In a stark reversal from its earlier position, the Justice Department on Monday backed down from its claim that Apple had the “exclusive technical means” to unlock an iPhone used by San Bernardino killer Syed Rizwan Farook, saying it may have another solution.
The two sides were scheduled to meet in court on Tuesday afternoon in Riverside, California.
Attorneys for the Department of Justice told Judge Sheri Pym — who earlier ordered Apple to design a way to weaken the phone’s security at the government’s request — that they might not need Apple’s help anymore.
“An outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone,” wrote the DOJ counsels. “Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone.”
It’s unclear whom the attorneys are referring to, though the DOJ told reporters that the third party doesn’t work for the government. The DOJ asked for two weeks to test the proposed method.
The magistrate judge quickly granted the government’s request, and placed an indefinite stay on the order.
Apple is cautiously optimistic. The company has no idea what solution the FBI has discovered, or if it’s a solution at all, an Apple official told reporters during a press call. The FBI could be right back where it started when the deadline is up.
Whether the FBI’s method works or not, Apple says it won’t back down. “We will not shrink from this responsibility,” said Apple CEO Tim Cook at an Apple product release event Monday afternoon.
The government’s sharp pivot, however, is at odds with the numerous times it argued that Apple, and only Apple, could help it access Farook’s phone.
In legal documents, DOJ attorneys and FBI agents investigating the case repeatedly insisted that Apple was the only one who could help.
FBI Director James Comey testified to the same under oath. “We have engaged all parts of the U.S. government to see: Does anybody have a way — short of asking Apple to do it — with a 5c running iOS 9 to do this? And we do not” have a solution, he told Rep. Darrell Issa, R-Calif., who grilled him about the case during a House Judiciary hearing.
“Every credible expert knew there were alternative means. That #FBI went so far on so little demonstrated a disregard of facts: bad faith,” tweeted NSA whistleblower Edward Snowden in response to the latest news.
Technologists following the case hypothesized that the very solution Issa suggested during the hearing — involving “mirroring the flash memory” — might be the one the FBI arrived at. Though forensic scientist Jonathan Zdziarski says the FBI probably couldn’t come up with that kind of method in two weeks — meaning someone got “dumb lucky” last night, or the bureau’s been working on it for a while, he told The Intercept.
On the one hand, Apple has a temporary reprieve. The company might not have to weaken its own product’s security in order to help the FBI, creating a backdoor that could likely be used on any iPhone, if the code were stolen.
Most security researchers and privacy advocates following the case concluded, however, that the grace period might be short lived. Apple is currently facing multiple other court orders to unlock phones — some of which are running on advanced operating systems comparable to Farook’s phone. The government could easily choose one of these cases to serve as a new model.
“Whatever the outcome here, someone will eventually make a handset that neither vendor nor FBI can crack. FBI then asks congress for a law,” wrote Matt Blaze, associate computer science professor at the University of Pennsylvania, in a tweet. “In other words, this is not the end of Crypto War II. It’s not even really started yet,” he continued.
P.S James Comey, FBI director, has demonstrated that he doesn’t understand encryption or the issues or their implications in the Apple – FBI dispute. #wreses @wreses
Repeat: Strong encryption has not and can not be broken even if the “manufacturer” knows about some secret back door, which it wouldn’t because commercial grade strong encryption is open source and has been mathematically vetted and anyone with the numerical smarts can independently confirm this fact. There are no back doors. Distinguish this from Apple’s PIN code (0000 through 9999) scheme which is not encryption but a relatively simplistic safety mechanism. Stop conflating Apple’s simple protection scheme (which I’m guessing is layered on top of an actual industrial grade data encryption protocol or process.) In doing so, we can all debate the merits of this issue more accurately and factually. ?#?wreses? . @wreses
It seems to me that everyone, literally everyone, is missing the point with respect to the Apple – FBI encryption debate. If encryption can be made unbreakable, and we’re long since past proving that truism by several decades using any number of open source and mathematically proven secure algorithms, then the intent of the parties becomes irrelevant. If the issue is that the iPhone at hand is encrypted then no encryption effort in the history of time and space is going to reveal the phone’s plain text. If, on the other hand, the issue is that the iPhone’s iOS operating system has a protection mechanism that erases the phone’s data after ten incorrect attempts at unlocking the phone then this is not an “encryption” issue at all. In fact, in such a scenario, the phone’s security would only offer a mere 10,000 PIN codes (0000 through 9999) which is hardly sufficient and pales in comparison to the arbitrarily large encryption keys available in the “real” encryption world (imagine ten with ten thousand zeroes and then imagine ten thousand more zeroes and so on ad-infinitem.) Let’s stop discussing this as a “keys to the castle” issue in which if the FBI gets to try 10,000 odd PIN codes without the phone erasing itself, encryption as we know it will cease to exist as we know it as some less informed technologists have suggested. Nothing would be further from the truth. Properly implemented encryption can and will remain unspeakably strong in our lifetimes (and likely a lot longer.) The key lies (no pun intended) in being able to generate an encryption key of unlimited (or sufficiently long) length and which MUST be known to decode the cipher text. So rest easy America. The NSA and the FBI will never be able to break your properly implemented encryption. There is no slippery slope. I sleep well and you should too. Wayne Reses [email protected] ?#?wreses . @wreses
NSA deploys CIA Israeli media assets…
http://www.jpost.com/Business-and-Innovation/Tech/Report-Israeli-firm-helping-FBI-to-open-San-Bernardino-shooters-encrypted-iPhone-448925?utm_source=dlvr.it&utm_medium=twitter
Israel’s Cellebrite (no comment) a provider of mobile forensic software, is helping FBI crack San Bernadinos government iphone. Cellebrite is among the mobile forensics vendors best known for their support of physical and file system extractions for major smartphone platforms including Apple iOS,[24] BlackBerry, Android, Symbian, and Nokia BB5.
http://www.dailydot.com/politics/brussels-isis-focus-telegram/
Afaaq (A Fake?) Electronic Foundation is an arm of the Islamic State dedicated to “raising security and technical awareness” among jihadists. Launched earlier this year, AEF uses Telegram, a popular encrypted messaging app, to broadcast advice”
The Islamic State’s use of encryption has been at the center of a global debate over the technology. In addition to using encryption for security, ISIS supporters have actively sought to inject themselves into the debate with the possible goal of provoking reactions against encryption from Western governments.
The fact that this message is in English rather than Arabic—the language of choice for most of ISIS’s messages—or a local Belgian language like French, Dutch, or German indicates they want a wide global Western audience to read and react to the advice.
Here’s a theory not yet suggested – perhaps you’d like to shoot some holes in it. Maybe the FBI are backing down? Maybe the behind-the-scenes discussions have given the FBI a hint that the judge is leaning towards Apple’s “Code is Speech” and therefore the 1st Amendment applies? If that were the case, the last thing the FBI would want would be a ruling like that against them – it would be a disaster. So the best graceful exit would be to claim they had another way in…
There’s another aspect to this, however. Having read some articles about the potential to crack into the chips themselves and read the contents out… it occurs to me that if Apple wanted to there is nothing from stopping them from turning iPhones into a FIPS140-2/L3 device and making them utterly tamper-proof. This would make an iPhone completely “unfixable”… so Apple would back this by a “repair or replace” deal/warranty… But something like this would scare the socks of the FBI and might make life even more difficuly for the NSA. Not remotely suggested Apple *would* do this if pushed around, but observing that they certainly *could* if they felt like it…
The arguments the FBI submitted to the court were public relations, not legal arguments. So they always intended to drop the case.
It accomplishes two things. First it buys Apple some good PR and paves the way towards closer future cooperation with the FBI (since Apple now has some privacy cred). Secondly, the administration can now put pressure on law makers to pass sweeping laws requiring companies to cooperate with the government in terrorism cases. They will point to this case as an example of how current laws tie the FBI’s hands.
So they win by losing.
I don’t know the specifics but why wouldn’t this work?
P2V iPhone is some capacity
Mount backup/image
Automate password testing
Restore backup/image after 10 password limit
Repeat above steps until password is found
Apple would say that it breaks intended use/licensing laws though wouldn’t they?
Do you mean taking a copy of the phone off the device and testing it on other hardware? If so that wouldn’t work, it needs to be done on the phone since a unique ID hidden on the hardware is tangled with the passcode to generate the encryption key.
And if you mean keeping a copy off the device and keep restoring it to the device, you can’t test passwords that quickly. Basically they’d have to have someone sitting there manually punching in the passcodes each time, the iPhone doesn’t let you plug other hardware into it to speed up testing. I can’t fathom how long it would take to guess that passcode that way, even if something didn’t prevent them from restoring an image each time they hit the limit.
Hmmm, a Matt Blaze quote to finish your article about DOJ deciding they already have some v-chip type solution to iPhone’s supposedly unpickable lock. Impressive.
I don’t expect Director Comey to actually show any of his cards though.
And it’s funny how minds can sometimes change, just like that.
“Every expert I know believes that NSA could crack this phone…”
CLARKE: Apple helps law enforcement organizations in the United States and Apple helps law enforcement organizations overseas when they have a duly authorized request for material that Apple has. Apple doesn’t have this material. If it were in the Cloud, if the FBI and the San Bernardino County hadn’t made a mistake on the way they treated this phone, this information would be in the iCloud and Apple would allow access to that because Apple has that information.
GREENE: What do you know about the debate within the Obama administration? It’s been reported that there really is a fierce debate over how to handle this.
CLARKE: Well, I don’t think it’s a fierce debate. I think the Justice Department and the FBI are on their own here. You know, the secretary of defense has said how important encryption is when asked about this case. The National Security Agency director and three past National Security Agency directors, a former CIA director, a former Homeland Security secretary have all said that they’re much more sympathetic with Apple in this case. You really have to understand that the FBI director is exaggerating the need for this and is trying to build it up as an emotional case, organizing the families of the victims and all of that. And it’s Jim Comey and the attorney general is letting him get away with it.
GREENE: So if you were still inside the government right now as a counterterrorism official, could you have seen yourself being more sympathetic with the FBI in doing everything for you that it can to crack this case?
CLARKE: No, David. If I were in the job now, I would have simply told the FBI to call Fort Meade, the headquarters of the National Security Agency, and NSA would have solved this problem for them. They’re not as interested in solving the problem as they are in getting a legal precedent.
GREENE: Wow, that sounds like quite a charge. You’re suggesting they could have just gone to the NSA to crack this iPhone but they’re presenting this case because they want to set a precedent to be able to do it in the future?
CLARKE: Every expert I know believes that NSA could crack this phone. They want the precedent that the government can compel a computer device manufacturer to allow the government in.
Exactly. This is the only explanation that makes sense.
Is it McCafee and his tattooed modern counter culture hipster horde?
You know all this iPhone business is really getting old w/ the gov and all involved. I’m beginning to see the Divine Revelation of the Rabbis regarding smart phones:
“After the phone owner broke the device in two with his hands, the rabbi called on the audience to repeat after him, “So may all your enemies perish, Lord!” (Judges 5: 31)”
http://www.ynetnews.com/articles/0,7340,L-4293120,00.html
I’m surprised the Chinese government would share their Apple backdoor with the FBI. Perhaps they owed the FBI a favor for assisting them with the OPM hack.
But Benito! You overlook the possibility that it is the NSA that is assisting the FBI. Now you might say that the claim by the DoJ that their source is outside the government rules out the NSA, but since the NSA considers themselves to be above the government there is no real inconsistency. Or, alternatively, if you maintain that the NSA really is part of the government, then it may simply be that the DoJ is lying. While that may come as a shock to some, believe me, it would not be the first time they were. How can we have justice in this country if the Justice Department is forced to tell the truth?
Possible. But the NSA on principle doesn’t like working with the FBI. That’s why the FBI has to concoct its own terrorist plots – the NSA doesn’t provide them with any leads.
The NSA prefers to work with agencies like the MSS and the FSB. They understand covert operations and avoid silly things like court cases.
They don’t have to lie. Most of the personnel working under the NSA are contractors working for private firms. This is just an opportunity for one of those firms to sell some bit of technology to the government (again).
Yes. Chinese XKeyscore compatriots in south-central China shared a backdoor they’ve been installing in Apple factories (http://www.apple.com/supplier-responsibility/our-suppliers/) in part FBI assistance ensuring Chinas OPM hack was both advanced and persistent. Covertly outsourcing the OPM hack helped (for a time) avoid revealing the US Governments most excellent insider threat solution. Doxxing ourselves.
http://cryptome.org/2013/08/nsa-x-keyscore-family.htm