Apple's refusal to allow backdoor access to its iPhones

The FBI asked Apple to allow it to continue guessing passwords until it opened a phone that the owner gave it to look at. I do not understand what that has to do with encryption, hacking or back doors. I don't think it has anything to do with these things. I support the ability of law enforcement to access phones it legally has in its possession but I do not support them accessing the phone in my pocket.

I'm glad the FBI got access. I think Apple tried to make their phone inaccessible through their "10 guesses and you're done" software and I don't support that. I don't see why a phone is different from a book in your safe. If the government has a warrant, I think they should be able to access either the book or your phone. I think the law exists to say they can. But Apple tried to prevent it. I think that is already not legal and it should be clarified so that even Apple understands it.

If I can protect my information better than the Gov't capability to get at it, is that wrong, or even illegal?

This is the future:

https://www.yahoo.com/news/fbi-trick-breaking-iphone-likely-...

https://www.yahoo.com/tech/fbi-ability-hack-iphone-may-00120...

You know, I still think it was all a smokescreen, and the 'delay' of the court proceedings was just a ploy the Federal Agencies took to get a head start on using the information they probably got months ago..

Think of the ruse: Informing everyone you can't get in, and all the while the bad guys may continue on without changes, because they heard the Govt. can't get in!!!

I think it's been this way all along, and it's all been a ruse!

The person might not be required to tell how they did it, but if they didn't tell, they might end up 'by the cannon in the park', like Vince Foster.

The capability that the FBI ended up using has been around for a long time, long before the SB shooting happened. You think the FBI just learned of this capability because of the San Bernardino case?

The FBI wanted to see what was on the phone to prevent another attack. Think about that.

If there was info on the phone about another attack, anyone else involved with that event are long gone, and were fleeing as soon as the San Bernardino attack hit the news. Anyone associated with those two are long gone, underground, out of the country, in hiding, etc.

From the bungling that the FBI and authorities did, to the apparent disingenuous claims made by the FBI, it can be concluded that the FBI wanted to set a new legal precedent that would make it easier for LE to penetrate privacy. Perhaps the FBI got lazy during the days of the Cheney/Bush Patriot Act when they could issue search warrants without the approval of a judge. Yep, during the Patriot Act days, the FBI could issue search warrants without the oversight of a judge.

For those that might be interested, an article on various ways that could have been used to gain entry into the IPhone.

http://tinyurl.com/jfxz3hl

private is to be private

I read an article a few days ago how Tech companies play hardball with U.S. authorities on these matters but bend over backwards to accommodate Chinese authorities so they can gain access to the lucrative Chinese market.

After 911, everyone balked that TSA may need to open your luggage. They advised us to leave it unlocked or only use an approved lock. People lamented that stuff would get stolen out of their luggage and that it would be a huge PITA. But what happened in the end? Most people just don’t put anything of value in their luggage, leave it unlocked, and have gotten used to it. Go ahead, rifle through my dirty clothes, good guy or bad. We’ve found other ways to handle valuables when flying or we just don’t bring them. I feel it’s very similar to this phone issue. You don’t HAVE to store all your personal info on your phone. Frankly I think it’s foolish to do so. There are other ways to handle it.

Perhaps you can share with me how to accomplish what you state is possible?

I carry some fairly pertinent, personal medical & Legal data on my phone, somewhere in the magnitude of about 2Gb worth.

I carry several wills, copies of medical directives and tons of other information that might be needed at the drop of a hat on my phone.

So from my perspective, I don't want, no, can't afford to have anyone other than myself snooping around on my phone unannounced with our without a court order.

So I'm hoping the security on my smartphone is sufficiently strong that should anyone ever attempt to get at it, the OS will perform a multi-over write of all the memory in my phone to such a level it can't ever be recovered.

That being said, I know, should I suspect someone were going to try and take my phone away from me, I'd quick pop out the battery, then the SD card, then toss the phone into a bucket of water, then do what I can to destroy the SD card.

Don't call me paranoid but I take personal and sensitive data, mine as well as others that is on my phone, as my responsibility such that it's not exposed to anyone that's never supposed to see it.

BTW... I have 2 smart phones... one is unencrypted... it has things like my current car insurance card, name, address, emergency contacts, things like that on it.. although there's no sensitive data on it... and it's in the car almost all the time. This way, I can give it to a cop and not worry about what he sees on it.

But my active phone... sorry... its as digitally secure as I can possibly make it!

Well back in the day, we used something called paper. I'm pretty sure it can still be used today. Sure, not as convenient but just as effective, perhaps more so because you're not limited to a 3x5 screen. (e.g. you can look at more than one doc simultaneously, among other things.)

The 100% best security for data is a concept called an air gap. Can be accomplished in many ways. You sort of do it with your 2 phones, although you are still relying on the encryption on the one.

I do keep a thumb drive in my safe that contains passwords. Perhaps I’m paranoid but I only plug it in to my PC after I turn off all Bluetooth and Wifi and/or disconnect the network cable. If I had a dedicated PC with no external connectivity, I would use that instead. I certainly would not keep all my passwords on my phone in ANY type of app, especially one not provided directly from Symantec or other major vendor.

Medical directives - Hope they are not for you because if your phone is locked up and you are incapacitated, you're gonna be SOL, my friend. I would suggest a medical alert bracelet. First responders are going to look for one of those, not your phone. Around here and most other places, a DNR must be the original, signed copy. Not a photocopy and certainly not a doc on a phone. (Personally experienced this with my elderly mother and an ambulance crew.) May be different where you are.

I keep my car registration and insurance info in the glovebox. When I go into a security office to get a visitor or parking pass, they want the real thing. They want at least a bit of assurance the document I present to them isn’t someone else’s. Can only imagine how a police officer would react if they asked for license and registration and I handed them a phone.

Important documents are brought with me to meetings/appointments as needed in a folder or envelope. Other than a DNR or some types of allergy info, please tell me what else that absolutely (not just for convenience) needs to be on your person, 24/7, that couldn't be left at home, in a safe, until it’s needed.

From two years ago - I imagine it's changed since - 36 states allow you to show an electronic copy for proof of insurance during a traffic stop.

http://www.carinsurance.com/Articles/states-smartphone-proof...

Delaware and Iowa are testing digital driver licenses:
http://statescoop.com/iowa-delaware-testing-mobile-drivers-l...

And North Carolina is also looking at doing the same.

Agree 100%, why people are afraid, if you are no ISIS or drug dealer, o a murder, or a child pornography, why are afraid.

It's not an issue of being afraid, but a matter of trust. The population does not trust the government, and with good reason. Ever since the events of 9/11/2001 this government has preyed upon the fears of the population, expecting the population to give up their rights in the name of "safety". Up until the last couple of years, the population has fallen right into line, letting the government do whatever it wants in the name of "safety". The government has taken this as the new status quo, and feels it has the right to snoop into our lives despite having done nothing wrong to warrant it. Now, device encryption has become the new bogeyman in the eyes of the government, primarily because the FBI is afraid that if superior-grade encryption becomes available to the masses, they won't be able to snoop on our lives as they have in the past, and might actually have to work to get the job done.

I'm being a bit facetious in that last sentence, but I hope you get the point. The tech sector, like a lot of the population, doesn't trust the government. The FBI went to the tech sector and asked the companies not to pursue encryption. The response? Go screw yourself. So the FBI waited for the right case to come along, and attempted to set a precedent by which encryption would be neutered. Unfortunately for them, they didn't expect the response they got from Apple.

What Apple did wasn't a fear response by any stretch of the imagination. Had they in fact caved in, then you could say they were afraid. The tech sector and the population in general aren't afraid of the government. They however don't trust the government. After all, you can't expect the government to act in the best interests of the population, especially when it's been proven that they don't.

I usually agree with Strephon, but I feel the need to ask him to comment on what steps should be taken to deal with the bad guys - whether they be terrorist or scam artists or the mob, or whatever.

Could "9/11" have been prevented? Could the recent March 22 Brussels attack have been prevented? Probably, if there had been a way to intercept communications between certain individuals already on watch lists.

In order to "establish Justice [and] insure domestic Tranquility...[and] promote the general Welfare", what should be done? Strephon, how would you suggest that the various governmental agencies " work to get the job done."

How much bigger would the bureaucracy need to be to offset the advances in technology that are being exploited by the bad guys?

In both 9/11, and Brussels, the intel was available in advance, but never investigated.

Seems like a recurring theme with Gov, as it's happened many times before that, and since.

"What steps should be taken to deal with the bad guys."

Old fashioned detective work rooted in principles of law and abiding by the principle of "innocent until proven guilty". Something this government has not done since 2001. The Patriot Act and all the other acts passed in the name of freedom actually took away our freedom, by assuming that you, me, and the bulk of the 300+ million citizens of this country were guilty of something, without evidence to back it up. It's because of the assumption that we're all guilty of something that the government felt it could collect every scrap of data we send on a computer without a warrant, and with impunity. In essence, in 2016, we are all guilty until proven innocent, and that isn't how it should be.

That's not freedom. But then again, this country is a republic only in name.

Postscript: You want to make the government bigger? Making the government bigger only increases the magnitude of the problem. Shrink the government, or better yet, get rid of it entirely. I hear Switzerland has a nice government system, called democracy. Maybe we should try that.

The Patriot Act and the warrantless searches by the FBI numbered in the several hundred thousand, and resulted in ZERO terrorism related interceptions, trials or convictions. But, and without even probable cause, violated the privacy of hundreds of thousands of people.

No, I do not wish to make the government. But you seem to, because you seem to want to apply what appropriate in the past to the future.

How many more detectives do we need to apply old fashioned detective techniques to the new reality of global communication?

Give us some hint as to what you would do - something better that work harder, I hope.

You assume because I want the FBI and other federal agencies to work within the constraints of the law rather than routinely break them, I must therefore want larger government.

Bad assumption.

Terrorism doesn't suddenly appear out of the blue. It has a root cause, and the US government is that root cause, due to its persistent interference in the affairs of other nations. So, if you want to stop terrorism, you must stop the US government. The only way to stop it is to destroy it, replace it with a government that will work within the rule of law, and not treat its citizens like criminals.

TL;DR: I don't want a larger government. I want a new one!

There are several holes in the way you are leading on this post. First of all, the always accurate 20/20 Hindsight Review did state there were several leads which were never followed. A good portion of the reasons why those indicators were never pursued was due to the data was gathered by different agencies which didn't (wouldn't, couldn't) share their intelligence. The attackers on 9/11 had done their homework and had examined the security at airports that was in place at the time. They knew that security at smaller, secondary airports was often lax and lacked the sophisticated equipment at larger airports such as Logan or Reagan so they bypassed them and had tickets from small airports which had connections in the larger ones. Passengers coming from one airport and transferring planes are not rescreened, they are deemed "cleared" even today. That's how they got their weapons on board.

Flight schools had reported it was strange these "students" had no experience and only seemed interested in being able to point the aircraft in specific directions and no interest in learning how to land. The reports to the FAA were ignored and the information was not shared with any other agency. Why, because privacy laws prevented sharing of intelligence from one agency to another. (Which is why 3 different agencies will all ask for the same basic information as they are prevented from sharing what they have with another.) Sharing has improved, but it still has to get over the hurdle of my information is my information but I want access to yours.

The key thing to remember isn't that the sharing of intelligence or data isn't technologically possible, it's mentally impossible because of the people making the decisions over what should be shared as to what should not be share,

Sorry to disagree with you, but it is about being afraid because we've already lost the trust in our government. My rights, your rights and seemingly everyone else's rights are continually being eroded or just plain violated. Read on, follow the links, and you should have a pretty good idea about what's been going on if you don't already know.

Year - 1997 + / -
Program - Carnivore

http://www.nbcnews.com/id/6841403/ns/technology_and_science-...

You may have heard about Carnivore, a controversial program developed by the U.S. Federal Bureau of Investigation (FBI) to give the agency access to the online/e-mail activities of suspected criminals. For many, it is eerily reminiscent of George Orwell's book "1984." Although Carnivore was abandoned by the FBI in favor of commercially available eavesdropping software by January 2005, the program that once promised to renew the FBI's specific influence in the world of computer-communications monitoring is nonetheless intriguing in its structure and application.

What exactly was Carnivore? Where did it come from? How did it work? What was its purpose?

Carnivorous Evolution

Carnivore was the third generation of online-detection software used by the FBI. While information about the first version has never been disclosed, many believe that it was actually a readily available commercial program called Etherpeek.

In 1997, the FBI deployed the second generation program, Omnivore. According to information released by the FBI, Omnivore was designed to look through e-mail traffic travelling over a specific Internet service provider (ISP) and capture the e-mail from a targeted source, saving it to a tape-backup drive or printing it in real-time. Omnivore was retired in late 1999 in favor of a more comprehensive system, the DragonWare Suite, which allowed the FBI to reconstruct e-mail messages, downloaded files or even Web pages.

DragonWare contained three parts:

• Carnivore - A Windows NT/2000-based system that captures the information
• Packeteer - No official information released, but presumably an application for reassembling packets into cohesive messages or Web pages
• Coolminer - No official information released, but presumably an application for extrapolating and analyzing data found in the messages

As you can see, officials never released much information about the DragonWare Suite, nothing about Packeteer and Coolminer and very little detailed information about Carnivore. But we do know that Carnivore was basically a packet sniffer, a technology that is quite common and has been around for a while.

The FBI planned to use Carnivore for specific reasons. Particularly, the agency would request a court order to use Carnivore when a person was suspected of:

• Terrorism
• Child pornography/exploitation
• Espionage
• Information warfare
• Fraud

There are some key issues that caused a great deal of concern from various sources:

• Privacy - Many folks viewed Carnivore as a severe violation of privacy. While the potential for abuse is certainly there, the Electronic Communications Privacy Act (ECPA) provides legal protection of privacy for all types of electronic communication. Any type of electronics surveillance requires a court order and must show probable cause that the suspect is engaged in criminal activities. Therefore, use of Carnivore in any way that did not adhere to ECPA was illegal and could be considered unconstitutional.

• Regulation - There was a widespread belief that Carnivore was a huge system that could allow the U.S. government to seize control of the Internet and regulate its use. To do this would have required an amazing infrastructure -- the FBI would have needed to place Carnivore systems at every ISP, including private, commercial and educational. While it is theoretically possible to do so for all of the ISPs operating in the United States, there is still no way to regulate those operating outside of U.S. jurisdiction. Any such move would have also faced serious opposition from every direction.

• Free speech - Some people think that Carnivore monitored all of the content flowing through an ISP, looking for certain keywords such as "bomb" or "assassination." Any packet sniffer can be set to look for certain patterns of characters or data. Without probable cause, though, the FBI had no justification to monitor your online activity and would have been in severe violation of ECPA and your constitutional right to free speech if it did so.

• Echelon - This is a secret network rumored to be under development by the National Security Agency (NSA), supposedly designed to detect and capture packets crossing international borders that contain certain keywords, such as "bomb" or "assassination." There is no solid evidence to support the existence of Echelon. Many people confused this rumored system with the Carnivore system.

All of these concerns made the implementation of Carnivore an uphill battle for the FBI. The FBI refused to disclose the source code and certain other pieces of technical information about Carnivore, which only added to people's concerns. But, as long as it was used within the constraints and guidelines of ECPA, Carnivore had the potential to be a useful weapon in the war on crime.

Of course, being a sniffer it had to inspect everything, not just those being targeted....

Year - 2000 + / -
Program - Magic Lantern

https://en.wikipedia.org/wiki/Magic_Lantern_%28software%29

Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation. Magic Lantern was first reported in a column by Bob Sullivan of MSNBC on 20 November 2001

As the story goes, commercially available PC Anti-virus products kept reporting "Magic Lantern" as a "Virus" or "Malicious" software when the Anti-virus scanned a computer. Supposedly, the FBI approached the makers of the Anti-virus products to not report the software if it was found. The manufactures of the anti-virus software, it's been said, responded with, if it doesn't have a signature that looks like a "Virus" or "Malicious" code, we won't report it.

Year - 2007 + / -
Program - presumably classified

http://www.pbs.org/wgbh/pages/frontline/homefront/

Spying on the Homefront

What's happening today.... If you've never seen this, it's about an hour long but it represents what is supposedly the most current information about what the government is doing.

So many people in America think this does not affect them. They've been convinced that these programs are only targeted at suspected terrorists. … I think that's wrong. … Our programs are not perfect, and it is inevitable that totally innocent Americans are going to be affected by these programs," former CIA Assistant General Counsel Suzanne Spaulding tells FRONTLINE correspondent Hedrick Smith in Spying on the Home Front.

9/11 has indelibly altered America in ways that people are now starting to earnestly question: not only perpetual orange alerts, barricades and body frisks at the airport, but greater government scrutiny of people's records and electronic surveillance of their communications. The watershed, officials tell FRONTLINE, was the government's shift after 9/11 to a strategy of pre-emption at home -- not just prosecuting terrorists for breaking the law, but trying to find and stop them before they strike.

President Bush described his anti-terrorist measures as narrow and targeted, but a FRONTLINE investigation has found that the National Security Agency (NSA) has engaged in wiretapping and sifting Internet communications of millions of Americans; the FBI conducted a data sweep on 250,000 Las Vegas vacationers, and along with more than 50 other agencies, they are mining commercial-sector data banks to an unprecedented degree.

Even government officials with experience since 9/11 are nagged by anxiety about the jeopardy that a war without end against unseen terrorists poses to our way of life, our personal freedoms. "I always said, when I was in my position running counterterrorism operations for the FBI, 'How much security do you want, and how many rights do you want to give up?'" Larry Mefford, former assistant FBI director, tells Smith. "I can give you more security, but I've got to take away some rights. … Personally, I want to live in a country where you have a common-sense, fair balance, because I'm worried about people that are untrained, unsupervised, doing things with good intentions but, at the end of the day, harm our liberties."

Although the president told the nation that his NSA eavesdropping program was limited to known Al Qaeda agents or supporters abroad making calls into the U.S., comments of other administration officials and intelligence veterans indicate that the NSA cast its net far more widely. AT&T technician Mark Klein inadvertently discovered that the whole flow of Internet traffic in several AT&T operations centers was being regularly diverted to the NSA, a charge indirectly substantiated by John Yoo, the Justice Department lawyer who wrote the official legal memos legitimizing the president's warrantless wiretapping program. Yoo told FRONTLINE: "The government needs to have access to international communications so that it can try to find communications that are coming into the country where Al Qaeda's trying to send messages to cell members in the country. In order to do that, it does have to have access to communication networks."

Spying on the Home Front also looks at a massive FBI data sweep in December 2003. On a tip that Al Qaeda "might have an interest in Las Vegas" around New Year's 2004, the FBI demanded records from all hotels, airlines, rental car agencies, casinos and other businesses on every person who visited Las Vegas in the run-up to the holiday. Stephen Sprouse and Kristin Douglas of Kansas City, Mo., object to being caught in the FBI dragnet in Las Vegas just because they happened to get married there at the wrong moment. Says Douglas, "I'm sure that the government does a lot of things that I don't know about, and I've always been OK with that -- until I found out that I was included."

A check of all 250,000 Las Vegas visitors against terrorist watch lists turned up no known terrorist suspects or associates of suspects. The FBI told FRONTLINE that the records had been kept for more than two years, but have now all been destroyed.

In the broad reach of NSA eavesdropping, the massive FBI data sweep in Las Vegas, access to records gathered by private database companies that allows government agencies to avoid the limitations provided by the Privacy Act, and nearly 200 other government data-mining programs identified by the Government Accounting Office, experienced national security officials and government attorneys see a troubling and potentially dangerous collision between the strategy of pre-emption and the Fourth Amendment's protections against unreasonable search and seizure.

Peter Swire, a law professor and former White House privacy adviser to President Clinton, tells FRONTLINE that since 9/11 the government has been moving away from the traditional legal standard of investigations based on individual suspicion to generalized suspicion. The new standard, Swire says, is: "Check everybody. Everybody is a suspect."

So no, I'm not afraid, I'm terrified what our wonderful government is up to behind our backs...

Your post was too long and I couldn't be bothered to waste much of my time on it. On a quick skim, you talk about Carnivore and Magic Lantern, as you have already done in earlier posts on this thread. Then add a PBS documentary about the surveillance state the US has become.

I'm well aware of the tools, as I looked both of them up when you first mentioned it. The PBS piece is something I should watch, if only because I have a little spare time to kill. Your statement of being terrified of what the government will do next is justified in your view. But fear is merely a symptom of a greater problem, that greater problem being lack of trust in the government. While we should not trust the government, we should not fear them either.

If we show fear here, then the government wins. The government wins because it wants you to be afraid, to be complacent, to be apathetic. That way it can run unchecked while your freedoms granted to you by the Constitution of the United States vaporize like flash paper in flame.

https://www.yahoo.com/tech/fbi-paid-hackers-cracked-san-0909...

Good... I just hope everyone did.. Neither Carnivore nor Magic Lantern were very widely publicized.

Please do; and realize this documentary was created in 2007... long before Snowden ever came upon the scene leaking whatever he leaked, and the news media didn't say much if anything about any of the Government's sophisticated data surveillance techniques ... and we're a couple of years down the road now ... Kinda makes you wonder what mischief they are up to now that we don't know about...

And yes, I do know about a series of programs that were fairly covert in as much as they set status indicators and only reported their state change for certain events.. but that was a long time ago and it's anyone's guess what they've graduated to these days!

When I was a kid, I read two books that both piqued both my curiosity and imagination and both made me wonder in the 50's if either could come true.

The first, George Orwell's 1984... Hmmm... Carnivore in 1997... close enough to 1984 for me...

The second, Jacques Futrelle's, "The Thinking Machine"; http://www.futrelle.com/stories/TheThinkingMachine.html

When IBM first pitted "WATSON" against Brad Rutter and Ken Jennings on Jeopardy in 2011, the 1st image I formed was that of "The Thinking Machine."

Now, imagine, what a hardware / software machine that could parse apart and make sense of lots of disjoint data could do if it were to suck in the information from the internet..... I'm not saying it does.. rather, there might be potential... and if done properly, it could make Carnivore look like a child's toy of pop goes the weasel and lord only knows what other ugly things something with this sophistication might be able to accomplish as it learned! Sound like a "Thinking Machine" to you?

Irrespective if we show fear or not, the government wins.

Somewhere, seemingly a lifetime ago, I recall seeing something about all government jobs, (Federal, State (county & city) as well as civilian contractors) held something in excess of 50% of all employees in the U.S.

With such deep resources as that, we should all be afraid because the government has the resources to crush any of us like a bug.

Microsoft filed a lawsuit in a federal court against the U.S. government over its expanding use of gag orders for data requests. The company said that almost half of the data requests are secret, with more than two thirds of the gag orders having no time limit for expiration, meaning the users would never be notified about them.

Microsoft, which is now a major cloud services provider, has become increasingly worried at how many of the data requests from the U.S. government are accompanied by gag orders. Once a gag order is served, the company can no longer notify its users about the warrants it received for their data.

The company believes that the U.S. government is using the increasing popularity of cloud services as a way to skirt around the Fourth Amendment, which gives people the right to know when the government searches or seizes their property. Microsoft also believes that these gag orders violate the First Amendment, which guarantees the company the right to talk to its customers.

http://www.tomshardware.com/news/microsoft-sues-us-governmen...

How strangers can hack the phone in your pocket

These days no one leaves home without a smartphone. But as 60 Minutes Overtime reports, you may need a "CryptoPhone" if you want to avoid hacking

Class... I'm Sister Mary Elephant... May I have that knife please!

http://www.cbsnews.com/news/60-minutes-overtime-how-stranger...

http://www.cbsnews.com/news/60-minutes-hacking-your-phone/

I don't know about anyone else, but I got a chuckle out of reading this, despite it being true for most companies.

http://dilbert.com/strip/2016-04-18

I have never ever allowed anyone access to my backdoor unlike Tim Cook and that's all I'm going to say

Security.. what a joke!

Rep. Ted Lieu Blames NSA For Unpatched Carrier Vulnerability That Allowed His Calls To Be Intercepted On '60 Minutes'

http://www.tomshardware.com/news/ted-lieu-fire-nsa-ss7,31617...

Here's the latest, and chock full of new info straight from the Big Cheese:

https://gma.yahoo.com/fbi-paid-more-1-million-help-hacking-s...