[Cryptography] Thoughts on the Apple iPhone fiasco

[Phillip Hallam-Baker]

On Wed, Feb 17, 2016 at 4:56 PM, Jerry Leichter <leichter at lrw.com> wrote:
>> ...It seems to me that Apple is fighting the wrong fight here. Any
>> security system that depends on a trusted third party not being
>> coerced is flawed. Waffling on about 'precedent' isn't going to help
>> matters.
>>
>> The only way for Apple to provide a credible assurance that it is
>> protecting user privacy is to provide a system that verifiably puts
>> the device beyond their control. That may not be possible when the
>> operating system can upgrade itself without requiring the user to
>> unlock it. My experience is that the phone demands the pin to upgrade.
>>
>> Some stories suggest that later iPhone models do have hardware
>> enforcement of the 10 password attempt lockout. If so, it would seem
>> that any precedent set in the San Baradino phone incident would be
>> short lived.
> If the FBI wins on this, they will use it the next time around.  I can see at least two ways they can do so:
>
> 1.  When the time comes that they need access to a more recent iPhone (and they'll choose a case where everyone will agree that giving them access isn't such a bad idea) they'll get a court order and Apple will respond "What you're asking for is impossible."  The FBI will then play that up - in the courts (where they will almost certainly lose) and in public/political opinion (where they stand a chance of winning):  See, Apple has taken *deliberate steps* to frustrate a legal court order.
>
> 2.  Once the precedent is set to allow the courts to force Apple to create a signed OS image and hand it over, the next order will be for an image to be loaded *before* the phone is captured - perhaps even using Apple's own updating mechanisms.  So the target will end up with a phone that secures its encryption keys - but uses the identity function for actual encryption.
>
> I'm sure clever lawyers will find other uses for a ruling in the FBI's favor.
>
> There's a saying in the law:  Hard cases make bad law.  You better believe that the FBI chose this case carefully, knowing that everything about it made their position seem as reasonable as possible, while making Apple look as bad as possible.  Note also that they demanded much more of Apple than is necessary.  They *could* have demanded that Apple provide a copy of the data in the phone.  Since the attackers are dead, this couldn't compromise prosecution, and would not have left Apple with the ability to say "they want us to make something we consider so dangerous that we refuse to try."  (Some have painted this as "oh, they aren't asking Apple to get its hands dirty by actually doing the deed - they just hand over the code.  But that gets things exactly backwards.  In fact, in the past, when it was relatively easy to do, Apple *has* agreed to get and turn over the contents of phones.)
>
> The FBI would *like* to look at this phone - though realistically I'd bet they don't expect to find anything of interest on it:  The attackers were apparently pretty good about operational security, and were careful to destroy their own phones and computers.  Why would they use a work phone - which they might be called upon to turn in and unlock, even for routine purposes - for stuff they needed hidden?
>
> Just on the basis of what they are likely to find on the phone, I doubt the FBI would take things to this point.  But as a way to set a precedent in their favor ... it's a godsend.
>                                                         -- Jerry

My understanding is that the 5C is one of the phones that was designed
before they slammed the door shut. So it is possible for them to
bypass the protections on that particular phone.

On the 6 and later, the phone has to be unlocked to authorize an O/S
update and the keys are stored in a secure enclave with TPM like
capabilities.

My concern is that by making a stand in this case, they are going to
create a bad precedent precisely because they will inevitably fold.