
FBI blasts Apple, Google for locking police out of phones - ilamont
http://www.washingtonpost.com/business/technology/fbi-blasts-apple-google-for-locking-police-out-of-phones/2014/09/25/68c4e08e-4344-11e4-9a15-137aa0153527_story.html
======
randyrand
> “market something expressly to allow people to place themselves beyond the
> law.”

One thing the FBI does not realize, or does not care, is that _THEY ARE NOT
THE ONLY ONES THE BACKDOORS WORK FOR._

A backdoor is a backdoor. Period. When so much private information is on a
single device it's not just about being beyond the law (which is a great
reason in and of itself because law enforcement is itself beyond the law).
It's about being safe.

~~~
opendais
Exactly. The FBI's argument is basically:

"Leave your front door unlocked. Just in case we want to search you for
drugs/obscene material/weapons/etc."

I don't know about you, but I don't want to leave my house unlocked 24/7 "just
in case" the FBI wants to serve me with a warrant.

~~~
anigbrowl
Except it isn't. When the FBI has a warrant they are legally entitled to break
into your house even if you don't want them to.

Edit: downvote all you like, but this is a simple factual statement.

~~~
thirdtruck
Except that we still expect them to _break_ in, not simply waltz through the
front door after unlocking with their skeleton key.

~~~
anigbrowl
Er...no. In the real world they don't always arrive with a SWAT team. Many
warrants are served peacefully, and they have even been known to use
locksmiths. I don't agree with stereotyping encryption users as if they were
criminals, nor do I agree with stereotyping law enforcement as if they were
shock troops.

~~~
NotAtWork
If I used a locksmith to get in to your house without your permission, it
would be "breaking in" in colloquial language.

Your reply is overly pedantic, when taken in the best light.

~~~
anigbrowl
'Many warrants are served peacefully...'

------
downandout
This story was likely published because the companies themselves told them to
take a hike, and they are now trying to garner public sympathy. I don't think
they are going to get it. Unauthorized intruders, whether or not they have a
piece of paper signed by a guy that wears a robe to work, are not welcome in
my phone.

I hope Apple & Google take a hard line on this, at least until the US
government passes a law making it illegal to engineer things in a manner that
makes it impossible for companies to comply with search warrants. I'm sure
that will come, but hopefully it will take a while.

~~~
panarky
Step 1: Have the stenographers at the Washington Post publish your scary press
release as "news" full of emotionally charged hyperbole like "Apple will
become the phone of choice for the pedophile".

Step 2: After the next telegenic kidnapping / bombing / school shooting, claim
"I told you so" as the perpetrator would have been stopped if not for a secure
phone / encrypted chat / requirement to get a warrant.

Step 3: 95% of the public demands mandatory backdoors, criminalizing strong
encryption, and warrantless dragnet surveillance.

~~~
bthornbury
This is terrifyingly realistic.

------
droob
The quote that plants this firmly in pretending-to-be-serious land: “The
average pedophile at this point is probably thinking, I’ve got to get an Apple
phone.”

~~~
chernevik
Let's be honest, improved encryption is going to restrain the government's
ability to enforce the law. Beyond pedophiles, there are definitely going to
be cases where innocent people get hurt as a result.

I'm okay with that. The whole idea of our government and society is that the
mass of law-abiding and decent people are stronger than the criminal and
malicious minority. People are by and large responsible, which is why they can
and should govern themselves. Limiting the government's ability to snoop and
intrude on citizens is a crucial check on the very real (if long-term) threat
of government over-reach.

But let's not kid ourselves that our privacy, and its constraints on the
government, is without consequences.

~~~
otakucode
People that are OK with innocent people getting hurt never seen to realize
that this usually guarantees that criminals get away with their crimes by the
wrong person being convicted. Is that also something you are OK with?

~~~
threatofrain
It's a hard step in logic to go from criminals getting off due to insufficient
evidence from encrypted iPhones, to the _wrong person being convicted_.

------
kenrikm
Hey FBI, if you want the data on the phone get a Warrant that requires the
person who owns the phone to unlock it for you - or go to jail for not
complying. You don't go to a next-door neighbor who has the key to a house and
serve him the Warrant to get into your their neighbors house. Don't go to
Apple or Google and make them unlock the phone. 4th Amendment, unlawful search
and seizure and all that jazz.

~~~
Rylinks
Previously apple would only provide data in response to a warrant. Now they
don't provide data at all.

~~~
ChrisAntaki
Where did you read that, out of curiosity?

~~~
Rylinks
The was a WaPo article[0] posted on HN a while back:

>If I understand how it works, the only time the new design matters is when
the government has a search warrant, signed by a judge, based on a finding of
probable cause. Under the old operating system, Apple could execute a lawful
warrant and give law enforcement the data on the phone. Under the new
operating system, that warrant is a nullity. It’s just a nice piece of paper
with a judge’s signature. Because Apple demands a warrant to decrypt a phone
when it is capable of doing so, the only time Apple’s inability to do that
makes a difference is when the government has a valid warrant. The policy
switch doesn’t stop hackers, trespassers, or rogue agents. It only stops
lawful investigations with lawful warrants.

0:[http://www.washingtonpost.com/news/volokh-
conspiracy/wp/2014...](http://www.washingtonpost.com/news/volokh-
conspiracy/wp/2014/09/19/apples-dangerous-game/)

~~~
dragonwriter
> Under the old operating system, Apple could execute a lawful warrant and
> give law enforcement the data on the phone. [...] The policy switch doesn’t
> stop hackers, trespassers, or rogue agents. It only stops lawful
> investigations with lawful warrants.

Incorrect: under the old operating system _a human at Apple_ could give
_anyone_ the data on the phone. Apple had procedural safeguards that aimed to
ensure that no one at Apple would do that without proper approval, but as
anyone who pays attention to the news should be aware, procedural safeguards
of data do not always prevent humans who are motivated to violate those
safeguards. (Including, _inter alia_ , "hackers, trespassers, and rogue
agents" \-- as certainly the US government is aware; its hardly as if the NSA
didn't have procedural safeguards that applied to the data that Edward Snowden
released.)

The change (which is a technical change, not a policy change) means no human
at Apple can do this, and the phone user is protected from humans who might
violate Apple's policies, including "hackers, trespassers, and rogue agents."
It incidentally means that any warrant for data on the phone will have to be
served on the only person who has access to that data, the phone owner.

It doesn't "stop lawful investigations with lawful warrants", it reduces the
number of people who can access a phone, and therefore the set of people on
whom a lawful warrant can be served. But law enforcement has no inherent right
to expect that some third party will have access to my private property
(whether physical or virtual) that enables law enforcement to serve a warrant
on a third person, and that third person having access is _always_ a
compromise of _my_ security that makes me more vulnerable to rogue actors. It
is not simply a convenience for "lawful investigations with lawful warrants"
that provides no risk to me outside of such investigations.

~~~
ChrisAntaki
> and that third person having access is always a compromise of my security
> that makes me more vulnerable to rogue actors.

You distill it well, a broken security solution is not a good security
solution. Foreign intelligence services, "hackers", etc... they all want our
trade secrets. We need real security systems to defend against them.

------
nickbauman
"A policeman's job is only easy in a police state." — Mike Vargas, from Orson
Welles' "Touch of Evil"

------
spacehome
> He said he could not understand why companies would “market something
> expressly to allow people to place themselves beyond the law.”

That's certainly rich.

~~~
kenrikm
Indeed, the FBI routinely likes to forget about the Constitution and place
themselves beyond it.

------
phkahler
Funny: "That led investigators to a Facebook post, made two days after the
homicide, in which another man posed in a cell phone selfie with the same
gun."

You'd think a selfie would be enough to find someone the traditional way, but
they seem to think they needed to locate the phone that took the picture.

~~~
vlunkr
Exactly, that was a nice dramatic story for this piece, but really they had
the evidence already.

------
Someone1234
I thought the US government could already run arbitrary code on a running
device via means of the baseband OS/modem? e.g.

PDF(!)
[https://www.usenix.org/system/files/conference/woot12/woot12...](https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf)

So is this whole thing REALLY about the US Government losing access or more
about them not wanting to expose their over-the-air code execution techniques?

Since presumably if they capture an already running device, they can just get
the warrant, and ask the cellular network to send their specially crafted
packet (which can unlock the phone, SMS the encryption key, or similar).

Sorry but if the Intelligence Services cannot unlock an encrypted device STILL
RUNNING then I'll eat my hat.

~~~
nhaehnle
> So is this whole thing REALLY about the US Government losing access or more
> about them not wanting to expose their over-the-air code execution
> techniques?

Obviously, the latter.

More to the point, the type of regular police who would push for this probably
aren't even aware that such code execution techniques might exist.

------
malanj
_He said he could not understand why companies would “market something
expressly to allow people to place themselves beyond the law.”_ \- I guess the
FBI and the NSA don't talk much?

------
MCRed
Hey if the FBI were obeying the law, then I might have some concern for them.
But they aren't. They're going out there, organizing groups of people, setting
them up with terrorist plots, providing them with material and financial
support, and then busting them. Whether that's entrapment or not, I don't
care--- it is a violation of anti-terrorism conspiracy laws.

Not to mention the NSA, and I believe FBI, conducting illegal spying
operations.

Government has proven it cannot be trusted, now complains when companies stop
trusting it?

Plus the iPhone is sold globally.

~~~
fbi4life
Stop pulling BS out of your ass and provide a source for your first claim,
please?

~~~
mariodiana
[http://www.thisamericanlife.org/radio-
archives/episode/471/t...](http://www.thisamericanlife.org/radio-
archives/episode/471/the-convert)

[http://www.newyorker.com/news/news-desk/terror-
prosecution-m...](http://www.newyorker.com/news/news-desk/terror-prosecution-
muslim-americans)

[http://www.theguardian.com/world/2011/nov/16/fbi-
entrapment-...](http://www.theguardian.com/world/2011/nov/16/fbi-entrapment-
fake-terror-plots)

[http://www.salon.com/2013/07/10/only_1_percent_of_terrorists...](http://www.salon.com/2013/07/10/only_1_percent_of_terrorists_caught_by_fbi_are_real_partner/)

[http://www.motherjones.com/politics/2011/08/fbi-terrorist-
in...](http://www.motherjones.com/politics/2011/08/fbi-terrorist-informants)

------
awt
Fortunately as yet there is no way for the USG to grant a monopoly on the
manufacture of mobile devices in exchange for access to the contents. An
alternate route they can take is through the monopolies granted on various
radio frequencies. FCC approval in the future may require backdooring.

~~~
x86_64Ubuntu
Would that prevent the end user from adding another layer of security onto the
device? Kind of how you can log on to my machine, but that doesn't make it any
easier to decrypt my Truecrypt partition (I think...).

~~~
otakucode
If it communicates over the network though, all of your traffic would still be
recorded and decryptable. You'd have to exclusively use end-to-end encrypted
services.

------
AnthonyMouse
Julian Sanchez wrote a relevant response to Orin Kerr going over the history
of the crypto wars and why this is all wrong:

[https://news.ycombinator.com/item?id=8369963](https://news.ycombinator.com/item?id=8369963)

~~~
Tloewald
Very food link which deserves more attention. It's a non issue.

------
ChuckMcM
This is pretty funny. It will be interesting to watch the narrative, and it is
surprising how _overtly_ partisan it is. I just wish I had a big PR budget I
could use to place articles in the right places to adjust the narrative.

------
pyrocat
"Locking police out of" assumes that they have a right to be there in the
first place.

~~~
anigbrowl
Well if they have a well-formed wallet they actually do have that right. The
constitution contemplates the issuance of warrants precisely because there are
circumstances where seizure is entirely appropriate.

~~~
Zigurd
You are confusing a right with a power, granted by consent of the governed,
that can be withdrawn and can't rewrite the rules of mathematics. _People_
have rights, and under constitutions written the way the US constitution is
written, those rights are not enumerated or limited.

You have a right to use strong encryption because you have not consented to
give away that right. The government has no actual rights at all.

------
frandroid
Dear Bureau, Please blame the NSA for bringing this upon yourself.

~~~
teleclimber
Not just the NSA. The regular ol' police gives off the appearance of being at
war with the citizens it's supposed to protect sometimes. They are extremely
militarized, very technologically advanced, but not always fair and even-
keeled.

------
ChrisAntaki
The FBI is more than talented enough to get into phones, or areas, they just
need to invest more time if something's locked. Which honestly, is a good
thing. It means they'll have to actually choose on a targeted basis who is
worth surveilling, which is more conductive to democracy than just saying,
"Give us all your keys". An easy system to crack is an easy system to crack,
period.

------
Zikes
Giving the FBI your encryption keys to fight terrorism would be like giving a
serial burglar your house keys because you left your oven on.

Edit: -because you think you might have left your oven on.

~~~
mcintyre1994
Because they told you they think you might have left your oven on.

------
xemoka
The word is out, the people no longer trust their governments. Big surprise
when the governments don't trust their people. The road goes both ways.

------
bakennedy
“I’ve been an investigator for almost 27 years,” Collins said, “It’s
concerning that we’re beginning to go backwards with this technology.”

It's concerning that a veteran police investigator considers consumer privacy
"backwards."

~~~
otakucode
Well, to be fair to him, in his entire 27 years of police work he has never
busted a single criminal except through cell phone contents.

------
vfclists
When I made a point about Orrin Kerr shilling for the law enforcement agencies
[https://news.ycombinator.com/item?id=8349006](https://news.ycombinator.com/item?id=8349006)
one or two people didn't agree. I guess it is now obvious what that piece was
about.

The disingeneous dimension to this issue is that smart phones are basically
powerful hand held personal computers which make calls and take photos on the
side. Less than 1% of their capability is used for for making calls. Orrin
Kerr pretends not to understand this. He wouldn't insist that Microsoft, Apple
and Linux developers weaken the encryption on regular laptops, desktops or
servers for law enforcement to have access to data.

Why should he insist on it for smart phones which these days are just as
powerful as PCs, the only difference being that people carry them around, make
calls and store contact details on them?

Steve Job and Apple's desire to have complete control and have access to users
information brought this situation about, and in doing so made themselves
virtually accessories to whatever crimes people stored on their phones. Now
they realize that it made them appear as agents and collaborators with the
investigative agencies, they have decided to extricate themselves from that
situation leaving them close to being labelled 'pedophile and terrorist
facilitators'.

------
D4AHNGM
It's nice to see the media digest and swallow this bull from the FBI & co
without bothering to even chew it a little first. "Oh the FBI said something,
IT MUST be true!".

All it requires is for someone to find that backdoor & its mechanism and
that's it, they can exploit the backdoor designed for someone else for their
own purposes. And if that someone doesn't have legitimate intentions, what
then? Am I supposed to accept making my device that much less secure because
the FBI or another state actor may one day decide I'm trouble? The chance of
that backdoor being exploited by someone other than the FBI is considerably
higher than the FBI ever using it themselves, and the FBI seem to be in
lalaland on this.

------
mrjj
I think that under this noise both OS is stuffed with bookmarks heavier than
any time before.

Ouch, those Apple and Google guys so bad that they following forth amendment,
poor and evil FBI and NSA they can't do anything with american companies. They
soo-o-o angry about their OS security that you definitely could trust it.

And don't, and again, don't use this bad bad TOR and other security stuff of
bad hackers full of trashware: [http://securitywatch.pcmag.com/apple-ios-
iphone-ipad-ipod/32...](http://securitywatch.pcmag.com/apple-ios-iphone-ipad-
ipod/321803-fake-tor-browser-app-for-ios-full-of-adware-spyware) that are
suprisingly sticking at the top of your application store.

------
conductor
Here is a related note titled "Are Google and Apple On Your Side?" by Bill
Blunden - [http://cryptome.org/2014/09/google-apple-
crypto.pdf](http://cryptome.org/2014/09/google-apple-crypto.pdf)

------
javajosh
Wrong, FBI: this is a human rights issue, pure and simple. Our devices augment
our minds, and you want to _read our minds_. And we don't want you to.

It is disingenuous to imply (let alone assert, as in this case) that you can't
investigate criminal activity without the ability to access our phones/read
our minds. Somehow you managed for many decades prior to the iPhone. To claim
you _need_ this access now is rather silly.

I would suggest that you allow people their private, augmented minds, enjoy
the better society that will (hopefully) give us all, and pursue other
investigatory avenues, of which there is no shortage and which should occur to
your thought.

------
vijayboyapati
>He said he could not understand why companies would “market something
expressly to allow people to place themselves beyond the law.”

Perhaps he's entirely unaware of any history where "the law" was used to
oppress. Perhaps he's also unaware that something being "the law" does not
make it just. For instance, in Washington, where I live, just two years ago it
was illegal to own marijuana. Now it's legal. Does this now mean that the
moral status of owning and smoking marijuana has changed, or does it merely
show that the law is inconstant and often at odds with justice? Much is taken
for granted in his rhetorical question.

------
ColinDabritz
Well, at least we know it is probably effective, or they wouldn't make such a
fuss.

~~~
narrowingorbits
Or else they're making such a fuss specifically to help sell the supposed
effectiveness.

------
hxc
I can't wait to see the FBI point the finger at the NSA and say something to
the fact of "The FBI is trying to protect you, we aren't the NSA violating
your right."

That would be golden

~~~
mrjj
Yeah, the politics is about giving a good show )

------
eslaught
So here's what I don't get: This is just standard, off-the-shelf encryption,
right? Like the kind I've been using on my desktop since forever? How is this
such a big deal?

I realize that from a PR perspective, Apple would like to appear to be privacy
conscious. And perhaps Apple was asking for legal fallout by flouting that
particular aspect of correctly implemented encryption. It just seems a little
too ironic that this is just standard off-the-shelf encryption we're talking
about.

------
porqupine
The technology has been there for a while, it's just finally gotten the point
where people's mistrust for the government is something tech companies can
market to. -

------
otakucode
It would be an awful lot easier for police to catch criminals if they were
permitted to simply kick in random doors and raid houses just to poke around
and look for evidence of crimes, too. Police do not have an absolute right to
easily-gathered evidence. Especially given the malleability of digital
content, they should be relying on actual physical evidence more than ever
anyway.

------
sluckxz
What do the watchers think we should do when we can't even have an open
rational discussion about constitutional rights especially regarding new
technology and information. I am willing to discuss and debate. My data was
yours with a warrant. The tools to go beyond that weren't mainstream. By
refusing to communicate the internet is working around you. Rightfully so.

------
Shivetya
where is my self destruct code? Something that gives them all the appearance
of unlocking but just corrupts/erases data.

~~~
CompuHacker
"Willful destruction of evidence." comes to mind.

~~~
malka
They'd need to prove there was evidence.

------
golemotron
> “market something expressly to allow people to place themselves beyond the
> law.”

Why isn't he complaining about Starbucks? Conspirators can meet in a Starbucks
and discuss illegal things over coffee. If Starbucks cared about people,
they'd bug all of the tables.

------
jordanthoms
Maybe they should have thought about the backlash _before_ they engaged in
mass surveillance?

------
rakoo
The funniest part is that as a customer, I still have very little guarantee
that the company can't access the phone's content at will; it's still promises
to me.

------
franciscop
> “Our ability to act on data that does exist . . . is critical to our
> success,” Hosko said. He suggested that it would take a major event, such as
> a terrorist attack, to cause the pendulum to swing back toward giving
> authorities access to a broad range of digital information. - related
> article (
> [http://www.washingtonpost.com/business/technology/2014/09/17...](http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html)
> )

USA, get ready for a " _foreign_ terrorist attack" in the next few days (;

------
cyphunk

        "There will come a day when..."
    

The prefix to every fantasy.

------
bjornsing
That old saying comes to mind: as you make your bed, so you must lie in it.

------
noobface
Is anyone falling for this?

~~~
diydsp
I'm actually quite on the fence. It does seem to me to be conceivable that the
FBI would pretend to be outraged when they are not.

I really don't have enough information and I don't trust anyone.

~~~
icodestuff
Of course they're outraged, in the same way that a serial burglar is outraged
when they discover that someone's backdoor, which has been wide open for
years, is suddenly locked. What's their outrage got to do with anything?

------
Zigurd
Either security works, or forensics works. You can't have both.

------
Igglyboo
Shouldn't we be valuing privacy over throwing people in jail?

