Further in re Apple vs US
Feb. 20th, 2016 10:54 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
drwexIn response to my last entry, ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
ceo posted this link - https://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/
This post describes the security architecture and argues that it would be difficult-to-impossible for the FBI to have cloned and cracked the phone in the way I described. In the case that is true and the DOJ do not in fact have the phone's data, we have to re-ask what's going on.
This blog post - http://www.zdziarski.com/blog/?p=5645 - written by someone claiming experience with computer forensics, makes the case that the DOJ order would never stand up in court. That is, once you've allowed Apple to take the device onto its premises unsupervised and load a completely black-box OS onto it, precisely how are you supposed to trust (never mind introduce into court) any evidence gathered from it?
Answer, you can't. It's a non-starter. In fact, there's an incredibly slim chance the phone contains anything relevant or interesting, since the DOJ already has access to everything backed up from it until six weeks prior to the attack (https://medium.com/@thegrugq/feeble-noise-pollution-627acb5931a2#.okjjmoukg).
Which leaves us with some pretty straightforward security theater explanations. Referring back to the Trail of Bits blog post at the top, it's clear that the latest generation of iPhone is incredibly more intrusion-resistant than the older model in question here. I can see how the spooks would be thoroughly freaked by the idea that the next attacker would use that device and they'd be really over a barrel trying to crack it, especially if the next guy isn't so dumb as to back up his terrorist plot onto Apple's cloud. And Apple can't publicly cave without cratering its reputation.
(I'm also indebted to Robert Thau for these links and explanations; afaik he doesn't have an LJ.)
ceo posted this link - https://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/This post describes the security architecture and argues that it would be difficult-to-impossible for the FBI to have cloned and cracked the phone in the way I described. In the case that is true and the DOJ do not in fact have the phone's data, we have to re-ask what's going on.
This blog post - http://www.zdziarski.com/blog/?p=5645 - written by someone claiming experience with computer forensics, makes the case that the DOJ order would never stand up in court. That is, once you've allowed Apple to take the device onto its premises unsupervised and load a completely black-box OS onto it, precisely how are you supposed to trust (never mind introduce into court) any evidence gathered from it?
Answer, you can't. It's a non-starter. In fact, there's an incredibly slim chance the phone contains anything relevant or interesting, since the DOJ already has access to everything backed up from it until six weeks prior to the attack (https://medium.com/@thegrugq/feeble-noise-pollution-627acb5931a2#.okjjmoukg).
Which leaves us with some pretty straightforward security theater explanations. Referring back to the Trail of Bits blog post at the top, it's clear that the latest generation of iPhone is incredibly more intrusion-resistant than the older model in question here. I can see how the spooks would be thoroughly freaked by the idea that the next attacker would use that device and they'd be really over a barrel trying to crack it, especially if the next guy isn't so dumb as to back up his terrorist plot onto Apple's cloud. And Apple can't publicly cave without cratering its reputation.
(I'm also indebted to Robert Thau for these links and explanations; afaik he doesn't have an LJ.)
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2016-02-23 06:39 pm (UTC)Answer: you don't let it out of your sight. This is a simple chain of custody argument. I see this all the time at work. The FBI and Apple agree on a location where the work will be done. The FBI either brings or approves a computer that will interface with the device. (There's a robust market of stand-alone devices that are designed to preserve evidence.) An approved and appropriately documented agent brings the device to the Apple techs, and the work is done. Both parties go their separate ways. The device never leaves the custody of the FBI.
The Apple engineers *will* see a subpoena, and they will be called to testify. In this, and in the dozen or so other iDevice cases pending, every inch of their background will come under scrutiny. They'll get a lot of questioning about their education, their professional expertise, and their methodology for making whatever construct is used to circumvent the protection on the device. The DA's job is to portray the engineers as trusted sources. The defense will have the task of discrediting them. It's the same in any kind of case where you have an expert witness.
But this is immaterial for future crimes. The FBI's cat is out of the bag: all the cool kids are using encrypted apps, and have tightened up other aspects of their tradecraft. The best law enforcement will get by this method are the bumbling idiots -- those who are as apt to hand the bank teller a note written on the back of their ATM receipts. And there will be plenty of other trails of evidence to catch them.