PDA

View Full Version : DOJ Threatens To Seize iOS (Apple) Source Code




DamianTV
03-15-2016, 05:51 PM
https://apple.slashdot.org/story/16/03/15/213216/doj-threatens-to-seize-ios-source-code


The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter's iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple's rhetoric in the San Bernardino standoff as "false" and "corrosive" because the Cupertino firm dared suggest that the FBI's court order could lead to a "police state." Footnote Nine of DoJ's filing reads:

"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."

As Fortune's Philip-Elmer DeWitt rightfully pointed out, that's a classic police threat. "We can do this [the] easy way or the hard way. Give us the little thing we're asking for -- a way to bypass your security software -- or we'll take [the] whole thing: your crown jewels and the royal seal too," DeWitt wrote. "With Apple's source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple's electronic signature, the Bureau's versions of iOS could pass for the real thing," he added.

puppetmaster
03-15-2016, 06:19 PM
Fuck the doj

presence
03-15-2016, 06:56 PM
so what crime did apple commit again?

TheTexan
03-15-2016, 07:18 PM
so what crime did apple commit again?

Perhaps one of these?

Disguise to obstruct justice
Material support for terrorism
Aiding and abetting
Interfering with a police officer
Sightseeing tours by automobile; unlicensed
Railroad employ inexperienced personnel
Municipal light co conflict of interest
Employing armed guards during a strike
Manufacture/sale of novelty lighters
Union organizing, improper payment/solicitation
Dog order, disobey (c. 140 s. 157a)
Theatrical agent, unlicensed
Hunt with Ferret/Fitch
Paint, mislabelled (c.94 s.291)
Bakery allow sleeping
Fire doors locked during business hours
Forest warden, fail to aid
Fornication
Frozen desserts, mislabeled
Loan secured by firearm
Lobster, take egg-bearing
Lobster, sell/offer uncooked dead
Mayhem
Pond/reservoir, drain without notice

I'm sure at least one of these would stick.

DamianTV
03-15-2016, 07:18 PM
so what crime did apple commit again?

Terrorism by Encryption! Duh! :p

puppetmaster
03-15-2016, 07:32 PM
Perhaps one of these?

Disguise to obstruct justice
Material support for terrorism
Aiding and abetting
Interfering with a police officer
Sightseeing tours by automobile; unlicensed
Railroad employ inexperienced personnel
Municipal light co conflict of interest
Employing armed guards during a strike
Manufacture/sale of novelty lighters
Union organizing, improper payment/solicitation
Dog order, disobey (c. 140 s. 157a)
Theatrical agent, unlicensed
Hunt with Ferret/Fitch
Paint, mislabelled (c.94 s.291)
Bakery allow sleeping
Fire doors locked during business hours
Forest warden, fail to aid
Fornication
Frozen desserts, mislabeled
Loan secured by firearm
Lobster, take egg-bearing
Lobster, sell/offer uncooked dead
Mayhem
Pond/reservoir, drain without notice

I'm sure at least one of these would stick. funny had me for a second

idiom
03-15-2016, 07:54 PM
To Wit, the NSA already has the source code and the private key.

FindLiberty
03-15-2016, 08:10 PM
Memo to Apple emplyees: Eat it, chew swallow poop and then flush the cache!


productsCache.Flush();

ghengis86
03-15-2016, 08:14 PM
To Wit, the NSA already has the source code and the private key.

They just want to make the evidence admissible in court, thus making all pilfered data allowable instead of making up fake reasons on how they got it 'legally'

Son_of_Liberty90
03-15-2016, 08:30 PM
They just want to make the evidence admissible in court, thus making all pilfered data allowable instead of making up fake reasons on how they got it 'legally'
Exactly. Their deceiving tactics are straight out of a fiction novel. They're scum beyond repute.

muh_roads
03-16-2016, 03:03 PM
I am so sick of these bullshit lies by the FBI. The Feds have the phone in their possession and that is more than enough. You take the phone apart and with the help of a hardware engineer and a software engineer they can break in. Kids do this all the time when they solder in a modchip in a game console to bypass security features.

brushfire
03-16-2016, 03:17 PM
They already have access to the hardware required to attack/clone the device. Not to mention, the NSA data - Obama confirms this.

This is not about encryption, or the phone, its about setting a precedence and controlling a private company.

DamianTV
03-16-2016, 04:57 PM
Fascism - merger of corporate and state. Corporations run the govt, and govts run the companies. ... into the ground.

Yeah, once Apple's IOS source is "legally" pilfered by the govt, I wonder what that will do to Apple's reputation as a company that sells products that you can have some small degree of privacy or anonymity with? I wonder what that will do to all other tech based US companies? Hmm, let me just rub my crystal balls together...

jmdrake
03-16-2016, 05:20 PM
And this is why open source rocks. If this was an open source solution Apple could say "Just go download it yourself twerps." Security through obscurity is inherently flawed.

donnay
03-16-2016, 05:22 PM
"National Security!"

There's no free market.

DamianTV
03-16-2016, 06:34 PM
And this is why open source rocks. If this was an open source solution Apple could say "Just go download it yourself twerps." Security through obscurity is inherently flawed.

+Rep

Only thing to not blindly hand over is the encryption keys.

For those who dont understand what an encrption key is, I'll briefly explain. In order to decrypt something, a Key needs to be used so that the information can be retreived. It can be something as simple as an alphanumeric key. A=1, B=2, C=3. Thats basically what a key is. A Hash is a bit different. Hashes are NOT supposed to be decrypted. Hashes are useful when comparing an unknown element and comparing it to the already hashed version of the data. Lets say you had a password of "Fido1-1-2012". When a one way Hash is applied it comes up with something like a1c2b3d4blabla. When a user comes along and puts in the password, that password is also Hashed, and the output is compared to the hashed string. If the hashed values match, the user put in the correct password, but if hashed values dont match, then the original password is also expected to be incorrect. Basically, on server side, its not comparing "Fido1-1-2012", its comparing a1c2b3d4blabla to a1c2b3d4blabla, which is what will result if the correct password is entered.

thetruthhurtsthefed
03-17-2016, 08:41 AM
Didn't Blackberry almost go under for the same reason? The original owners would not give up the source code or algorithm for their encryption....

osan
03-17-2016, 12:53 PM
https://apple.slashdot.org/story/16/03/15/213216/doj-threatens-to-seize-ios-source-code


If Apple loses this battle, the software industry will be screwed, as will the rest of us. Lots of people have no idea what this represents.

osan
03-17-2016, 12:59 PM
They already have access to the hardware required to attack/clone the device. Not to mention, the NSA data - Obama confirms this.

This is not about encryption, or the phone, its about setting a precedence and controlling a private company.

This is on the money.

DamianTV
03-17-2016, 03:19 PM
If Apple loses this battle, the software industry will be screwed, as will the rest of us. Lots of people have no idea what this represents.

The FedGov is willing to lose a war to win one battle.

This is the exact reason why so many have lost confidence in the electorate. It is that very same shortsightedness that has cost us our jobs, our way of life, our rights, our respect, our responsibility, our spirit. Instead of planning out for the long game, our leaders look for the quick buck and the laziest way to achieve things regardless of the long term consequences. Sacrifice our entire future for whatever seems important in the present.

If they do this, the entire tech industry in the US will be considered by the rest of the world to be less trustworthy than a tech industry run by North Korea.

osan
03-18-2016, 04:10 AM
And this is why open source rocks. If this was an open source solution Apple could say "Just go download it yourself twerps." Security through obscurity is inherently flawed.

I meant to address this earlier. I agree. If the security algorithms are correct, Theye can have all the source code they want; it will avail them nothing.

The real problem is the algorithm. Thus far, true randomness and true one-way functions are things of which one dreams. Even one-time pads can be cracked. The methods used are so counterintuitive that most would never imagine them. Then there is the quantum computer, against which it is theorized there is no defense.

As a matter of technology, it may be a forgone conclusion that privacy will become a thing of the part - all else equal, which is often not the case. But given the current status quo, open source is the way to go because branches and deltas can be reviewed by one and all. Assuming algorithms equal to their ostensible purposes, competent analysts may determine the integrity of a given implementation to said purpose.

That all said, the lines have been drawn for better or worse. Apple has chosen proprietary means and the DoJ, et al, have made their demands known. One party must prevail and I hope to hell it is not "government". I do, however, question the mechanics of the follow-through on the threats made. What will DoJ do, send in paramilitary teams to physically seize the assets in question? To that possibility, I would hope that Apple would have a monster server plantation offshore in full mirror of their front-line production systems such that the former could be brought immediately to the fore as a self-destruct command was propagated through the machines operating in the trenches. Were I running Apple, I would be on the warpath as this is typed, making damned certain that Theye got nothing of value from us.

There is yet another question, however. Even if Theye obtain that which they seek, what of it? Assuming sound algorithms and their implementations, there is nothing in the code that is going to help them decrypt the phones in question, and I mean NOTHING. The only possible value to Themme would come in the form of backdoors built into the code, which would then have to be returned to Apple. Then, of course, Theye would have to force Apple to sell that hacked product. This would be either known or suspected and Apple would go tits-up shortly thereafter, unless of course they diversified into toasters or erasers for pencils.

Barring some technology unknown in Theire hands, those phones are likely to remain opaque to the prying eyes of the hubris-poisoned bastards at Doj. Getting what they demand, however, sets a number of other precedents that should have people's blood running very much colder in their veins.

osan
03-18-2016, 04:20 AM
The FedGov is willing to lose a war to win one battle.

Let us hope Theye are indeed so stupid... but I doubt it.





This is the exact reason why so many have lost confidence in the electorate.

Unfortunately, Theye are in no way dependent upon our confidence, so long as we comply with their dictates.


It is that very same shortsightedness that has cost us our jobs, our way of life, our rights, our respect, our responsibility, our spirit.

I very much doubt that these losses can be attributed to short-sightedness. In all things political, one is well behooved never to attribute to mere incompetence, ignorance, or happenstance that which may be explained by greed and bright malice.


Instead of planning out for the long game, our leaders look for the quick buck and the laziest way to achieve things regardless of the long term consequences.

You assume too much. Theye have certainly planned well for the long haul. The problem is that it doesn't include "us"


Sacrifice our entire future for whatever seems important in the present.

Ours, yes. Not Theire's. The lines of demarcation may exist in naught but the mind, but that makes them no less real than the barrel of a rifle.

FunkBuddha
03-18-2016, 04:32 AM
They keys are the important part. The source code just makes developing the hack easier. Once they have the keys and the ability to poison a few key DNS servers, every iPhone will be running NSA-IOS. We do this trick every time a major iOS upgrade comes out to redirect the clients to get the update from our caching server rather than saturating our internet links.

osan
03-19-2016, 07:29 AM
This, BTW, is a scenario I made back in the 80s when I was at Bell Labs. One of the extra tidbits that was tossed on my desk was design of "disaster recovery" contingency planning. I mention this just to show you how far down a road this nation has gone. Back in, say, 1989 the only concern on the table was for events such as fire, earthquake, thousand-year storms, and so forth. In one of my earlier disaster recovery proposals to AT&T, I added "terrorism" to the mix. I chose that specific term very deliberately because in those days to have suggested a threat from "government" would have gotten me a cube in Siberia. Even terrorism opened an eye or two at division-level, resulting in my having to explain myself with above-average tap dancing skill. It was a move that was considered by some around me to be outrageous. I didn't think so and I made the case. Nutshell version: design the system such that network control centers remained as many as possible, as secret as possible (which is not very), and able to hot-cut full control in literally seconds at the press of a "button". Destination center could be kept hidden even from those who committed the cut, originating center with the ability to "suicide" - wiping every disk clean in matters of minutes. I may be wrong, but I believe this was a patentable invention of mine, the suicide part. Anyone coming into the site would arrive to DoD-level wiped machines. Nothing remaining, including operating systems. The hardware would be as if still at the manufactory, prior to installation of the initial software load. Literally worthless.

There are other strategies I devised as well, that when implemented could give a governmental agency with a warrant absolute fits in trying to get to properly secured information, even if they rendered people away and tortured them. There are ways to compartmentalize security and procedures such that the people into whose hands stewardship for security would fall have no knowledge of the picture beyond their tiny piece. When it comes down to "I have no idea how it works" from every mouth questioned, there is nothing even a torturer can do but to kill in vain. And yes, such compartmentalization is indeed possible. I know because I designed it long ago.

Looking at it from today's perspective, some 27 years later, my scheme no longer seems at all paranoid, but rather prudent - not against "terrorists" in the way so many deluded people conceive the term, but against government-as-terrorist. I no longer know how disaster recovery design goes these days, but it would not surprise me a whit to find that no broad-reaching philosophy exists. The now-and-then photos illustrate how far we have devolved in so short an interval.

That all said, I would think that today more than ever companies such as Apple should be looking at this ultimate of all threats with a renewed sense of urgency. Who really gives the least damn about saving assets against extinction-level events when the far more immediate and likely threats issue from those who presume to lord over you, expecting your unhesitating, smiling compliance with their demands, regardless of how criminally outrageous?

There may even be a business opportunity in this.