I suspect that the intelligence and law enforcement communities are afraid that if this case goes to the Supreme Court the All Writs Act may be scaled back or ruled unconstitutional.
The All Writs Act goes back to 1789 and is used for all sorts of things, like wire tapping, obtaining call and ISP records, etc., and now trying to force Apple to make malware for their own phone.
It's definitely a risk for the FBI to fight this battle and potentially lose a tool they use all the time. Since there is probably no new info on the phone, it may not be worth the risk of making this a big fight with a motivated and well-financed adversary like Apple.
> I suspect that the intelligence and law enforcement communities are afraid that if this case goes to the Supreme Court the All Writs Act may be scaled back or ruled unconstitutional.
It's not that the act is unconstitutional, it's that the interpretation of it that the DoJ has been selling to magistrate judges in ex parte hearings is extremely broad and would never survive appeal.
The Supreme Court has made it very clear in multiple rulings that A) The AWA is certainly constitutional and B) it is extremely narrow in its powers and it doesn't grant courts anything even remotely similar to the powers the FBI has been pressuring magistrate judges into believing it has.
So, essentially, by avoiding a highly publicized appeals smackdown, the FBI can still convince magistrates to issue wildly out-of-line AWA writs, and use those writs to pressure companies/people into doing things they wouldn't be held to if they had the time/money to actually appeal.
edit:
> The All Writs Act goes back to 1789 and is used for all sorts of things, like wire tapping, obtaining call and ISP records, etc
Also, I see this mistake a lot (I'm not saying you're making it, but it's a pretty common one). The AWA doesn't actually give the government the power to wire tap things, etc. There are separate statutes that authorize wiretapping. All the AWA does, per the Supreme Court, is give courts the authority to issue common law writs in the course of carrying out powers conferred by some other statute. The AWA is described as being a source of "residual" (secondary) power that only acts to help carry out some primary source of authority.
The DoJ has been pushing an argument that the AWA is a source of primary power in-and-of-itself in any area of law where congress hasn't passed a law saying a court can't do X thing, and the writs don't have to have antecedents in common law. This more-or-less contradicts any number of Supreme Court rulings. They've only been getting away with it because they get a magistrate Judge to issue them by asking for them in "emergency" ex parte hearings, meaning the other side isn't present to offer a competing argument, which the FBI excuses by arguing its a time-sensitive matter (even though it generally isn't). One of the amicus briefs in this case was submitted by 32 law professors, who pointed out that this violates due process.
Last week the former US "cyber czar" Richard Clarke called the FBI out directly for doing it solely for legal precedent, and stated that virtually no one even in the gov't were on their side: http://arstechnica.com/tech-policy/2016/03/former-cyber-czar... >>Clarke noted that Comey and the Justice Department were not getting support in their case from the defense and intelligence communities. "The Justice Department and the FBI are on their own here," he said. "The FBI director [Comey] is exaggerating the need for this, and the Attorney General [Loretta Lynch] is letting him get away with it."<<
But the weird thing is that, from the beginning, most legal experts thought the likely outcome would be that All Writs would be found too broad, so the FBI had to have been suffering from some hubris + bad legal council. So maybe someone with enough muscle finally called them out on it?
I assume they are not particularly interested in the phone itself. Rather, that they have been shopping for a situation with the character of this one so as to try their luck at pushing their capture rights.
Hilarious. Since when does the FBI announce when it finds a new vulnerability to exploit?
It's up against the biggest companies in the world, the US public, and the international community. And now it's backing down with its tail btw its legs, and telling a silly story to save face.
The following is the best analysis by far that I've seen about the All Writs Act and its application in these cases. It's from the Just Security blog, out of NYU Law School:
> All Writs Act may be scaled back or ruled unconstitutional
Totally agree with the broader point (I think they're scared of a restrictive precedent), but I don't think a law that's been on the books for two hundred plus years is going to be out and out declared unconstitutional. It's extremely broad in the number of domains of application but that doesn't necessarily mean that it grants overly broad power.
Also, the FBI would have to be able to sell something (their story) better than ... Apple Computer Inc.
If you are in the game of trying to sell something better than Apple, you better have a pack of actual wizards casting spells on your side ala Bewitched.
People love to bring up the fact that this act is rather old, but so are the amendments. I assume it is to say that the writs act is outdated, but what was its original rationale and why is it considered to no longer be constitutional?
I suspect this is a "Strategic Retreat" on the Justice department. The ability to reflash the phone and avoid triggering the unlock erase was a pretty obvious workaround.
So after investing a lot of time and money in trying to get case law to expand the DoJ's power over corporations to conscript them into the War on the 4th Amendment, it become possible that they would see a judgement against them (especially if the Supreme court becomes more liberal with the next appointment).
So I suspect the risk/reward outcomes of pushing this to a conclusion flip flopped into more risk than reward and someone fairly high up said, "Ok kill this whole effort before it makes things worse than they are."
Just an opinion of course but I think it fits the observed actions.
The ACLU showed a plausible path forward by just desoldering the storage and just rewriting it and trying again when the phone wipes it.
John McCafee and others (ex US govt officials IIRC) have mentioned decapping as a serious option for the NSA.
Snowden and Richard Clarke (advisor to bush on cyber security, advisor to Bill Clinton on counter terrorism, etc) have said the NSA has ways without being specific about how.
I don't think this counts as a serious vulnerability. If you have access to the kind of hardware and technical ability the US govt does, Apple probably isn't too concerned about you being able to break one phone at a time with significant effort involved.
Sure, there's an extremely well known vulnerability in the iPhone 5C hardware.
Lacking the features introduced in later ARM releases it has an unsecured AHB or AXI bus allowing any device that can connect to perform arbitrary DMA (which can in turn allow arbitrary code execution).
It would require a certain degree of technical sophistication to execute that attack, but the resources required would be well within the reach of a state-level investigative service.
Hanlon's Razor: "never assume malice when stupidity will suffice"
The possibility that the Bureau is just plain dumb is not on your list. They are on record, many times, and in front ofa very serious congress, being very very stupid. Though I do not believe they are being stupid here, the possibility is not an edge case and should be considered.
Maybe they're willing to consider attacking the hardware now. If you desolder the flash memory then you can bypass the brute force limitations. Just block writes, or equivalently back up the contents and reload them, and the device has no way of knowing that you previously tried any passcodes. This will allow you to make perhaps 2-5 attempts per minute, which worst case will take three or four days to brute force a four-digit passcode.
Given the existence of these is disclosed now and the suspect's iPhone can be prevented from auto updating I think the FBI will have an easier time attacking it?
Looking at the first one itself they might just have to attach a malicious USB device to execute arbitrary code.
While it is likely true that nobody will give zero days to the FBI without charging, it is also basically certain that the NSA has a collection of them. And the NSA has enough interest in this problem, and enough willingness to share with the FBI, that that may be a tractable solution.
Furthermore the FBI certainly doesn't want to create a precedent they don't like, and the fact that we're only in this situation thanks to THEIR incompetence is not helping them.
It doesn't even have to be an undisclosed vulnerability.
iOS 9.3 was released today and included several fixes to vulnerabilities which allowed arbitrary code execution, including one with "kernel privileges" [1]
Now that these vulns are out in the open, maybe someone has offered to help the FBI use them to gain access to the phone.
The guy is eccentric but I don't think he's an idiot and I do think he is likely talented, or at least rich enough to hire those who are.
That being said - he admits he was full of shit [0] and then claims that he has a proper method that isn't full of shit but which he didn't want to disclose. Chances are he's probably full of shit on that one too, given the track record, but who knows?
It's not an undisclosed vulnerability. The iPhone 5 is not particularly difficult to crack. It requires mucking with the hardware, but a skilled amateur could do it.
Perhaps the FBI has long had an exploit and this is all just an elaborate ruse to make unsuspecting targets feel safe using iPhones. Quite unlikely, but it's in the realm of possibilities.
It's weird that the offer to help was publicized before any solicitation for offers to help. Assuming that number 3 is the case, that ups the likelihood that the exploit is coming from a government insider (likely NSA, although ex-government security researchers are also likely).
Is it possible that Apple could file for a declaratory judgement with respect to the All Writs Act, to remove the potential of the government filing substantially the same request at a later date?
Until that happens, it seems like a very real risk to Apple's security claims.
I just want to point out that lots of HN recently has been saying "Apple would NEVER deal with the FBI, there's too much risk of a leak!".. and yet, with the example of what happened to Manning, Snowden (ETC) -- would you, with a 6 figure salary, want to tell the world of misdeeds when you could toil away comfortably?
"So obvious no one will ever notice"
Apple removed their warrant canary about a year ago timed with press releases about "revamping their privacy policy for better security and user happiness" and a bunch of marketing bullshit. What I saw was the guarantees that they had done everything they could to protect your data was gone, replaced by "we'll follow the law" AKA they will screw you over willingly if they need to.
---
Also, the FBI is NOT dumb. "Poor legal council" was mentioned in this thread. With their budget, why would you not assume they have Grade AAA legal council?
What's interesting about this case is, when it started, the sides were split 50/50 between Apple and the FBI. But as time went on, and Apple's PR, legal, and executive machine spoke and educated more people on the issue, the side tipped towards Apple.
Then the congressional hearing happened, where Issa (R - Calirfornia) knew more about the technical details of the phone than Commey. Given that Commey didn't bring a technical aide with him, and him saying things like 'this software would be obsolete because of newer iPhones, and wouldn't work on the 6 and 6S' were completely false and hard to imagine were made with merely negligence (i.e. He was very clearly lying).
And after all that, and the FBI and DOJ PR machine trying to fight back, it became clear that media was starting to side with Apple (Morning Joe on MSNBC is a perfect example of what a 2-3 week time span can do to an opinion).
I even suspect the Judge would have also sided with Apple and the FBI would be fighting for the appeal, and they would have known that. It's smart for the FBI to drop the case, but timing + intentions to bring up the case in the first place were scummy.
Let's remember that Commey, the director of the FBI, was a NY prosecutor. Given that the current NY prosecutor wanted to unlock phones with ease (as they don't have the resources of the FBI and access to the NSA), Commey was "simply" trying to help a friend by deceiving the public and forcing Apple to do something it didn't want to, that Apple knew it shouldn't. It simply wasn't worth the fight, and I do believe it put the FBI in their place, as even a terror attack couldn't even get them the mandate they sought. This is likely not the end, and the FBI knows that any company that has the reach they need will likely set a precedent against them, so it'll be interesting to see what they do next.
All in all, what the FBI got out of this mess: making a whole lot of devices and services more secure.
> On a conference call with reporters late Monday, a law enforcement official ... said the case was never about setting a precedent, but only about getting information from a dead terrorist’s phone
In some ways I suspect that the FBI's arguments are a smoke-screen to keep us from talking about the fact that unknown 0-days exist and perhaps the NSA even has a few.
There was no reason to think this phone, unlike every other system, was uncrackable. Apple is setting impossible expectations, especially when the attacker has the resources of the U.S. goverment.
May? That's rich. They've always had the ability to circumvent the encryption on Farook's phone since day one. They could have made a byte-by-byte copy of the encrypted drive and bruteforced copies over and over. It's just that they prefer to coerce Apple into making it easier for them by making GovtOS.
Can somebody please point out to me the obvious fact I am missing. Don't Apple design their security such that even they themselves can't crack it? Like storing hashed passwords, they don't want that kind of accountability. The media keeps suggesting that Apple won't do it, I thought it would be the case that Apple can't do it...
What courses of action are available for private persons to bring questions like this in front of the Supreme Court? Is there something here that a private individual / corporation could find cause for a suit against the USG, so that the high courts have the opportunity to narrow the scope?
Or are we just left to petitioning and lobbying Congress to rewrite parts of it?
Surveillance only works when people believe their communications are private and secure.
The 3rd party was probably NSA and they did not intervene up until because it would reveal the existence of a cracking technique.
What changed is that weighed against a possible court verdict that would tell every terrorist that no U.S. made device or encryption could possibly be secure, (causing targets to avoid using broken crypto) revealing the existence of a possible forensic technique was low risk.
The belief that it is possible to communicate securely is the most important thing for spies to maintain. The FBI wants to discourage people from believing it because they think it will make people less likely to commit crimes. The spies want to encourage the belief because it ensures they can collect the intelligence they need to maintain the status quo.
Beautiful. Congrats to the DOJ for seeing the light.
Will Obama now stop seeking "middle ground" as he mentioned at SXSW? Will Burr-Feinstein halt their work on a backdoor bill? Nothing has changed on this front, and there are still a host of reasons why a backdoor law is a bad idea.
Here's one approach you could use if you had a reliable zero-day at your disposal. I've been out of the jailbreak scene for a while, so I might be way off the mark:
1) Have zero-day ([0]) that can be used to deliver executable payload over SMS (think Stagefright). iOS devices can receive text messages before the filesystem is decrypted. Perhaps Apple should close this vector.
2) Deploy dylib that patches the SpringBoard UI (where the lock screen lives), disabling the code that counts incorrect passcode attempts
Is it normal to refer to the Justice Department as the U.S.? If I understand correctly it is part of the Government, yes, but this whole issue was promoted as FBI vs Apple, not US vs Apple.
Not a native speak, just sounds strange to me.
[+] [-] nostromo|10 years ago|reply
The All Writs Act goes back to 1789 and is used for all sorts of things, like wire tapping, obtaining call and ISP records, etc., and now trying to force Apple to make malware for their own phone.
It's definitely a risk for the FBI to fight this battle and potentially lose a tool they use all the time. Since there is probably no new info on the phone, it may not be worth the risk of making this a big fight with a motivated and well-financed adversary like Apple.
[+] [-] msbarnett|10 years ago|reply
It's not that the act is unconstitutional, it's that the interpretation of it that the DoJ has been selling to magistrate judges in ex parte hearings is extremely broad and would never survive appeal.
The Supreme Court has made it very clear in multiple rulings that A) The AWA is certainly constitutional and B) it is extremely narrow in its powers and it doesn't grant courts anything even remotely similar to the powers the FBI has been pressuring magistrate judges into believing it has.
So, essentially, by avoiding a highly publicized appeals smackdown, the FBI can still convince magistrates to issue wildly out-of-line AWA writs, and use those writs to pressure companies/people into doing things they wouldn't be held to if they had the time/money to actually appeal.
edit:
> The All Writs Act goes back to 1789 and is used for all sorts of things, like wire tapping, obtaining call and ISP records, etc
Also, I see this mistake a lot (I'm not saying you're making it, but it's a pretty common one). The AWA doesn't actually give the government the power to wire tap things, etc. There are separate statutes that authorize wiretapping. All the AWA does, per the Supreme Court, is give courts the authority to issue common law writs in the course of carrying out powers conferred by some other statute. The AWA is described as being a source of "residual" (secondary) power that only acts to help carry out some primary source of authority.
The DoJ has been pushing an argument that the AWA is a source of primary power in-and-of-itself in any area of law where congress hasn't passed a law saying a court can't do X thing, and the writs don't have to have antecedents in common law. This more-or-less contradicts any number of Supreme Court rulings. They've only been getting away with it because they get a magistrate Judge to issue them by asking for them in "emergency" ex parte hearings, meaning the other side isn't present to offer a competing argument, which the FBI excuses by arguing its a time-sensitive matter (even though it generally isn't). One of the amicus briefs in this case was submitted by 32 law professors, who pointed out that this violates due process.
[+] [-] rewrew|10 years ago|reply
But the weird thing is that, from the beginning, most legal experts thought the likely outcome would be that All Writs would be found too broad, so the FBI had to have been suffering from some hubris + bad legal council. So maybe someone with enough muscle finally called them out on it?
[+] [-] cturner|10 years ago|reply
[+] [-] r00fus|10 years ago|reply
[+] [-] panarky|10 years ago|reply
A savvy judge would not allow the Department of Justice to cancel the hearing just to avoid setting a precedent.
[+] [-] mgalka|10 years ago|reply
It's up against the biggest companies in the world, the US public, and the international community. And now it's backing down with its tail btw its legs, and telling a silly story to save face.
[+] [-] hackuser|10 years ago|reply
https://www.justsecurity.org/29634/readers-guide-magistrate-...
(I'd read the links to the articles in the blog itself.)
[+] [-] BWStearns|10 years ago|reply
Totally agree with the broader point (I think they're scared of a restrictive precedent), but I don't think a law that's been on the books for two hundred plus years is going to be out and out declared unconstitutional. It's extremely broad in the number of domains of application but that doesn't necessarily mean that it grants overly broad power.
[+] [-] kristopolous|10 years ago|reply
If you are in the game of trying to sell something better than Apple, you better have a pack of actual wizards casting spells on your side ala Bewitched.
[+] [-] wodenokoto|10 years ago|reply
[+] [-] ChuckMcM|10 years ago|reply
So after investing a lot of time and money in trying to get case law to expand the DoJ's power over corporations to conscript them into the War on the 4th Amendment, it become possible that they would see a judgement against them (especially if the Supreme court becomes more liberal with the next appointment).
So I suspect the risk/reward outcomes of pushing this to a conclusion flip flopped into more risk than reward and someone fairly high up said, "Ok kill this whole effort before it makes things worse than they are."
Just an opinion of course but I think it fits the observed actions.
[+] [-] valine|10 years ago|reply
[+] [-] georgespencer|10 years ago|reply
1. The FBI is lying to save face,
2. Someone -- but probably needs to be some people -- from Apple is willing to help them,
3. There is an undisclosed vulnerability in iOS which Apple is unaware of.
I find it really hard to believe that someone would disclose a zero day exploit to the FBI without charging significant $ for it.
Am I missing something obvious?
[+] [-] brian-armstrong|10 years ago|reply
[+] [-] gpm|10 years ago|reply
John McCafee and others (ex US govt officials IIRC) have mentioned decapping as a serious option for the NSA.
Snowden and Richard Clarke (advisor to bush on cyber security, advisor to Bill Clinton on counter terrorism, etc) have said the NSA has ways without being specific about how.
I don't think this counts as a serious vulnerability. If you have access to the kind of hardware and technical ability the US govt does, Apple probably isn't too concerned about you being able to break one phone at a time with significant effort involved.
[+] [-] RichieAHB|10 years ago|reply
[+] [-] jsolson|10 years ago|reply
Lacking the features introduced in later ARM releases it has an unsecured AHB or AXI bus allowing any device that can connect to perform arbitrary DMA (which can in turn allow arbitrary code execution).
It would require a certain degree of technical sophistication to execute that attack, but the resources required would be well within the reach of a state-level investigative service.
[+] [-] Balgair|10 years ago|reply
The possibility that the Bureau is just plain dumb is not on your list. They are on record, many times, and in front ofa very serious congress, being very very stupid. Though I do not believe they are being stupid here, the possibility is not an edge case and should be considered.
[+] [-] mikeash|10 years ago|reply
[+] [-] blinkingled|10 years ago|reply
Given the existence of these is disclosed now and the suspect's iPhone can be prevented from auto updating I think the FBI will have an easier time attacking it?
Looking at the first one itself they might just have to attach a malicious USB device to execute arbitrary code.
[+] [-] btilly|10 years ago|reply
While it is likely true that nobody will give zero days to the FBI without charging, it is also basically certain that the NSA has a collection of them. And the NSA has enough interest in this problem, and enough willingness to share with the FBI, that that may be a tractable solution.
Furthermore the FBI certainly doesn't want to create a precedent they don't like, and the fact that we're only in this situation thanks to THEIR incompetence is not helping them.
[+] [-] msmith|10 years ago|reply
iOS 9.3 was released today and included several fixes to vulnerabilities which allowed arbitrary code execution, including one with "kernel privileges" [1]
Now that these vulns are out in the open, maybe someone has offered to help the FBI use them to gain access to the phone.
[1] https://support.apple.com/en-us/HT206166
[+] [-] Nadya|10 years ago|reply
John McAfee did promise to do it for free. /½ s
The guy is eccentric but I don't think he's an idiot and I do think he is likely talented, or at least rich enough to hire those who are.
That being said - he admits he was full of shit [0] and then claims that he has a proper method that isn't full of shit but which he didn't want to disclose. Chances are he's probably full of shit on that one too, given the track record, but who knows?
[0] http://www.dailydot.com/politics/john-mcafee-lied-iphone-app...
[+] [-] lisper|10 years ago|reply
[+] [-] tptacek|10 years ago|reply
[+] [-] tux1968|10 years ago|reply
[+] [-] r00fus|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] jamesrom|10 years ago|reply
[+] [-] ThrustVectoring|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] ipsin|10 years ago|reply
Until that happens, it seems like a very real risk to Apple's security claims.
[+] [-] hellbanner|10 years ago|reply
"So obvious no one will ever notice"
Apple removed their warrant canary about a year ago timed with press releases about "revamping their privacy policy for better security and user happiness" and a bunch of marketing bullshit. What I saw was the guarantees that they had done everything they could to protect your data was gone, replaced by "we'll follow the law" AKA they will screw you over willingly if they need to.
---
Also, the FBI is NOT dumb. "Poor legal council" was mentioned in this thread. With their budget, why would you not assume they have Grade AAA legal council?
---
https://news.ycombinator.com/item?id=11332377
[+] [-] TazeTSchnitzel|10 years ago|reply
[+] [-] baldajan|10 years ago|reply
Then the congressional hearing happened, where Issa (R - Calirfornia) knew more about the technical details of the phone than Commey. Given that Commey didn't bring a technical aide with him, and him saying things like 'this software would be obsolete because of newer iPhones, and wouldn't work on the 6 and 6S' were completely false and hard to imagine were made with merely negligence (i.e. He was very clearly lying).
And after all that, and the FBI and DOJ PR machine trying to fight back, it became clear that media was starting to side with Apple (Morning Joe on MSNBC is a perfect example of what a 2-3 week time span can do to an opinion).
I even suspect the Judge would have also sided with Apple and the FBI would be fighting for the appeal, and they would have known that. It's smart for the FBI to drop the case, but timing + intentions to bring up the case in the first place were scummy.
Let's remember that Commey, the director of the FBI, was a NY prosecutor. Given that the current NY prosecutor wanted to unlock phones with ease (as they don't have the resources of the FBI and access to the NSA), Commey was "simply" trying to help a friend by deceiving the public and forcing Apple to do something it didn't want to, that Apple knew it shouldn't. It simply wasn't worth the fight, and I do believe it put the FBI in their place, as even a terror attack couldn't even get them the mandate they sought. This is likely not the end, and the FBI knows that any company that has the reach they need will likely set a precedent against them, so it'll be interesting to see what they do next.
All in all, what the FBI got out of this mess: making a whole lot of devices and services more secure.
[+] [-] guscost|10 years ago|reply
Pure 100% unpasteurized bullshit.
[+] [-] bcook|10 years ago|reply
In some ways I suspect that the FBI's arguments are a smoke-screen to keep us from talking about the fact that unknown 0-days exist and perhaps the NSA even has a few.
[+] [-] hackuser|10 years ago|reply
[+] [-] nickbauman|10 years ago|reply
[+] [-] rubyfan|10 years ago|reply
[+] [-] RussellDussel|10 years ago|reply
[+] [-] mattlutze|10 years ago|reply
Or are we just left to petitioning and lobbying Congress to rewrite parts of it?
[+] [-] cmurf|10 years ago|reply
[+] [-] batz|10 years ago|reply
The 3rd party was probably NSA and they did not intervene up until because it would reveal the existence of a cracking technique.
What changed is that weighed against a possible court verdict that would tell every terrorist that no U.S. made device or encryption could possibly be secure, (causing targets to avoid using broken crypto) revealing the existence of a possible forensic technique was low risk.
The belief that it is possible to communicate securely is the most important thing for spies to maintain. The FBI wants to discourage people from believing it because they think it will make people less likely to commit crimes. The spies want to encourage the belief because it ensures they can collect the intelligence they need to maintain the status quo.
[+] [-] stestagg|10 years ago|reply
[+] [-] studentrob|10 years ago|reply
Will Obama now stop seeking "middle ground" as he mentioned at SXSW? Will Burr-Feinstein halt their work on a backdoor bill? Nothing has changed on this front, and there are still a host of reasons why a backdoor law is a bad idea.
[+] [-] lmcd|10 years ago|reply
1) Have zero-day ([0]) that can be used to deliver executable payload over SMS (think Stagefright). iOS devices can receive text messages before the filesystem is decrypted. Perhaps Apple should close this vector.
2) Deploy dylib that patches the SpringBoard UI (where the lock screen lives), disabling the code that counts incorrect passcode attempts
3) Brute force the passcode
[0] http://www.wired.com/2015/11/hackers-claim-million-dollar-bo...
[+] [-] a_imho|10 years ago|reply
[+] [-] oddevan|10 years ago|reply