
The FBI could have broken into San Bernadino shooter's phone without Apple - grecy
https://www.eff.org/deeplinks/2018/04/fbi-could-have-gotten-san-bernardino-shooters-iphone-leadership-didnt-say
======
rgbrenner
I agree with the EFF.. but:

They write _At the same time, according to the OIG report, the chief of the
FBI’s Remote Operations Unit (the FBI’s elite hacking team, called ROU) knows
“that one of the vendors that he worked closely with was almost 90 percent of
the way toward a solution that the vendor had been working on for many
months.”_

90% finished with no definitive end in sight? That doesnt sound like a
solution.. then the EFF concludes:

 _March 1, 2016: Comey testifies... The OIG report concluded that Director
Comey didn’t know that his testimony was false at the time he gave it. But it
was false, and technical staff in FBI’s own ROU knew it was false._

No it was not false. It was completely true at the time. 90% is not a
solution. Comey does not have a time machine to see when/if the exploit would
be completed.

 _March 16, 2016: An outside vendor for the FBI completes its work on an
exploit for the model in question._

Now they have an exploit.. and what does the FBI do? They drop the their
alternative approach involving the courts and apple.

Making weak, clearly disingenuous (or worse, technically clueless if they
really believe 90% is the same as 100%) arguments do not help the EFF. This
will be the first part that their opponents latch on to and attack.

~~~
tlb
"90% complete" can mean a very wide range of things. If it means having
bypassed 9 out of 10 security layers, there's no guarantee it'll ever work. If
it means that the system works in the lab and they're adding UI and
documentation, then it's reasonable to be confident. I've heard situations
both worse and better described as "90% complete".

I would guess that coming from a company selling security solutions to law
enforcement, it'd be more like the latter (ie, it basically works and needs
polishing).

~~~
tedunangst
In the case of developing an exploit, one might reasonably claim that getting
0xdeadbeef in %rip is 90% done. A lot of researchers would stop at that point,
because it's sufficient to demonstrate that it's exploitable. Some years ago,
before various mitigations, you'd just have to polish up the payload and then
you'd be 100%. But today, there might be a fair bit of work turning a demo
crasher into a weaponized exploit.

------
natch
>any system that is designed to allow law enforcement agencies all across the
country to expeditiously decrypt devices pursuant to court order will be
enormously complex, raising the likelihood of serious flaws in implementation.

Generally I agree with the EFF but I always find this particular argument
specious.

If someone were to design such a system but without flaws in its
implementation, would EFF be OK with that? I don't think so, because those
agencies are rife with bad actors. A perfect system, in the hands of bad
actors, is already a problem.

The problem at the outset is with the context of use. Yes there are other
problems that would follow on because the system would not be technically
perfect, but even before that, the flawed context of giving these tools to bad
actors should not be overlooked. Setting up such a system, _perfect or not_ is
a bad idea, period. Yes it will be imperfect but even if you buy into the
mistaken idea that it can be made perfect, the context of use, in agencies
with bad actors, is already broken even before the imperfections allow
exploits by agency outsiders.

No, we don't have to assume that the agencies are staffed with only good
people. Not even for the sake of argument, and not even for the sake of a
polite white paper from the EFF.

~~~
pg_bot
IMO the toothpaste is already out of the tube on this one. We already live in
a world where strong encryption exists, and is accessible to the common
developer. The DOJ does not get to live in the world that it wants to. I
understand this will make their lives more difficult, however I do not care.
Currently they are in the "anger and bargaining" stage of grief, I hope they
realize that "going dark" isn't really that bad.

~~~
josefresco
> I hope they realize that "going dark" isn't really that bad.

I hope _you_ know that, because I don't know a single person, expert or not
who with confidence can claim "going dark" isn't going to be "that bad".

~~~
valuearb
Somehow the US survived in a world where everyone was dark 100% of the time
for over 200 years. Maybe the FBI should just go back to relying on actual
criminal research techniques and remember part of their job is protecting
constitutional rights such as the right to privacy.

~~~
josefresco
I knew my comment would be unpopular however I'm genuinely curious how you
feel about law enforcements ability to wiretap, or perform surveillance
suspects given a court order. This capability has existed in the period you
referenced, and to me it would seem ... similar(?) to law enforcement being
granted permission (by a court) now to surveil a suspect's digital devices.
Why does the switch to digital change things? Similarly, If I lock my
home/car/object, commit a crime - are you okay with law enforcement breaking
into my property to gather evidence?

I'm honestly asking, not trying to snark - please help me work through how
encryption differs from other "analog" tools meant to ensure privacy.

~~~
valuearb
Think back even before technology. The police weren’t allowed to sneak on your
property and search it, or hide on it to surreptitiously listen to your
conversations, without a court order. This was to protect your privacy rights,
as well as restrain over-reaching government agents.

Now let’s assume 200 years ago all of your property was exposed so that any
potentially dangerous people (robbers, horse thiefs, politicians) approaching
your house could be easily seen. But this also means that federal agents
coming to serve warrants could be seen with enough warning to allow you to
destroy evidence, and anytime they’d try to surveil your house, you’d know
they were there.

Should it be illegal for your property to be so exposed? Should the government
force property owners to plant shrubbery on approaches to their homes to make
them easier to secretly surveil, and so surprise searches can be more
successful?

The difference between this and wiretapping is that wiretapping didn’t require
you to change your property to allow it. The police merely tapped into
existing infrastructure.

I say “didn’t” because that stopped being true years ago. The feds were
successful at forcing telecoms to alter their systems and equipment to make
survellience easier, especially mass survellience. Now the FBI thinks that
since they can force telecoms to put backdoors in their own equipment, they
can also force companies to put backdoors in customers equipment.

Let’s go back 200 years again where encryption was a popular way to assure the
privacy of important messages and papers. Let’s assume public/private key
encryption was discovered, and companies spring up where they create
unbreakable private/public combos for citizens to use to encrypt their
messages and letters. The companies agree to protect their customers by never
recording the private keys they generate for them.

Federal agents are outraged, and demand the companies record citizens private
keys and store them permanently so whenever a court ruled federal agents could
have them those agents could read any citizens private papers and letters. And
that the citizens aren’t allowed to know when their keys have been
compromised. Can you imagine the theft, blackmail and other possibilities?

That’s exactly what the FBI wants now.

~~~
josefresco
Thanks for your thoughtful response. This thread is getting a little old, but
I'm going to read this later, and might respond - however I wanted to thank
you, in case I forget and move on - cheers!

------
IAmEveryone
I agree with the EFF's position regarding backdoors, but this article isn't
convincing.

\- There really isn't anything nefarious in trying to find a good case to set
precedent. That's actually the EFF's (and ACLU, etc.) business model: find the
most sympathetic plaintiff for the issue you want to litigate to improve your
chances in court (and the court of public opinion).

\- A method that is "90% ready" just isn't ready. Not only are such numbers
meaningless in such a project. It just doesn't matter, legally, if you gain
such capabilities in the future. A good faith interpretation of the FBI's
motivation must also accept that if(!) the FBI had _any_ interest in the
phone's content, that interest was urgent.

I also consider the EFF's and tech community's technical arguments to be
rather weak and transparent attempts to skirt the core issue: we don't want
backdoors for governments, period.

By suggesting technical difficulties they are trying to shift the debate from
the political sphere to the technology. That's probably good for the cause,
but it circumvents the mechanism we have established for policy debates,
namely democracy.

The difficulties also seem to be far exaggerated: a 1-of-2 encryption scheme
should be possible. There are several such schemes (like 2-of-3) working
flawlessly for Bitcoin already.

Safekeeping of master decryption keys also seems to be a solved problem.
Certificate Authorities, as just one example, seem to do so mostly without any
hitches.

~~~
braythwayt

      > There really isn't anything nefarious in trying to find a good case to set precedent
    

Far enough, however the FBI's argument was that they needed a backdoor to get
into phones like this, when it turns out that they didn't need the back door
at all, and not only did they purchase a "crack" to open the phone, they also
had Apple's help and could have gotten the information they needed using the
tools they already had at their disposal.

As I read it, this is not about finding a nice court case, it's about
misleading the courts with the respect to the necessity of the back door. In
other words, they weren't finding a sympathetic case, they were manufacturing
it.

~~~
rdtsc
> it's about misleading the courts with the respect to the necessity of the
> back door. In other words, they weren't finding a sympathetic case, they
> were manufacturing it.

Absolutely. Now they kinda of gave Comey the benefit of the doubt saying "he
didn't know" but it turns out ROU team was doing it.

\---

The OIG report concluded that Director Comey didn’t know that his testimony
was false at the time he gave it. But it was false, and technical staff in
FBI’s own ROU knew it was false.

\---

Not sure what happened there. I think there are two levels of "truth" one is
what is written and recorded, and the real "truth". How did ROU started
working on the device to begin with. Did they go to the evidence box and
started tinkering with the phone when CEAU wasn't watching? Did they clone the
device and handed it to multiple teams "here if anyone of you can figure it
out, you get an extra 10 days of vacation" or something like that.

On the manufacturing part. FBI, likes to manufacture evidence and skirt around
entrapment whenever possible. What better way to look important and get more
power than making your own reality. Here is their informant infiltrating a
mosque in Irvine, CA and radicalizing people.
[http://www.latimes.com/local/orangecounty/la-me-muslim-
fbi-2...](http://www.latimes.com/local/orangecounty/la-me-muslim-
fbi-20151221-story.html) he was reported to the, wait for it, ... FBI. There
are other cases as well: [https://theintercept.com/2015/01/16/latest-fbi-
boast-disrupt...](https://theintercept.com/2015/01/16/latest-fbi-boast-
disrupting-terror-u-s-plot-deserves-scrutiny-skepticism/)

~~~
stevew20
It seems a very likely strategy for Comey (based on past instances of him
lying under oath) to have tasked the unit with breaking into the phone, then
simultaneously pushing on Apple to unlock it.

In this scenario, all Comey had to do was NOT ACCEPT the final report from the
unit working on the phone, and that project would remain at <100%
indefinitely. In a military beaurocracy setting, until a work order or
transfer order is signed off by the one who issued it, it is not legally
binding as being completed. Also, easy for Comey to tell the unit not to
contact him with any details so he wouldn't have to purjure himself.

In any case, he really should be in jail, as he is a total sociopath and all
of those FBI guys are guilty of watching kiddy porn.

~~~
colejohnson66
> and all of those FBI guys are guilty of watching kiddy porn.

What? I was with you up until that point. Then you lost me.

------
michaelmrose
People inclined to give the government the benefit of the doubt perhaps
because they are of the class of people so unlikely to run afoul of the law
seem to be confused about what 90% ready means.

If it was ready 3 weeks later 90% ready means we have 100% broken the security
involved and are wrapping this is a reasonable interface and writing
documentation. Our developer could plug in your phone and crack it right now
but we need to build something with buttons and documentation.

~~~
tedunangst
People certain they know what 90% means perhaps because they are of the class
that doesn't know much about software development.

------
newscracker
And if they had had some patience, they could have initiated an automatic WiFi
backup from the iPhone to iCloud and probably accessed the information on
iCloud through a court order that Apple would've complied with.

Quoting from this Buzzfeed article from February 2016. [1]

> "The Apple ID password linked to the iPhone belonging to one of the San
> Bernardino terrorists was changed soon after the government took possession
> of the device, Apple, San Bernardino County, and federal officials have
> acknowledged over the past 48 hours. If that password change hadn’t
> happened, senior Apple executives said on Friday afternoon, a backup of the
> information the government was seeking may have been accessible."

> "The Apple executives said the company had been in regular discussions with
> the government since early January, and that it proposed four different ways
> to recover the information the government is interested in without building
> a backdoor. One of those methods would have involved connecting the iPhone
> to a known Wi-Fi network and triggering an iCloud backup that might provide
> the FBI with information stored to the device between the October 19th and
> the date of the incident."

> "Apple sent trusted engineers to attempt that method, the executives said,
> but they were unable to do it. It was then that they discovered that the
> Apple ID password associated with the iPhone had been changed sometime after
> the terrorist's death -- within 24 hours of the government taking possession
> of the phone. By changing the password, the government foreclosed its
> ability to obtain a fresh copy of the most recent device data via this back-
> up-to-known-wifi method."

[1]: [https://www.buzzfeed.com/johnpaczkowski/apple-terrorists-
app...](https://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-
passcode-changed-in-government-cust)

~~~
valuearb
One wonders why the FBI didn't focus on having a standard protocol/office for
handling iOS and Android devices to ensure they could maximize the ability to
access them. Like someone who could tell the field agents, don't change the
password!

------
JustSomeNobody
> According to the Times, DOJ officials are “convinced that mechanisms
> allowing access to [encrypted] data can be engineered without intolerably
> weakening the devices’ security against hacking.”

Why do people believe this? It will only make things more complicated and more
complicated usually means easier to break.

------
c3534l
I don't have a problem with legitimate inquiries into crime, with probable
cause, approved by an independent whose role is to safeguard against needless
intrusions by the government. I don't believe in legally requiring code to be
insecure through backdoors, extrajudicious dragnet "intelligence," or other
deeply disturbing secret police BS authoritarian strains of the intelligence
communtiy seem to be advocating. If they can open the phone with or without
Apple's help is almost irrelevant. What matters is if they have gone through
an accountable process to gain legal authorization to open it.

On the other hand, the fact that the FBI used this to gain legal powers in the
vein of the burning of the Reichstag is unacceptable.

------
dep_b
It probably takes way more effort, time and money than the FBI likes to invest
to break open an iPhone. So this high profile incident was used as a way to
influence public opinion that this kind of heavy protection was helping
pedophiles and terrorists. I think the main result of their initial
declaration was people buying more iPhones if anything at all. And now it
backfires.

------
leecarraher
well they did right? Isn't that what they paid cellebrite $900K to do.
([http://www.globes.co.il/en/article-fbi-pays-israeli-
co-90000...](http://www.globes.co.il/en/article-fbi-pays-israeli-
co-900000-for-iphone-hack-1001188315))

~~~
itakedrugs
Maybe they paid both, to get more "friends"

------
GCU-Empiricist
Any access-key/backdoor is either going to be very distributed so it can be
used, or it's going to be under a SAP (special access program or similar
alphabet soup); either way it will be compromised either for profit, or by
conscience by someone another Snowden like person.

------
wpdev_63
I have a very close friend that works for the clandestine service, Mussolini.
He tells me that they have backdoors into all cellphones that exist. I didn't
believe him at first but looking at the recent vault 7 leaks[0], now I am not
doubting him.

[0]:[https://en.wikipedia.org/wiki/Vault_7](https://en.wikipedia.org/wiki/Vault_7)

EDIT: Also it's not hacking/breaking in when it's a built in backdoor.

~~~
lightbyte
>I have a very close friend that works for the clandestine service, Mussolini.

Do you mean the Israeli intelligence agency Mossad? Mussolini was the name of
the fascist Italian dictator.

~~~
tedunangst
It's actually a rogue nongovernmental intelligence service entirely made up of
resurrected Mussolini clones.

------
berbec
> The Department's [FBI's] blind faith in technologists’ ability to build a
> secure backdoor on encrypted phones

Hasn't it been show time and again that, on any sort of reasonable timescale,
there is no such thing as a secure backdoor? Governments wanting one to exist
cannot change the nature of software, especially with the current pentesters
out there. If such a backdoor exists, someone will find it.

------
m3kw9
After this long given they don’t upgrade the OS, it will eventually be
cracked.

------
kodablah
Sorry to veer into whataboutism wrt Apple and regions they operate in, but I'm
curious about the hypothetical: What if China demanded Apple create a signed
version of the OS w/ the key bypass? Among other reasons for asking, one
reason is to highlight that while the FBI were nefarious here, that Apple was
able to fight it and publicly post that they disagreed without any
repercussions makes me at least a bit happier about the process.

------
gr3yh47
second verse, same as the first

~~~
johnhenry
but a whole lot louder and a whole lot worse?

