Justice Department Seeks to Force Apple to Extract Data From About 12 Other

NASDAQ ^ | February 22, 2016, 11:48:00 PM EDT

[Swordmaker]

The Justice Department is pursuing court orders to force Apple Inc. to help investigators extract data from iPhones in about a dozen undisclosed cases around the country, in disputes similar to the current battle over a terrorist's locked phone, according to people familiar with the matter.

The other phones are at issue in cases where prosecutors have sought, as in the San Bernardino, Calif. terror case, to use an 18th-century law called the All Writs Act to compel the company to help them bypass the passcode security feature of phones that may hold evidence, these people said.

Privacy advocates are likely to seize on the cases' existence as proof the government aims to go far beyond what prosecutors have called the limited scope of the current public court fight over a locked iPhone used by one of the San Bernardino shooters.

Law enforcement leaders, however, may cite the existence of the other cases as evidence that the encryption of personal devices has become a serious problem for criminal investigators in a variety of cases and settings.

[DiogenesLamp]

This is the internet. This is Free Republic. Anyone who is such a tender flower that they cannot slough-off name-calling and assaults on their character should take up knitting or something.

People routinely get over their mad, and sometimes even become friends once the acrimony works itself out.

Swordmaker and I have been arguing for quite a long time, so my characterization of him has it's roots in history far deeper than just the current issue. I'm not going to get into it because I don't see any point in antagonizing him further, plus I don't like mixing up one issue with another.

It's often hard enough just to keep the facts straight on one issue.

[Rustybucket]

My point exactly, give the discovered data, and the phone back to the government, not how you retrieved it.
by the way, your misquoting the intent of B.Franklins quote. I put the link and explanation on another of your posts.

[SteveH]

YEAH BUT THEN THEY DO THEY WANT QUICK TURNAROUND TO CAPTURE THE PERPS NOW or do they want to start at the lowest possible level and risk a protracted multi-year legal battle? (Sorry about caps)

Does it make any sense to start in the fed court traffic school equivalent basement if this is so *$&^ing important? Should they not welcome expediting to the point of proactively augmenting it? Ditto for the district judge assigned if he or she played a role in delegating the decision to the fed bureaucrat. (IANAL so I may be missing something.)

[SteveH]

Well yes but I just tuned in (please forgive so I imagine I missed much of the prior drama) but it does seem to me from that which I have had a chance to skim that Swordmaker is making at least some effort to be straightforward and rational. (I may be missing something.)

[Ray76]

(note keys stored on device)

An excerpt from an Apple document:

Secure Boot Chain

Each step of the boot-up process contains components that are cryptographically signed by Apple to ensure integrity, and proceeds only after verifying the chain of trust. This includes the bootloaders, kernel, kernel extensions, and baseband firmware.

When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted. The Boot ROM code contains the Apple Root CA public key, which is used to verify that the Low-Level Bootloader (LLB) is signed by Apple before allowing it to load. This is the first step in the chain of trust where each step ensures that the next is signed by Apple. When the LLB finishes its tasks, it verifies and runs the next-stage bootloader, iBoot, which in turn verifies and runs the iOS kernel.

This secure boot chain ensures that the lowest levels of software are not tampered with, and allows iOS to run only on validated Apple devices.

If one step of this boot process is unable to load or verify the next, boot-up is stopped and the device displays the “Connect to iTunes” screen. This is called recovery mode. If the Boot ROM is not even able to load or verify LLB, it enters DFU (Device Firmware Upgrade) mode. In both cases, the device must be connected to iTunes via USB and restored to factory default settings. For more information on manually entering recovery mode, see http://support.apple.com/kb/HT1808.

System Software Personalization

Apple regularly releases software updates to address emerging security concerns; these updates are provided for all supported devices simultaneously. Users receive iOS update notifications on the device and through iTunes, and updates are delivered wirelessly, encouraging rapid adoption of the latest security fixes.

The boot process described above ensures that only Apple-signed code can be installed on a device. To prevent devices from being downgraded to older versions that lack the latest security updates, iOS uses a process called System Software Personalization. If downgrades were possible, an attacker who gains possession of a device could install an older version of iOS and exploit a vulnerability that’s been fixed in the newer version.

Source: http://web.archive.org/web/20120617005348/http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf

[DiogenesLamp]

YEAH BUT THEN THEY DO THEY WANT QUICK TURNAROUND TO CAPTURE THE PERPS NOW or do they want to start at the lowest possible level and risk a protracted multi-year legal battle? (Sorry about caps)

The legal system is configured in such a manner as to not allow them to do it any other way. They MUST start at the lowest level court which can potentially grant relief.

Presumably if it is important enough, the courts will greenlight it as fast as necessary.

In this case, there is the potential that no useful information could be obtained, and even if there is potentially useful information on the phone, the possibility exists that the method being attempted would require a year or more to succeed, and so that is probably why this isn't on a legal fast track.

If there was clear evidence to show the phone had immediately pressing, and immediately accessible data, it would probably have already gone through all the necessary court processes to accomplish it.

[SteveH]

I did read IncPen’s suggestion. However, I did not repeat it (regardless of how i feel personally). So in any case I have not given you cause to treat me as you would IncPen in that regard. Would you not agree?

[DiogenesLamp]

Well yes but I just tuned in (please forgive so I imagine I missed much of the prior drama) but it does seem to me from that which I have had a chance to skim that Swordmaker is making at least some effort to be straightforward and rational. (I may be missing something.)

What *I* see, is him repeating himself regarding arguments I have already shown (at least to me) as irrelevant or just plain wrong.

For example, he was going on about the hardware ("secure enclave") and how hard it was to break into.

This phone in question is a Iphone 5C. It does not have a hardware "secure enclave" so we don't need to discuss a hardware "secure enclave" and any effort to do so is an irrelevant distraction.

"The recovered iPhone is a model 5C. The iPhone 5C lacks TouchID and, therefore, lacks a Secure Enclave. The Secure Enclave is not a concern. Nearly all of the passcode protections are implemented in software by the iOS operating system and are replaceable by a single firmware update."

[DiogenesLamp]

I did read IncPen's suggestion. However, I did not repeat it (regardless of how i feel personally). So in any case I have not given you cause to treat me as you would IncPen in that regard. Would you not agree?

You have been reasonable for quite a string of messages. I recall that it was my impression that you were not so reasonable at one time. I would have to go back and look at specific messages to point out where though.

Is it really worth it at this point, or can we not just continue discussing this in a reasonable fashion?

How about this? Let me just apologize for misjudging you previously, and leave it at that.

[SteveH]

Yeah but if i have a $250K beef with my contractor, do i file in petty claims court, or unlimited jurisdiction, presuming local court procedures permit plaintiff discretion?

Are the feds seeking a novel interpretation and application of the 1789 All Writs Act to 21st century software written for 21st century hardware, none of which was conceived of in the 18th century, by asking a low level clerk to sign off on it? What do they expect? This does not have the appearance of a routine administrative matter, undeserving of the attention of a full judge.

IANAL but one should not need a master’s in biochem to detect a fishy odor emanating from how this case is playing out. Would you not agree? Or, do you have full faith and confidence that lawyers and legislators in 1789 anticipated the need for the government to ask cell phone manufacturers for software to help decrypt cell phone message data in 2015 when they wrote and passed the AWA?

[itsahoot]

by the way, your misquoting the intent of B.Franklins quote. I put the link and explanation on another of your posts.

I read it but and considered it but decided not one person in a million would read that into the quote, if that was his intent he has lost the quote to other historical meaning. Sort of like "Shall not be infringed."

[SteveH]

I see from one online document somewhere that all A7 processors have secure enclave capability. I also see that IOS 7 runs on A7 processors. If both are true, it still does not necessarily mean that IOS 7 uses the secure enclave. And there are IOS revisions for every major release to consider.

Maybe this is a situation in which both of you are technically correct or close to correct, but talking past each other due to fine details(?)

My pickup truck is in dire need of some welding attention, but this secure enclave stuff is mildly interesting. I would like to have a chance to get back to studying it further. I only see a few online articles discussing it and none that seem to discuss it to sufficient depth that I feel confident that I could represent what they seem to try to communicate accurately (possibly due to ambiguous writing). Meanwhile, thanks to both of you and I do think it is worthwhile to continue disucssion, particularly since most of the articles out there are written by non-technical folks for other non-technical folks. (Maybe if nothing else we collectively have a chance to cut through some of that and bring some more illumination to bear to the topic.)

I also sense that there is a separate legal issue of what the appropriate venue is for resolution. I am not a lawyer but hopefully we will get some timely clarification on that from legal folks.

[SteveH]

I probably was a bit belligerent at first since I was in a bad mood yesterday from something personal and totally unrelated. My apologies to you for that. However, I am interested finding out what should be the solution in this discussion in a dispassionate way. My own particular prejudice is (as i have stated before) that apple should not be compelled into some corporate form of involuntary servitude, not to mention servitude of the type to violate the integrity of a key feature of one of its flagship products. Beyond 13A concerns, it has to me a taste similar to that of smart trigger identification for guns. And this does not even include all the (imho) numerous potential software security pitfalls that most folks will simply not ever take the time and effort to try to understand— not that they are necessarily stupid, but that it can be somewhat involved.

[SteveH]

I meant to add somewhere along the line a pointer to the FR discussion of another possibly pertinent article here:

Apple’s Involuntary Servitude
Judge Andrew Napolitano

http://www.freerepublic.com/focus/f-news/3401654/posts

[DiogenesLamp]

This does not have the appearance of a routine administrative matter, undeserving of the attention of a full judge.

I think it will eventually get one, but the legal system must go through it's motions. It insists upon it.

IANAL but one should not need a master’s in biochem to detect a fishy odor emanating from how this case is playing out. Would you not agree?

I do not disagree, but in my opinion the "fishiness" is coming from Apple inc. My understanding of what is being asked of them does not appear to fail the "undue burden" test. That they are engaging in a screaming hissy fit makes me think they are misleading everyone about how difficult this is.

If it were impossible, they would say matter of factually, "it isn't possible."

Or, do you have full faith and confidence that lawyers and legislators in 1789 anticipated the need for the government to ask cell phone manufacturers for software to help decrypt cell phone message data in 2015 when they wrote and passed the AWA?

Jeffey Epstein wrote a legal opinion which surmised that vagueness written into the Writs act was intentional because the founders did not want limitations put on an inventive and changing society. That they did it because they had no idea how the future would develop and didn't want to hinder future potential applications of the law.

I don't know. I know the same concept applied to "arms" makes the modern M-16 an evolutionary manifestation of the old "Brown Bess." It's a good thing they didn't say "Muzzle loader" or some such.

[Swordmaker]

If you didn't read them the first time, why should I bother? You don't want it to be true, so you are simply going to dismiss any quote I provide. I have better things to do.

Look ID10T, I've read the entire COURT ORDER. There is nothing in it that says APPLE MAY KEEP THE said iPhone 5C after recovery of the data on SUBJECT DEVICE as a souvenir, it just is NOT THERE.

No, what it says is on page 3, lines 13 and 14:

"All evidence preservation shall remain the responsibility of law enforcement agents."

WHERE, oh WHERE, DiogenesLamp, does that say "Apple may retain the iPhone 5c or SUBJECT DEVICE for safe keeping"? Is Apple going to allow an FBI or "law enforcement agent(s)" to stand guard 24/7 for the rest of eternity over that iPhone 5C?

YOU ARE reading invisible words between the lines that NO ONE ELSE CAN FIND!

So again, we challenge you to please find these non-existent words in this Court Order, signed by Sheri Pym, which incidentally was SIGNED BY A RUBBER STAMP!!!! What's with that??? Can't she write? Or was this issued by HER clerk?

[Swordmaker]

"The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis."

Where in that sentence does it say Apple gets to KEEP the SUBJECT DEVICE evidence? How is it going to prevent some man-in-the-middle hacking of the device while the "government" (which department in the government? which agency?) accesses the device to its heart's content and reads and copies the unlocking code?

I STILL DON'T SEE the WORDS "APPLE GETS TO KEEP THE NOW COMPROMISED SUBJECT DEVICE!"

DO YOU?

If it is NOT written in the order, Ray, it's not in the order.

[DiogenesLamp]

I see from one online document somewhere that all A7 processors have secure enclave capability. I also see that IOS 7 runs on A7 processors. If both are true, it still does not necessarily mean that IOS 7 uses the secure enclave. And there are IOS revisions for every major release to consider.

According to this spec sheet, and according to Wikipedia, the Iphone 5C uses the A6 processor.

Maybe this is a situation in which both of you are technically correct or close to correct, but talking past each other due to fine details(?)

I'll grant the possibility that it is true, but I have always thought that Swordmaker was not really understanding that the particular phone in discussion did not have all the protection features he kept going on about.

His "the code you are referring to is burned into SILICON" is an example.

[Swordmaker]

I kinda thought at the time when I saw it, that it would shut you up, but obviously it hasn't. You simply ignored it and went on screeching.

I can read. I can read ENGLISH. I can read LEGAL documents. I can comprehend what I read. What you claim is in there, isn't in there. That's why I keep arguing with you when YOU keep claiming Up is Down, Black is White, and your LIES are the truth.

You appear to be in the throes of some sort of fanatical delusion which I am not medically qualified to treat.

Another ad hominem attack. The last refuge of the person without facts. With you, it has always been the first refuge.

[Swordmaker]

Just model the hardware on a CPU simulator, and run your own offing patch on the cellphone data image.

You can create the software on a CPU emulator. You cannot install it on the real iPhone without the Apple Signature. It's like learning to fly on a flight simulator and actually flying a plane. Difference is night and day.