First, thank you FBI for diligently trying to protect us from terrorism. No matter how much I oppose you on the "crypto backdoors" policy question, and the constitutional questions brought up in this court case, I still expect you to keep trying to protect us.
Likewise, thank you FBI for continuing to be open to alternative means to crack the phone. I suppose you could've wrangled things to ignore people coming forward with new information, in order to pursue the precedent, in the longer term policy battle. I disagree with the many people in my Twitter timeline who believe this was some sort of FBI plot -- I believe it's probably just what the FBI says it is: they first had no other solution, then they did.
Though, I do wonder if the FBI's lawyers told them they would likely lose the appeal, thus setting a bad precedent, thus incentivizing the FBI to start looking for an alternative to get out of the case. Whether or not this is actually what happened, I do worry that government has all the power to pursue cases in such a way. It's like playing poker against an opponent who, when they fold, gets all their chips back.
One precedent has been set, though: what it means to "exhaust all other options" therefore justifying the All Writs Act. From one perspective, the FBI was right that no old/existing technique existed to crack the phone. But their demand that only Apple could create a new technique was false. Somebody else obviously could create a new technique. I know a lot of people in the forensics, jailbreak, and 0day communities. They all confirm that the FBI never approached them to see if they could create a new technique. Instead, somebody created a new technique and approached the FBI on their own.
The next time the FBI attempts to conscript labor under the All Writs Act, I expect the judge to demand the FBI prove they haven't tried to hire other engineers. In other words, the judge should ask "Did you contact VUPEN (an 0day firm) or @i0n1c (a jailbreaker) to see if they could create a solution for you?".
Activists like the EFF are now demanding that the FBI make their technique public. This is nonsense. Whoever created the technique obviously wants to keep it secret so that Apple doesn't patch it in the next iOS release. It's probable that they gave the FBI Terms and Conditions such that they'd only provide a technique if it were kept secret. The only exception is if this were a forensics company like Cellebrite, which would then want to advertise the capability, to maximize revenue in the short period before Apple closes the hole. The point is, it's the coder's rights that are important here. It's the coder who came up with the jailbreak/0day that gets to decide what to do with it.
Is the person/company who approached the FBI with the solution a hero or demon? On one hand, they've maintained the status quo, where Apple can continue to try to secure their phones, even against the FBI. On the other hand, they've forestalled the courts ruling in our favor, which many would have preferred. I don't know the answer. Personally, had it been me, I'd've offered the exploit/jailbreak to the FBI, but at an exorbitant price they couldn't afford, because I just don't like the FBI.
Note: I doubt the technique was the NAND mirroring one many have described, or the well known "decapping" procedure that has a 30% of irretrievably destroying the data. Instead, I think it was an 0day or jailbreak. Those two communities are pretty large, and this is well within their abilities.
Also note: This is just my best guess, as somebody who does a lot of reverse engineering, coding, and hacking. I have little experience with iPhone in general. I write this blog because people keep asking me, not because I feel this is what everyone else should believe. The only thing I really stand behind here is "coder's rights", which is what the ACLU and EFF oppose.
One precedent has been set, though: what it means to "exhaust all other options" therefore justifying the All Writs Act. From one perspective, the FBI was right that no old/existing technique existed to crack the phone. But their demand that only Apple could create a new technique was false. Somebody else obviously could create a new technique. I know a lot of people in the forensics, jailbreak, and 0day communities. They all confirm that the FBI never approached them to see if they could create a new technique. Instead, somebody created a new technique and approached the FBI on their own.
The next time the FBI attempts to conscript labor under the All Writs Act, I expect the judge to demand the FBI prove they haven't tried to hire other engineers. In other words, the judge should ask "Did you contact VUPEN (an 0day firm) or @i0n1c (a jailbreaker) to see if they could create a solution for you?".
Activists like the EFF are now demanding that the FBI make their technique public. This is nonsense. Whoever created the technique obviously wants to keep it secret so that Apple doesn't patch it in the next iOS release. It's probable that they gave the FBI Terms and Conditions such that they'd only provide a technique if it were kept secret. The only exception is if this were a forensics company like Cellebrite, which would then want to advertise the capability, to maximize revenue in the short period before Apple closes the hole. The point is, it's the coder's rights that are important here. It's the coder who came up with the jailbreak/0day that gets to decide what to do with it.
Is the person/company who approached the FBI with the solution a hero or demon? On one hand, they've maintained the status quo, where Apple can continue to try to secure their phones, even against the FBI. On the other hand, they've forestalled the courts ruling in our favor, which many would have preferred. I don't know the answer. Personally, had it been me, I'd've offered the exploit/jailbreak to the FBI, but at an exorbitant price they couldn't afford, because I just don't like the FBI.
Note: I doubt the technique was the NAND mirroring one many have described, or the well known "decapping" procedure that has a 30% of irretrievably destroying the data. Instead, I think it was an 0day or jailbreak. Those two communities are pretty large, and this is well within their abilities.
Also note: This is just my best guess, as somebody who does a lot of reverse engineering, coding, and hacking. I have little experience with iPhone in general. I write this blog because people keep asking me, not because I feel this is what everyone else should believe. The only thing I really stand behind here is "coder's rights", which is what the ACLU and EFF oppose.
The FBI needs to disclose this vulnerability to Apple. Right now. It's irresponsible and dangerous not to.— Amie Stepanovich (@astepanovich) March 29, 2016
DOJ: We're not giving the iOS 0-day to Apple.— Christopher Soghoian (@csoghoian) March 29, 2016
Apple: We will continue to help law enforcement in other cases.
Way to play hard ball, Apple.
3 comments:
watching all the debate flutter about 'how they broke in' and i just laugh wondering how some of the smartest minds in the industry miss an obvious point.
for one, this is nothing more than the classic abusive relationship. the FBI is caught time and time again in lies, and yet here we sit on the edge of our seats believing everything they say.
Occam's razor applies here as it does everywhere else. this simplest answer is often the truth, and so it is. Think about it. This was an attempt to set a precedent. Everyone now agrees to this. It was admitted no critical data likely exists on the phone. So why all the 'effort' and 'money' spent to chase this 'encrypted data'..? Precedent.
Then, why would an actual 3rd party ever have to exist at all? Couldn't it have been the back-up plan all along, should the legal or public battles fail? Would they NOT have a back-up plan that also saves face? We in the industry know the effort required for this elusive solution - the legal case gets grim then BAM in 2 weeks they're in? Right.
Would the Feds actually just fold their hand and give up - letting Apple have the final win? NO, duh. They would, like a child on the playground, at least get one final 'jab' - with no one able to prove them otherwise. Sealed. National Security, and all that.
"well nevermind, your securirty sux and we got in anyway & no we won't tell you who or how, neeener neener"
"I thought I'd give a response from a libertarian/technologist angle.
First, thank you FBI for diligently trying to protect us from terrorism."
If you were a libertarian, you wouldn't start by praising an agency funded by theft, and which actually fails to protect Americans from terrorism, and spend most of its time attacking innocents (drug & tax crimes) & attacking freedoms.
"It's like playing poker against an opponent who, when they fold, gets all their chips back."
Exactly. But even when a judge says they lose chips, they don't lose their chips, their lose public money, ie taxation money, ie theft money.
"Personally, had it been me, I'd've offered the exploit/jailbreak to the FBI, but at an exorbitant price they couldn't afford"
You want taxation money. Not libertarian.
Post a Comment