Tx for that, Michael. I shall explore those source url's further...:-) .
The FBI says in their submission to the court, that they do not have
legal justification to reverse engineer the software, which is why they
have demanded that Apple be compelled to help them. Apple engineers had
discussions with them, but were only prepared to go so far without
further advice or making a stand. Of course both sides are taking up
their respective positions, and they may or may not be right in
law...which is of course, why the problem is being pursued through the
courts.
It poses the question of why the FBI is choosing another route if it
can do it legally using the methods you describe below...Perhaps they
would prefer to be invited to go in through the front door, rather than
upset a lot of people by going through the back...:-). Perhaps they have
already had their fingers burnt by screwing up the password. Perhaps
they haven't got good enough quality forensic engineers to do the job on
Apple software. Perhaps the agenda is to establish that end to end
encryption, as it becomes more popular, does not mean that they, and
other law enforcement, security and intelligence agencies, are "kept in
the dark" when it comes to tackling serious crime and gaining evidence
for it, or stand accused of riding roughshod over the rights of citizens
to privacy and security of their individual rights, property and the
conduct of their daily business, and, last but not least, their pursuit
of happiness...Perhaps they are posing the question of why, when such a
serious crime has been committed, that Apple is reasoning that market
considerations and the protection of their software is more important
than gaining further information on what is a very serious crime and on
the extent of who else, if any, and to what extent, are involved.
Interesting to note too, that governments haven't as yet, made
proprietory software owners responsible and liable to their clients or
customers, if their software doesn't do what it is supposed to do, just
as other goods are liable if they aren't "fit for purpose". Still,
that may come in the future.
Though I have an interest in these areas, particularly human rights and
their enforcement; unfortunately, I do not have the skills or the
specialisations and qualifications as others do to pursue it, which is
of course, why I rely on others exchanging their good advice over the
internet, particularly a mailing list such as this. I am but a mere
layman in these matters, a jack of all trades and master of none, and my
main studies have been in the area of English law. I am fairly new to
US law.
Once again, thank you for taking the time to dig up that
information...It has been most helpful...:-) .
It is certainly a question to watch...It will be interesting to see what
happens as we lead up to March 22nd. and the decision of the court.
ATB
Dougie.
On 21/02/2016 23:37, Michael Best wrote:
It depends entirely on the circumstances, and it's not just a matter of copyright. There's licensing, contracts, copying, etc. Analysis doesn't necessarily involve copying, but...
"It is legally risky to bypass any “technical protection measures” (e.g., authentication handshakes, protocol encryption, password authentication, code obfuscation, code signing) that control access to the code or any specific functionality."
That seems to be more about DRM, though, per
"Section 17 U.S.C. 1201, the anti-circumvention provisions of the DMCA, prohibits circumvention of “technological protection measures” that “effectively control access” to copyrighted works. The law also prohibits trafficking in tools that are primarily designed, valuable or marketed for such circumvention."
However,
"Reverse engineering generally doesn’t violate trade secret law because it is a fair and independent means of learning information, not a misappropriation. Once the information is discovered in a fair and honest way, it also can be reported without violating trade secret law."
There's an exception allowing it for security purposes, though:
"Section 1201 contains an exception for reverse engineering, as well as security research, encryption research, and the distribution of security tools, all of which may support reverse engineering. "
"The list is offered just to give you an idea of the kinds of things that distinguish permissible from impermissible reverse engineering:
You lawfully obtained the right to use a computer program;
You disclosed the information you obtained in a good faith manner that did not enable or promote copyright infringement or computer fraud;
Your sole purpose in circumventing is identifying and analyzing parts of the program needed to achieve interoperability;
The reverse engineering will reveal information necessary to achieve interoperability;
Any interoperable program you created as a result of the reverse engineering is non-infringing;
You have authorization from the owner or operator of the reverse engineered software or the protected computer system to do your research;
You are engaged in a legitimate course of study, are employed, or are appropriately trained or experienced, in the field of encryption technology.
You provide timely notice of your findings to the copyright owner."
Above from Coders’ Rights Project Reverse Engineering FAQ
https://www.eff.org/issues/coders/reverse-engineering-faq
TL;DR: It's a bit murky, but it's less likely if the FBI needs to copy the existing iOS code to implement the backdoor they want - as opposed to being able to modify the existing code with an update that was written entirely by FBI.
"To our knowledge, no agency of the executive branch has argued, or advised, that government copying is per se a fair use." http://www.loc.gov/flicc/gc/fairuse.html
One academic article argues that the reason the software usually isn't considered part of the fair use exception when seized by law enforcement is that it's not part of the subject of a legal proceeding - I'm not sure that applies in this case. http://faculty.usfsp.edu/gkearns/Articles_Fraud/Copyright%20and%20Law%20Enforcement's%20Use%20of%20Seized%20Computers.pdf <http://faculty.usfsp.edu/gkearns/Articles_Fraud/Copyright%20and%20Law%20Enforcement%27s%20Use%20of%20Seized%20Computers.pdf>
On Sun, Feb 21, 2016 at 6:16 PM, douglas rankine <douglasrankine2001@xxxxxxxxxxx <mailto:douglasrankine2001@xxxxxxxxxxx>> wrote:
Michael,
Question...can anyone, any group, any organisation reverse
engineer proprietary software, whether they keep it to themselves
or not...If so...can you please refer me to where it says so, in
US, UK or international law?
ATB
Dougie.
On 21/02/2016 22:19, Michael Best wrote:
I don't think reverse engineering it is a problem unless they try
to distribute that info or profit from it. Plus, reverse
engineering is its own analysis which provides some degree of
separation (I think).
On Sun, Feb 21, 2016 at 5:16 PM, Andrew Hornback
<achornback@xxxxxxxxx <mailto:achornback@xxxxxxxxx>> wrote:
Would the FBI be liable in the event that they reverse
engineered Apple's product in order to break it? I'm sure
that's part of the problem. Personally, I've heard that the
NSA has the capabilities to handle this issue without making
a big deal out of it, but they don't want to tip their hand
and prove that they do... so, we end up with the smoke and
mirrors show asking Apple to get involved. Of course, it
could simply be their way of asking Apple to validate the
NSA's process...
From looking at the court documents, it appears that the FBI
is simply wanting Apple to circumvent the "self-destruct"
routine within iOS so they can brute force the password on
the device. That doesn't break or negate the encryption, it
merely prevents the device from pulling a "Mission
Impossible" after they get the code wrong the 10th time.
Now, if Farook's employer had done things properly and
implemented an appropriate MDM solution prior to deploying
the phone, we wouldn't be having this conversation since the
MDM client/widget/whatever you want to call it operates at a
low enough level to allow administration of the phone without
it being unlocked.
I also wouldn't be surprised to find some young, enterprising
lawyer in California to be soliciting those beneficiaries of
Farook's employer's services to file suit agains them for
failure to properly safeguard their data on those mobile
devices. I figure someone's going to be screaming about
HIPAA and PII security in order to make a few bucks...
--- A
On Sun, Feb 21, 2016 at 4:11 PM, Michael Best
<themikebest@xxxxxxxxx <mailto:themikebest@xxxxxxxxx>> wrote:
What does copyright have to do with it? FBI isn't trying
to redistribute the code. Apple's NDAs and IP agreements
might apply, but I don't see what role copyright plays.
(I'm asking, not arguing. I haven't exactly following the
case though, and I already got one major detail wrong lol.)
Sent from my iPhone
On Feb 21, 2016, at 3:45 PM, douglas rankine
<douglasrankine2001@xxxxxxxxxxx
<mailto:douglasrankine2001@xxxxxxxxxxx>> wrote:
see url:
https://twitter.com/cfarivar/status/701430905076731906
Even if the FBI did screw up...or Farooks Employer
screwed up...or they both screwed up...It wouldn't have
made a lot of difference regarding what is at present on
Farooks phone. The back up was done on October 19th
whereas the crime was committed one and a half months
later. In that time, up until the time of the crime, the phone had NOT been backed up...according to the
affadavit from the FBI. From looking at the affadavit,
the FBI is saying that they agreed to trying to change
the password to see if they could get access to the back
up, and the phone. It didn't work, so that makes the
FBI stupid because they should have known. Does this
mean that if the FBI/Farooks employer hadn't changed the
password that there would have been an automatic backup
made?
Remember, according to the FBI, it is Apple software,
it is copyright and the FBI is not allowed under US Law
to breach that copyright. Any experts out there on
Apples end-to-end encryption software, who isn't bound
by Apple's copyright and non-disclosure agreements? Perhaps they could enlighten us.
Whom do I believe? I'll reserve my judgement until the
facts come out!...:-) . Coward that I am...
ATB
Dougie.
-- Veritas aequitas liberabit vos
Veri universum vici
That 1 Archive <http://that1archive.neocities.org/>
@NatSecGeek <https://twitter.com/NatSecGeek>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname:pgp.mit.edu <http://pgp.mit.edu>
mQINBChG9zoBEADKzALG4UHCjY6L9OFUxWRVGGCW7LY71K2EAK/0jkRh1wPkJ4chPaVJ3vVD
nJ0d8HxsyR5R3+y7GH6GCc/tK0IDPJah+xpQnraS1nWUvAlSaaxsBK4hJfuVGyfBg/joQVKU
OhpqJLQhRIkUWk30QC94IbOKiCTb6V4pStLYyrLieewjT481vvRIYp/48IS5eiveZW0/IpcA
HBON7xJw6P1murC8PNOJSWRCp9FJhcs3wIPG3cFTfsxSZnGcoivMgFLtGAfLbztpZkcHEMOR
4qamVvirzYGHma0UlOzyNr7xpxyLXFsU5kKzQ8Az2nP1GG7vuqXSjPNLIvvHFL+g+gKuCe9W
xTa9Ac038RRSiBGdDrvTFpQ/h9h5GWIHP7nsA4TCeZSpL81aqp7Cb0MK3KPQmteTPIujVCnx
jXXHrOe9Tj6iYUU8edApISyBEVFZMd+EtfDEDf/ZwDjzSGE85vv1dZ/ck7iJvS8FwM8hsRBG
U9huCKiItGs26teUJ2Sum49YaEiDL4QLQhJ+FbsAusxJg+V3GE/4w75K/6/czT0p10Mf66Uo
fRFTvYRE7S6CNDxzTI4q7+pnRlxMBduGC33KY4eq4Py/O3LWHBDxZ+LffIa/tWcB/7oZ6yDo
bdWleNk5wnJdPGr6lUTHTM4tpDIEcXYpvjzyLcMtg4tFm/Dc0QARAQABtGVNaWNoYWVsIEJl
c3QgKFByaXZhdGUsIG5vdCBzZWN1cmUuIEZvciBzZWN1cmUgZW1haWwsIHJlcXVlc3QgYSBv
bmUtdGltZSBrZXkuKSA8dGhlbWlrZWJlc3RAZ21haWwuY29tPokCPQQTAQoAJwUCKEb3OgIb
AwUJNXc1AAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCiYH9hY4dAS3e+D/sFwyJER4/4
ZnHYC/1EzCpHeDikSmULEgsvNgzo73thOV9/Q2I8mCJTlQjsK4rZ2YiDzi4b0CN8kzjpxtVz
BsBsxfyPLrdH4VoqeqeBVzbwHxSk7bYUI3vFt+e3gBgpAxbVfPXCnYUnWPRlr9dc/JZoPJH4
p8yRIqktehbAE3Fa3gkfrXJ5e6+/nKlQhikyvo9VuErrLpPMXBzOq4/2LVfurkcOzlp1RBjs
hWr6B98EiOXs44ZGLEkINxJiW8koFhw/WDuON8LKi/DtLiqqtBVTjrkqKCuKzSAVncGGcEVO
3Om3aOIOvG0do/wQKYXnpbeGsHwx2PGrJ7H+lb2bIb5KhbZkbG4rMTjsVnuGN+IF4BxBhmGz
MYoooWy4VCLL0o8keomU8JPXt+fZDqJ9sNjY/asTsjOa6aE3bIa6w3mWUeefGwA25oXur3Rr
L3wmu1pPzCejumfA1X93dS9UZS3xni+7W34g6YbsREuaZ+YBxFLN227JXAx2pEdjLsuVOaqM
9CO7ARHsxDZoE9U7n0s3txnSw/2YYwjEK1wDhdLnHBL3ZzaAcaHnpzsTYQAVW7uXKKHhzeSK
GP3O4ByCisM/7WLFvIIpaNNs85jI1PvKH0GutSTl9xXDfWuYMl9rwwbteBB/oGSxlIFe0pqq
IDNfAJdR/HjTLqrTES2wdXJS1bkCDQQoRvc6ARAAmltXrhVfpePdIFrfEHCet4nkQvmRI+AX
rUgiNlxQDW8M5FzlUfT2xpMXHMWuKehTYpFq7bNbFi+fwBhMajgvgDsTuLInftKSFp+sisbR
n8psv7CpGB4jp0Xd4y1Wm/HejV/kga0kcUVVetaqyzgZedn1UnccQRzDBVWW2j2ed+hi/8g0
/d7mbVG81yzJo8tLidM90xFF7JGlijm0dBAqmhD4UgkxSnJQ3PK5onqdjdbx7HkP68RrkeTQ
vhWK1978qzdSl9ljJ0jLnoAaDNPs5Dj/TyYCtqoKHUqMbTwU5nIQnJG7geMeSw/7OVnKlypF
Rs/JesZzMBooZTRxZJuIB/q0wOfE/MYTwGSwLs2brUwJFJ6bSYmerZ+81S8W/Y4mehJ3o6Vl
SabrrVN+LlBfUuRqd5U909WECzk6HVnwnRfL07zD+1y5cLU+e4MQs2227kLriTIxtDZ/umeG
hKQgNgFGTAPHJxA96xGvQ8Ovv+XEivlO0jxBNMIiopNSlMDE+k3nigWHuavt9LUUCOd45aw7
0pgKstQQgpFfVAwV98LPpUKxa61q6wQiQHAcP7YxuQG0dsr4nUq2xids5l1IpOLzZJ3nRThM
k7alkljBbqphbocV3FsSXOkpcSWns94k1QGmrPzEPLF0FHFBG6whWoaoEySMkdsN1zVu4GMU
o2EAEQEAAYkCJQQYAQoADwUCKEb3OgIbDAUJNXc1AAAKCRCiYH9hY4dASzTaEACKXVgc8KmZ
xWyYTUQgIwrj3J/re68uIilq0iBBDocgEZZpxyf6lD1V3IKBjAPpWyYHMrrrLY64rFDR+8DE
Xyhm1Wv2S6YJuWJtyAlS4bciXjJE6evirIH5GoFq++vzsufRaudAoQ56hJ0+Z3dNMMWZ6YuP
zWNNL2tvpdo3Nvd8bqiADWSffFdIPv5Yj/mZsXmaDN+7iWYlAdCrubGyGzFHlCh26Ghu6SS0
/u8x1/Oi7ma7fUMFnEsFiYjwBkD3pQKK1dm7j2f1OMxi8uky8vgBgx40aeJkoUgEvIHWsCIi
CWVTyfiGeWIcKbK7tYP5jsjV5fUv+TaQ1pApt++Pyop1aogfQ8icNBQQkdX6E4gNhnPOPTM8
FTl69Tq5Ori5+TM8VM0iPGiydlcAXIAD3OyR4tZM12Ga1AtppKjx31EyDB4SPzUmDWRy5WgG
NRH3+RgiK/iXVcvLdFIKj3/AvctSLdbayyaFD8zrE/wcMzLfie+iE231+rG/7gmcR3H1rcYE
vxvmWAPikLQKiMUpPBNSvfLPUTrwNSGiZ5ieAAPgOooc3u5nohwZmEW1pg6HirZgIAgAYuyL
aLgnikwH70guiQ4Ufsih3gy0ddsUwliUTtbYQyX0OBQoTUyaiXPy0Wu2FJfsxiW8X9Lu9pIH
KOwU9K76VKot+UikGqeFQsS/Ig==
=M+du
-----END PGP PUBLIC KEY BLOCK-----
--
Veritas aequitas liberabit vos
Veri universum vici
That 1 Archive <http://that1archive.neocities.org/>
@NatSecGeek <https://twitter.com/NatSecGeek>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname:pgp.mit.edu <http://pgp.mit.edu>
mQINBChG9zoBEADKzALG4UHCjY6L9OFUxWRVGGCW7LY71K2EAK/0jkRh1wPkJ4chPaVJ3vVD
nJ0d8HxsyR5R3+y7GH6GCc/tK0IDPJah+xpQnraS1nWUvAlSaaxsBK4hJfuVGyfBg/joQVKU
OhpqJLQhRIkUWk30QC94IbOKiCTb6V4pStLYyrLieewjT481vvRIYp/48IS5eiveZW0/IpcA
HBON7xJw6P1murC8PNOJSWRCp9FJhcs3wIPG3cFTfsxSZnGcoivMgFLtGAfLbztpZkcHEMOR
4qamVvirzYGHma0UlOzyNr7xpxyLXFsU5kKzQ8Az2nP1GG7vuqXSjPNLIvvHFL+g+gKuCe9W
xTa9Ac038RRSiBGdDrvTFpQ/h9h5GWIHP7nsA4TCeZSpL81aqp7Cb0MK3KPQmteTPIujVCnx
jXXHrOe9Tj6iYUU8edApISyBEVFZMd+EtfDEDf/ZwDjzSGE85vv1dZ/ck7iJvS8FwM8hsRBG
U9huCKiItGs26teUJ2Sum49YaEiDL4QLQhJ+FbsAusxJg+V3GE/4w75K/6/czT0p10Mf66Uo
fRFTvYRE7S6CNDxzTI4q7+pnRlxMBduGC33KY4eq4Py/O3LWHBDxZ+LffIa/tWcB/7oZ6yDo
bdWleNk5wnJdPGr6lUTHTM4tpDIEcXYpvjzyLcMtg4tFm/Dc0QARAQABtGVNaWNoYWVsIEJl
c3QgKFByaXZhdGUsIG5vdCBzZWN1cmUuIEZvciBzZWN1cmUgZW1haWwsIHJlcXVlc3QgYSBv
bmUtdGltZSBrZXkuKSA8dGhlbWlrZWJlc3RAZ21haWwuY29tPokCPQQTAQoAJwUCKEb3OgIb
AwUJNXc1AAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCiYH9hY4dAS3e+D/sFwyJER4/4
ZnHYC/1EzCpHeDikSmULEgsvNgzo73thOV9/Q2I8mCJTlQjsK4rZ2YiDzi4b0CN8kzjpxtVz
BsBsxfyPLrdH4VoqeqeBVzbwHxSk7bYUI3vFt+e3gBgpAxbVfPXCnYUnWPRlr9dc/JZoPJH4
p8yRIqktehbAE3Fa3gkfrXJ5e6+/nKlQhikyvo9VuErrLpPMXBzOq4/2LVfurkcOzlp1RBjs
hWr6B98EiOXs44ZGLEkINxJiW8koFhw/WDuON8LKi/DtLiqqtBVTjrkqKCuKzSAVncGGcEVO
3Om3aOIOvG0do/wQKYXnpbeGsHwx2PGrJ7H+lb2bIb5KhbZkbG4rMTjsVnuGN+IF4BxBhmGz
MYoooWy4VCLL0o8keomU8JPXt+fZDqJ9sNjY/asTsjOa6aE3bIa6w3mWUeefGwA25oXur3Rr
L3wmu1pPzCejumfA1X93dS9UZS3xni+7W34g6YbsREuaZ+YBxFLN227JXAx2pEdjLsuVOaqM
9CO7ARHsxDZoE9U7n0s3txnSw/2YYwjEK1wDhdLnHBL3ZzaAcaHnpzsTYQAVW7uXKKHhzeSK
GP3O4ByCisM/7WLFvIIpaNNs85jI1PvKH0GutSTl9xXDfWuYMl9rwwbteBB/oGSxlIFe0pqq
IDNfAJdR/HjTLqrTES2wdXJS1bkCDQQoRvc6ARAAmltXrhVfpePdIFrfEHCet4nkQvmRI+AX
rUgiNlxQDW8M5FzlUfT2xpMXHMWuKehTYpFq7bNbFi+fwBhMajgvgDsTuLInftKSFp+sisbR
n8psv7CpGB4jp0Xd4y1Wm/HejV/kga0kcUVVetaqyzgZedn1UnccQRzDBVWW2j2ed+hi/8g0
/d7mbVG81yzJo8tLidM90xFF7JGlijm0dBAqmhD4UgkxSnJQ3PK5onqdjdbx7HkP68RrkeTQ
vhWK1978qzdSl9ljJ0jLnoAaDNPs5Dj/TyYCtqoKHUqMbTwU5nIQnJG7geMeSw/7OVnKlypF
Rs/JesZzMBooZTRxZJuIB/q0wOfE/MYTwGSwLs2brUwJFJ6bSYmerZ+81S8W/Y4mehJ3o6Vl
SabrrVN+LlBfUuRqd5U909WECzk6HVnwnRfL07zD+1y5cLU+e4MQs2227kLriTIxtDZ/umeG
hKQgNgFGTAPHJxA96xGvQ8Ovv+XEivlO0jxBNMIiopNSlMDE+k3nigWHuavt9LUUCOd45aw7
0pgKstQQgpFfVAwV98LPpUKxa61q6wQiQHAcP7YxuQG0dsr4nUq2xids5l1IpOLzZJ3nRThM
k7alkljBbqphbocV3FsSXOkpcSWns94k1QGmrPzEPLF0FHFBG6whWoaoEySMkdsN1zVu4GMU
o2EAEQEAAYkCJQQYAQoADwUCKEb3OgIbDAUJNXc1AAAKCRCiYH9hY4dASzTaEACKXVgc8KmZ
xWyYTUQgIwrj3J/re68uIilq0iBBDocgEZZpxyf6lD1V3IKBjAPpWyYHMrrrLY64rFDR+8DE
Xyhm1Wv2S6YJuWJtyAlS4bciXjJE6evirIH5GoFq++vzsufRaudAoQ56hJ0+Z3dNMMWZ6YuP
zWNNL2tvpdo3Nvd8bqiADWSffFdIPv5Yj/mZsXmaDN+7iWYlAdCrubGyGzFHlCh26Ghu6SS0
/u8x1/Oi7ma7fUMFnEsFiYjwBkD3pQKK1dm7j2f1OMxi8uky8vgBgx40aeJkoUgEvIHWsCIi
CWVTyfiGeWIcKbK7tYP5jsjV5fUv+TaQ1pApt++Pyop1aogfQ8icNBQQkdX6E4gNhnPOPTM8
FTl69Tq5Ori5+TM8VM0iPGiydlcAXIAD3OyR4tZM12Ga1AtppKjx31EyDB4SPzUmDWRy5WgG
NRH3+RgiK/iXVcvLdFIKj3/AvctSLdbayyaFD8zrE/wcMzLfie+iE231+rG/7gmcR3H1rcYE
vxvmWAPikLQKiMUpPBNSvfLPUTrwNSGiZ5ieAAPgOooc3u5nohwZmEW1pg6HirZgIAgAYuyL
aLgnikwH70guiQ4Ufsih3gy0ddsUwliUTtbYQyX0OBQoTUyaiXPy0Wu2FJfsxiW8X9Lu9pIH
KOwU9K76VKot+UikGqeFQsS/Ig==
=M+du
-----END PGP PUBLIC KEY BLOCK-----