Posted on 02/23/2016 11:34:59 AM PST by Swordmaker
I don't think this matters much when you are modifying the firmware.
This case was shopped. There is a political aspect to this. The Obama administration met with parties involved last fall and agreed to back off on legislation on requiring backdoors into mobile devices. Then, it's reported, Obama and Lynch called a secret meeting over the Thanksgiving weekend of the Homeland Security departments and told them to bring pressure in clandestine ways. . . through regulation and through the courts because it was obvious that Congress was NOT going to give them what Obama wanted.
This is NOT about anything on this phone. The likelihood there is NOTHING incriminating on it. It's too damn easy to erase an iPhone back to Factory clean condition in about five minutes without having to smash it. I think that Farook kept it only for it's GPS capabilities during the escape. It was found in the Black Lexus SUV.
But the "OPTICS" of this case make it ideal for the Obama administration's campaign to get the public to give up its privacy rights. High profile terrorism case, 14 murders, more people wounded, Grieving family members, FBI claims they NEED to put this to bed because there may be more terrorists out there plotting another violent attack, a locked iPhone and an unbreakable encryption. So they get a magistrate judge to rubber stamp a prepared court order, despite the fact that Apple has been cooperating all along, claiming Apple has NOT been cooperating, demanding that Apple has to write a backdoor into the security of "just this one SUBJECT DEVICE" But they don't tell Apple and the tip off the press BEFORE the apply for the Court Order, and once they get it, issue a PRESS RELEASE claiming they got a Court Order because Apple WOULD NOT OFFER its help! Simultaneously the head of the FBI is Tweeting about it. Apple learns about it from the news just as they are being served!
It's a lot more emotional than a drug-dealer in New York they tried it on in New York and got no where especially after the drug dealer pleaded guilty, making the search of his iPhone 4S moot. There, the judge was strongly leaning toward Apple's arguments.
Apple asked that arguments be placed under SEAL. The FBI not only objected, they PUBLISHED theirs BEFORE they filed them. This is a publicity campaign to drum up a public pressure and to obfuscate the actual facts. The FBI lied about several material facts to both the COURT and the PUBLIC. They only admitted under pressure that Apple had been working with them all along. . . and that they only grudgingly accepted Apple's offer after they blew the AppleID password to the iPhone.
The FBI set this adversary situation up, not Apple.
No doubt that was spoken with a heavy Bangladeshi accent. "Beel! Ma nahm eez Beel."
Apple says it isn't as simple as you claim. Wake up. Don't listen to that nobody on "Trail of Bits," he doesn't know what he is talking about. That's what everyone has been telling you. Apple has now answered and they say it would take a team of between six and ten engineers, two to four weeks before they can even start testing on OTHER iPhones to make sure nothing else breaks. Plus they'd need a project lead, a document writer, and THEN a team to write the interface for the remote connection to run the brute force passcode input from a system never designed for that purpose, depending on how they intend to do that. PLUS they have to document every step of how it was done for when they are hauled into court by any potential defense attorney challenging the evidence.
YOU just assumed they would be changing the firmware.
Swordmaker, I think you might be confusing Bill from San Antonio with Sam, from Chicago:
Hello? Yes? My name is Sam. Yes yes, Sam... certainly, yes, I am calling you from (pause) Chicago. I can fix your problem in eight minutes. Yes! Eight minutes only! Yes! Guaranteed! Hello? Hello? 100%! Yes! You will have no worries! Absolutely guaranteed! We send you certification! In writing! Just a moment, please wait just a moment, my supervisor is coming on the line to confirm ... yes, thank you sir, kindly please have your MasterCard ready...
...and, Go Bulls! Yes yes!
Why, yes, You're right. I recognize that voice!
Yes, we trained him in Cupertino... Go 49ers! Yes!
Wait— my supervisor just wishes to confirm your order, very quick!
:-)
Speaking of due process, here's something else that Apple is saying that I also said, having to do with being hauled into court to prove that the iPhone backdoor software works and releasing it to the defense in any criminal trial: Footnote #24:
"Use of the software in criminal prosecutions only exacerbates the risk of disclosure, given that criminal defendants will likely challenge its reliability. See Fed. R. Evid. 702 (listing requirements of expert testimony, including that "testimony [be] the product of reliable principles and methods" and "the expert has reliably applied the principles and methods to the facts of the case," all of which a defendant is entitled to challenge); see also United States v. Budziak, 697 F.3d 1105, 1111-13 (9th Cir. 2012) (vacating order denying discovery of FBI software); State v. Underdahl, 767 N.W.2d 677, 684-86 (Minn. 2009) (upholding order compelling discovery of breathalyzer source code). The government's suggestion that Apple can destroy the software has clearly not been thought through, given that it would jeopardize criminal cases. See United States v. Cooper, 983 F.2d 928, 931-32 (9th Cir. 1993) (government's bad-faith failure to preserve laboratory equipment seized from defendants violated due process, and appropriate remedy was dismissal of indictment, rather than suppression of evidence)."
Basically, the courts have held the defense gets to see the software, and even investigate how it works. . . and have hands on, unfettered. Oops. No more secret.
ROTFLOL
thanks
It's a red herring argument. The only difference between iPhones with the secure enclave and those without is that the SE has it's own SW update process giving extra security to the code (and thus the keys) inside it. In this particular case (dead terrorist's phone) the lack of SE means Apple can update all the flash containing the OS plus the code to decrypt the AES key in one update. With SE it would require two updates. It slightly eases one difficulty but doesn't change the fact that the FBI is demanding an entirely new function.
That function is a passcode tester that allows testing through a new channel. Currently all passcode entry is via the on-screen keyboard. The FBI demands a new channel through USB, bluetooth or wifi. The SE or lack thereof is not involved with that new functionality. That new functionality, in conjunction with turning off the attempt count and turning off the auto-erase constitutes a back door.
The diagram showing the secure enclave categorizes the kernel as firmware, the diagram without the secure enclave categorizes the kernel not as firmware but as software. Also, in the diagram showing the secure enclave the user partition is encrypted, in the other diagram it is not. These likely bear on the difficulty of any modifications.
That is true and the FBI is requiring running in RAM (i.e. software) with no changes to firmware. Lack of SE appears to make that possible but I'm not 100% sure about that. My argument against doing has no basis in the difficulty of doing it. Although I would say adding a brand new interface to accept passcodes and test them is nontrivial.
That argument is simply that Apple has made an unbreakable system (and will with one more change) and should not be forced to break it by building a general purpose back door. Apple is merely building the inevitable unbreakable system for data at rest. The inevitable system for data in motion (comms encryption) was built in the 90's despite government's insistence that the world would come to an end if end-to-end encryption were possible.
Not a whole lot of people still use PGP but there are apps now that do the same thing used by literally a billion people according to BBC. Are we going to tell a billion people, no, you need to go through the Clipper Chip (or a software equivalent)? No, that is stupid. Going against Apple will be seen (is seen by anyone who studies it) as just as stupid.
Were they to say otherwise, it would seriously damage their public propaganda campaign. They might be telling the truth, but because they hold all the cards (meaning the source code and designs) nobody can verify that they are actually telling the truth.
That's what everyone has been telling you. Apple has now answered and they say it would take a team of between six and ten engineers, two to four weeks before they can even start testing on OTHER iPhones to make sure nothing else breaks.
I think these numbers are actually inflated over and above what it would really take. I think they are just using the regular development team, and alleging that the entire team is necessary, and I think they are also combining their "usual team" with an extraordinary abundance of caution.
I think that if they actually decide to do it, the end result will not take nearly so much time, nor nearly so many people. I think they are just playing "poor me" to the courts.
The FBI is not asking for any “backdoor” functionality or for weakening encryption. The changes they are asking for regard limitations on sign-on attempts and escalating delay intervals between sign-on attempts.
You listed functions 1 and 3 in the FBI demands. The third function is #2 in the order: "it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the phyiscal device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE"
That is a back door by the fact that it lets the FBI in albeit with a little effort. The other two functons are needed to make this back door function work.
That’s not a backdoor in the traditional sense. It is not a function invoked in an undocumented/illicit way, for example by passing a “special value” to an otherwise legitimate program unit which has been illicitly modified to respond to that value.
Might not be a back door in the traditional OS sense like an open port, but a back door for key protection algorithms. That’s because encryption and protection of keys is only as good as the algorithms and anything that weakens the algorithm in any way is a back door.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.