The Unz Review: An Alternative Media Selection
A Collection of Interesting, Important, and Controversial Perspectives Largely Excluded from the American Mainstream Media
 BlogviewPeter Lee Archive
Keeping the Panda at Arm’s Length
The China Factor in the Apple/FBI Battle
🔊 Listen RSS
Email This Page to Someone

 Remember My Information



=>

Bookmark Toggle AllToCAdd to LibraryRemove from Library • BShow CommentNext New CommentNext New ReplyRead More
ReplyAgree/Disagree/Etc. More... This Commenter This Thread Hide Thread Display All Comments
AgreeDisagreeLOLTroll
These buttons register your public Agreement, Disagreement, Troll, or LOL with the selected comment. They are ONLY available to recent, frequent commenters who have saved their Name+Email using the 'Remember My Information' checkbox, and may also ONLY be used once per hour.
Ignore Commenter Follow Commenter
Search Text Case Sensitive  Exact Words  Include Comments
List of Bookmarks

I take perverse pleasure (note to self: discuss with analyst!) in parting company with my libertarian/lefty buddies on the issue of the FBI’s demand that Apple assist in accessing an iPhone phone of the San Bernardino shooter.

The shadow of the People’s Republic of China—and the demands it plans to impose on US vendors of telecom/IT equipment in China once the Obama administration has established the benchmark for law enforcement intrusion—hangs over the whole debate.

And I believe the Obama administration has done a pretty canny job of getting law enforcement’s foot in the door while not letting the CCP panda completely in the tent.

First off, some techy details, as I understand them. (If I misunderstand them, and somebody points them out, I will happily and humbly correct.)

On older iPhones, if the user was lazy and stuck with a four position numerical passcode instead of choosing a fancier, longer option, local enforcement could attach a “crappy Chinese box”, in the words of an iPhone forensics expert (costing a mere $355 and well within the reach of local cops), to brute force the passcode. i.e. input four-digit numbers into the phone until it hit the right combo. No more.

A few years ago, Apple updated its security strategy and created unique difficulties to law enforcement. Specifically, the phone’s memory is wiped (actually the decryption key needed to access the encrypted data gets “forgot” by the phone) if 10 unsuccessful attempts are made to enter the passcode.

To make things extra difficult, Apple installed a separate processor on the new iOS8 iPhones in an area called “Secure Enclave” to handle the passcode/encryption duties. It includes some circuitry with burned-in random numbers (unique to each phone and “forgotten” i.e. subsequently unknown by Apple) that can’t be read for the purpose of “mirroring” or copying the phone’s memory. If the phone’s memory can’t be mirrored, it can’t be loaded into a computer or a bazillion computers to attack the mirrors simultaneously to try to hit the passcode.

There are tech rumblings that the burned-in numbers might be vulnerable to physical inspection i.e. peeling off the chip’s epoxy coating without destroying it and reading the circuits with a scanning electron microscope for mirroring. But not yet.

Supposedly, even if Apple helps out by disabling the wipe function, the FBI still can’t mirror the new phones for parallel attacks; the only phones they’ll be able to break are the ones that a) they have in their physical possession and b) have rather lame, un-terrorist-worthy four digit numerical passcodes that can be bruteforced through sequential attempts on the phone itself. Gotta wonder if this is really the case, given the FBI’s avid interest in this capability.

The government’s demand that Apple provide a firmware update that will disable the wipe function on this one phone has elicited a chorus of heroic squealing both from Apple jefe Tim Cook and the privacy/tech/Apple-adoring segments of the Internet, complaints that I find unconvincing and, I suspect, the Obama administration finds rather irritating.

A lot of thought, I believe, has gone into the government’s case, and it is designed to split the baby into three parts that satisfy a) privacy advocates b) law enforcement and c) the US government’s anxieties about inevitable PRC demands for reciprocal treatment from US tech companies.

The symbolic/precedent setting character of this demand is clear from the fact that the specter of the terrorist bogeyperson has been unleashed by invocation of the San Bernardino shooting even though it’s not terribly likely that Farouk kept a lot of vital info about his rampage on his employer-provided/four digit passcode phone (a phone, by the way, that could have been made transparent to his employer with a $20 piece of software); and the fact that the FBI made its demand public instead of just talking to Apple privately.

I will also add my suspicion that the FBI already knows what’s on the phone, or simply doesn’t care. Supposedly, in some goof-up during the investigation, the FBI botched a password reset attempt to gain access to the iCloud account linked to the phone, so that the phone couldn’t back up its precious contents to the cloud–where Apple apparently can help extract them. Oops, so sorry, here comes the All Writs Warrant for Apple to create the firmware bypass to the 10-and-out function on the phone itself.

Anyway, the US government is not demanding a back door that would enable the FBI to eavesdrop on the phone covertly while it’s in the hand of the user; instead it wants Apple to develop a utility that allows the FBI to attack an encrypted phone that is in its physical custody and obtained, presumably, under color of law in a criminal investigation. And it’s only asking for a one-time firmware update prepared by Apple itself and then destroyed, with Apple exclusively handling its signing certificate, thereby denying the US government a real “backdoor” tool, the ability to deliver certified firmware updates into any and all iPhones.

So, no apparent surveillance capabilities (unless the assumption is that the government will do some TAO operation, acquire a target phone, spend a few days burning it up to read the hardwired factors and bruteforcing the passcode, extract the encrypt/decrypt key, and then covertly return the phone to the hapless enduser in order to spy on him or her; yes, inevitably there will be plans of this sort, but only at the outer limits of practicality), to keep the privacy advocates happy; a legup to the FBI on a rather knotty encryption problem; and relatively limited benefits to the PRC, which craves a universal backdoor into the iPhone for nefarious realtime surveillance of targeted individuals and, instead can only occupy itself with extracting one-time assistance from Apple for single phones in law enforcement custody, presumably only for the noblest and best-articulated of reasons.

And I think Apple understands it too, and what we are seeing with this massive Apple-polishing privacy campaign is an elaborate piece of kabuki whose major purpose is to demonstrate both to its customer base and to the PRC government that it will not provide phone-forcing utilities unless it’s a one-phone deal in response to categorical formal legal compulsion, and executed only by Apple and not by turning over the software fix (probably not terribly fancy) and, most importantly, its signing certificate over to some government agency for repeated use at the government’s discretion and maybe without crossing the search warrant/due process/human rights Ps and Qs.

If I was Apple (and the Obama administration and, for that matter, people who worry about PRC bullying of US IT firms for access to source code, surveillance utilities and the like) I would look for a graceful way to cave in response to a one-time demand through a court in a single case. Better to button up this issue now, in other words, rather than open the door for the Congress to pass a CALEA-style law with a blanket obligation for Apple to cooperate on issues of this sort–a precedent that would make the PRC pretty happy.

Cynic that I am, I would not be surprised if this public spectacle was paralleled in private by a side deal between Apple and the US government to diddle with the physical encapsulation of the Secure Enclave chip to make it accessible to the FBI, and maybe get more liberal with sharing the signing certificate. After all Apple, though a relatively insignificant provider of goods and services to the US government compared to behemoth spook servicers Google and Microsoft, is facing uncomfortable scrutiny over a $30 billion/year income tax diddle it’s conducting through its (physically nonexistent) Irish affiliate; so the Apple executive agenda probably doesn’t include scorched-earth opposition to the United States or, for that matter, against the People’s Republic of China, which now accounts more than 25% of Apple profits.

In other words, a solution cleverly designed to completely please no own. And, by that criterion, apparently a signal success!

(Republished from China Matters by permission of author or representative)
 
Hide 3 CommentsLeave a Comment
Commenters to Ignore...to FollowEndorsed Only
Trim Comments?
    []
  1. ” And it’s only asking for a one-time firmware update prepared by Apple itself and then destroyed, with Apple exclusively handling its signing certificate, thereby denying the US government a real “backdoor” tool, the ability to deliver certified firmware updates into any and all iPhones.”

    It would be uneconomical as well as impossible to invent such operating system software, after the huge amount of code development time and effort, and then uninvent it, wiping out all traces of its existence, as well as ‘disappearing’ the programmers involved to make sure they ‘forget.’

    One might as well wish for nuclear weapons to be uninvented, or development of new ones not to take place.

    American history is replete with the technological imperative: once a capability exists, it will be used. Once precedents are set, the formerly unthinkable is mere commonplace. Once it can be done, it will be done.

    As a former Homeland Security chieftain put it, “As Americans, we generally believe that if something is worth doing, it is worth overdoing.”

    It turns out that this isn’t a one-time exercise, but that the FBI is making at least 12 identical requests of Apple. Apple can certainly be compelled to disclose its signing certificate. That there is a capability to revoke certificates that have been compromised, including by hacks both governmental and by other third parties, including compromise of the certificate issuing authority, is testament to this vulnerability.

    We can assume that given the propensity to speak in droning Clapperese, that the overreach is being done ‘wittingly.’ The operative intent is, “Collect it all,” Total Information Awareness. Who could doubt, that if technology allowed, even the most private thoughts of an individual belong to the government, not the person?

  2. Rehmat says:

    I’m sure FBI doesn’t want Americans to find out the real criminals behind the San Bernardino shooting.

    [MORE]

    the US media reported that three gunmen entered Inland Regional Services, a center for people with development disability, in San Bernardino, California. They began shooting randomly killing 20 people and wounding another 17 before they escaped the scene.

    However, someone who was at the scene, reported that he didn’t see blood or dead bodies, except a few scared people brought out by the police (watch video below).

    A few hours later, the report was revised to add some spice into it. Now, it goes like this; Syed Farook, 28, a US citizen who worked for the town’s health department and his companion Tashfeen Malik, 27, who came to attend a Christmas party at the center, but left earlier, were killed in police shootout along with 10 other people while 17 people were also injured. Now, the media has claimed that those two Muslims could be the gunmen.

    The police chief Jarrod Burguan has refused to call the shooting an act of terrorism and said the shooters had “some pre-planned agenda”.

    American investigative journalist, Jim Stone, posted on his website that this was a make-up shooting after Planned Parenthood attack failed.

    “Two shooters (now the only two suspects) are dead (how convenient) and were shot to death by police in their car. Muslim man and woman. Probably husband and wife. Let us see if this morph the story to two men rather than a man and a woman, because now they already morphed the story from long rifles to handguns and assault rifles, and three shooters to two, who arrived in four cars and left in one. I’m sure situational artificial intelligence has been assigned to comb the web for public opinion and script the story line accordingly, which is why it keeps changing, often in irrational ways,” Jim said.

    https://rehmat1.com/2015/12/03/san-bernardino-shooting-a-drill-for-gun-control/

  3. Kiza says:

    Yes, Peter, your conspiracy theory (in a positive sense) is quite valid. My bullsheetometer jumped to the red level (severe risk of drowning in bull) when skimming the news of FBI vs. Apple. My first and the best thought was that they were doing kabuki for a legal precedent applicable to all third parties (everyone who is not under US Government control). After all a couple of million Apple phones in Chinese or Russian hands, under exclusively US control, are an NSA wet dream. Using computers, one can, for the first time in history, monitor millions of conversations (voice, video, text and data). If they cannot monitor Mr Xi, they could certainly monitor his young lady secretary’s explanation to her boyfriend why she is not in the restaurant yet. It is quality out of quantity. Anybody who would think that Apple would not work for and with the USG alphabet soup, does not qualify as an intelligent being in my book. Is it our problem if USG uses this to suppress China? Not directly, but certainly indirectly because it will all be used against us the citizens as well. They are after 360 degree power, not only over China and Russia, then even more over the domestic decent, such as demands for change and improvement.

    The controllers of spying are the masters, the spied upon are the subjects (slaves).

    Also, nobody can correct you on your technical description, at least I cannot although I worked in the area of information security. Your general description of technical issues is valid.

Current Commenter
says:

Leave a Reply - Comments on articles more than two weeks old will be judged much more strictly on quality and tone


 Remember My InformationWhy?
 Email Replies to my Comment
Submitted comments become the property of The Unz Review and may be republished elsewhere at the sole discretion of the latter
Subscribe to This Comment Thread via RSS Subscribe to All Peter Lee Comments via RSS
PastClassics
The “war hero” candidate buried information about POWs left behind in Vietnam.
What Was John McCain's True Wartime Record in Vietnam?