That way I could say, "Sorry judge, we just do not have that capability. And knowing the algorithm does not help."

judge in this but if such a way does not exist then the prosecutor needs to pull their head out of their ass and move on.

There is no analytical inverse function. It is just not solvable with any reasonable effort.
That is why encryption works.

And a back door just makes it insecure and subject to hacker attacks, in other words worthless as encryption.

The only way I could see Apple being able to comply is either there is such a backdoor in which case there are probably going to be alot of pissed off Apple users or there isnt or there is an exploit Apple knows of to atleast allow unlimited password guesses which they have not patched in which case there still might be some pissed off Apple customers.

That would be cracked by hackers pretty damned quickly, rendering the security useless. Only an idiot computer company would put a back door in their code. And only an idiot legislator would require them to. And the whole idea behind the trap door is to make it very difficult to break the encryption.

Anybody really concerned about secure communications is going to use a pass phrase long enough that it would not be easily guessed, if ever.

That judge may be in a real pickle here.

Knowing the code in no way helps one crack it.

But older versions they still can.

as Hillary mentioned. when discussing her emails.

I like to pretend my biases are relevant to the discussion, too.

<Ditto subject line here>

the phone company will give them to you the phone numbers without a warrant. They have been doing it for the NSA for years.

People looking to stay under the radar have countless options for keeping their communications footprint obscure, with many well known applications and probably even more discrete apps as well.

Apple is erring on the side of many legal issues and using these tactics only to protect their standing in the community and their customers. This is a major landmark legal issue. For them to protest and delay is normal, but in the end they will give in, I'm sure, because it really is the right thing to do, after all.

they can provide IP address logs for sites visited by the phone. All this information is available with a conventional search warrant and is cheaper and far easier to obtain.

Call info, I agree, is likely easy to come by. In a case like this, I would usually side with LE. But it's not clear to me what they're after on the phone itself.
[hr][font color="blue"][center]"The whole world is a circus if you know how to look at it."
Tony Randall, 7 Faces of Dr. Lao (1964)[/center][/font][hr]

history of abusing the powers they have, I would agree.

But they don't. I seriously doubt there is anything on the phone that can't discover with traditional investigative methods. I see no reason to grant more power to them until such time they are regularly held accountable for violating the law.

But in this case, if they're just "looking to be looking", I don't see the need for Apple to be involved.
[hr][font color="blue"][center]Stop looking for heroes. BE one.[/center][/font][hr]

and they want the courts to legalize it.

People who are deliberately trying to hide their information can mask it from their ISP. Tor Messenger, for example, will allow you to text chat with people around the world. Your ISP simply sees an encrypted connection to a constantly shifting list of IP addresses. Without accessing the application, it's impossible to determine who they were talking to or what they were doing.

then I doubt anything useful will be on the phone. The whole point of Tor is to hide. If they have enough discipline to use such tools, they will also make sure to remove anything incriminating from the phone. I mean would you trust an American company not to sell you out if they get your phone?

LEOs should make use of the powers they have and not abuse them, before asking for more extraordinary powers.

Most people I know just dial the person's number, then talk. If some poor government agent is tasked to follow my communications, that must be some kind of punishment, and exercise in boredom.

I know there are other ways, using onions and Finland and such, but why bother?

and sometimes Facebook as well and occasionally, rarely, if someone is a bit of a luddite, skype.

I would rather use data than the phone... cheaper! My communications bill for unlimited data and phone service is about 60 bucks a month.

There's also a number of encrypted messaging services too, available worldwide. It's a wild world out there!

Sending encrypted messages wouldn't be a priority for most people I know.

"If you don't have anything to hide, why do you care if we look?"

But it may be more rooted in laziness and ignorance. If I want to talk to someone, the easiest way is to open my phone and punch in a phone number. They answer, we talk.

I never bothered to look into more secretive ways of talking to someone. If I had a reason to do that, I guess I could research the topic.

What do you use, other than normal phone/email/text/skype, if I may ask? Are there other common communication means?

... of military secure means of communication for voice, mail and chat.

For secure texting to civilians though I use Wickr. Timed deletion, multiple layers of encryption, told the NSA to go fuck themselves when they asked for a backdoor.

https://www.wickr.com/how-wickr-works/

And it wasn't very complex at that time. TWX, all caps teletype.

Things have advanced faster than my brain cell can keep up.

I prefer the guarantee of privacy to the guarantee of security so even if I'm just chatting with the wife I'll use a secure means.

It's simply not possible by Apple's design.

Law enforcement should have tried using the shooter's finger to unlock the Touch ID fingerprint reader while their body was still warm. SPOILER: I just saw Fox Mulder do that on a new X-Files episode.

...they can have infinite tries. It wouldn't be hard to crack it then, it's only 6 digits by default. They could, in theory, do it manually, would take a few days, but yeah. It's possible to implement a longer passcode length (with complex characters) but it's doubtful that the terrorists did that, but if they did, you could make some hardware to do it, plugging into screen entry code.

My guess is that the FBI doesn't know enough about the system to even waste one retry, much less 10, so they don't want to risk pulling the hack. They probably want 1) Apple to stop the retries and 2) completely disable the wipe mechanism. Those things are obviously in userspace.

By accessing the board directly, you can do a direct bit for bit raw dump of the stored data. It will come off the phone encrypted, but you'll have a "soft" copy of the encrypted file system.

Once that's done, it can be brute forced. Spawn a copy of the data file. Try 10 keys. Toss that copy. Spawn a new copy. Repeat ad nauseum until you find the key that works. A decently powerful cluster with a well crafted brute force algorithm can scan thousands of potential passwords a second. Because no attempts are made to decrypt the original source file, any copies made from it will have the full 10 tries. The only technically difficult part is performing the initial data dump from the phone, which I presume was the courts want Apple to assist with.

This is a fairly old forensic technique. As far back as the late 90's, computer forensic standards stated that hard drives should be Ghosted and that forensic work should always be performed on the Ghost images. This preserves the original data in an unmodified format (important for evidence preservation), eliminates charges of tampering, and protects the data from self destruct algorithms or other hidden trapdoors that might block investigators. Modern phone forensics works largely the same way. An image of the phone's storage gets dumped to a computer, and THAT gets analyzed. Never the original.

system, which must hold the 256 bit key.

(I have mixed feelings about this order, but, for the purposes of this post, I'm going to play devil's advocate.)

Apple's argument is that the order not only requires them to create new technology, but that it represents a slippery slope. Today the government goes after the San Bernardino shooters, tomorrow who knows whom they go after?

Leaving the technology question aside, I'm not very sympathetic to the slippery slope argument. I want the FBI to investigate the San Bernardino shooters and their fellow travelers as thoroughly as possible. I want the FBI to investigate white supremacists and Islamist terror cells and all the other bad guys. I want them to dig those people out root and stem. Who is more likely to hurt me and the people I care about -- the FBI or racists & religious fanatics? Clearly, the answer is the latter.

Likewise, I am more worried about ISIS and Putin and North Korea than I am about the NSA. I think the folks at the NSA are basically on my side. Snowden is a clown -- a self-indulgent, self-important millennial libertarian nincompoop. Really -- being honest -- I'm fine with what the NSA does. As enjoyable as being all indignant and righteous about NSA excesses might feel, the truth is that I don't care about what the NSA has done.

Bottom line: maybe the FBI and NSA sometimes cross the line, but the real threat to ordinary people comes from the sources of violence (domestic and foreign) they investigate.

The new technology Apple would need to create would also have the effect of doing irrevocable damage to their iOS line of products. Their encryption and security is one of the selling points, and they'd be open to lawsuits from millions of customers who sometimes spent around $1000 for their devices. It's also fairly short-sighted on the government's part because Apple is quickly replacing Blackberry in government agencies, and once this technology is created it's only a matter of time before it ends up in the wrong hands.

My understanding is that the order is not for information or access that Apple already possesses. They are being ordered to create a "back door" that does not yet exist; basically ordering them to violate citizens' privacy. I do not blame Apple for resisting this. The federal government is not benevolent. If it gains the ability to crack anyone's phone at will, it WILL be used against us, and not just in this isolated instance.

So they wouldn't get it even with a court order?

If they can force Apple to create a back door to this phone, it is a good bet that the same method could be used for others. If so, the feds will definitely use it in the future.

is that the FBI would somehow reverse engineer the code and make it available to use for all phones. Imagine changing the lock on your house but the locksmith makes multiple copies of a master key and hands it out to everyone. Would you use the services of the locksmith again? I know I wouldn't.

I store a lot of information on my iPhone that I certainly wouldn't want anyone to get hold of (medical information, car insurance info, banking apps, credit card apps, my passbook wallet app stores travel info, etc.). I think it's right that Apple has no access to this data and I don't think the government deserves access to it either, even in the case of the San Bernardino shooters. There must be other ways to access who they called, like, I don't know, records from their cell provider.

If they get away with it once, it's off to the races with stuff like this.

with full protection from prosecution, right?

This order requires Apple to create something that doesn't exist and something to which the company has a strong philosophical aversion against. I suspect this order will fail on appeal for right to faith/conscience reasons beyond just the slippery slope argument. It's like ordering a Quaker to create a killing machine.

Which reminds me of the Ben Franklin quote (paraphrased): Those who would give up liberty for security deserve neither liberty nor security.

Welcome to the electronic age, folks. You can't compromise the privacy of millions in order to track down two. Apple needs to fight this so that the door isn't opened wider to even more intrusion by the feds under the argument of "national security."

You actually get it!
What they are actually doing is eroding the 4th Amendment, as if it hasn't been eroded enough already.

Mostly theverge.com and arstechnica.com

They've made it pretty clear that the request is for a general purpose hacking tool and that this is a very bad idea.

And they are legion. Not those who can see the broader implications (and dangers) of this.

Again -- the Franklin quote should be shouted from the rooftops. Not that anyone will listen.

I hope Apple does not give up this fight.