Yesterday, the government made a surprising retreat in the San Bernardino encryption case, after an unnamed source revealed a new method of breaking iPhone lockscreen protections. After a hastily assembled conference call, the parties agreed to put the court order on hold until it could be determined whether Apple’s help was still necessary.
But excerpts from a court transcript of that proceeding, published here for the first time, show the government was far less prepared for the new method than some have assumed. “We only learned about this possibility today, this morning,” Assistant US Attorney Tracy Wilkison told the judge in the conference call. “We have a good faith basis at this point in order to bring it up.” That timeline is consistent with recent court filings, which show the first successful demonstration of the method coming that Sunday.
What a weird story. Jonathan Zdziarksi has a theory about the supposed hack.
This is truly an interesting development. Hopefully more details emerge. This whole thing has been a bungled mess. It’s apparent by the comments that crop up here about the case that most people do not understand the specifics of the case, technical and otherwise. Speculation and poor understanding of the technical details have caused a lot of people to extrapolate scenarios which are not even possible. At the same time they ignore the very fundamental privacy problems Apple devices have whether or not Apple intends them to be flawed.
That’s because it’s never been about the technical details.
https://xkcd.com/538/
You can also actually wait for another ‘leak’. Jennifer Lawrence shudders.
I was hoping this case would help to establish some explicit limits on the All Writs Act… Guess we will have to wait for the next subpoena.
Also, I don’t know if he is right or not (and we probably never will), but Zdziarski’s theory sounds very plausible.
Edited 2016-03-23 00:47 UTC
Unless they have the higer encypted data at 64bit i see it as brute forcing the master key (they have an awesome stup over there)
IF they gain content except metadata they have to deal with a split SCOTUS and NOTHING will happen until a tiebreaker is installed.
There need not be a hack. This provides a face-saving out for the FBI. They can just wait a couple of weeks and say say the hack worked, nothing useful found, no need to proceed with court case.
As a bonus. it leaves the perception that there is a 0-day in iOS, which Apple will never find and fix since it doesn’t exist.
Too unethical? Watch (FBI Director) James Comey’s Senate testimony: shifty as hell. The guy clearly missed his true calling as a lobbyist for NAMBLA.
That would be my bet. Either there is no new hack (probable) or they could get in all along. The whole case was about setting precedent, not getting into one phone. Now they^aEURTMre not going to try? They^aEURTMre just waiting for a new Supreme Court and another test case.
Gee, the U.S. government figured out how to hack an iPhone…and is anyone surprised? They already knew how to hack them, it was only their own incompetence that impeded their initial efforts. The government is hell bent on gleaning whatever data they want from whatever device they want. It’s as simple as that. I’ve always said and it’s true, “security” is nothing but an illusion.
And there’s this http://www.zdnet.com/article/should-the-fbi-tell-apple-how-it-unloc… ?
Edited 2016-03-23 01:43 UTC
The FBI wants to sue Apple for, essentially, information that Apple considers secret—the capability and/or means to hack an iphone. How dare they?
And now…
Apple wants to sue the FBI for, essentially, information that the FBI considers secret—the capability and/or means to hack an ihone. How dare they?
I know this is simplifying, a bit, but am I the only one seeing the irony, if not hypocrisy, in all this?
Where does it say that?
Here is one source:
http://www.techinsider.io/fbi-moves-to-vacate-apple-hearing-2016-3
“On a call with reporters, Apple’s lawyers said they have no idea what kind of potential vulnerability the FBI has found, but did say they would insist on being informed about it when the FBI gives its status report April 5.”
That’s far from “wanting to sue”.
Seriously? How do you suppose lawyers “insist”? You think they just politely bat their eyes and say “pretty please”? Okay, here’s another source:
http://www.wired.com/2016/03/fbi-now-says-may-crack-iphone-without-…
“If authorities have found a software or system vulnerability into the iPhone, Apple^aEURTMs lawyers said they will file a motion to obtain discovery and insist on knowing everything about the method^aEUR”including who the third party is that discovered it and the nature of the zero-day vulnerability.”
And yes, that’s all part of the larger lawsuit.
That’s what lawyers can do without actually suing.
!?!
That’s what a lawsuit is. Duh. Hence:
http://www.cnbc.com/2016/02/19/doj-files-motion-to-compel-apple-to-…
Spelling this out for you: Apple has filed a motion insisting that the FBI release any information pertaining to the methods used to break into the iphone.
Sue Sue, v. i.
1. To seek by request; to make application; to petition; to entreat; to plead. [1913 Webster]
Moving on…
vtpoet,
Going beyond this debate over whether or not apple will sue, what’s more interesting to me is to ask whether a manufacturer like apple is legally entitled to details of vulnerabilities on their own platforms.
Say I find an exploit in a product and for the sake of argument that I publicly prove the exploit’s viability against the latest version at defcon. Assuming I haven’t otherwise committed a crime, is there any law or precedent would force me to reveal the vulnerability I used to the developers? I’m not really aware of any…
So it is not clear to me that there would be any legal basis for forcing them to disclose those exploits. Is anyone aware of any precedent for this one way or the other?
Edited 2016-03-24 14:28 UTC
//Going beyond this debate over whether or not apple will sue//
Depends on how matters develop I guess, but their intent is clear. (A recent story seems to have revealed the third party’s identity.)
I’m with you. I don’t think Apple’s lawsuit would stand up. Let’s say that the FBI developed code to break Apple’s encryption, they why, unlike Apple, should they be forced to share the code?
A motion happens IN a lawsuit. It is not the act, or desire, of filing a lawsuit against another party.
Or are you going to claim each of those potential actions are types of suing?
Agree with Kwan_e. But this exploration would not have happen if not for vtpoet wanders.
[firstube.com profile? Anyone? It’s on my path to Thom’s conversation.]
sed -i ‘s/Zdziarksi/Zdziarski/g’
Edited 2016-03-23 15:17 UTC
…..or another option is that Apple relented (behind the scenes). As in, some unnamed, unknown peon at Cupertino just happened to “overhear” a certain passcode, and just might have been able to divulge said information to some lowly secretary at the bureau who passed it up the chain.
I don’t believe for one second that the FBI couldn’t force their will upon a US company for access to sensitive information, without all the cloak and dagger, Macguyver style hacking uber-l337 level shenanigans that have to be played to break a 4 digit PIN number on a mobile device.
… what’s good for the State’s goose is a serious criminal offense for the citizens’ gander.
“Our country has always drawn a line between our military and intelligence services, and domestic policing and spying,^aEUR
http://arstechnica.com/tech-policy/2016/03/representatives-say-nsa-…
Something Admiral Michael wouldn’t do [I think].
[I see the good will embedded on Legislators Tedd and Blake letter, toward a Civilian State of Affairs. Hopeful this is temporal, and that Tedd and Blake form part of the effort.]
And of course, Apple could find it of good taste
My personal notes, photos, drawings and in general any data created or acquired by me, should be fully private -perfect kripto-. IF, AND ONLY IF, I’m not making of that data a digital communications ACT.
“…and they didn^aEURTMt stop them because they had no legal framework…” Gilles de Kerchove.
Legal [and tech] voids are going to lead to a military -and consequently cooled economic- environment.
A cooled economic environment is going to stress even more the Social fabric.
[All of Us could work on repairing and enhancing the Civil Structure (no need to go cerebellar)].
My apologies. Nations with declared cells should be in full neural storm mode.
Siding with Hillary on using a private server. [Maybe fire-walling through Pentagon could have eluded all the posterior annoyances].
http://www.theguardian.com/us-news/2016/mar/26/defense-secretary-as…
1
Browser: Mozilla/4.0 (compatible; Synapse)