from the get-all-the-crooks-in-one-place dept.
Apple's general counsel Bruce Sewell and FBI Director James Comey appeared before the U.S. House of Representatives Judiciary Committee on Tuesday to explain their positions on a court order that would force Apple to unlock the iPhone belonging to one of the San Bernardino shooters. Comey sang a different tune before Congress:
Federal Bureau of Investigation Director James Comey told a congressional panel on Tuesday that a court order forcing Apple Inc to give the FBI data from an iPhone belonging to one of the San Bernardino shooters would be "potentially precedential" in other cases where the agency might request similar cooperation from technology companies. The remarks are a slight change to Comey's statement last week that forcing Apple to unlock the phone was "unlikely to be a trailblazer" for setting a precedent for other cases. [...] Comey acknowledged on Tuesday that the FBI would seek to use the same statute it is trying to apply in the San Bernardino case to compel Apple to unlock other phones, "if (the statute) is available to us."
Members of the U.S. House of Representatives Judiciary Committee seized on Comey's statement that the case could set a legal precedent allowing the agency access to any encrypted device. "Given... that Congress has explicitly denied you that authority so far, can you appreciate our frustration that this case appears to be little more than an end run around this committee?" asked the committee's ranking minority member, Michigan Representative John Conyers. Comey responded that the FBI was not asking to expand the government's surveillance authority, but rather to maintain its ability to obtain electronic information under legal authorities that Congress has already provided.
Sewell argued that unlocking the iPhone would weaken the security of all of them, and that the issue should be settled by Congress:
"We can all agree this is not about access to just one iPhone," Sewell, Apple's general counsel, said in his prepared opening remarks. "The FBI is asking Apple to weaken the security of our products." Sewell also argued that the debate should be had by Congress and elected leaders, rather than a warrant requested under the All Writs Act, a 1789 law that is central to the cases in California and New York.
Sewell also said that Apple is capable of creating new software that removes some security functionality, that being forced to write code is a First Amendment issue, and that Apple hasn't gotten similar demands from China or any other country, but expects to if Apple is forced to comply with the court order.
Previously: New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
Related Stories
Apple has achieved a legal victory in a Brooklyn case that attempted to use the All Writs Act, similar to the case of a San Bernardino shooter's locked iPhone:
A magistrate judge in the U.S. District Court in New York has handed Apple a legal victory in a Brooklyn drug case where federal investigators asked for help getting into a locked iPhone.
Though the ruling isn't precedent-setting or binding on other courts, it hits on a similar overarching theme of government access to encrypted data, as The Washington Post reports:
"The two cases involve different versions of iPhone's operating system and vastly different requests for technical help, but they both turn on whether a law from 1789 known as the All Writs Act can be applied to cases in which the government cannot get at encrypted data stored on suspects' devices."
NPR's Joel Rose previously outlined the premise of this Brooklyn case, which predated the legal clash over an iPhone used by one of the San Bernardino shooters:
"Jun Feng pleaded guilty to selling methamphetamine last year. As part of its investigation, the government obtained a search warrant for Feng's iPhone. But the phone was locked by a passcode, so prosecutors asked a judge for an order compelling Apple to bypass it."
That order was based on the same law as the San Bernardino court order compelling Apple's help in unlocking the iPhone used by Syed Rizwan Farook before the Dec. 2 attack, in which he and his wife killed 14 people.
The Justice Department will appeal the case. FBI Director James Comey and Apple General Counsel Bruce Sewell will appear at a House Judiciary Committee hearing on Tuesday to testify on encryption.
James Comey has been asked by President Trump to stay on as Director of the Federal Bureau of Investigation. Comey is three years into a ten-year term.
News at NYT (which broke the story), USA Today, Washington Post, CNN, and The Hill.
Here's the bulk of our extensive past coverage of FBI Director Comey's career (oldest first):
2014:
FBI Director Concerned about Encryption on Smartphones
F.B.I. Director Calls "Dark" Devices a Hindrance to Crime Solving
To FBI Director Comey: You Reap What You Sow!
2015:
F.B.I. Has No Doubt that North Korea Attacked Sony, says Director
FBI Chief Links Video Scrutiny of Police to Rise in Violent Crime
2016:
Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone
FBI Unable to Decrypt California Terrorists' Cell Phone
FBI vs. Apple Encryption Fight Continues
New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
Apple Lawyer and FBI Director Appear Before Congress
FBI Error Locked San Bernardino Attacker's iPhone
FBI's iPhone Hack Only Works on 5C and Older
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Director Blames 'Viral Video Effect' for Spike in Violent Crime
FBI Recommends No Prosecution for Clinton
FBI Chief Calls for National Talk Over Encryption vs. Safety
At a press conference, an FBI spokesman blamed industry standard encryption for preventing the agency from accessing the recent Texas mass shooter's locked iPhone. Reuters later reported that the FBI did not try to contact Apple during a 48-hour window in which the shooter's fingerprint may have been able to unlock the phone. Apple said in a statement that after seeing the press conference, the company contacted the FBI itself to offer assistance. Finally, the Washington Post reports (archive) that an FBI official acknowledged Apple's offer but said it did not need the company's assistance:
After the FBI said it was dealing with a phone it couldn't open, Apple reached out to the bureau to learn whether the phone was an iPhone and whether the FBI was seeking assistance. An FBI official responded late Tuesday, saying that it was an iPhone but that the agency was not asking anything of the company at this point. That's because experts at the FBI's lab in Quantico, Va., are trying to determine if there are other methods, such as cloud storage or a linked laptop, that would provide access to the phone's data, these people said. They said that process could take weeks.
If the FBI and Apple had talked to each other in the first two days after the attack, it's possible the device might already be open. That time frame may have been critical because Apple's iPhone "Touch ID" — which uses a fingerprint to unlock the device — stops working after 48 hours. It wasn't immediately clear whether the gunman had activated Touch ID on his phone, but more than 80 percent of iPhone owners do use that feature. If the bureau had consulted the company, Apple engineers would likely have told the bureau to take steps such as putting the dead gunman's finger to the phone to see if doing so would unlock it. It was unclear whether the FBI tried to use the dead man's finger to open the device in the first two days.
In a statement, Apple said: "Our team immediately reached out to the FBI after learning from their press conference on Tuesday that investigators were trying to access a mobile phone. We offered assistance and said we would expedite our response to any legal process they send us."
Also at Engadget.
Related: Apple Lawyer and FBI Director Appear Before Congress
Apple Engineers Discussing Civil Disobedience If Ordered to Unlock IPhone
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
(Score: 1) by anubi on Thursday March 03 2016, @05:39AM
I note some countries are now resorting to kidnapping in order to enforce their wishlist. Here is a story about Brazil going after Facebook:
Senior Facebook executive arrested in Brazil after police are denied access to data [washingtonpost.com]
We live in a whole new world now. A world of unenforceable things. Copyright violation. Covert communication. Its gonna get harder and harder for governments to govern without the consent of the governed. Its getting harder and harder to "keep a secret" anymore.
Everything about us is becoming more and more transparent to any entity that has an interest to investigate.
Which leads to ever sophisticated encryption for those who want to keep something to themselves. Which seems to work as long as no-one spills the beans. The more people involved, the more bean-spillers exist, and any massive organization is at a disadvantage. If its not code, its social engineering. How does one have "obedient minions who do not question orders" without having "gullible minions" who obey anyone who knows how to ask?
I do not believe this phenomenon has ever happened in history - where information flows so fast, voluminously, and freely. Personal information. So we have little to guide us as this unfolds.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Thursday March 03 2016, @06:00AM
It has happened many times before. Every empire on earth has had these problems, but our technological advancement has definitely made the possible scope of security compromises much greater. It used to require more "feet on the ground" but now we have feet servicing the server rooms and managing the dataflow... the biggest problem is people not taking their privacy seriously. It is just too far removed, but that will be fixed in the near future when the privacy violations begin to become more widespread and more serious than "here buy this thing we think you'd like!".
(Score: 0) by Anonymous Coward on Thursday March 03 2016, @12:06PM
but our technological advancement has definitely made the possible scope of security compromises much greater.
With today's technology the "plumbers" involved in the Watergate break-in wouldn't have had to enter the DNC's offices.
(Score: 2) by Gravis on Thursday March 03 2016, @08:21AM
I note some countries are now resorting to kidnapping in order to enforce their wishlist. Here is a story about Brazil going after Facebook:
hardly. facebook was just playing the, "that server is in another country so i don't have to do what you say" card and the courts called their bluff. it has nothing to do with facebook being "unable" to access the information.
(Score: 2, Informative) by Anonymous Coward on Thursday March 03 2016, @05:43AM
First Comey claims they only want one hone, then he says it won't be precedent setting, then he finally admits they will use it for other phones if they get their way.
I wonder why people keep saying that the FBI Director always lies.
(Score: 3, Insightful) by takyon on Thursday March 03 2016, @06:20AM
Well, his lips are moving.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Disagree) by jmorris on Thursday March 03 2016, @06:18AM
I'm really tiring of the stupidity that comes out every time this story gets rehashed. Here, the mainstream media, even Rush Limbaugh has wanked away for hours on it. Everybody has their head so far up Tim Cook's butt they can't think straight from lack of oxygen or something.
This is NOT a massive 4th Amendment problem. This is a law enforcement agency exercising perfectly lawful authority to gain access to records in a lawfully seized device, that happens in fact to belong to a local government entity that consents to the access, and a judge has properly signed off on it. The update being requested is permitted to be targeted to only the one device specified in the warrant, thus the patch can't be applied to any other device. If Apple can do the proper crypto the patch could be posted on their website and it would put zero additional devices at risk.
Yes, once the precedent is set other warrants could be issued by other courts for other devices. That is how our system of justice is -supposed- to work. Police want access to someone's records, 4th Amendment says they can't without a court order, they get court order and get the records. What Apple, the Snowden jock sniffers and the Ronulans are trying to do here is to create an entirely new right, a Right to have Apple hold the access control on records and be superior to a court's orders. To maintain absolute control of their walled garden and at the same time assure customers that they can still maintain absolute privacy for their customers by the simple expedient of telling the U.S. Governement to fuck off. Sorry, if they want to do business in this country, be protected by our laws when it suits them, etc. then they must obey our laws. They could of course build devices they couldn't update or otherwise control post sale. Doubt many customers would be interested in that once they realized the limitations.
(Score: 5, Interesting) by takyon on Thursday March 03 2016, @06:35AM
Let me stop you right there. They have also claimed a First Amendment defense against the All Writs Act in their testimony to Congress, and the judge in the NY case agreed that the All Writs Act doesn't apply to unlocking a phone:
No, they have a potentially legitimate defense against being forced to create a tool that would exploit a security vulnerability in one of their products, and even if they are made to comply with the court order, they can harden iOS security so that nothing they do (that they know of) can exploit a vulnerability and bypass the lock feature. It is not settled that the FBI is exercising a "perfectly lawful authority". It could be settled at the Supreme Court for all we know.
The government already acknowledges that "compelled decryption raises significant Fifth Amendment issues". If they can't beat Apple at this stage, Apple will just redesign newer phones and iOS. Google, Samsung, etc. will do the same. Your name calling can't change the fact that governments are fighting a Crypto War that they ultimately can't win.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Thursday March 03 2016, @07:23AM
Let's say someone dies and leaves a phone to their family members in a will. Is there a law saying Apple has to write a new program to extract the info on that phone and give it to the family or else executives go to jail?
Honest question. Does such a law exist?
(Score: 0) by Anonymous Coward on Thursday March 03 2016, @02:01PM
No law exists as such AFAICT, but that's what a Deadman's Switch [deadmansswitch.net] is for.
If the dead really wanted to give families the password, they would have just put it in a will / safety deposit / deadman's switch, etc. What's more concerning is what the dead can find out about the living by eating their brains...
(Score: 2) by jmorris on Thursday March 03 2016, @10:44PM
No. Not unless a court could be convinced to issue an order. That would generally need some sort of criminal case.
But there is a growing realization that something is going to need to be done with regard to people dying and leaving accounts, files, etc. inaccessable. Probably out of scope here, here we are talking about whether Apple gets to rewrite the ability of law enforcement to serve a valid warrant. In the age of paper and safes this wasn't a problem, if the perp wouldn't give up the combination they could bring in a locksmith. Modern crypto is essentially unbreakable when done correctly. Apple of course can't do it correctly AND still retain access for themselves, which they are trying to insist on being allowed to do, because.... reality distortion field?
(Score: 2, Insightful) by Anonymous Coward on Thursday March 03 2016, @12:53PM
... They could of course build devices they couldn't update or otherwise control post sale. Doubt many customers would be interested in that once they realized the limitations.
If this hypothetical device included software that was "nearly bug free" (such that any existing bugs didn't seriously interfere with operation), then I would be very interested in buying one. I like the idea of a device that is stable, where the maker or others can not change or add/delete features behind my back. The latest whiz-bang feature doesn't usually interest me.
(Score: 3, Insightful) by MorePower on Thursday March 03 2016, @02:42PM
The update being requested is permitted to be targeted to only the one device specified in the warrant, thus the patch can't be applied to any other device.
And I'm sure that after the hackers/disgruntled employees/foreign (or domestic!) spies get ahold of if and sell it to the Russian Mafia/North Korea/whoever, they'll be sure to leave that serial number checking line in the code
If Apple can do the proper crypto the patch could be posted on their website and it would put zero additional devices at risk.
Using what, magic? Even you put an "if" in there. I fail to see how whatever hack they come up with could be designed to only work with one serial number in a way that couldn't be modified in the stolen source code.
(Score: 2) by jmorris on Thursday March 03 2016, @10:38PM
Using what, magic?
Using RSA signed executables. Google it and understand the details.
If Apple's crypto is sound they could publish the full commented sources to all of iOS, the bootload and even the firmware for the security module and it doesn't matter so long as the private signing key, the same one they use for every other system update btw, remains secure. Sure somebody can change the serial number in the code, but that changes the hash and requires another run through Apple's signing process before an iPhone will load and run it.
This btw, is also the heart of Tivoization, the part where they can take GPL software and embed it into a product protected by a signing process. They can post their modified source and comply with the GPL2 even though you can't actually change it and install the changed version. GPL3 stops that by mandating that any keys needed to install and run the code be included with the source. So yes, Apple can post the source to their patch and it doesn't degrade security in the least, this has been known long enough RMS had to patch the GPL over it.
(Score: 1) by anubi on Friday March 04 2016, @02:19AM
As much as I liked the concept and hardware of TIVO, I wanted so bad to see the TIVO become the base of a DVR user community, much like Arduino is the base of a ATMEL Microcontroller user community, where everyone understood exactly what the TIVO was doing and was able to directly command the TIVO hardware to do what we wanted.
For the life of me, I could not figure the insanity going on inside a TIVO executive's mind. He's trying to make money. He has a production line set up to produce a specific configuration of hardware that there is an immense market for. He's just trying to sell boxes. He needn't spend any more on software than just a basic set of drivers running a standard Linux distribution that demonstrate how to use the thing. The user community would have taken it from there. Gladly.
He would have made lots of money - making boxes. All he would have to do is make the hardware work right. No one is asking him to spend a lot of time messing around with software. If glitches are found in his drivers, they would quickly be made public and corrected. Without another dime of cost to him.
Basically, one would buy an off-the-shelf TIVO and would have gotten a minimally functioning Linux box that had hardware optimized for being a digital version of the VCR that is already in common use. For all practical purposes, it would have worked just like one - until one learned enough about it to install more specialized programs more to his liking. Even if one screwed up, he could always go back to factory release configuration by rebooting with the original factory code disk.
Seems so simple.
Until the suits got involved. To hell with the customer/sucker. Gotta get that executive handshake. Gotta have DRM.
TIVO should have taken off like Arduino. TIVO compatible this-and-that all over the place. Sure, one could assemble TIVO-compatible equivalents from assortments of Linux boxes, video capture cards, and whatever, or just buy the TIVO and have it all the hardware all neatly done in one box. TIVO would have been in everything from VCR's to wedding photography to security camera setups and everything else imaginable which processed video streams. The standard answer to almost any video need would start off as "Get a TIVO box and ... ".
So people like me never got a TIVO, even though they came so close to being the ideal machine for many of us.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2, Insightful) by Anonymous Coward on Thursday March 03 2016, @07:55PM
The fourth amendment only allows the government to search or seize something when they follow the proper procedures. It doesn't allow the government to force someone into indentured servitude to make something that does not currently exist.
(Score: 3, Insightful) by chewbacon on Thursday March 03 2016, @10:02PM
I'm a law abiding citizen with nothing incriminating on my phone. So there's absolutely nothing I'm worried about the government getting. And even if I did, if it turned about to be a violation of 5th amendment rights, then it wouldn't fly in court. What I do worry about is criminals getting into my weakly encrypted phone and going for blood with that information. Install the "I'm the government" button on encryption and people will fall victim to identity theft and their bank accounts will be drained.
(Score: 3, Insightful) by Anal Pumpernickel on Thursday March 03 2016, @11:07PM
I'm a law abiding citizen with nothing incriminating on my phone. So there's absolutely nothing I'm worried about the government getting.
That almost reads like sarcasm. I hope that's the case. Is it? But if it isn't: Yeah, you have nothing to worry about, unless you're a dissident, a journalist, a whistleblower, an unlucky person who makes a joke that the government misinterprets as a threat, someone who looks at or reads material the government considers threatening, an activist, a lawyer, or a politician. If you're not any of those, then congratulations, but other people besides you are still in danger from unconstitutional democracy-destroying surveillance. It's not all about you. [eff.org]
The notion that you have nothing to worry about as long as you're not doing anything bad is incredibly silly. The FBI tried to make MLK commit suicide. [eff.org] Citizens of Japanese descent were put in internment camps. Many innocent people were harmed in the witch hunt known as the Red Scare. We had Jim Crow laws. It goes on and on, and every government throughout history has been the same. No government, including the US government, is immune from being corrupt or making mistakes. Do not ignore history.
Also, not all laws are just in the first place, and no one, not even lawyers, is any position to make a bold declaration like 'There is nothing incriminating on this phone.'. You might think you have nothing incriminating on your phone, but the government might be able to find something that is incriminating according to a particular interpretation of a particular law that you've probably never even heard of. There are countless laws on the books.
If you're not worried about the government abusing its powers, then you should be.