[cryptome] Re: Farook Backup: Password Screwup

  • From: douglas rankine <douglasrankine2001@xxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Sun, 21 Feb 2016 23:03:31 +0000

see url: https://cryptome.org/2016/02/usg-apple-001-009.pdf
Hi Andrew,

The FBI does not have the right in law to break into proprietary software, even in a crime as serious as this. No government agency has (except perhaps the NSA, where it affects national security in an emergency), though don't quote me on it. If they, the FBI break Apple's software they open themselves to liability under US copyright law...And they may even be breaking the criminal aspects of copyright law. There are two big organisations which have a lot of clout in the USA regarding copyright law, and they have been very successful at getting aspects of breaking into copyright a criminal offence...and the USG and the politicians, and Congress and the establishment have gone along with it.

The back up to Farooks phone was dated October 19th. Even if the FBI managed to get access, they wouldn't have got the up to date contacts and metadata and any residual content on the iphone...as far as my understanding goes. I stand to be corrected on that, so if I am wrong, please let the mailing list know.

And yes, they are asking...nay...now demanding that Apple...who have admitted that they can do it, if you read the USGvApple application for compulsion order again, modify their software, without the FBI having access, so that the FBI can then try using various forensic tools to try and break into the phone so that they can get access to all the contacts, without the data being destroyed after the 10th attempt; who he spoke to, when, what he said, who else was involved in the conspiracy etc...etc...

Nuffink to do with the NSA, nuffink to do with illegal mass collection, storage or sifting of communications at home or abroad. That is a different problem, a different set of arguments applies and, one one ignores that at ones cost. Nuffink to do with smoke and mirrors either, just simple strategy and tactics. Perhaps the US government has been listening to the criticism about barging in on peoples rights, destroying amendments to the US constitution, on the privacy and on the security of US citizens...who knows. After all the US establishment have been taking a lot of stick, their stance has been affecting business and their credibility as a country which supports human rights on an international scale; and the pressure must be tremendous, particularly at election time. It is not as if Apple cannot circumvent the self destruct routine. According to the FBI, in discussions with Apple engineers, they can. That bit of the discussion needs to be read rather carefully in case I have mistaken it and I would love to be corrected if I have got it wrong.

Now, which NSA process are you talking about here...

If the FBI and Farooks employer had, in the light of hindsight, acted "properly", with cleverness, intelligence and perfect application of computer forensic theory; it wouldn't have made any difference. The last backup was on October of 19th. On that, if I have got it wrong, I stand to be corrected...and...please do so.
And yes I agree with you there too as far as lawyers are concerned. Words is money and money is words. Knowing the right words, the right sentences paragraphs and the right practical applications, to a society's expressed culture and ideals goes a long way to winning an argument; and just like software code, brings in the money to those who have the ability to market it, network it and sell it. But there again, that is not just what this case is about...
Keep the critique and the thoughts and the ideas coming. I am a willing listener and willing learner.:-) .
ATB
Dougie

On 21/02/2016 22:16, Andrew Hornback wrote:

Would the FBI be liable in the event that they reverse engineered Apple's product in order to break it? I'm sure that's part of the problem. Personally, I've heard that the NSA has the capabilities to handle this issue without making a big deal out of it, but they don't want to tip their hand and prove that they do... so, we end up with the smoke and mirrors show asking Apple to get involved. Of course, it could simply be their way of asking Apple to validate the NSA's process...

From looking at the court documents, it appears that the FBI is simply wanting Apple to circumvent the "self-destruct" routine within iOS so they can brute force the password on the device. That doesn't break or negate the encryption, it merely prevents the device from pulling a "Mission Impossible" after they get the code wrong the 10th time.

Now, if Farook's employer had done things properly and implemented an appropriate MDM solution prior to deploying the phone, we wouldn't be having this conversation since the MDM client/widget/whatever you want to call it operates at a low enough level to allow administration of the phone without it being unlocked.

I also wouldn't be surprised to find some young, enterprising lawyer in California to be soliciting those beneficiaries of Farook's employer's services to file suit agains them for failure to properly safeguard their data on those mobile devices. I figure someone's going to be screaming about HIPAA and PII security in order to make a few bucks...

--- A

On Sun, Feb 21, 2016 at 4:11 PM, Michael Best <themikebest@xxxxxxxxx <mailto:themikebest@xxxxxxxxx>> wrote:

    What does copyright have to do with it? FBI isn't trying to
    redistribute the code. Apple's NDAs and IP agreements might apply,
    but I don't see what role copyright plays. (I'm asking, not
    arguing. I haven't exactly following the case though, and I
    already got one major detail wrong lol.)

    Sent from my iPhone

    On Feb 21, 2016, at 3:45 PM, douglas rankine
    <douglasrankine2001@xxxxxxxxxxx
    <mailto:douglasrankine2001@xxxxxxxxxxx>> wrote:

    see url: https://twitter.com/cfarivar/status/701430905076731906

    Even if the FBI did screw up...or Farooks Employer screwed
    up...or they both screwed up...It wouldn't have made a lot of
    difference regarding what is at present on Farooks phone. The
    back up was done on October 19th whereas the crime was committed
    one and a half months later.  In that time, up until the time of
    the crime,  the phone had NOT been backed up...according to the
    affadavit from the FBI. From looking at the affadavit, the FBI is
    saying that they agreed to trying to change the password to see
    if they could get access to the back up, and the phone.   It
    didn't work, so that  makes the FBI stupid because they should
    have known.  Does this mean that if the FBI/Farooks employer
    hadn't changed the password that there would have been an
    automatic backup made?

      Remember, according to the FBI, it is Apple software, it is
    copyright and the FBI is not allowed under US Law to breach that
    copyright. Any experts out there on Apples end-to-end encryption
    software, who isn't bound by Apple's copyright and non-disclosure
    agreements? Perhaps they could enlighten us.

    Whom do I believe?  I'll reserve my judgement until the facts
    come out!...:-) . Coward that I am...
    ATB
    Dougie.



Other related posts: