909-744-2891

2016-04-01 Apple vs FBI

2016-03-01 House Judiciary Committee hearings on encryption has some errors in the text transcript - it shows Bob Goodlatte as the speaker for much of FBI Director James Comey's testimony. And there is no transcript, at least not yet, for the second panel with Professor Landau.

I want to correct a few errors first. At 00:30:00 in the video, Director Comey claims that the newer iPhones (6 and later) don't have this backdoor. This article says that is not true - even the newer phones are vulnerable to techniques similar to the one the FBI wants in this case. At 02:59:00 in the video, Bruce Sewell makes the same point.

Starting at 00:51:00 in the video (and again at 03:15:00), Darrell Issa says you can just clone the phone by copying the non-volatile memory, then restore that copy to the same phone many times and keep trying passwords. You cannot restore that copy to a different phone, because the encryption key is also derived from the contents of some memory that you cannot copy. Each phone has a unique id burned into it during manufacture, but (very intentionally) no one records those unique ids because that would be a horrible security flaw. And the phone itself has no mechanism to read that internal id. Even code running on the phone can only see the results of encryption operations using that internal id. So you are restricted to using just the original phone, or at least the cpu and internal key chip parts of it. The FBI wants to eliminate the increasing delays, so they can make guesses at about 80msec per guess. It may take longer than 80msec to recover from a bad guess and restore the non-volitile memory from your backup copy. So this scheme does not really help, other than getting around the limit of 10 tries before the keys are wiped out.

This may have been the procedure used by the FBI to gain access to that phone.

At 02:06:37 in the video, Director Comey says "Until these awesome devices, and that is what makes it so painful, they are wonderful, until this, there was no closet in America, no safe in America, no garage in America, no basement in America that could not be entered with a judge's order". Apparently he has not heard of:

All of those were available long before Apple released iOS 8 in late 2014.

At 02:37:00 in the video, Professor Landau talks about the need for smartphones as more secure holders of login authentication for systems. Ukraine's power grid was infiltrated thru stolen login credentials. But if every phone is vulnerable, we cannot use the smartphone for login authentication, thereby preventing the migration to more secure systems.

At 02:46:00 in the video, District Attorney Cyrus Vance talks about Apple iOS 7, and essentially says that is good enough - it provides security for Apple customers, but yet Apple can assist law enforcement and decrypt the contents. That mentality says that Mr. Vance should be riding a horse - he can eventually get to California, so what is his problem? If it is good enough for his great-grandfather, it should be good enough for him. More seriously, his comments ignore the need to continually improve device security, since the sophistication of the attacks are continually improving.

Why is it so dangerous for Apple to build this insecure version of iOS? The dangers were alluded to by Professor Landau (at 02:39:00 and 03:33:00) and Bruce Sewell (at 03:18:00) but not explicitly articulated. The closest is Mr. Sewell's analogy of a box (that does not and cannot exist) where Apple could put information (passwords, or this insecure iOS version) and guarantee that that information could not be stolen. It is dangerous, because Apple would be building an incredibly valuable target - one that would be attacked by nation states. Yet Apple, as a US company, is prevented from using nation state methods to defend that target.

Any valuable target needs to be defended. We put all our gold in Fort Knox, but it is incredibly well defended. We put cash in bank vaults, and generally the level of physical security goes up as the amount of cash goes up. Your local bank branch has a reasonably secure vault, but nothing like the one at a Federal Reserve bank. But in the digital world, the concept of "secure" is much harder, since information can be copied and taken, and you might not even know it. The NSA could not prevent Snowden from taking information. OPM could not prevent someone from copying the security clearance forms.

Suppose Apple does build this insecure version of iOS. Law enforcement agencies will then give them hundreds to thousands of phones per year to be broken. So Apple will need to setup an entire facility and process to accept such phones, validate that the enforcement agency actually does have a valid warrant, and that the agency itself actually exists and is legitimate. This becomes a routine operation, for which Apple needs to hire employees. Any business has employee turnover - folks leave for other jobs, get sick, etc. So Apple now has a routine operation to recruit folks to work in this secure facility.

But this facility is now a huge target. It is a high value target on the scale of OPM. How many nation states would like to steal the keys to that facility? Well, at least two. So how does Apple investigate a potential employee to guarantee that they are not also working for China? Government agencies are allowed by law to require their employees to pass a security clearance - and as a result of applying for that security clearance, the potential employee gives up a LOT of fundamental rights. I think it is illegal for Apple to require a potential employee to do the same - there are many questions that they cannot even ask, much less require an answer.

And then we have some other Committee members which were hostile. At 03:00:00, Mr. Sensenbrenner tries to trap Mr. Sewell into proposing specific legislation to solve this problem. Mr. Sewell avoids the trap, but Mr. Sessenbrenner is still an ass. At 03:36:00, Mr. Gowdy wants a "fact pattern" whereby Apple would voluntarily comply with the current order based on the All Writs law, and would voluntarily write an insecure version of iOS. I think Mr. Sewell should have told him - no, there is no fact pattern that would cause us to do that. But that is sort of like kicking the hornet's nest. At 03:37:00, Mr. Gowdy again tries to trap Mr. Sewell into proposing specific legislation, which Mr. Sewell declines to do. And I think Mr. Gowdy is also an ass. I have a proposal for Mr. Gowdy and Mr. Sessenbrenner - "No individual or company shall be required to write any software, for any purpose, at any time".

One of Apple's arguments in its Motion to Vacate... is based on the fifth amendment "... by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government's bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party's core principles, violates Apple's substantive due process right to be free from 'arbitrary deprivation of [its] liberty by government'". At 03:40:00, Mr. Gowdy claims that the government can and has conscripted doctors, nurses or anaesthesiologists (presumably against their will) to perform body cavity searches on suspects. Really? He gives no references for this, but at 03:41:00 he promises to get Mr. Sewell the cases he is relying on. I would really like to see those. I have sent the following comment to some of the Greenville newspapers.

On 2016 March 1st, the House Judiciary Committee held a hearing on encryption. At that hearing, Representative Gowdy stated that "There are a lot of cases where folks are conscripted to perform surgical procedures or cavity searches" specifically referring to "nurse, doctor, or anesthesiologist is conscripted by the government". I can find no such cases, and I suspect Mr. Gowdy will be unable to support that statement with any specific cases. You might ask Mr. Gowdy about this.