

 

If, however, you assume that these stories are correct and that Apple has complied with requests to unlock iPhone passcodes before and is just refusing to do so now, it could appear that a precedent has already been set. That is not the case at all, and in fact that is why Apple is fighting the order so hard — to avoid such a precedent being set.

 

The New York case has another wrinkle, which is a separate issue. Apple can theoretically comply with the data extraction request there, but is refusing to do so on two bases: extracting data from devices diverts manpower and resources, and that the government is trying to use a wide application of the All Writs Act of 1789.

 

At the behest of Judge Orenstein, the federal magistrate in the NY case, Apple filed a response in which it questioned the new application of the AWA. Apple also argues that since its reputation is based on security and privacy, complying with the court’s demands based on an expanded application of a 200-year-old law could put it at risk of tarnishing that reputation. Apple is still waiting for a final order on whether to comply from the judge there. The All Writs Act is also being used in the case in California.

 

Still, even if Apple were to comply in New York, it would not be unlocking the device, merely extracting data off of it with standard methodology for pre-iOS 8 devices. If the FBI succeeds in ordering Apple to comply in California, it would have to build a new software version of iOS that allowed electronic brute-force password cracking. This is an important distinction to make when talking about such an important precedent-setting case.

 

(Article updated to clarify what data Apple can extract.)"

 


This happened in 2008.  Apple does not dispute this.

Honored Contributor
Posts: 17,606
Registered: ‎06-27-2010

Re: Apple, the FBI and unlocking a customer's phone

[ Edited ]

@sunshine 919 wrote:

@dooBdoo wrote:
@sunshine 919 wrote:

They have unlocked phones before.  I was listening to public radio and they have done this at least 70 times.  What makes this different is now they are concerned about image.  I think they should just unlock the phone.  I am pretty sure there is some genius out there somewhere that could get into that phone.  It would be better and safer if the company did it. 

 

 

 

Apologies for the length, but some posters don't like to click links and I think this article explains the situation well:

 

No, Apple Has Not Unlocked 70 iPhones For Law Enforcement

 

"The more highly technical the basis of a story, the more likely it is that some key detail will get jacked up by a journalist trying to translate it for the public. Call it Panzer’s Law.

 

It’s only natural, especially when it comes to stories about security and privacy, such as Apple vs. the FBI. There are a myriad of complex technical mechanics at play, fiercely difficult Gordian Knots of encryption and hardware solutions to unravel and a number of previous interactions between Apple and the government that have set one precedent or another.

 

But no matter how hard it is, it’s important to get this stuff right. The press has the ability not only to act as a translator but also as an obfuscator. If they get it and they’re able to deliver that information clearly and with proper perspective, the conversation is elevated, the public is informed and sometimes it even alters the course of policy-making for the better.

 

When it comes to the court order from the FBI to Apple, compelling it to help it crack a passcode, there is one important distinction that I’ve been seeing conflated.

 

Specifically, I keep seeing reports that Apple has unlocked “70 iPhones” for the government. And those reports argue that Apple is now refusing to do for the FBI what it has done many times before.

 

This meme is completely inaccurate at best, and dangerous at worst.

 

There are two cases involving data requests by the government which are happening at the moment. There is a case in New York — in which Apple is trying really hard not to hand over customer information even though it has the tools to do so — and there is the case in California, where it is fighting an order from the FBI to intentionally weaken the security of a device to allow its passcode to be cracked by brute force. These are separate cases with separate things at stake.

 

The New York case involves an iPhone running iOS 7. On devices running iOS 7 and previous, Apple actually has the capability to extract data, including (at various stages in its encryption march) contacts, photos, calls and iMessages without unlocking the phones. That last bit is key, because in the previous cases where Apple has complied with legitimate government requests for information, this is the method it has used.

 

It has not unlocked these iPhones — it has extracted data that was accessible while they were still locked. The process for doing this is laid out in its white paper for law enforcement. Here’s the language:

 


I. Extracting Data from Passcode Locked iOS Devices
For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions as data extraction tools are no longer effective. The files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.

For iOS devices running iOS versions earlier than iOS 8.0, upon receipt of a valid search warrant issued upon a showing of probable cause, Apple can extract certain categories of active data from passcode  locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 through iOS 7. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, iMessage, MMS, photos, videos, contacts, audio recording, and call history.  Apple cannot provide: email, calendar entries, or any third-party app data.

 

 

It’s worth noting that the government has some tools to unlock phones without Apple’s help, but those are hit and miss, and have nothing to do with Apple. It’s worth noting that in its statements to the court in the New York case, the government never says Apple unlocks devices, but rather that it bypasses the lock to extract the information.

 

The California case, in contrast, involves a device running iOS 9. The data that was previously accessible while a phone was locked ceased to be so as of the release of iOS 8, when Apple started securing it with encryption tied to the passcode, rather than the hardware ID of the device. FaceTime, for instance, has been encrypted since 2010, and iMessages since 2011.

 

So Apple is unable to extract any data including iMessages from the device because all of that data is encrypted. This is the only reason that the FBI now wants Apple to weaken its security so that it can brute-force the passcode. Because the data cannot be read unless the passcode is entered properly.

 

If, however, you assume that these stories are correct and that Apple has complied with requests to unlock iPhone passcodes before and is just refusing to do so now, it could appear that a precedent has already been set. That is not the case at all, and in fact that is why Apple is fighting the order so hard — to avoid such a precedent being set.

 

The New York case has another wrinkle, which is a separate issue. Apple can theoretically comply with the data extraction request there, but is refusing to do so on two bases: extracting data from devices diverts manpower and resources, and that the government is trying to use a wide application of the All Writs Act of 1789.

 

At the behest of Judge Orenstein, the federal magistrate in the NY case, Apple filed a response in which it questioned the new application of the AWA. Apple also argues that since its reputation is based on security and privacy, complying with the court’s demands based on an expanded application of a 200-year-old law could put it at risk of tarnishing that reputation. Apple is still waiting for a final order on whether to comply from the judge there. The All Writs Act is also being used in the case in California.

 

Still, even if Apple were to comply in New York, it would not be unlocking the device, merely extracting data off of it with standard methodology for pre-iOS 8 devices. If the FBI succeeds in ordering Apple to comply in California, it would have to build a new software version of iOS that allowed electronic brute-force password cracking. This is an important distinction to make when talking about such an important precedent-setting case.

 

(Article updated to clarify what data Apple can extract.)"

 


This happened in 2008.  Apple does not dispute this.


 

 

        Those are the previous cases in which Apple extracted data (did not "unlock phones), referenced by this article.Smiley   The iOS was different and the situation was different.  The current issue can't be compared to the others.  As the posted article explains, however, this is so technical that it's easy to be misled by journalists who don't understand the differences.  (eta:  Unfortunately, evidently one source stated the "at least 70 times" and "Apple doesn't dispute this" without following up on the distinctions and other websites simply copied it and ran with it.  Most of the tech sites have the details, and try to clearly lay out the reason this issue isn't the same as the others.)

 

        Here's another article explaining the difference:

 

Don't Believe The Hype: No, Apple HAS NOT Done What The FBI Now Wants '70 Times' Before

 

 

link:  https://www.techdirt.com/articles/20160219/07072533648/dont-believe-hype-no-apple-has-not-done-what-...

 

 

 

 

Few things reveal your intellect and your generosity of spirit—the parallel powers of your heart and mind—better than how you give feedback.~Maria Popova
Honored Contributor
Posts: 10,230
Registered: ‎12-22-2013

Re: Apple, the FBI and unlocking a customer's phone


@dooBdoo wrote:

@sunshine 919 wrote:

@dooBdoo wrote:
@sunshine 919 wrote:

They have unlocked phones before.  I was listening to public radio and they have done this at least 70 times.  What makes this different is now they are concerned about image.  I think they should just unlock the phone.  I am pretty sure there is some genius out there somewhere that could get into that phone.  It would be better and safer if the company did it. 

 

 

 

Apologies for the length, but some posters don't like to click links and I think this article explains the situation well:

 

No, Apple Has Not Unlocked 70 iPhones For Law Enforcement

 

"The more highly technical the basis of a story, the more likely it is that some key detail will get jacked up by a journalist trying to translate it for the public. Call it Panzer’s Law.

 

It’s only natural, especially when it comes to stories about security and privacy, such as Apple vs. the FBI. There are a myriad of complex technical mechanics at play, fiercely difficult Gordian Knots of encryption and hardware solutions to unravel and a number of previous interactions between Apple and the government that have set one precedent or another.

 

But no matter how hard it is, it’s important to get this stuff right. The press has the ability not only to act as a translator but also as an obfuscator. If they get it and they’re able to deliver that information clearly and with proper perspective, the conversation is elevated, the public is informed and sometimes it even alters the course of policy-making for the better.

 

When it comes to the court order from the FBI to Apple, compelling it to help it crack a passcode, there is one important distinction that I’ve been seeing conflated.

 

Specifically, I keep seeing reports that Apple has unlocked “70 iPhones” for the government. And those reports argue that Apple is now refusing to do for the FBI what it has done many times before.

 

This meme is completely inaccurate at best, and dangerous at worst.

 

There are two cases involving data requests by the government which are happening at the moment. There is a case in New York — in which Apple is trying really hard not to hand over customer information even though it has the tools to do so — and there is the case in California, where it is fighting an order from the FBI to intentionally weaken the security of a device to allow its passcode to be cracked by brute force. These are separate cases with separate things at stake.

 

The New York case involves an iPhone running iOS 7. On devices running iOS 7 and previous, Apple actually has the capability to extract data, including (at various stages in its encryption march) contacts, photos, calls and iMessages without unlocking the phones. That last bit is key, because in the previous cases where Apple has complied with legitimate government requests for information, this is the method it has used.

 

It has not unlocked these iPhones — it has extracted data that was accessible while they were still locked. The process for doing this is laid out in its white paper for law enforcement. Here’s the language:

 


I. Extracting Data from Passcode Locked iOS Devices
For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions as data extraction tools are no longer effective. The files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.

For iOS devices running iOS versions earlier than iOS 8.0, upon receipt of a valid search warrant issued upon a showing of probable cause, Apple can extract certain categories of active data from passcode  locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 through iOS 7. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, iMessage, MMS, photos, videos, contacts, audio recording, and call history.  Apple cannot provide: email, calendar entries, or any third-party app data.

 

 

It’s worth noting that the government has some tools to unlock phones without Apple’s help, but those are hit and miss, and have nothing to do with Apple. It’s worth noting that in its statements to the court in the New York case, the government never says Apple unlocks devices, but rather that it bypasses the lock to extract the information.

 

The California case, in contrast, involves a device running iOS 9. The data that was previously accessible while a phone was locked ceased to be so as of the release of iOS 8, when Apple started securing it with encryption tied to the passcode, rather than the hardware ID of the device. FaceTime, for instance, has been encrypted since 2010, and iMessages since 2011.

 

So Apple is unable to extract any data including iMessages from the device because all of that data is encrypted. This is the only reason that the FBI now wants Apple to weaken its security so that it can brute-force the passcode. Because the data cannot be read unless the passcode is entered properly.

 

If, however, you assume that these stories are correct and that Apple has complied with requests to unlock iPhone passcodes before and is just refusing to do so now, it could appear that a precedent has already been set. That is not the case at all, and in fact that is why Apple is fighting the order so hard — to avoid such a precedent being set.

 

The New York case has another wrinkle, which is a separate issue. Apple can theoretically comply with the data extraction request there, but is refusing to do so on two bases: extracting data from devices diverts manpower and resources, and that the government is trying to use a wide application of the All Writs Act of 1789.

 

At the behest of Judge Orenstein, the federal magistrate in the NY case, Apple filed a response in which it questioned the new application of the AWA. Apple also argues that since its reputation is based on security and privacy, complying with the court’s demands based on an expanded application of a 200-year-old law could put it at risk of tarnishing that reputation. Apple is still waiting for a final order on whether to comply from the judge there. The All Writs Act is also being used in the case in California.

 

Still, even if Apple were to comply in New York, it would not be unlocking the device, merely extracting data off of it with standard methodology for pre-iOS 8 devices. If the FBI succeeds in ordering Apple to comply in California, it would have to build a new software version of iOS that allowed electronic brute-force password cracking. This is an important distinction to make when talking about such an important precedent-setting case.

 

(Article updated to clarify what data Apple can extract.)"

 


This happened in 2008.  Apple does not dispute this.


 

 

        Those are the previous cases in which Apple extracted data, referenced by this article.Smiley   The iOS was different and the situation was different.  The current issue can't be compared to the others.  As the posted article explains, however, this is so technical that it's easy to be misled by journalists who don't understand the differences.  (eta:  Unfortunately, evidently one source stated the "at least 70 times" and "Apple doesn't dispute this" without following up on the distinctions and other websites simply copied it and ran with it.  Most of the tech sites have the details, and try to clearly lay out the reason this issue isn't the same as the others.)

 

        Here's another article explaining the difference:

 

Don't Believe The Hype: No, Apple HAS NOT Done What The FBI Now Wants '70 Times' Before

 

 

link:  https://www.techdirt.com/articles/20160219/07072533648/dont-believe-hype-no-apple-has-not-done-what-...

 

 

 

 


It is not hype, just fact.  I am just saying if they helped the FBI before they can do it again.  

Honored Contributor
Posts: 17,606
Registered: ‎06-27-2010

Re: Apple, the FBI and unlocking a customer's phone

[ Edited ]

@sunshine 919 wrote:




It is not hype, just fact.  I am just saying if they helped the FBI before they can do it again.  


 

 

        I can understand why it seems to be a fact.  In actuality, though, they helped the FBI before with a different process on a different system.Smiley  (The "previous cases where Apple has complied with legitimate government requests for information" cited in the first article I posted.)   This is not the same, what is being requested has never been done before, and that's why it's being appealed as setting a dangerous precedent.   The articles explain all this.

 

Few things reveal your intellect and your generosity of spirit—the parallel powers of your heart and mind—better than how you give feedback.~Maria Popova
Esteemed Contributor
Posts: 6,813
Registered: ‎05-29-2015

Re: Apple, the FBI and unlocking a customer's phone

@dooBdoo

 

Thanks for the techdirt article...good one.  Here was a bottom line from the article that I liked for its brevity...emphasis added and bracketed comments are mine...

 

"...handing over info you have full access to [as was the case in the 70 previous cases] is not even remotely close to forcing a company to build hacking tools for the government to undermine their own security [as is the case with the San Bern terrorist's company phone]...."

 

Two different scenarios legally and morally.

 

@sunshine 919

~~~ I call dibs on the popcorn concession!! ~~~
Respected Contributor
Posts: 4,802
Registered: ‎03-03-2011

Re: Apple, the FBI and unlocking a customer's phone

I was wondering about this and then read what Bill Gates had to say about it and it's true.

 

Gates stated in a handful of interviews that it's not uncommon for phone companies and banks to hand over customer information to investigators. He questioned why tech companies should be treated differently.

Honored Contributor
Posts: 36,720
Registered: ‎03-09-2010

Re: Apple, the FBI and unlocking a customer's phone

@Deb1010yetagain@silkyk@MacDUFF@dooBdoo

 

Have been thinking about this... and cannot come to a decision... I go back and forth.

I will read up and need to because there is more to this than I thought.

I really don't want a "hacking" system to be publicly known and created if there is a chance (which there is) that it will end up in "unauthorized hands."

I DO  want the information from the phone if national security can be more secure.

Also, I wouldn't care if they needed information off my phone... but then, that's just the point.

~Have a Kind Heart, Fierce Mind, Brave Spirit~
Honored Contributor
Posts: 18,662
Registered: ‎06-17-2015

Re: Apple, the FBI and unlocking a customer's phone

I stand 100% behind Apple on this one.

 

If there had been any contact information and/or information about upcoming plots both sets of information are now obsolete.  No terrorist group would have left contacts and other information alive and well; names most assuredly have been changed as well as any plots for future.

 

To stir up fear that this phone contains "something for national security" is a back door way to justify demanding that Apple unlock that phone simply because the court say so.

I for one do NOT want this to become the norm; we have absolutely no proof that this phone contains anything of substance and as I said - if it does any contacts have long since moved on from whatever might have been a potential concern.

 

Another fear factor to justify whittling down our privacy.

"" Compassion is a verb."-Thich Nhat Hanh
Esteemed Contributor
Posts: 5,616
Registered: ‎10-01-2014

Re: Apple, the FBI and unlocking a customer's phone


@Cakers3 wrote:

I stand 100% behind Apple on this one.

 

If there had been any contact information and/or information about upcoming plots both sets of information are now obsolete.  No terrorist group would have left contacts and other information alive and well; names most assuredly have been changed as well as any plots for future.

 

To stir up fear that this phone contains "something for national security" is a back door way to justify demanding that Apple unlock that phone simply because the court say so.

I for one do NOT want this to become the norm; we have absolutely no proof that this phone contains anything of substance and as I said - if it does any contacts have long since moved on from whatever might have been a potential concern.

 

Another fear factor to justify whittling down our privacy.


I don't think the FBI is looking for contacts. Since the phone was with the two terrorists, they are more interested in getting the GPS info from the last four hours of their lives so they can see if they can find the missing hard drive from their computer. I see both sides. Personally, my life is an open book, but I understand why some people don't want to risk government intrusion. If the IRS can be political, imagine the ways that the FBI could be.

No act of kindness, no matter how small, is ever wasted. - Aesop
Honored Contributor
Posts: 18,662
Registered: ‎06-17-2015

Re: Apple, the FBI and unlocking a customer's phone


@MaggieMack wrote:

@Cakers3 wrote:

I stand 100% behind Apple on this one.

 

If there had been any contact information and/or information about upcoming plots both sets of information are now obsolete.  No terrorist group would have left contacts and other information alive and well; names most assuredly have been changed as well as any plots for future.

 

To stir up fear that this phone contains "something for national security" is a back door way to justify demanding that Apple unlock that phone simply because the court say so.

I for one do NOT want this to become the norm; we have absolutely no proof that this phone contains anything of substance and as I said - if it does any contacts have long since moved on from whatever might have been a potential concern.

 

Another fear factor to justify whittling down our privacy.


I don't think the FBI is looking for contacts. Since the phone was with the two terrorists, they are more interested in getting the GPS info from the last four hours of their lives so they can see if they can find the missing hard drive from their computer. I see both sides. Personally, my life is an open book, but I understand why some people don't want to risk government intrusion. If the IRS can be political, imagine the ways that the FBI could be.


Hi MaggieMack:  I think there is too much focus on what may or may not be on that phone and subsequent info on any hard drive they used.  The point is that even if there had been info that would disrupt our national security that info is now obsolete.

 

With all the ways we can track terrorist activity this phone is not, imo, going to lead to anything of consequence after all this time.  Had the FBI been able to get into this phone and subsequent other hardware right from the start then yes, I believe they would possible have had access to vital info,

 

But after all this time even if others are involved they have since covered their tracks.

 

Thank you for mentioning the hard drive, though.

"" Compassion is a verb."-Thich Nhat Hanh

TOP