El Reg has published an article Feds dig up law from 1789 to demand Apple, Google decrypt smartphones, slabs:
The FBI has made it no secret that it hates Apple and Google's efforts to encrypt files in your smartphones and tablets. Now court documents have emerged showing just how far the Feds are willing to go to decrypt citizens' data. The paperwork has shown two cases where federal prosecutors have cited the All Writs Act — which was enacted in 1789 as part of the Judiciary Act — to force companies to decrypt information on gadgets.
The Act, which was signed into law by none other than George Washington and later revised in the 20th century, gives the courts the right to...
issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
That's a pretty broad remit, but the Feds think it's just the thing to force Apple and others to break down privacy protections.
Perhaps someone forgot to tell the Feds that the latest encryption used in these slabs doesn't let Apple or Google decrypt them. But the article does point out:
The court filing [by the government to seek a court order against Apple] states investigators were unwilling to try and open the iPhone for fear of damaging a crucial piece of evidence. They asked the courts to force Apple to give them a hand in safely extracting data from the passcode-protected phone.
Ars Technica has coverage as well: Feds want Apple’s help to defeat encrypted phones, new legal case shows.
(Score: 3, Insightful) by iwoloschin on Wednesday December 03 2014, @02:47AM
If Apple/Google can show that it is impossible for them to decrypt the device, then it's impossible for them to provide help. No judge can force a person (or company, since they're people now too) to do the impossible, because, well, it's impossible. Granted, a judge may not understand why it's impossible, but I imagine Apple/Google have smart enough lawyers to prepare a brief on whatever encryption techniques they're using and why it is impossible to crack (within a reasonable time frame).
Of course, a smart judge might go ahead and tell Google to go fire up a D-Wave system and crack it, but even then, it'll probably take a while...
(Score: 2) by c0lo on Wednesday December 03 2014, @03:57AM
And it will take some non-trivial amount of money. Can a (US) judge ask for a significant amount of work be performed without compensation?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by In hydraulis on Wednesday December 03 2014, @04:01AM
You know what else is impossible? Proving a negative.
It is impossible, theoretically impossible for Google, Apple, etc. to prove that they can't decrypt the data in question. Repeated claims of that nature, though, could land them charges of being in contempt of the court.
Or am I just being paranoid?
(Score: 0) by Anonymous Coward on Wednesday December 03 2014, @04:41AM
Well, the IRS can't find an email in a crashed hard drive or multiple backups.
(Score: 2) by urza9814 on Thursday December 04 2014, @05:19PM
Yeah, you're just paranoid. If YOU were the defendant, your feelings would be totally reasonable. But with Apple or Google as the defendants, it reads like some serious tinfoil hat nuttery ;)
(Score: 2) by Immerman on Wednesday December 03 2014, @04:10AM
The question, I imagine, is whether the Feds can use this to pressure Apple/Google to either remove the encryption or install a back door. That's of no use in *this* case, but since it's basically guaranteed that there will be another (and another, and another), it could perhaps be argued that the failure to intentionally weaken the encryption in the face of such nigh-certain future complaints is contempt of court, or willful negligence, or something. I'm sure they'll throw the whole book at them if they have to. One tortuously long, tedious, expensive court case after another. Is there even an avenue with which to charge a government agency with vexatious litigation?
Then there's the other avenue: No back door? Can you *prove* that? Conclusively, beyond any shadow of a doubt? Come on now, we all know you make your money monitoring and exploiting your users, do you really expect us to believe you allow them to keep any secrets? Be honest - we won't tell anyone, after all we're all in the same ubiquitous monitoring business.
We can keep dragging you in to court over various laws that kind of apply, or we can be a generous customer for user data. Totally your choice. No pressure. Take your time. Oh, did we mention we've got a new kid just joined the legal team? She thinks she can twist this bestiality law into applying. Probably won't stick, but hey, just think of how great the headlines will be!
(Score: 2) by edIII on Thursday December 04 2014, @07:26AM
The Feds fight their battles on my fronts, with many faces. What you see here is posturing and legal fuckery (pardon the term) to create a burden for Apple. That's it. Greater the better, obviously, but just the expenditure was enough. Apple bled.
At the same time they are doing that, CALEA is currently being discussed. Straight telephone equipment is already jacked into the government so strongly that backdoors are mandatory and already installed in most of the legacy infrastructure.
FCC.gov
"Facilities Based" - Code for Tier 1 and any company like Google large enough to have "facilities". Kill it from the top down, such that any serious contender well known in the marketplace has no choice but compliance or jail. So privacy just became something only obtainable on the black market. You need to be running a darknet, and that's going to be really hard when there is zero industry support.
The argument now is about when the FCC concludes it deliberations on whether or not all equipment manufacturers and ISPs are currently obligated to apply the exact same laws forcing land line telephones to be jacked directly into the FBI via DSCNET. Strange as this seems, the FBI gets everything it wants by simply telling the FCC to consider VOIP and instant messaging to be the same as a telephone conversation. By extension, once they are telephones, the FBI has the legal authority to tap any telephone with a warrant. Whether or not the entire warrant system is broken or not, is not something the courts consider themselves a forum for when arguing this. Whether or not it's technically possible is also equally irrelevant. Succeed with proof, and the FBI will merely swim upstream to the manufacturer they can hold to the law.
What happens when VOIP and instant messaging is reclassified under CALEA is rather severe restrictions(pg. 26) [justice.gov]. The equipment manufacturers and the ISPs either have CALEA compliant hardware, or hardware that deliver's CALEA compliance via sniffing and DPI already in place. The FBI's true gripe about the whole thing is that the Internet arrived in 95' and cellular markets exploded so that their legally backdoor'd communications infrastructure was all of the sudden quickly become obsolete and less used. Cellular markets were easy to bring in line, as you can find the executives. Internet, not so much. It's new tech, new people, and dear sweet jesus, the plebs keep coming up with new shit every day. The FBI wants everything jacked into it, and doesn't care about the NSA, privacy, freedom, ethics, morality, your dog, etc. That's other departments.
The encryption itself will never be outlawed directly. It will just be a legal technicality that says all manufactured equipment has the FBI's backdoor pre-installed. Key escrow was so 90's. Now it's about controlling the lower layers of the communication stacks themselves and jacking into the OS so low, you just access plaintext irrespective of cipher algorithms manipulating it.
Last act of this soap opera was written decades ago. It will be fairly soon when it's not possible to obtain hardware or software not backdoor'd by law. With the TPP and other bullshit brewing forget about jailbreaking, you will be face-down-ass-up in some prison somewhere enjoying the ministrations of some other terrorist who only brutally killed an entire family with his hands. The FBI will own us. Soon. Personally, I find it exciting. The new age of hackers will be people not wearing or using any brand names. It will be people sophisticated enough to perform limited fabrication from illicit hardware and network designs. The rest will be coppertops, or those just willing to give up their devices and explore the new fad of pens and paper for super-duper-extra-secret not-so-instant messages that future employers won't bring up :)
(Score: 2) by Immerman on Thursday December 04 2014, @05:00PM
> backdoors are mandatory
Indeed, but only into the phone *service*, and the cell-phone companies all presumably have those back doors installed. What we're talking about here is only encryption of your privately-owned pocket-computer, the fact that it has a phone built in is irrelevant - the phone component is already compromised whenever it's used.
(Score: 2, Insightful) by Anonymous Coward on Wednesday December 03 2014, @03:07AM
It doesn't make for a cute headline as we have here, but there are a lot of 18th century laws that are in use today. Can you imagine: Lawyer invokes a law from 1788 to force the court to either charge his client with a crime or release him!
What are we going to see next? The 30 simple grievances to air that hereditary monarchs don't want you to know!
(Score: 2) by maxwell demon on Wednesday December 03 2014, @07:26AM
How old is the constitution, again? So if arguing based on a 1789 law is bad, clearly so is arguing based on the constitution, right?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 1) by Nuke on Wednesday December 03 2014, @01:11PM
The most sensible laws tend to be old ones, yet we often (as here) see the age of a law being held up as some kind of reason for it being ignored or withdrawn. The most fundamental laws such as against theft and murder go back thousands of years, some of them to times before they were even written down.
I don't have an issue with third parties being obliged to give evidence or assistance in a criminal case. But if it is impossible for assistance to be given, as here, then it just can't; end of story.
(Score: -1, Flamebait) by Anonymous Coward on Wednesday December 03 2014, @05:05AM
Thank you, Soynuts, for proof that Washington was the worst Imperial President (of All Time!!) and the United States has always been a steaming pile of rotting horse manure.
It's official!
Washington: pure evil
Adams, Adams: pure evil
Lincoln: pure evil
Hoover: idiot
Truman: destroyer of worlds
Nixon: pwned the moon
Ford: everybody loves Gerold!
Reagan: the actor?!
Bush, Bush: pure evil
Obama: pure evil
(Score: -1, Flamebait) by Anonymous Coward on Wednesday December 03 2014, @05:06AM
Hope and Change you can believe in!!
(Score: 0) by Anonymous Coward on Wednesday December 03 2014, @05:23AM
You know it, baby! Fashion is everything, darling, and we elected for a new color of president. He's fabulous!
(Score: 3, Insightful) by Anonymous Coward on Wednesday December 03 2014, @05:46AM
This dog and pony show is obviously only to mislead people. If they actually need the stuff, they can strongarm these local companies.
I will never buy the services of any company from the USA. I suggest you do the same. I'm looking at you NSA.
(Score: 0) by Anonymous Coward on Wednesday December 03 2014, @12:53PM
If they actually need the stuff, they can strongarm these local companies.
That's exactly what they're doing: "court order" is how you strongarm a company. "Lucrative contract" is how you bribe a company, and this has apparently failed. They already have access to metadata, to unencrypted content stored in the cloud. This will give them access to encrypted cloud content in such cases that the cloud owner has an "emergency recovery" type of system. It's also possible it could force cloud/device companies to install back doors or to otherwise limit the security of encryption (everyone remember the old export controls on encryption?)
It should be clear to everyone that data stored on hardware owned and controlled by someone else is inherently not secure. If someone else can access or recover your data, that person can be coerced to recover your data for a government agent.
This raises the spectre that even data stored on a device you "own" and that you, yourself have encrypted may be subject to 3rd party compulsion. If the NSA can compel Apple to decypt my data, then they can compel OpenSSL, TrueCrypt, or GPG to decrypt my data. If the NSA is willing to do this, then I have no reason to believe that GCHQ, BND, SVR, etc would not, so you are not necessarily "safe" just by choosing a different country.
(Score: 2) by physicsmajor on Wednesday December 03 2014, @01:34PM
Perhaps at one time in history, before 9/11, you might have been correct. But strongarming local corps is no longer the purview of the public court system or lucrative contracts. Poor interpretation of existing law is now the least we have to worry about.
It's the purview of National Security Letters. You know, the secret orders that you have to comply with and never tell anyone about, ever, on pain of being disappeared? Yeah, those.
(Score: 0) by Anonymous Coward on Wednesday December 03 2014, @03:30PM
> OpenSSL, TrueCrypt, or GPG
What does not belong? Truecrypt, not free software and abandoned as well.
The thing is, regardless how much OpenSSL or GPG authors might want to decrypt my files, they're just as impotent doing so as anybody else. The Men In Black will have to torture me to get my secrets. Isn't that comforting? :)
(Score: 0) by Anonymous Coward on Wednesday December 03 2014, @05:07PM
Since when is Apple a local company?
(Score: 3, Informative) by bradley13 on Wednesday December 03 2014, @09:19AM
Excellent stuff! This will give Apple, Google and all other companies storing encrypted user data a real motivation. Specifically, a motivation to ensure that the encryption is secure and has no known backdoors. That way, they don't have to invest any effort, because they can simply say "sorry, not possible".
Everyone is somebody else's weirdo.
(Score: 3, Informative) by janrinok on Wednesday December 03 2014, @10:53AM
This article does not cause me any concern. The fact that the FBI et al are making such a fuss suggests to me that they cannot crack the encryption that is currently being used or is proposed for the near future. Good, that it what was intended.
The real problem will occur when the FBI goes quiet. For at that point, it will probably indicate that they can either crack the encryption or that they have a backdoor into the device. That is the point when we should be concerned. It will also be the point where the market value of Google or Apple will fall at least a little, as more and more people realise that their data is no longer safe and start looking elsewhere. The FBI can then be pleased that they can take the credit for adversely affecting US businesses and the jobs market. Undoubtedly, they will claim that a child has been saved or that a terrorist has been defeated without ever giving sufficient details for the statement to be proven. And so it will go on....
(Score: 2) by mcgrew on Wednesday December 03 2014, @03:14PM
Why are you people submitting stories linked to an entertainment site? What's wrong with techdirt [techdirt.com] or one of the myriad respectable news outlets? [google.com]
The Register is NOT a reliable source of news.
Ars [arstechnica.com] has a very good writeup on it.
And that, kids, is what's wrong with the buzzard. The Register is Britain's tech National Enquirer.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 1) by Fauxlosopher on Wednesday December 03 2014, @07:54PM
The Register [theregister.co.uk] has been in my news source rotation for years, and not once do I recall that one of their news stories could be described as "unreliable" in that the premise of the story was later found out to be out of the norm for more straight-laced news sources.
What is your basis for describing El Reg as "unreliable"? The tenor of delivery does not negate the veracity of facts presented, and El Reg's content is something I'd describe as informative and entertaining.
(Score: 2) by aristarchus on Thursday December 04 2014, @11:11AM
What is your basis for describing El Reg as "unreliable"? The tenor of delivery does not negate the veracity of facts presented,
They do refer to "boffins" a rather lot, and that bothers me because I am not really sure what "boffins" are. Same goes for "bullocks", though I do remember hearing that term in the movie "V for Vendetta". Is it an Anonymous thing?
(Score: 2) by mcgrew on Thursday December 04 2014, @02:42PM
There have been provocative articles posted here that linked a story from there, and other sources show that they leave out important facts that show that the real story isn't provocative at all. They make Fox News look respectable.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 1) by Fauxlosopher on Thursday December 04 2014, @07:53PM
One or more specific examples of The Register publishing a story that leaves out well-known facts or otherwise blatantly manipulates the known information in order to deceive the reader would be appreciated. Even as a current fan of El Reg, I cannot abide intentional deception.
El Reg is a biased news source. EVERY news source is biased, even the few that make honest attempts to be impartial; that alone does not imply deceit. Deceit, on the other hand, is absolutely cause to reject an information source, as well as cause to spread the word to convince others to reject the exposed liars.
(Score: 0) by Anonymous Coward on Thursday December 04 2014, @02:14AM
Since when do these devices require long pass phrases. For numbers, anything less than 12 digits is trivial to brute force. If you lock your phone with 6 or 8 digits, then it's only non-accessible to the casual person picking it up, nothing else.
(Score: 2) by urza9814 on Thursday December 04 2014, @05:27PM
When I set the encryption on my Android device, it explicitly prohibited using the number pad for the encryption code. Only option was alphanumeric (I suppose you don't HAVE to use letters, but you do have to use a full keyboard so you might as well...), and I believe 8 characters was the minimum (I use 14).