[Cryptography] Apple's appeal brief re NY iPhone iOS7 5s

Tom Mitchell mitch at niftyegg.com
Tue Mar 8 22:19:32 EST 2016 

On Tue, Mar 8, 2016 at 10:01 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> FYI --
>
> https://assets.documentcloud.org/documents/2752989/30-Main.pdf
>
> ----
> Basically, the brief says "you submitted to our abuse dozens of
> times before and never complained; how come you're resisting
> now?"
>
...

>
> The brief also indicates that Apple has confirmed that there
> is a "remote wipe" contract out on this iPhone, and the govt
> is afraid that if they turn the phone on, that it will wipe
> itself.
>
> Interesting question: how would Apple know about the "remote
> wipe" command?  Shouldn't this command also be encrypted?


<reason for this list>
Over the air I suspect the command would be encrypted
and signed by Apple.   Perhaps managed by the phone service
via over the air links including relayed by other cell services, via WiFi
or a known (unknown?) computer with iTunes.
</reason for this list>

Lots of moving parts...

The remote wipe is a contracted service.
This specific court order  would appear to a demand to nullify this aspect
of a
contracted service. It does not not say so except that it is paramount to
to nullify
this service as delivered via automated systems.  Contracts are not
mentioned.
With the queued command in place removing the command or ...
there is an unstated service demand  that the work must be conducted in a
RF sealed room for safety. One room for each individual phone is a lot
of rooms.
Is this routine?

Revoking the wipe command may not be built into the automated systems.
Invoking the remote command may have been automated by any number
of actions including contract lapse, inaction, transfer or action by the
owner
or something someone in the chain of custody did. One wipe command context
would be data tampering where internal checks fail.

The opening states:
   "This is a routine application...   "
   "The Department of Justice has made the same application, for
     the same assistance, from the same company, dozens of times before. "

So I ask when does a routine imposition become an onerous imposition.
i.e. Grandparents are happy to babysit for free up to a point.  When is
this service a distraction to the company and become burdensome?
Clearly it has -- In six months some years ago some 10,000 requests had
been made in six months of 2012

And the "made the same" request dozens of times causes me to ask
what has changed.  Hmmm...  Dozens ... someone cannot count:
   "Apple Inc. said that between 9,000 and 10,000 accounts or devices were
specified in
    data requests between Dec. 1, 2012, and May 31 from federal, state and
local authorities
    and included both criminal investigations and national security
matters."
    http://www.huffingtonpost.com/2013/06/17/apple-nsa_n_3453183.html
I am looking for the hair they are splitting to get thousands down to a
couple dozen.

Deleting a queued command from the command service queues involving a
global cluster of services
involving all the partners domestic and international  like AT&T, T-mobile,
 Vodafone, O2,
BASE/ E-Plus.... seems non trivial.   A single data structure containing a
queue of actions and
events to process is difficult to get correct.   Stopping the global
service system with a debugger
seems onerous.

If at first you do not succeed try try again!

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160308/86090527/attachment.html>

More information about the cryptography mailing list