Not Getting the Truth about the FBI, Apple, the San Bernardino Terrorists, and Hacking an iPhone

FBI flag flown at FBI headquarters, J. Edgar Hoover Building, Washington, DC.

FBI flag flown at FBI headquarters, J. Edgar Hoover Building, Washington, DC.

The reports about the FBI’s request for Apple to hack into the iPhone belonging to the San Bernardino terrorists is full of misinformation, much of it to promote various political and business agendas. I’ve been an engineering consultant to lawyers to support intellectual property litigation for about 20 years, so I know how to hack into devices. It’s possible, it’s done all the time in situations you rarely hear about, it’s done under a court order, and it doesn’t violate any rights. The controversy you hear now is because of political and marketing motives. Let me explain. Although I’m not involved with Apple or the FBI, and I don’t have any direct knowledge of this case, my experience in similar situations informs me about what is really going on.

This is Not an Unprecedented Move

I’m the head of an engineering consulting company that provides engineers for intellectual property litigation. Our main job is to reverse engineer hardware and software under a court order. To do this, we discover many technological secrets from many companies and are sworn to secrecy. There are strict penalties if we were to divulge these secrets. We are given access to each party’s confidential information as a trusted third party, rather than giving it to any party involved in the litigation or to the government.

At any time, we are working on as many as 30 cases involving some of the largest companies on the planet. I even worked on a case involving Apple several years ago, and Apple turned over their trade secrets as required by the court. Unlike in this situation, Apple had no option to refuse in that case. Also, though I cannot independently confirm it, there are reports that Apple previously unlocked as many as 70 phones in other cases.

This Will Not Violate Every Customer’s Privacy

The FBI is not asking for a backdoor to the Apple iOS as claimed by Apple, John McAfee (of the antivirus company that bears his name who is now running for president on the Libertarian Party ticket), and others. Apple says that the FBI wants Apple to create a new version of the iOS that has a backdoor that allows bypassing security on the devices. If true, this is a preposterous request and it would be illegal, so I don’t believe it’s the case. A new OS would not allow the terrorist phone to be hacked. In fact, it would have no effect whatsoever on any existing phone that already had an older, secure OS. This is more likely a red herring that Apple is using to garner publicity and show that it is protecting customers from the big, bad government. I also don’t want the government prying into our lives, but that’s not the case here. The law under which the government is requesting Apple’s help is the All Writs Act of 1789, which only requests (not “demands” as has been reported) that Apple assist the government. There is certainly no requirement that Apple create a new product line. And if Apple finds the order burdensome, it can refuse.

This is Not Just an Excuse for the Government to Get into Our iPhones

Asking Apple to do this is actually a common way to keep the government OUT of the situation. This allows Apple to maintain its trade secrets, something it is excellent at doing. It also DOESN’T give excess power to the government to snoop on us. If the NSA doesn’t already have that ability, then the government could hire hackers like the ones who are constantly breaking into “secure” credit card websites and stealing my information.

This Would Not Risk to the Security of Every iPhone

I worked for Apple in the 90s. Apple takes more pains to protect its trade secrets than possibly any other company on earth. Employees and contractors are required to learn practices for keeping strangers out of the company and keep internal documents from leaving the company. In fact, only in December of last year, Tim Cook, Apple’s CEO, bragged that Apple has “more secrecy than the CIA.” So when he also argues that a tool created by Apple to unlock one particular phone in southern California would find its way into the world and endanger all Apple customers, he’s contradicting himself. At best.

There Are Others Who Could Unlock the iPhones, but Apple Could do it Faster

While there are certainly really smart people at Apple, there are many smart people outside Apple, including people who used to work at Apple, like me, that could crack into the terrorists’ iPhone if Apple refuses. There are entire companies that create phone hacking tools, which I’m sure Apple is more than happy to use when they are trying to determine whether another company pirated their hardware and software. However, a current Apple employees would be able to do it much faster because they are familiar with the internal workings of the phone. My team and I would require a long learning curve, one that is typically available in a year-long litigation but not when terrorists could be planning their next attack.

So What is This All Really About?

This situation has become a rallying cry for anarchists and fearful libertarians. True libertarians understand that one very important job for the government, maybe the only job of the government, is to protect property, and that includes human lives. Asking Apple to hack into one of its phones is doing precisely that job, yet in a way that allows a private enterprise to cooperate with the government while maintaining its trade secrets rather than turn that knowhow over to the government.

While John McAfee may be using this situation to enhance his political aspirations, and Apple may be using it to get free publicity, we should remember that lives are at stake and what the FBI is asking Apple is a common practice for getting critical information that could save lives, while actually protecting our privacy and allowing Apple to keep its valuable trade secrets intact.

Share

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author as of the time of publication and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com.

Join the Discussion

30 comments so far.

  • [Avatar for John Willkie]
    John Willkie
    February 29, 2016 05:04 pm

    @Bob Zeidman;

    I’m not interested in solutions here, because I consider this use of the All Writs Act to be patently unconstitutional on several bases, including involuntary servitude. Nor do I accept your unfounded “conclusory statements.” You see, I didn’t state that my statements were facts. Indeed, were I going down that path, I would have focused on “undisputed facts” to move things along.

    Have you, ever, in your 40 years of coding, ever found an estimate of time to code a project to be borne out in actuality?

    Were I interested in describing an alternative approach, it would involve buying a boatload of iPhone 5cs, cloning the data on the phone in question, and running them while looking at what the chips were doing during processing my requests. This is how high-level encryption pirates crack systems. You can read a bit about this in the book “Murdoch’s Pirates” on the battles between NDS and Nagra.

    I’m not an Apple fan or customer, but my first thought wnen the administration’s request became public was for Apple to say, simply: “We’re not in the business of creating bespoke software; we make mass-market software. We have no interest in writing custom software. If the government wants us to divert precious resources and time of our highly productive engineers, we will write the software they request and operate it within our secure facility. Our charge will be $1,000,000 per engineer per hour. 1200 hours x $1mm is $1.2 billion.

    Did you notice that the San Bernardino Police Chief expressed the belief that the phone probably contains no additional data? Obviously, he’s not willing to pay real money for new, custom code.

  • [Avatar for Bob Zeidman]
    Bob Zeidman
    February 29, 2016 04:24 pm

    @John, I’ve written code for over 40 years and your “facts” are simply conjectures, poor analogies, and tautological reasoning. It doesn’t appear that you really understand the technical or legal aspects of the situation because you didn’t really address it or offer alternative solutions.

  • [Avatar for John Willkie]
    John Willkie
    February 29, 2016 04:03 pm

    @Alex;

    None of your “facts” are actually facts, at least as presented. Obviously, you have never written, debugged and validated code. I have. I have never heard a “time estimate” on code development that wasn’t exceeded.

    But, let me drill down to the least-thought-out of your “non-facts.” If I contracted to do a public performance tonight and decided at the last moment that I didn’t want to perform, the empresarrio couldn’t legally force me to “specifically perform” what I had agreed to do. He or she could sue for breach of contract and collect damages, though.

    The difference is a simple one. “Involuntary servitude” can’t be enforced even through a court order.

    It’s telling that you haven’t even addressed the All Writs Act and it’s history.

    But, I will keep it simple for you. If a one-hour presentation one no longer cares t present is “involuntary servitude”, why shouldn’t Apples “estimated” 8 software engineers working for 4 weeks (more than 1200 hours) to do something they are uninterested in doing, why shouldn’t that be “involuntary servitude?”

    Sad, unreported fact: the NSA DOES HAVE the capability to decrypt the phone. Perhaps that is the Obama administrations’ recently announced plan to eliminate the artificial divisions between FBI and CIA/NSA?

    P.S. The reason the FBI has the iCloud backups in this case is because the County of San Bernardino (owner of the phone) took control of the iCloud password after the rampage. By resetting the password, the County disconnected the phone from the backups. If only the county had installed the “Mobile Device Management” software on this phone (that they were paying $4 per phone per month for) all of this would be moot.

    I wonder if the County is now fully deploying “Mobile Device Management” on the rest of the phones they own?

  • [Avatar for Alex]
    Alex
    February 29, 2016 01:29 pm

    Thank you for this article. It’s clear and accurate.

    Some facts:

    – Apple has already estimated and disclosed that they’s need between 4 and 8 software engineers and a about 2 to 4 weeks of work to comply. Peanuts.

    – The court order allows Apple to protect their software and their secret keys since it allows them to update the phone at their labs without providing to the FBI a single line of code and without compromising any other phone.

    – The owner of the phone – San Bernardino County – has given full permission to unlock the phone they own.

    – Apple is not concerned about privacy since they have already cracked snd provided private data stored in their icloud. They do it all the times when requested by a court.

    – The servitude argument is bogus since the court order allows Apple to do the work to protect their keys and code. Otherwise the court could order Apple to provide the software key needed to update the OS (similar to asking a bank to provide a secret account number) Which would indeed allow the FBI to udate other phones. No servitude in this case – but much worse for Apple.

    – The data destruction feature was added by Apple not too long ago. So asking them to remove it for that sepcific phone doesn’t create anything new, it asks them to remove a block they added.

  • [Avatar for Bob Zeidman]
    Bob Zeidman
    February 25, 2016 11:12 am

    @Concerned and @Lee Hawkins. First, getting the proprietary code for the iPhone will allow any hacker in the world to defeat all security measures and find all vulnerabilities to launch viruses and other malware onto iPhones. My point is that turning over code, as they do in all patent cases, is much more serious than creating a tool,yet you never hear Apple complaining about it.

    Second, Lee, your facts are wrong. First, the All Writs Act does require a company to create a tool unless the company can show that it’s an unreasonable burden. The Supreme Court already approved a similar usage of this law in 1977 in U.S. v. New York Telephone Company (see https://supreme.justia.com/cases/federal/us/434/159).

    Second, the FBI will not be using the tool, Apple will. According to the court order, the FBI will never have the tool in its possession.

    Third, in order for “everyone to be hacked,” anyone who steals the tool will also need to steal all iPhones on the market too, which currently number 590 million phones (see http://www.statista.com/statistics/263401/global-apple-iphone-sales-since-3rd-quarter-2007). That’s a big operation. And then they would still need to run years of tests on each phone to crack the encryption.

  • [Avatar for Lee Hawkins]
    Lee Hawkins
    February 25, 2016 07:01 am

    I think you’re a lawyer, and that you aren’t a very good one if you think that this case is based on existing precedent. If I build a safe and sell it to a company that happens to be a front for the mafia, and then the government wants whatever evidence is in the safe I built, I can be compelled to provide design specs and support for circumventing the physical security, but it is a completely different story to ask me to create an apparatus that allows someone to force-unlock my safe simply so the government can have the tool handy to “prevent further violence from organized crime”. Yet, that is EXACTLY what Apple is being compelled to do.

    Furthermore, lives ARE at stake in the other side of this argument. If Apple creates this tool, then it will NOT just get used by the FBI. Furthermore, if it ends up in the hands of a local PD, it is inevitable that it will be stolen either by leak or by hack, and then EVERYONE will be able to be hacked. Building a special version of iOS is most certainly like building a specialized safe-cracking apparatus that completely circumvents a specific design…and it’s one that would be EXCEPTIONALLY difficult to create if you were intimately familiar with the design of iOS. Furthermore, thwarting the locking and encryption features of the phone also makes it possible to crack the phone for resale…and this means organized criminals will again find iPhones highly profitable on the black market, which will increase theft (which was down precipitously thanks to kill switches added—perversely at the behest of law enforcement!), which will increase violent crime (which includes murders) in the commissions of this theft.

    This is all in addition to the untold possibilities opened by destroying the security around corporate secrets, GOVERNMENT secrets, health and personal information, and many, many more things.

    So yeah, this case is unprecedented, because it will definitely signal to government agencies that tech companies MUST ALWAYS crack their devices whenever the government has a warrant, even when that crack is almost certain to be reproduced and fall into the hands of those who want to use it for nefarious purposes (and those people can include government officials). At some point, law enforcement needs to understand that they already have a TON of data at their fingertips that they didn’t have before this tech, and that they still have a LOT more to work with even when people have more data encrypted and heavily secured on their handheld device. This is NOT just publicity on Apple’s part! It’s good that the phone they used wasn’t manufactured by a smaller company with few dollars and legal resources, otherwise the FBI would steamroll them and the Internet and those of us with handheld devices would be less secure and we wouldn’t even realize why until some terrorist network or organized crime ring funded by stolen iPhones ruined our life.

  • [Avatar for Concerned]
    Concerned
    February 25, 2016 07:00 am

    Bob@23
    “turn[ing] over proprietary code” is NOT the issue here. the issue is being ordered to write code that defeats security protections of the device. So maybe the point is a foreign company will have no choice but to cooperate with a US court order because if it does not, then it will not be allowed to do business in the US. But, and this is a very big BUT, until all major foreign competitor companies selling product in the US are compelled by the US courts, Apple will experience reputation damage and be put at a competitive disadvantage.

  • [Avatar for Bob Zeidman]
    Bob Zeidman
    February 24, 2016 02:15 pm

    Concerned: courts already force foreign and domestic companies to turn over their proprietary code for patent cases and they all comply if they don’t want to lose the case. Samsung already turned over their crown jewels, as did Apple, for their patent case.

  • [Avatar for A Rational Person]
    A Rational Person
    February 23, 2016 10:57 pm

    Bob@19

    “A Rational Person, what’s most telling is that according to the document, Apple objected to 10 of the 12 previous requests. If Apple were being upfront and correct that this action would endanger every customer, they would object to ALL requests, not selective requests”

    If you look at the table, the only two requests in the table that Apple has not objected to yet Apple is saying that the requests are not yet even in proper form and therefore can neither be complied with or objected to by Apple. So Apple could still object to the other two requests once they are in proper form.

    “This also demonstrates that they already have the technology to do this, which I’m sure they do because they need it to test the phone’s security features.”

    In this statement, you appear to be asserting that Apple’s attorney is lying to the District Court in the letter it sent to the District judge or that Apple’s attorney has confirmed from Tim Cook that this is Tim Cook’s belief and Tim Cook is lying to a judge through Apple’s attorney. Because the potential sanctions for lying to a court in this way could be severe for Apple’s attorney or Tim Cook, I tend to doubt that either one of them is lying.

    And to me, the big take away from the document unsealed by the district court in NY today is that the FBI appears to be making a big public issue of Apple refusing to hack a phone for a terrorist case on the assumption that they will be able to put more public pressure on Apple in a terrorist case than the FBI could put on Apple in the more typical criminal case.

    That this is what may be going on is supported by the following set of facts:

    http://www.nytimes.com/2016/02/19/technology/how-tim-cook-became-a-bulwark-for-digital-privacy.html

    “After December’s San Bernardino attack, Apple worked with the F.B.I. to gather data that had been backed up to the cloud from a work iPhone issued to one of the assailants, according to court filings. When investigators also wanted unspecified information on the phone that had not been backed up, the judge this week granted the order requiring Apple to create a special tool to help investigators more easily crack the phone’s passcode and get into the device.

    Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity. The result was the letter that Mr. Cook signed on Tuesday, where he argued that it set a ‘dangerous precedent’ for a company to be forced to build tools for the government that weaken security.”

    That set of facts sure makes it look like the FBI is it is using a case involving terrorism to make it easier to establish a precedent that can be used by the FBI to convince other courts that it should be able to make Apple hack iPhones in other cases.

  • [Avatar for Mr. Paranoid]
    Mr. Paranoid
    February 23, 2016 09:18 pm

    A Rational Person @ 15

    “…but my bigger fear is that, through government incompetence, such a file would eventually fall into the hands of people with less noble motives than the FBI has.” Certainly, such a file would have way too much value to be kept secret, no matter who has it. Those who want it enough would acquire it. Bob, I totally respect you, but my gut tells me that the FBI wants something that will make their ability to get data easier than going through the trouble it takes now. But the way they must operate now is safer for the world at large and they should have done it long before now regarding the phone in question. Honestly, I suspect that they have already gotten everything they needed from the phone and now are trying to get what they really want.

  • [Avatar for Concerned]
    Concerned
    February 23, 2016 09:16 pm

    A very important point that needs to be considered is Apple does not want to put itself at a competitive disadvantage whether factually true or just perception. Can the US courts order a foreign company (Samsung/Lenovo/Huawei/Xiaomi/etc.) to unlock their phones flavor of Android or some other OS? What then? One possibility is the foreign product is secure when used in the US, but the iPhone is not because the government can access the backdoor whenever the courts decide. Of course a foreign company has a US subsidiary that can be held in contempt, but the situation is very different when the parent company and necessary engineering teams are offshore. And yes of course Google makes Android, but 3rd party licensees have their own proprietary shall overlay code – and those that don’t will soon be considering how to prevent a plain vanilla firmware update backdoor.

    In summary this is not a simple case, it is multidimensional with huge repercussions for the tech industry, US citizens, and probably so much more. So Apple is right to just not cave in and instead ask that Congress consider the matter so that all issues can be heard and considered.

  • [Avatar for Bob Zeidman]
    Bob Zeidman
    February 23, 2016 07:04 pm

    A Rational Person, what’s most telling is that according to the document, Apple objected to 10 of the 12 previous requests. If Apple were being upfront and correct that this action would endanger every customer, they would object to ALL requests, not selective requests. This also demonstrates that they already have the technology to do this, which I’m sure they do because they need it to test the phone’s security features.

  • [Avatar for A Rational Person]
    A Rational Person
    February 23, 2016 02:56 pm

    Some more fuel to the argument that the FBI may not just be going after 1 phone, but may be attempting to set a legal precedent with the San Bernardino case:

    http://www.theverge.com/2016/2/23/11098616/apple-fbi-similar-encryption-cases-court-documents

    “Court documents unsealed today reveal thirteen different Apple devices currently subject to court order by the FBI. Twelve of the devices are listed in a filing by Apple in response to a New York district court request, while the Department of Justice mentions an additional device in a subsequent letter. The list is necessarily incomplete and includes mostly recent cases, in which Apple objected to the request after December 9th of last year.”

    If you scroll down, you will see Apple’s filing in the New York district court.

    Also, of interest is that Apple’s attorney is willing to go on record in a court filing with the following statements, that if true, would appear to raise the same “involuntary servitude” issues as Tim Cook’s letter :

    “As recently as yesterday, Apple was served with an order by the United States Attorney’s Office for the Central District of California. (See Exhibit A.) The government obtained that order on the basis of an ex parte application pursuant to the All Writs Act (see Exhibit B), regarding which Apple had no prior opportunity to be heard (despite having specifically requested from the government in advance the opportunity to do so). The attached order directs Apple to perform even more burdensome and involved engineering than that sought in the case currently before this Court— i.e., to create and load Apple-signed software onto the subject iPhone device to circumvent the security and anti-tampering features of the device in order to enable the government to hack the passcode to obtain access to the protected data contained therein. (
    See Exhibit A.) As invited by the California court’s order, Apple intends to promptly seek relief. But, as this recent case makes apparent, the issue remains quite pressing.”

  • [Avatar for Mike]
    Mike
    February 23, 2016 02:27 pm

    I’m sure both sides of the controversy, FBI and Apple, are telling their side every bit as good as it is and then some. I think what is clear from the discussion above (and thanks for the excellent article and comments!) is that although Apple has the ability to do what the FBI wants, it is being compelled to do something more than simply turn over evidence. And the government has other alternatives, albeit slower, for obtaining the evidence.

    Service, even important altruistic service, should not be compelled. You wouldn’t issue a court order requiring a person to enter a burning building to save a child, even if he was the person nearest the building and most likely to survive the episode, and even if you assured him it was only a small fire limited to the kitchen and his assessment of the risk was seriously overblown. And Apple should not be compelled to risk their reputation or brand image (in their own eyes at least) to comply with this government “request”.

    Perhaps the government can find a hero in the hacking world that is willing to take on this project – Mr. Zeidman, perhaps? – but going after Apple is over-reaching and seems to me more likely to waste any of the time they intended to save by asking Apple to help in the first place.

  • [Avatar for John Willkie]
    John Willkie
    February 23, 2016 12:50 pm

    Simple question. Has the All Writs act ever been invoked to, say, force a company making safes to crack their own safe? If not, why not, if this request (with 12 more added today) is not unprecedented?

    To make the broader point, do we need to tamper down innovation to match the pace of the government’s ability to understand technology?

    From cursory looks into the All Writs Act, I’ve yet to see a case where a court order was effectively issued to force a vendor to make something that they do not, in the normal course of business, already make.

    There has been much hype and misleading statements made on both sides of this controversy. The sad reality is that these requests will become almost routine. And, just because, in some circumstances, Apple previously performed tasks like this (without a court order) doesn’t mean they are bound to perform these extractions for all comers. Additionally, there will need to be a second court order, to force Apple to extract the actual data, since no third-party tool can extract all the data from an iPhone.

  • [Avatar for A Rational Person]
    A Rational Person
    February 23, 2016 11:35 am

    Bob@10

    Once again, thanks for your perspective. As a non-expert in this field, I just can’t tell if what the Court is asking Apple to provide in paragraph 3, such as the Software Image File with the properties described, might be the electronic equivalent of a Rosetta stone that could be used to make it easier to hack other iPhones. If this were the case, the FBI potentially abusing such a tool would be bad enough, but my bigger fear is that, through government incompetence, such a file would eventually fall into the hands of people with less noble motives than the FBI has.

  • [Avatar for Bob Zeidman]
    Bob Zeidman
    February 23, 2016 10:37 am

    A Rational Person@9: We’re on the same page about the courts misunderstanding software and weakening the patent system. I also think the government is horrible at protecting people’s data, mostly because of incompetence. And I say this as someone with close family members with careers in government, including me one summer as a student, but we all agree on this fact having seen it first hand. I think Apple chose the wrong case to protest. They will probably lose this battle, and that could lead to losing the war against government intrusion into our private lives.

  • [Avatar for Luis Figarella]
    Luis Figarella
    February 23, 2016 06:24 am

    Y’all:

    Thanks for lucid arguments (pro and con), and the reminder of Con 101 and ‘ignoring’ the court. One assumes this is about obtaining information they can use in court, without disclosing NSA (and others) capabilities. I CERTAINLY hope to see Apple be this strong when the Chinese demand they do something similar, all those MILLIONS of sales of iPhones aside.

    The ‘alternate history’ fan in me can’t help but think about how strong Timmy et al in Cupertino would feel about these issues if POS#3 and POS#4 had done the attack at the Apple cafeteria instead of San Bernardino…:-(

    LuF

  • [Avatar for A Rational Person]
    A Rational Person
    February 22, 2016 10:53 pm

    Bob@8

    The court order is at the link I shared above in my first post:

    https://regmedia.co.uk/2016/02/17/apple_order.pdf

    And here’s a link to a text version of the court:

    http://www.theinternetpatrol.com/full-explanation-of-court-order-to-apple-to-unlock-san-bernardino-shooters-iphone-and-apple-refusal-full-text-of-court-order-and-tim-cooks-letter-included/

    And once again, thank you for your perspective. I’m coming from the position of a patent professional and lawyer who has written patent applications directed to software and obtained patents directed to software for various inventors. But I am not an expert on modern encryption technologies by any means, much less the encryption technology used in a smartphone.

    I will also admit that I am viewing this case from the perspective of a patent professional who on a weekly, and some weeks, a daily basis, reads court opinions that trivialize software inventions as “abstract” and show no understanding at all of the real-world difficulties of writing software to perform particular tasks. So, without evidence or expert opinions, such as yours, to the contrary, I tend to believe that judges can be misled by litigants in cases involving software.

    Also, while there may be strict penalties for a private consulting firm, such as yours. for divulging secrets obtained during litigation. There is much less protection against the government divulging secrets it has obtained from private citizens. Witness the fact that the estimated 21.5 million victims of the OPM’s failure to protect their personal records, including, in some cases, people’s fingerprints, from being hacked by an outside party and the fact that these victims have only been offered 3 years of identity theft protection, which seems meager compensation for the potential damage to people’s lives caused by the hack.

  • [Avatar for Martin Risso]
    Martin Risso
    February 22, 2016 10:04 pm

    Bob,

    Can you guesstimate how many firmware man hours Apple would need to get information out of this iPhone just to put this conversation into perspective?

  • [Avatar for Bob Zeidman]
    Bob Zeidman
    February 22, 2016 09:52 pm

    A Rational Person, where did you find the court order? I looked for it and couldn’t find it. The paragraph you quote was obviously written by someone with a lot of knowledge about hacking into phones because this is exactly how it’s done. This confirms that the court very clearly does not want a new OS to be written, but wants code to be placed in RAM (which disappears on power down, so no one could copy it and use it again) that bypasses the “self-destruct” mode but gives the FBI access to the encrypted data so that it can try password combinations to decrypt it. This is exactly how hackers, and police, and litigation consultants, get into phones, They all know this technique, they just don’t know the specific areas in memory where the key tables and routines are located. Apple already knows this and keeps it secret, so doing what the court ordered would not make any difference to Apple or its customers.

    One thing that occurs to me, and I have zero evidence of this, but it’s possible that Apple already has a backdoor to its encryption and doesn’t want the government or the public to find out. That kind of thing could potentially be discovered in this investigation.

  • [Avatar for Bob]
    Bob
    February 22, 2016 09:49 pm

    You think Apple wants this kind of publicity?

  • [Avatar for A Rational Person]
    A Rational Person
    February 22, 2016 09:09 pm

    Gene@6

    I will admit to my technical ignorance in this particular area. However, given how, with respect to patents, the courts continue to have a poor understanding of the technical challenges that need to be overcome to create software that accomplish particular tasks, I do wonder if the Court understood what it was asking Apple to do in paragraph 3 of its Order:

    “3. Apple’s reasonable technical assistance may include, but is.
    not limited to: providing the FBI with a signed iPhone Software
    file, recovery bundle, or other Software Image File (“SIF”) that can
    be loaded onto the SUBJECT DEVICE. The SIF will load and run from
    Random Access Memory (“RAM”) and will not modify the iOS on the
    actual phone, the user data partition or system partition on the
    device’s flash memory. The SIF will be coded by Apple with a unique
    identifier of the phone so that the SIF would only load and execute
    on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware
    Upgrade (“DFU”) mode, recovery mode, or other applicable mode
    available to the FBI. Once active on the SUBJECT DEVICE, the SIF
    will accomplish the three functions specified in paragraph 2. The
    SIF will be loaded on the SUBJECT DEVICE at either a government
    facility, or alternatively, at an Apple facility; if the latter,
    Apple shall provide the government with remote access to the SUBJECT
    DEVICE through a computer allowing the government to conduct passcode
    recovery analysis.”

    I do not know if this is something that can be done in a couple of hours by Apple or could take weeks to create a program to do. And, given how the courts have trivialized patent claims for software processes as “abstract” and “conventional”, I am concerned that the Court that issued this order may have envisioned Justice Kennedy’s 2nd year engineering student being able to create a program to accomplish this task over a weekend, when the task, may in fact, be much more complicated than that.

    I will admit, that I don’t know if Tim Cook is lying when he says the following about achieving what Apple is being ordered to do in paragraph 3 of the Court Order;

    “We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

    Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

    The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

    http://www.apple.com/customer-letter/

    Are you comfortable in saying that you know that Tim Cook is lying in his email? Maybe Tim Cook is lying, but I will admit that I am not technically literate enough in this area to know for sure.

  • [Avatar for Peter Mojica]
    Peter Mojica
    February 22, 2016 07:20 pm

    bob, i posted this to another apple story on linkedin. im copying here.
    best,
    peter

    this is a dumb argument. u have to know when to pick your battles and this is the wrong one. its a mountain out of a mole hill. the slippery slope argument is stupid, its martyrdom, kowtowing to both sides of the fence, and trying to come out like a shinny red apple (no pun). dear apple, just smile and do it, and work on cracking just that one dam stupid phone. this could be so dam easy. focus on the problem at hand, not the problem that u r marketing to exist. and do it how you want, no one gets anything except the pictures of someone humping a donkey which is probably what you’ll find on the phone. no code share, no stupid grandiose fanfare of sharing resources, dont even let anyone within 100 miles of where u r. and the whole notion of an embedded backdoor in an OS that the men in black can secretly use, oh please no one can force your little fingers to write that shit. its all bull. if someone wants the phone cracked wide open, give it your best shot, thats all, nothing more nothing less. and you control the how. thats it. done. no negotiations. your way or the highway. everyone can live with that! and any gov a-hole who wants anything over and above that, then u break out the big guns and tell dem and their mother to go pound sand! thats the when on the timing. realize that there will be more attacks around the world, and guess what? do u realize that everyone of them is listed in full detail on the calendar on the dam phone! yes its true. i have a magic 8 ball and when i ask if the phone has a calendar with details of attacks around the world, the magic 8 ball told me “your dam skippy it does”. and it went on to say that apple was going to be responsible for what will be massive death and mayhem around the world for years to come because of the fkin phone they martyred over. then i got angry and told the magic 8 ball, thats not fair magic 8 ball, no one ever cracked the phone so we cant know that for sure, it cant be apples fault. and guess what the magic 8 ball said. “dont matter dummy”. thats going to be your obituary apple. get wise. and btw, the entire point that has been exposed for all who were never in the know to begin with is this whole public argument, just told the world that it “can” be done. and if it can be done, it more than likely already has. it was better when us numb nuts thought we were really invincible and our donkey humping pictures were really secure. perception is reality and now that is gone. thanks.

  • [Avatar for Gene Quinn]
    Gene Quinn
    February 22, 2016 06:20 pm

    Rational Person, Bob-

    I think Bob’s characterization is pretty accurate. It is certainly fair to point out that Apple can’t simply ignore this. Con Law 101 teaches that you cannot ignore a court order, but rather that you need to challenge a court order. But I can’t imagine a court ever ordering any company to affirmatively create a product. Even in the age of Roberts where the government can order you to buy a product you don’t want that seems to be a bridge too far.

    Mr. V-

    Having said the above, I believe it is the major premise of Bob’s article that Apple’s argument that they have to create a whole new operating system is specious at best. What Bob writes makes a lot of sense to me. If the government wants into this particular iPhone they are NOT asking for an OS with a backdoor be created out of whole cloth, but rather they are asking to get into a single iPhone. There are no 4th Amendment risks here since we know this person is a terrorist and a court is involved in ordering access to this single iPhone. Further, as Bob points out, the government is going to get this information one way or another. Apple could access the contents of the iPhone faster than others could but there are plenty of smart people who could with time access the information the government wants. So the question is not whether the information will be accessed, but whether Apple will cooperate so that the information can be accessed under court supervision and authority quickly enough to potentially still be relevant in the war against terror.

    -Gene
    It seems that we are all in agreement

  • [Avatar for A Rational Person]
    A Rational Person
    February 22, 2016 04:36 pm

    Bob@3

    To the extend that Mr. V is correct, and I have no reason to believe otherwise at this point, what the Court is ordering Apple to do would expand the boundaries of the Writs Act and could even raise issues under the “involuntary servitude” provisions of the 13th Amendment.

    Apple is being ordered by the Court to do considerably more than to turn over evidence, unlock a lock, etc. Apple has been accused of no crime and is being ordered by the Court to perform “services,” i.e., work, Apple does not wish to perform, so there should be limits under the 13th Amendment as to the “services” that Apple can be required to perform for the government.

  • [Avatar for Mr. V]
    Mr. V
    February 22, 2016 04:20 pm

    Perhaps the last statement regarding no precedent for actions beyond handing something over is a little bold. But we can be assured that there is no precedent for requiring someone to create something that does not currently exist in order to comply with Writs Act order.

  • [Avatar for Bob Zeidman]
    Bob Zeidman
    February 22, 2016 04:17 pm

    A Rational Person: Thanks for the clarification about the All Writs Act of 1789. I’m not a lawyer and not familiar with this law, but I believe my statement is essentially still correct. Rather than go to the press, Apple can simply convince a judge that it’s too burdensome to comply. I’m certain they will lose that argument, so they’d rather get the publicity.

  • [Avatar for Mr. V]
    Mr. V
    February 22, 2016 04:15 pm

    I beg to differ with your contention that this is an “unprecedented” move.

    The previous court orders (~70) that were issued pursuant to the the Writs Act required that Apple turnover information (and presumably software) already in its possession. Now the govt is trying to compel Apple to create something new which is markedly different than simply handing something over. So setting aside the arguendo of whether or not a “backdoor” is being created, this case is really about setting the boundaries for the applicability of the Writs Act; how far can the govt push individuals to comply with these types of orders? There exists no precedent where an order under the Writs Act required affirmative actions of persons subject to the request extend beyond simply handing something over which is why Apple’s GC likely encouraged Tim Cook to fight this.

  • [Avatar for A Rational Person]
    A Rational Person
    February 22, 2016 03:14 pm

    Bob,

    Thank you for your very informative article. However, I believe the following statement is in error:

    “The law under which the government is requesting Apple’s help is the All Writs Act of 1789, which only requests (not “demands” as has been reported) that Apple assist the government. There is certainly no requirement that Apple create a new product line. And if Apple finds the order burdensome, it can refuse.”

    The Court Order issued by the U.S. District Court repeatedly uses the word “shall” which means that Apple “must” comply with the government request, unless Apple can prove to the Court that compliance with the request is unreasonably burdensome (see paragraph 7):

    https://regmedia.co.uk/2016/02/17/apple_order.pdf

    So, as writtent, Apple can only refuse to comply this order if the Court determines the request is unreasonably burdensome based on whatever materials Apple supplies to the Court.