
Snowden: FBI obscuring crucial details in Apple case - Karunamon
https://twitter.com/snowden/status/700823383961792512
======
citizensixteen
More on All Writs Act of 1789.

The Dangerous All Writs Act Precedent in the Apple Encryption Case

[http://www.newyorker.com/news/amy-davidson/a-dangerous-
all-w...](http://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-
precedent-in-the-apple-case?mbid=social_twitter)

"Tim Cook, the C.E.O. of Apple, which has been ordered to help the F.B.I. get
into the cell phone of the San Bernardino shooters, wrote in an angry open
letter this week that “the U.S. government has asked us for something we
simply do not have, and something we consider too dangerous to create.” The
second part of that formulation has rightly received a great deal of
attention: Should a back door be built into devices that are used for
encrypted communications? Would that keep us safe from terrorists, or merely
make everyone more vulnerable to hackers, as well as to mass government
surveillance? But the first part is also potentially insidious, for reasons
that go well beyond privacy rights.

The simple but strange question here is exactly the one that Cook formulates.
What happens when the government goes to court to demand that you give it
something that you do not have? No one has it, in fact, because it doesn’t
exist. What if the government then proceeds to order you to construct, design,
invent, or somehow conjure up the thing it wants? Must you?"

~~~
puranjay
I can't think of a single thing the government has done in the name of
surveillance and security that have actually helped catch any terrorists.

All those body scanners at airports? How many terrorists have they managed to
catch?

(Meanwhile, TSA agents steal items from baggage all the time)

If all that surveillance couldn't catch the school shooters, the Boston
bombers and this couple, is the only solution even MORE surveillance?

~~~
Demiurge
Do you think they would actually be doing a good job if you (public) knew
about the instances surveillance helped? If you were tasked with catching
terrorist, what would you do?

~~~
merpnderp
Yes, if the TSA had stopped a single terrorist, they'd be at least stating a
number, if not the facts. Given they won't even give a ball park number is
pretty good evidence it is a big fat zero like all the investigative
journalism has found. Not like organizations like the TSA can keep a secret.

~~~
Demiurge
Why would they be stating the number? How can they know if they intimidated or
prevented attacks by mere existence? Statistically, mere police patrol
presence reduces crime, which is not directly related to detective work.

But, TSA is kind of parallel to surveillance, my question was about whether we
could possible judge the success of that, and other intelligence in the most
secretive of government operations.

------
ianamartin
No tinfoil intended here, but it strikes me as very unfortunate that the
Supreme Court Justice most likely to be opposed to this recently passed away
last weekend.

In my not-a-lawyer opinion, I think that Apple will absolutely take this as
far as it can. With only an 8-member court, Anthony Kennedy becomes even more
important than ever.

We should be lobbying SCOTUS harder now than ever before. We need them to rule
against this far more than we need to be calling congress people.

We need the Supreme Court to act with the effect of precedent. But I'm not
optimistic. We would need Roberts and Thomas to back off their national
security platforms, and we need RBG and Kagan to understand the problem
better.

Kennedy is a wildcard, but if we can explain the issue in plain English to
those key people and get them to agree, this is doable. Alito and Sotomayor
will fall in line.

If we do our jobs as members of the body politic, write amicus briefs, and
hound the members of the court, this is doable.

Thomas and Roberts can be swayed. So can RBG and Kagan. It would be an easier
5-4 decision with Scalia still around, but this is possible without him, and
we need to focus our efforts.

I'll be putting my money where my mouth is over the weekend and creating a
website that submits comments to the individual justices. I'll also be asking
for help/edits on the boilerplate I'm offering as a starting point.

~~~
nkurz
Did you see Robert Cringely's article where he comes to a very similar
conclusion? Ironically, although he sees the same gambit, the two of you seem
to be interpreting the situation completely opposite. If I'm reading you both
right, you believe Scalia was the most likely to side with Apple, whereas he
thinks Scalia was a sure vote for the FBI?

    
    
      What’s going on is Justice Antonin Scalia is dead.
    
      Had Justice Scalia not died unexpectedly a few days ago 
      (notably before the Apple/FBI dustup) and had the FBI 
      pursued the case with it landing finally in the Supreme 
      Court, well the FBI would have probably won the case 5-4. 
      Maybe not, but probably.
    
      With Justice Scalia dead and any possible replacement 
      locked in a Republican-induced coma, the now eight-member 
      Supreme Court has nominally four liberal and four 
      conservative justices but at least 1.5 of those 
      conservatives (Justice Kennedy and sometimes Chief Justice 
      Roberts) have been known to turn moderate on certain 
      decisions. This smaller court, which will apparently judge 
      all cases for the next couple years, is likely to be more 
      moderate than the Scalia Court ever was.
    
      So if you are a President who is a lawyer and former 
      teacher of constitutional law and you’ve come over time to 
      see that this idea of secret backdoors into encrypted 
      devices is not really a good idea, but one that’s going to 
      come up again and again pushed by nearly everyone from the 
      other political party (and even a few from your own) 
      wouldn’t right now be the best of all possible times to 
      kinda-sorta fight this fight all the way to the Supreme 
      Court and lose?
    
      If it doesn’t go all the way to the Supremes, there’s no 
      chance to set a strong legal precedent and this issue will 
      come back again and again and again. 
    
      That’s what I am pretty sure is happening. 
    

[http://www.cringely.com/2016/02/19/the-fbi-v-apple-isnt-
at-a...](http://www.cringely.com/2016/02/19/the-fbi-v-apple-isnt-at-all-the-
way-you-think-it-is/)

~~~
ianamartin
I did see that, and I think that Cringley is--like many other people who
haven't paid attention--seriously misinterpreting Scalia's history on the
court.

My own, admittedly amateur, interpretation is that he's largely internally
consistent with his ideas of protecting person freedoms and advocating in
favor of judicial restraint.

I see citizens united as an exanpsion of Scalia's attitude about protecting
personal freedoms (and this is an expansion I disagree with, btw). His logic
in Bergofell was that the court doesn't have the authority to meddle further
in religious matters than it already has and needs to exercise restraint.

In my opinion, the argument is stronger in Bergofell than it is in Citizens
United, even though I agree with the result of the former and disagree with
the latter.

I could be incredibly wrong, but I think that over 30 years, Scalia has been a
champion of individual rights and protections more often than not. Much to
various people's chagrin at different times.

That has sometimes led to good results and sometimes led to bad. I feel
comfortable in this case making the assertion that Scalia would have
definitively come down on the side of Apple, and done so in the heavy-handed
manner that he was known for and probably persuaded a fence justice like
Kennedy to side with him in this case. But possibly also bringing RBG in with
him at the same time.

Yes, it's all prognostication at this point, and I know that. But in my
opinion, the bigger picture of Scalia outside of Citizens United and
Obergefell are the history of someone who would have opposed the order against
Apple.

Cringley is just being Cringely: bigoted, hateful, and wrong. As usual.

But then again, I could be really wrong. It does happen sometimes.

~~~
Zafira
I am uncertain how one could consider Scalia's jurisprudence as advocating
civil liberties.

~~~
barney54
Scalia's opinion in Heller is a good example helping to restore the 2nd
Amendment as meaningful along with the 1st and 5th.

~~~
s_q_b
And his opinion in _Crawford v. Washington_ essentially restored the
Confrontation Act of the Sixth Amendment. [0]

I may have disagreed with Justice Scalia on a great many points, but he was
one of the foremost defenders of the rights of criminal defendants.

[0]Crawford v. Washington, 541 U.S. 36 (2004)

------
notthegov
He is suggesting that the FBI sees this as an opportunity to set a precedent
and doesn't care about the data?

If so, in FBI logic, in the future there could be a more legitimate need for
Apple to comply because a suspect could have a WMD. But so far no such threat
exists.

However, let's distort the issue and exploit this opportunity now knowing few
will go against law enforcement tactics against the San Bernardino killers?

Because they will need the power in the future but the public has to be scared
into acting now to prevent the real hypothetical future attack?

~~~
lambda
No, the public has to be scared into standing by while the courts force Apple
to unlock a phone for the FBI, so there will be adequate precedent for doing
so later in in more mundane cases, like drug dealers, gangs, and so on.

The thing that scares law enforcement is that in recent years, they've been
handed piles of easy evidence that is recorded permanently and easy to access.
While before you actually had to do an active man-in-the-middle attack, known
as "wiretapping", and that required a court order with good evidence, now
there's a ton of communication that is already recorded on persistent media,
and all they have to do is find some excuse for taking a look at it to get a
lot of extra information without much trouble.

~~~
krylon
This is the most reasonable explanation I have read so far.

Especially given that surveillance tools tend to "trickle down" wrt the
severity of the alleged crimes required to use them.

------
alblue
I've written up a summary of the current situation for InfoQ here:

[http://www.infoq.com/news/2016/02/fbios-
update](http://www.infoq.com/news/2016/02/fbios-update)

Basically, the FBI shot themselves in the foot by changing the password for
the iCloud account within a day or two of the incident, instead of consulting
with Apple. This meant the phone couldn't auto backup data which is why the
snapshot of the data is not necessarily the most recent. Had they not done
this they would have been able to connect the phone to a power outlet and a
wifi connection, and it would have uploaded the data to Apple's servers from
which they could have asked Apple to acquire the data.

Both Apple and the FBI have been requested to appear before a bipartisan
committee to answer specific questions about the case.

~~~
kahirsch
"The auto reset was executed by a county information technology employee,
according to a federal official. Federal investigators only found out about
the reset after it had occurred and that the county employee acted on his own,
not on the orders of federal authorities, the source said."[1]

[1][http://abcnews.go.com/US/san-bernardino-shooters-apple-id-
pa...](http://abcnews.go.com/US/san-bernardino-shooters-apple-id-passcode-
changed-government/story?id=37066070)

~~~
alblue
That's not the information reported by Reuters this morning [2]

"San Bernardino County reset the password on the iCloud account at the request
of the FBI, said county spokesman David Wert."

Sounds like both sides are blaming each other for the event.

[2]
[http://mobile.reuters.com/article/idUSKCN0VS2GC](http://mobile.reuters.com/article/idUSKCN0VS2GC)

~~~
toyg
That's actually the best piece of news coming out of the whole affair at this
point: despite almost 10 years of practice, authorities still don't have a
consistent procedure to deal with iPhones, not even relatively old models.
Some groups here and there might know it, but it has not trickled down to
average grunts.

------
trenchy12
The phone in question is a government issued work phone? Hadn't heard that
before. Pretty big detail that isn't mentioned often.

~~~
Bud
Yep. It's his employer's property. The shooter intentionally destroyed his
personal iPhone before the attacks.

~~~
stordoff
I hadn't really looked at the details, because the fundamental question of
"Can the courts compel work/backdoors from Apple?" is much more important IMO,
but this really makes it feel like a fishing exercise from the FBI. Though
possible, the chance that the attackers used an employer-owned phone to
discuss/plan/coordinate the attackers seems rather remote if they a) had
personal phones, and b) took the time to destroy them.

~~~
blazespin
It's not a fishing exercise at all. It's a "let's prove that we can create a
backdoor for further use" exercise.

------
musesum
Senator Feinstein wants with compel Apple to put in a backdoor though
legislation: [http://www.mercurynews.com/politics-
government/ci_29527867/t...](http://www.mercurynews.com/politics-
government/ci_29527867/trump-bashes-apple-over-privacy-fight) Would suggest
anyone living in California let her know what you think.

I went to a RightsCon in the midst of the Arab spring. Talked to folks with
friends that were being "disappeared" based on what was on their phone.

Meanwhile, David Chaum is suggesting a secret sharing scheme:
[http://www.therebel.media/david_chaum_restoring_internet_pri...](http://www.therebel.media/david_chaum_restoring_internet_privacy)

"Chaum’s proposed Privategrity system would use nine special servers in nine
different countries to encrypt users' data. The theory is, the system would
almost always prevent mass government surveillance but would allow government
access to combat terrorism or child sex abuse."

~~~
stcredzero
If Feinstein is weighing in on any issue with any technical depth, look
carefully at what she's proposing and what she's opposing. More often than
not, she's wrong, and her true motivation is likely to pander to a knee-jerk
emotional reaction, without careful regard to the technical implications.

~~~
yompers888
I guess that makes Apple's encryption the newest "shoulder thing that goes
up."

------
geographomics
Snowden's analysis is rather lacking.

He claims that the FBI already has all of the suspect's communication records
as retrieved via service providers, but ignores the important detail that
iMessage uses end-to-end encryption, rendering any such records unobtainable
by the service provider.

Yes, the last backup was six weeks prior to the phone being seized, but this
only means that the phone may well include six weeks' worth of pertinent
evidence. And there is nothing to suggest that the FBI is only interested in
messages between co-workers.

Ultimately, the phone's data would need to be decrypted and analysed to see if
the first four assumptions that Snowden makes are actually true.

The final assumption is that there are other feasible technical measures that
could be taken to crack this phone. This would perhaps be the most interesting
point, but Snowden chose to not expand upon it at all.

~~~
ianhawes
Normally I don't like Snowden, but in this case I think he raises great points
all around, the biggest being that the non-work phone (Operational Phone) was
completely destroyed. Do you think with that sort of OPSSEC that they slip up
and use a work phone? Doubtful.

But hey, the FBI exists to turn over every stone. The real story here is that
they specifically chose this case to go after Apple because they suspected the
backlash if Apple tried to fight it would be more than they could handle.

~~~
geographomics
Even if there's less likelihood of useful evidence on the suspect's work
phone, it's still worth checking.

The FBI's request isn't too bad really. It's not like they are requesting
Apple to build a new mass surveillance tool or anything similarly far-
reaching. This is limited to the domain of digital forensics, and how best to
extract data in a criminal investigation, against firmware that is hostile to
cracking. Given that, by design, the phone has been locked down to only accept
Apple-signed firmware, then Apple is really the most feasible choice to assist
in bypassing this.

~~~
Consultant32452
Unless we believe that individuals and corporations are at least somewhat
autonomous. If this were Apple's device then sure, I think they should be
compelled to make an effort to unlock it, but it's NOT Apple's device, and it
hasn't been since it left the warehouse. Apple, in this case, is just an
industry expert that happens to know quite a bit about the device. If you
couldn't compel MSFT to hack the phone, you shouldn't be able to compel Apple
to hack the phone. If you get a warrant to open my safe you can compel me to
give you the combination, you can HIRE a locksmith, but you can't compel the
locksmith. Compelling the locksmith is a completely foreign legal precedent.

~~~
geographomics
I think you are rather downplaying Apple's capabilities here.

Apple is the only entity who can reliably alter the firmware to remove the
forensics-thwarting restrictions, due to updates requiring a chain of trust
all the way up to Apple's root certificate.

The physical device may not be owned by Apple, but the firmware installed upon
it certainly is, both legally (due to copyright law) and cryptographically.

~~~
throwawayukcyb
_> The physical device may not be owned by Apple, but the firmware installed
upon it certainly is_

This is an interesting observation, actually. It suggests that there is a
(legal) price to be paid for retaining tight control over firmware.

------
nickysielicki
Maybe I'm too far-out there, but what do we _really_ know about the NSA's
quantum computing abilities?

Given their budget and their ability to keep things under wraps (eg: consider
the scope of PRISM and how they ran that for close to a decade), is it that
crazy to think this is a debate they don't care about winning?

Teams at universities made 16 qbit machines something like 5 years ago. D-wave
claims 512 qubits today. I don't think it's out of the question that NSA is
far ahead of both of them. D-wave employs "100+ people" according to
Wikipedia. NSA is estimated to have upwards of 30,000.

It makes a lot of sense, then. NSA got caught with their pants down, naturally
backlash from it is still happening today. So if your opponents are going to
be winning some ground back, the best PR move is to have them win ground that
doesn't matter. (Or that won't matter in a couple years.)

I think these debates about the necessity of key escrow and modified firmware
are conversations they're having with the intention of losing, to prevent
meaningful pushback but to still provide the illusion of it.

It just doesn't make sense to me that they would invest billions into dragnet
infrastructure with the knowledge that something as inevitable as letsencrypt
or an iPhone passcode could make it all useless.

Edit: wording and some additional comments

~~~
stordoff
> D-wave claims 512 qubits today. I don't think it's out of the question that
> NSA is far ahead of both of them.

I don't doubt that NSA have some techniques that are not public knowledge, but
is it feasible that they are that far ahead of academia/industry? (IIRC,
D-Wave cannot run Shor's algorithm, so is not particularly useful in breaking
cryptography). Even if they are, I would expect them to be having these legal
battles hoping to win - if there is a plausible, non-classified, way to access
the data, maintaining secrecy of these techniques is much easier.

> that something as inevitable as letsencrypt and an iPhone passcode could
> make it all useless.

Widespread, well-implemented crypto is probably less inevitable than this
makes it sound. letsencrypt etc. probably make the surveillance dragnet less
useful, but sloppy implementations and unforeseen weaknesses (e.g. Heartbleed)
probably render it still rather useful.[1] Encryption usage, through
increasing, is also not a given for people who may be targeted by NSA et
al.[2]

[1] In terms that it can be used to gather information. Whether it is actually
useful from a security standpoint, and if it is price worth paying, is
something I strongly doubt.

[2] See, e.g., [https://theintercept.com/2015/11/18/signs-point-to-
unencrypt...](https://theintercept.com/2015/11/18/signs-point-to-unencrypted-
communications-between-terror-suspects/)

~~~
firebones
Yes, it would seem that maintaining plausible deniability about their methods
(through something that amounts to a kind of parallel construction with an
unwitting party) would make a lot of sense. Even if they _don 't_ have the
capability, there are game theoretical benefits towards pursuing this.

------
ojbyrne
It seems like "parallel construction."

[https://en.wikipedia.org/wiki/Parallel_construction](https://en.wikipedia.org/wiki/Parallel_construction)

The FBI already have what they need, by illegal means. Unfortunately, due to
security, they're stuck.

~~~
krylon
I used to think, in such moments, that I was on the way to getting paranoid.
These days, I more often think that maybe I should be a lot more paranoid.

It has become really hard to figure out what to believe and what not. The
whole affair could simply be a PR stunt. Maybe the FBI wants to create a
precedent so they can get an easy access to everybody's phones where they
consider it convenient. But maybe, they actually do not want that phone at all
and want to create precedent where people think, "Oh look, now I know for sure
the Feds cannot get at my iPhone". At times, it all seems like plots within
schemes within hidden agendas.

~~~
macns
> It has become really hard to figure out what to believe and what not.

This. Thankfully it is also becoming obvious to more people the necessity of
end to end encryption and open source software. Then - depending on the level
of paranoia - we would only need to deal with the encryption tech.

~~~
krylon
Back when I was 16, playing Shadowrun, we used to say that paranoia was not a
disease, but a survival strategy.

There are moments when I get close to freaking out about it. I am currently
reading Gravity's Rainbow, and now, for the first time, I _get_ the paranoia
in that book, I feel it. It is even less pleasant than I had imagined.

And even with FLOSS and the best encryption technically possible, we have to
ask ourselves, what does it lead to?

In a society where the state no longer trusts the citizens, where citizens
need to use military-grade encryption to keep the intelligence services from
accidentally flagging them as potential terrorists because they have a gross
sense of humor or a weird hobby, the very fabric that holds society together
begins to erode.

If we go down this road, we will become even more estranged and isolated than
we are now.

~~~
selimthegrim
Foucault's Pendulum is also a fantastic book about paranoia of this sort, and
how it draws people in.

------
nostromo
The intelligence community never lets a terrorist attack go to waste.

I'm convinced they have a wish list in wait for every tragedy. Next on the
list was getting a back door on every cellphone.

~~~
CamperBob2
_I 'm convinced they have a wish list in wait for every tragedy_

That's not even remotely debatable, unless you believe the 350+-page Patriot
Act was written within a month after 9/11.

~~~
paulddraper
That's not unbelievable.

~~~
nullc
> The Patriot Act is huge and I remember someone asking a Justice Department
> official how did they write such a large statute so quickly, and of course
> the answer was that it has been sitting in the drawers of the Justice
> Department for the last 20 years waiting for the event where they would pull
> it out. \-- Richard Clarke (former National Coordinator for Security,
> Infrastructure Protection and Counter-terrorism)

Often political changes are artifacts of opportunity. I don't personally think
that its evil that the justice department had a laundry list of civil rights
violations waiting for an opportunity to propose them. It's the responsibility
of the public and earnest lawmakers to be aware of efforts to exploit
sentiment and resist bad law regardless of when it's proposed.

------
meowface
There are allegations that the FBI could easily decrypt the phone if they
actually wanted to, found here:

[https://www.reddit.com/r/technology/comments/46exkr/john_mca...](https://www.reddit.com/r/technology/comments/46exkr/john_mcafee_ill_decrypt_the_san_bernardino_phone/d04tyzm)

[https://www.reddit.com/r/news/comments/46np5t/san_bernardino...](https://www.reddit.com/r/news/comments/46np5t/san_bernardino_shooters_apple_id_passcode_changed/d06q9ff)

Any truth to this?

~~~
citizensixteen
If the government hacks the iPhone themselves, they don't get the legal
precedent they are so desperate to establish in this case. This paves the way
for legislation that forces technology companies to install backdoors in
software/hardware. This case is not about the data on the phone itself, the
government is simply continuing its march towards comprehensive surveillance
systems.

Secret Memo Details U.S.’s Broader Strategy to Crack Phones

[http://www.bloomberg.com/news/articles/2016-02-19/secret-
mem...](http://www.bloomberg.com/news/articles/2016-02-19/secret-memo-details-
u-s-s-broader-strategy-to-crack-phones)

"Silicon Valley celebrated last fall when the White House revealed it would
not seek legislation forcing technology makers to install “backdoors” in their
software -- secret listening posts where investigators could pierce the veil
of secrecy on users’ encrypted data, from text messages to video chats. But
while the companies may have thought that was the final word, in fact the
government was working on a Plan B. In a secret meeting convened by the White
House around Thanksgiving, senior national security officials ordered agencies
across the U.S. government to find ways to counter encryption software and
gain access to the most heavily protected user data on the most secure
consumer devices, including Apple Inc.’s iPhone, the marquee product of one of
America’s most valuable companies, according to two people familiar with the
decision."

~~~
rtpg
> This paves the way for legislation that forces technology companies to
> install backdoors in software/hardware

But... the fact that Apple can do anything is a result of the OS update
backdoor in the first place in this case! If this were a 5S this entire court
case wouldn't be possible. This court ruling is not "Apple needs to install a
backdoor". It's "Apple needs to exploit the backdoor they have a key to".

~~~
pja
The argument is that once they have this precedent in hand, they can then use
it to force Apple to _alter_ the code in the secure enclave of all current
Apple devices so that the security services can gain access to them on demand.

Or else, even if this case doesn’t give them sufficient precedent to force
that kind of access, it’s certainly a legal stepping stone along that route,
which is precisely why the FBI is taking the case all the way even though it’s
clearly not necessary in this specific case - the NSA is perfectly capable of
gaining access to the phone in question if they want to & according to Snowden
they even have the legal right to do so since it was a work-issued phone where
the issuee had signed over the right to scrutinise it at any time.

~~~
rtpg
>The argument is that once they have this precedent in hand, they can then use
it to force Apple to alter the code in the secure enclave of all current Apple
devices so that the security services can gain access to them on demand.

Sure... if there's a warrant for a specific phone, and that Apple even has a
way to update the Secure Enclave (my understanding is that updating the Secure
Enclave wipes the contents).

One overreach I could see happening from this precedent is getting Apple to
participate in a targeted wiretap: Target brings phone to iStore, Apple
"accidentally" wipes Secure Enclave (installing backdoor), and target could
now have phone hacked later. Contrived, but I think this would be precedent.

But in no way is this ruling a precedent to push out a backdoor to every
iPhone ever made. And the precedent that Apple must help unlock an iPhone has
existed for over 100 years I think. Based off of the whole "digital key" ==
"Physical key" logic of the courts, if Apple didn't want to help exploit the
backdoor, a judge could probably rule to force Apple to _hand over its actual
signing keys for updates_. Awful, but the precedent is totally there

~~~
pja
In the medium term, my guess is that they want to force Apple to alter the
code in the secure enclave of all iPhones manufactured so that in the future
the phones can be backdoored on demand either by Apple under warrant or the
FBI themselves. In the former case the NSA would of simply acquire the
necessary keys by whatever means they preferred.

At the moment, for phones with a secure enclave, this isn’t possible: Apple
intention was to create a system that they themselves can’t crack precisely in
order to prevent anyone else from being able to crack their phones. It’s
possible that the NSA has physical attacks that can work around the secure
encalve now, but these are always vulnerable to future improvements in the
devices - the government would vastly prefer to have some kind of mandated
access.

Winning this case is a step along the path of building up the legal precedent
for them to be able to do this. Sure, by itself it won’t be sufficient, but
they don’t expect it to be - it’s a stepping stone along the route.

------
ayyghost
I would like to see some clarification on point #5. The only other option I
see for the FBI is to continue manually bruteforcing PINs, the arduousness of
such a task being why they requested Apple's help in the first place. Is he
talking about 0days?

~~~
gpm
Manually bruteforcing PINs is actually not a way to get in here, the phone
will wipe the keys that the pin protects after 10 attempts.

I'm not sure what method Snowden has in mind for decrypting this device
without going through Apple. It seems like it must be a 0day.

~~~
nxzero
Depending on the device/iOS versions, you're able to bypass the count limits.

~~~
Crito
The FBI is asking that Apple provide them the ability to bypass the PIN
timeout limits.

In modern iphones, those limits are handled by the secure enclave. However on
the 5C in question, the limits are done in iOS and can be disabled by flashing
a custom version of iOS. That's what the FBI is requesting.

------
tuyguntn
Everytime I hear such stories remember about Overton window [1], its a way
from unthinkable to policy,

Around 10-15years ago privacy issues were almost unthinkable (phase #1)
(average person didn't think about privacy too much), then wikileaks came out,
then Snowden (phase #2, radical) and so on.

Sure FBI has access to phone calls in San Bernardino case, but they are making
buzz in news, in order to step to next level, probably from sensible phase
into popular, then naturally next step would be `policy phase` and
surveillance would be totally legal and everyone will accept this, if not we,
then next generation would accept it.

[1] -
[https://en.wikipedia.org/wiki/Overton_window](https://en.wikipedia.org/wiki/Overton_window)

------
cat-dev-null
Does anyone have additional follow-up details of the supposed black SUVs at
Apple Cupertino? VEEP, POTUS, TLA, etc.

EDIT: Previous item:
[https://news.ycombinator.com/item?id=11120365](https://news.ycombinator.com/item?id=11120365)

~~~
nitrogen
Looking in that thread, it seems no pictures were ever posted (or if they
were, they are there no longer).

------
ryan606
If Snowden's allegations are true, then it seems pretty clear that the FBI
already has all information they claim they need, and doesn't need Apple's
help. Rather, this seems to be a "land grab" by the DOJ/BHO Administration to
secure government access to all communication devices, all in the name of
"National Security". Not unlike the 2001 Patriot Act. Very sad.

~~~
free2rhyme214
And a PR move from Apple.

------
augb
This may have already been stated, but in case it hasn't ...

If Apple, as a legal "person" [1], can be compelled against their will to
create something that does not exist at the government's will, then what is
holding the government from compelling an individual to do the same?

[1]
[https://en.wikipedia.org/wiki/Legal_personality#United_State...](https://en.wikipedia.org/wiki/Legal_personality#United_States)

------
MikeNomad
The lies that so many of the citizenry buy into are far from nuanced. Rather,
they are bald-faced. Often, the liars simply rely on Status Conferral,
Ignorance, and Indifference to get by. I contend that Twitter is as much
hindrance as help.

It has been a long time since the citizenry last needed to fully engage the
Check Boxes of Government: Soap, Jury, Ballot, Ammo. A lot of folks are having
a hard time believing the last one is an option. Know Your Roots, indeed.

------
Shivetya
I am more concerned about the idea that the phone password was changed after
the government obtained the phone. How is that story not gaining more
traction?

------
blazespin
Does anyone know which version of iOS 9 the device is? Plenty of security
updates just in 9.2.1 alone: [https://support.apple.com/en-
ca/HT205732](https://support.apple.com/en-ca/HT205732)

I'm sure if must be an early version of iOS 9. Probably lots of zero days
(that are no longer zero days) available.

------
draw_down
I don't think the backups they got are viable because apparently the suspect's
employer changed the iCloud password.

------
markman
I think apple should tell the court/gov to f __k off!

------
mayneack
Off topic, but this is exactly the scenario that Twitter wants to replace by
expanding the tweet size limit. Instead of a picture of text, we could expand
to real (presumably searchable) text.

~~~
hndl
Right. Perhaps they can begin by rolling this out only to individuals who have
verified accounts.

~~~
glenstein
I think it would be nifty to treat it as if it were a specialized form of
embedded media like pictures and videos. Wall of text as a media type, and
maybe even support links to, say, pastebin-type sites (or don't, this parts
not critical). Then you still have tweets as the basic unit of Twitter and
preserve some consistency.

~~~
digi_owl
Look up Twitlonger. Various clients have that built in, and it basically but
the first few words in the tweet alongside a link to the full text.

~~~
riffic
Look up OStatus. I don't know why people place all their eggs in one walled-
garden basket.

~~~
digi_owl
Network effect, basically.

Everyone is on Twitter, therefore everyone is on Twitter.

------
jack9
I'm a fan of snowden, but this is wrong on so many levels it's hard to
understand why anyone thinks his points are valid? This is about privacy and
technology - depending on the specifics. I'm not sure what these points are
speaking to, because it's none of the relevant issues...I guess it's just to
contradict the FBI?

1\. Can't prove all when there's data that hasn't been retrieved (encrypted
data). What they do have is irrelevant.

2\. What they do have is irrelevant...is this a pattern?

3\. What they do have is irrelevant. Also, coworkers aren't what they are
looking for...wtf

4\. Irrelevant...wtf

5\. Unsubstantiated and unlikely that Apple has a way to break it's own strong
encryption. Apple probably can disable the bricking-by-attempts. If the FBI
are so damn confident the 256-bit AES key can be bruteforced, they can damn
well do it themselves.

~~~
blazespin
?? I think he's just saying that this is a pretty unlikely source of intel and
not worth creating a massive security back door over. 5 isn't really
unsubstantiated. I would be curious to know exactly what version of iOS the
device has though

