Megalextoria

After the San Bernardino massacre on Dec. 2, 2015, the FBI lawfully acquired the cellphone of one of the killers and persuaded a federal judge to authorize its agents to access the contents of the phone. Some of what it found revealed that the killer used the phone to communicate with victims and perhaps confederates and even innocents who unwittingly provided material assistance.

Then the FBI hit a wall. It appears that the killer took advantage of the phone’s encryption features to protect some of his data from prying eyes unarmed with his password.

The cellphone was an iPhone, designed and manufactured by Apple, the wealthiest publicly traded corporation on the planet. Apple built the iPhone so that its users can store sensitive, private, personal data on the phone without fear of being hacked by friend or foe.

After the FBI determined it could not replicate the killer’s password without jeopardizing the phone’s content, it approached Apple, and representatives of each negotiated for weeks trying to find a way for Apple to help the FBI without compromising the security of the Internet itself. They failed.

Apple has argued that the government has no legal right to compel it to assist in a government investigation, or to compel it to alter or destroy its business model of guaranteeing the safety and privacy of its customers’ data. Apple knows that any “key” it creates for the FBI, once used on the Internet, is itself vulnerable to hacking, thereby jeopardizing all Apple products and negating the privacy of tens of millions, and even exposing the government to foreign hackers.

The Department of Justice (DOJ) has argued that Apple has a legal duty to help solve the mystery of who knew about the San Bernardino attacks so that the guilty can be prosecuted and the rest of us protected from future harm. Its lawyers asserted that the government would keep secure whatever key Apple created.

After the DOJ/Apple talks broke down, the DOJ made a secret application on Feb. 16, 2016, two and a half months after the massacre, to a federal judge for a search warrant for this key to access the killer’s iPhone.

The warrant was improperly granted because Apple was not given notice of the DOJ application. So, the judge who issued the order denied Apple due process—its day in court. That alone is sufficient to invalidate the order. Were Apple a defendant in a criminal case or were Apple to possess hard evidence that could exonerate or help to convict, the secret application would have been justified.

But that is not the case here.

Instead, the DOJ has obtained the most unique search warrant I have ever seen in 40 years of examining them. Here, the DOJ has persuaded a judge to issue a search warrant for A THING THAT DOES NOT EXIST, by forcing Apple to create a key that the FBI is incapable of creating.

There is no authority for the government to compel a nonparty to its case to do its work, against the nonparty’s will, and against profound constitutional values. Essentially, the DOJ wants Apple to hack into its own computer product, thereby telling anyone who can access the key how to do the same.

If the courts conscripted Apple to work for the government and thereby destroy or diminish its own product, the decision would constitute a form of slavery, which is prohibited by our values and by the Thirteenth Amendment.

Yet, somewhere, the government has the data it seeks but will not admit to it, lest a myth it has foisted upon us all be burst. Since at least 2009, the government’s domestic spies have captured the metadata—the time, place, telephone numbers and duration of all telephone calls—as well as the content of telephone calls made in America under a perverse interpretation of the FISA statute and the Patriot Act, which a federal appeals court has since invalidated.

The DOJ knows where this data on this killer’s cellphone can be found, but if it subpoenas the National Security Agency (NSA), and the NSA complies with that subpoena, and all this becomes public, that will put the lie to the government’s incredible denials that it spies upon all of us all the time. Surely it was spying on the San Bernardino killers.

There is more at stake here than the privacy of Apple’s millions of customers and the security of power grids and all that the Internet serves. Personal liberty in a free society is at stake. A government that stays within the confines of the Constitution is at stake.

Source: Apple’s Involuntary Servitude – Reason.com

This week’s order by a federal magistrate judge requiring Apple to engineer new security flawsin its iPhone software operating system has prompted widespread and escalating controversy. Legitimate concerns about its implications have driven users around the country to raise their voices in defense of not only their privacy, but also the security of their online platforms threatened by the FBI’s demands.

Beyond a single phone

While the FBI has framed its demand as addressing a single phone, it has failed to address concerns that the implementation of the order—which was issued on the same day the FBI submitted its motion, without changes—would necessarily place at risk the security of millions of other devices and the people who use them.

This week’s order requires the development of a new software vulnerability that, as explained by the device’s manufacturer, “[i]n the wrong hands…would have the potential to unlock any iPhone in someone’s physical possession.”

This tool would be dangerous, whether used by a black hat hacker who might infiltrate Apple systems, a future FBI investigation emboldened by this week’s order to apply the precedent in other less compelling settings, or a dictatorship looking for new ways to oppress people that might cite the company’s compliance with this FBI demand as a reason to comply with those of its own intelligence agencies. As my colleague Nate Cardozo explained on the PBS News Hour:

Authoritarian regimes around the world are salivating at the prospect of the FBI winning this order. If Apple creates the master key that the FBI has demanded that they created, governments around the world are going to be demanding the same access.

Beyond a single case

In that respect, the FBI’s demands reflect a familiar pattern of security agencies leveraging the most seemingly compelling situations—usually the aftermath of terror attacks—to create powers that are later used more widely and eventually abused. The government programs monitoring the telephone system and Internet, for example, were created in the wake of the 9/11 attacks. Those programs came to undermine the rights of billions of people, doing more damage to our security than the tragic events that prompted their creation.

The power to force a company to undermine security protections for its customers may seem compelling in a particular case, but this week’s order has very significant implications both for technology and the law. Not only would it require a company to create a new vulnerability potentially affecting millions of device users, the order would also create a dangerous legal precedent. The next time an intelligence agency tries to undermine consumer device security by forcing a company to develop new flaws in its own security protocols, the government will find a supportive case to cite where before there were none.

What is worse, we fear the government will not use this precedent carefully given that agency officials have a disturbing habit of twisting the facts even under oath, misleading judges andlegislators on the rare occasion that they are forced to answer tough questions.

Yes, we are talking about creating a backdoor

Ultimately, this week’s order risks undermining the interests of millions of iPhone users whose device security would be undermined by the development of a new backdoor.

“Backdoors” in security parlance refer to vulnerabilities used to access an otherwise closed system, like the vulnerabilities on Cisco routers that the NSA surreptitiously placed after intercepting that company’s hardware shipments. While Judge Pym’s order does not require the creation of a back door per se, it does require Apple to disable core security features that will allow the FBI to quickly and easily hack the phone.

Some people have suggested that this is not a backdoor, since implementing the order would not, in itself, give the FBI access to the phone (which it would still need to brute force in order to access). But the order removes important security features, leaving the phone vulnerable to the same extent that removing the security gate in front of a door might leave it vulnerable to someone inclined to break it down.

This is functionally a backdoor, one that the court has required Apple to create, to allow the FBI to then open using brute force. If any black hat hacker, foreign intelligence agency, or criminal syndicate got their hands on this tool, they could exploit it for their own nefarious purposes.

Don’t take this sitting down

Resistance to this half-baked and ill-advised judicial command has already taken many forms, and will continue to escalate over the next week, when Apple is scheduled to file its objectionsto the magistrate’s order just a few days before EFF will file an amicus brief supporting Apple.

The day after the order was issued, users congregated at the Apple store in San Francisco to voice their support of the company’s stance against FBI demands to undermine security for everyone. Next week, similar gatherings are planned in cities across the country, and at the FBI headquarters in Washington, DC, organized by our friends at Fight For The Future with transpartisan support from numerous organizations including CREDO, Demand Progress, the Bill of Rights Defense Committee / Defending Dissent Foundation, Downsize DC, and others.

While we help defend Apple in the courts, we invite you to participate in the defense of your own privacy & security by joining these actions and raising your voice through every channel available. If you do participate in an action next week responding to these FBI demands, please join us to share your experience with others.

Source: Apple, Americans, and Security vs. FBI | Electronic Frontier Foundation

The showdown between Apple and the FBI is not, as many now claim, a conflict between privacy and security. It is a conflict about legitimacy.

America’s national security agencies insist on wielding unaccountable power coupled with “trust us, we’re the good guys”, but the majority of users have no such trust. Terrorism is real, and surveillance can sometimes help prevent it, but the only path to sustainable accommodation between technologies of secrecy and adequately informed policing is through a root-and-branch reform of the checks and balances in the national security system.

The most important principle that the Obama administration and Congress need to heed in this conflict is: “Physician, heal thyself.”

The FBI, to recap, is demanding that Apple develop software that would allow it to access the secure data on the work phone of one of the two perpetrators of the San Bernardino attack.

Apple has refused to do so, arguing that in order to build the ability to access this phone, it would effectively be creating a backdoor into all phones.

The debate is being publicly framed on both sides as a deep conflict between security and freedom; between the civil rights of users to maintain their privacy, and the legitimate needs of law enforcement and national security. Yet this is the wrong way to think about it.

The fundamental problem is the breakdown of trust in institutions and organizations. In particular, the loss of confidence in oversight of the American national security establishment.

It is important to remember that Apple’s initial decision to redesign its products so that even Apple cannot get at a user’s data was in direct response to the Snowden revelations. We learned from Snowden that the US national security system spent the years after 9/11 eviscerating the system of delegated oversight that had governed national security surveillance after Watergate and other whistleblower revelations exposed pervasive intelligence abuses in the 1960s and 70s.

Apple’s design of an operating system impervious even to its own efforts to crack it was a response to a global loss of trust in the institutions of surveillance oversight. It embodied an ethic that said: “You don’t have to trust us; you don’t have to trust the democratic oversight processes of our government. You simply have to have confidence in our math.”

This approach builds security in a fundamentally untrustworthy world.

Many people I know and admire are troubled by the present impasse. After all, what if you really do need information from a terrorist about to act, or a kidnapper holding a child hostage? These are real and legitimate concerns, but we will not solve them by looking in the wrong places. The FBI’s reliance on the All Writs Act from 1789 says: “I am the government and you MUST do as you are told!” How legitimate or illegitimate what the government does is irrelevant, so this logic goes, to the citizen’s duty to obey a legally issued order.

The problem with the FBI’s approach is that it betrays exactly the mentality that got us into the mess we are in. Without commitment by the federal government to be transparent and accountable under institutions that function effectively, users will escape to technology. If Apple is forced to cave, users will go elsewhere. American firms do not have a monopoly on math.

In the tumultuous days after the Snowden revelations there were various committees and taskforces created to propose reforms. Even a review group made of top former White House and national security insiders proposed extensive structural reforms to how surveillance operated and how it was overseen. Neither the administration nor Congress meaningfully implemented any of these reforms.

Source: If We Can’t Trust Government, We Must Trust Technology