Full Brief From San Bernardino District Attorney Even More Insane Than Application About 'Dormant Cyber Pathogen'

from the it goes on and on dept


Support our crowdfunding campaign to help us keep covering stories like these!

Like many, we wrote about the bizarre filing from San Bernardino County District Attorney Michael Ramos in the Apple/FBI encryption fight — you know, the one where he speculates randomly that the iPhone might contain evidence of a “dormant cyber pathogen” that is waiting to infect computer systems everywhere? Of course, that was found in his 4 page application to file the full brief, and as far as we can tell, no one else has explored the full 40 page brief that Ramos eventually did file, after magistrate judge Pym granted permission. And, it probably won’t surprise you that in a filing that’s 10x as long, it’s got much more room for crazy arguments, many of which seem to be in the “day is night, black is white” variety. Let’s dig in:


At issue before this Court is whether on balance there is a compelling
governmental interest in acquiring evidence of criminal activity contained solely on
the specific San Bernardino County-owned iPhone, seized and ordered searched
by a lawful search warrant issued by a United States Magistrate, that outweighs any
real or imagined interest that Apple, a for-profit California-based corporation,
asserts to deny assistance to the FBI, San Bernardino County District Attorney’s
forensic partners, and by extension the San Bernardino County District Attorney
and our client, the People of the State of California, in acquiring this evidence.

Actually, that’s not the issue. The issue is not whether there’s a compelling governmental interest, but whether or not a company can be compelled to build new hacking tools and surreptitiously load them onto user devices. That’s a very different question, and one that Ramos doesn’t even want to consider. So, instead, he makes up things unrelated to the issue at hand.

Then, Ramos repeats the whole bogus “there may have been a third shooter!” and “DORMANT CYBER PATHOGEN!” arguments, based on absolutely no evidence, and follows it up by flipping the burden of proof, and hilariously arguing that it is Apple’s burden to prove that there is no such dormant cyber pathogen. PROVE A NEGATIVE, APPLE!


At the time that the murders in San Bernardino County were being perpetrated on
December 2, 2015, at least two 911 calls to the San Bernardino Police Dispatch
Center reported the involvement of three perpetrators. Although the reports of three
individuals were not corroborated, and may ultimately be incorrect, the fact remains
that the information contained solely on the seized iPhone could provide evidence
to identify, as of yet, unknown co-conspirators who would be prosecuted by the
District Attorney for multiple murders and attempted murders in San Bernardino
County.

In addition, the iPhone is a county telephone that may have connected to the
San Bernardino County computer network. The seized iPhone may contain
evidence, that can only be found on the seized phone, that it was used as a weapon
to introduce a lying-dormant cyber pathogen endangering San Bernardino County’s
infrastructure, a Violation of Cal. Penal Code § 502 (Lexis 2016), and which would
pose a continuing threat to the citizens of San Bernardino County.

Apple has not advanced a single argument to indicating why the
identification and prosecution of any outstanding coconspirators, or to detect and
eliminate cyber security threats to San Bernardino County’s infrastructure
introduced by its product and concealed by its operating system, and Apple’s refusal
to assist in acquiring that information, is not a compelling governmental interest.

To the extent that Apple states in its brief at page 33 that there is no compelling
state interest because the government “has produced nothing more than speculation
that this iPhone might contain potentially relevant information,” Apple completely
forgets that a United States Magistrate has issued a search warrant based on a
finding of probable cause that the iPhone does contain evidence of criminal activity.
The reason we search is to find out if the device contains evidence or is an
instrumentality of the crime. Such authority is granted by the United States
Constitution.

Got that? As long as the DA makes up some totally mythical “cyber pathogen,” so long as Apple has not proven that such a thing is not on the phone, then open ‘er up, Apple!. That’s a fascinating view of due process.

Oh, speaking of due process, Ramos then, absolutely ridiculously, flips Apple’s 5th Amendment due process argument on its head, arguing that by not hacking into users’ devices, Apple is the one that is harming due process rights. Really:


The California Constitution guarantees victims of crimes committed in
California a Victims’ Bill of Rights…. These rights include
those shared by all people of the State of California, “that persons who commit
felonious acts causing injury to innocent victims will be appropriately and
thoroughly investigated brought before the courts of California and tried by
the courts in a timely manner.” … The Victims’ Bill of
Rights continues to state, “In order to preserve and protect a victim’s rights to justice
and due process, a victim shall be entitled to the following rights… To be reasonably protected from the defendant and persons acting on
behalf of the defendant”… and the right to have all
relevant evidence admitted in any criminal proceeding….

The due process protections of the California Constitution clearly attach to
not only the fourteen people murdered, and the twenty two injured in the assault,
but also those physically uninjured, but mentally injured survivors who witnessed
the mass murder.

Apple is infringing on the due process rights of these real, and not
speculative, victims. It is preventing protection from the defendant and those who
assist the defendant. Through the design of its operating system and its refusal
to assist in accessing the information contained on the seized phone, Apple is
preventing the acquisition of information leading to the identity or elimination of
outstanding coconspirators.
This denies the surviving victims of the knowledge that
there are either no additional coconspirators, or that those that are outstanding will
be pursued. Apple’s actions in denying assistance in acquiring access to the phone
infringes on the Victims’ right to be reasonably protected. Denying access to this
information deprives victims of all relevant evidence in any criminal proceeding
that could be the product of the information contained on the phone, and it certainly
is denying the victims of the right guaranteed to them to have the case investigated
and prosecuted in a timely manner.

Let’s put this simply: this is an insane reading of the California Constitution. Based on this, Ramos can basically argue that anyone and anything that gets in the way of law enforcement finding out absolutely anything, no matter how speculative is infringing on someone’s due process rights. Did you sell someone a shredder that allowed them to shred a paper that may have included something useful? You’ve infringed someone’s due process rights. Did you happen to overhear someone planning a crime, but you can no longer remember what the person looked like? You’ve violated the victims due process rights. That’s not how it works. Private companies don’t infringe on someone’s due process rights — governments do.

And, then, just because this isn’t crazy enough already, in somehow arguing that a private company has the burden to prove a negative, and that a private company is responsible for due process, Ramos argues that Apple is “usurping the authority of the District Attorney“:


In refusing to assist in the opening of this repository of evidence, Apple is
making the defacto decision of who can be charged with a crime and is giving a de
facto grant of immunity to those iPhone users that use the phone as an
instrumentality of a crime, a cyber weapon, or store, intentionally or not, evidence
of a crime on the device. Questions of whether Apple’s conduct falls within
traditional definitions of harboring one who commits a crime aside, Apple is
infringing on the authority of the District Attorney to make charging and immunity
decisions. Apple is free to exercise its First Amendment rights to express what
activities, including none at all, should be considered crimes, or who should be
charged with a crime, including nobody, but Apple has no de jure or de facto
authority to make those decisions by its actions.

No person but the San Bernardino County District Attorney and his deputies
are authorized to decide when criminal charges are brought or not brought, or to
whom to provide a grant immunity from prosecution in San Bernardino County.
Apple has no such dejure or defacto authority in San Bernardino County.

Except… that’s nuts. Apple is not “granting immunity” or making decisions about who can be charged with a crime. Like the whole “dormant cyber pathogen” this is Ramos simply making up shit and telling it to a judge. Nothing that Apple is doing prevents law enforcement from bringing charges if they have enough evidence. But, once again, Ramos is flipping the very concepts of burden of proof and due process in suggesting that any technology that happens to get in the way of collecting evidence is somehow “granting immunity.”

If you thought that wasn’t crazy enough, Ramos keeps going deeper and deeper into the “What did he just say…..?” hole. Next up: claiming that Apple is an “Orwellian arbiter” of privacy, which in his mind is illegal because Apple is not a public policy maker, and thus is somehow not allowed to build systems that keep customers’ info private. I’m NOT JOKING (though, really, I wish I was).


Apple asserts that its operating system and its refusal to assist in unlocking
the phone is, in Apple’s view, necessary to protect the privacy interests of its
customers. Apple advances its concept of privacy as absolute privacy in the context
that it proffers the opinion that the contents of any Apple iPhone or Apple mobile
device is immune from any type of government intrusion due to its security features.
While Apple can represent what it chooses in its marketing of its devices and
operating systems, Apple is neither the legislature nor judiciary empowered to
define privacy as absolute. Apple in not a public policy maker. Apple is a for-profit
corporation. No one has appointed or elected Apple to be the Orwellian arbiter or
definer of privacy for society or even for all of Apple’s customers.

This falls into the so wrong it’s “not even wrong” category. It’s insane. It’s not even in the realm of reality. Of course a for-profit company gets to determine what kind of privacy tools it offers customers. Is Ramos honestly claiming that companies are somehow breaking the law by building secure systems? Because that’s crazy. It goes directly against basically… everything.

From there, Ramos again pretends the case is about something entirely different:


Apple’s concept of absolute privacy and immunity from government search
is not supported by the Constitution of the United States or the cases that interpret
it. Furthermore, Apple has no privacy rights in the device before the Court, nor is it
legally permitted to assert any privacy rights regarding the search of the San
Bernardino County-owned phone.

Right. And Apple is not asserting privacy rights here so what the hell is Ramos even arguing about here? He’s making things up that aren’t even remotely related to the case. Apple is not arguing about its privacy rights. It’s arguing about whether or not the All Writs Act can be used to force it to build hacking tools that undermine the safety and security of its customers.

Ramos then goes on to totally misinterpret the finding in the famous Supreme Court Riley v. California decision about whether or not law enforcement could search mobile phones without a warrant. The ruling in that case, quite rightly and importantly, noted that you could not search a mobile phone without a warrant. But, Ramos pretends that means that the Supreme Court’s decision means that all data on cellphones must be accessible under a warrant, which is not what the court said at all.

Hilariously, after raising issues that aren’t before the court at all (Apple claiming a right to “privacy”), Ramos claims that Apple is the one raising issues not before the court — and appears to do so by not understanding what the actual issue in this case is about:


Apple asserts that unlocking the seized iPhone will open the siege gates and
make its users’ personal information vulnerable to hackers, identity thieves, hostile
foreign agents and unwarranted government surveillance. It has also expressed
concerns about how foreign governments may treat their citizens and the demands
that might be made on Apple. None of these issues are before the Court. This case
does not involve speculation as to what foreign governments may demand of Apple,
or how Apple may respond to those demands in the future. There is no issue of
identity theft here, and Apple has not advanced an explanation of how unlocking
this phone would lead to identity theft elsewhere, nor have they advanced any
evidence of identity thefts caused by their unlocking phones prior to the deployment
of IOS 8. Similarly, Apple warns of unwarranted government surveillance. No
surveillance is present here. Apple has not advanced any evidence or explanation
of how this surveillance will be unleashed by unlocking this phone. Apple cites the
hacking of the Office of Personnel Management as illustrative of the dangers of
hacking into databases, yet these databases were not contained on a specific iPhone
as the evidence here is nor has there been an indication that the databases were
hacked by an unlocked iPhone. These speculative concerns do not outweigh the
compelling interest in the need to acquire real evidence of real crimes from the
seized iPhone.

Here’s the thing. This isn’t that complicated. The law at issue in this case is the All Writs Act. The All Writs Act specifically notes that any “writs of assistance” must be “appropriate” and under the law it’s been determined that to be “appropriate” it cannot be unduly “burdensome.” The judge in the case has specifically requested that the parties focus on whether or not the order is unduly burdensome, and that’s why Apple raised all of the issues above, directly answering the judge’s questions which directly relate to the law at hand. To argue that these are “issues not before the court” suggests such a profound ignorance of the case here that one wonders what Ramos is doing here and how he got elected to be San Bernardino’s DA.

And, really, for Ramos to whine that Apple’s evidence of actual security concerns are somehow too “speculative” when he’s the one spewing nonsense about speculative “dormant cyber pathogens” is just… insane.

Finally, Ramos concludes by saying that, look, he doesn’t really give a shit how Apple breaks encryption, but it needs to be able to break encryption:


Apple’s creation of their iOS 8 and iOS 9, the product of their brilliant
engineering created all these issues where it did not exist in previous operating
systems. There is nothing unreasonable in having this same brilliance applied to
remediating the problem they created. How Apple chooses to accomplish this is a
matter of their own choosing. Neither the FBI nor San Bernardino County District
Attorney is asking to know how they do it, or directly possess the tools to do so.
How Apple resolves the problem, or protects the solution is not our concern. We
only seek for this Court to compel that Apple do so.

That’s the DA version of “nerd harder, Apple.” Of course, it (once again) totally misunderstands and misstates the issue. Also, while it is true that, in this case, there do appear to be technical ways (very, very dangerous ones) to force Apple to do what the FBI wants (which, we should note has very specific requests, which Ramos doesn’t even seem aware of, despite being widely discussed), is Ramos honestly asserting that in cases where there isn’t such a backdoor possible that companies still be required to break in, even when that’s mathematically impossible?

The people of San Bernardino County deserve elected officials who actually understand the issues at hand. Not technically and legally ignorant buffoons who file such misleading tripe in such an important case.


Support our crowdfunding campaign to help us keep covering stories like these!



Filed Under: , , , , , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Full Brief From San Bernardino District Attorney Even More Insane Than Application About 'Dormant Cyber Pathogen'”

Subscribe: RSS Leave a comment
103 Comments
Richardsays:

Re: Re: Re: Re: Proving A Negative

Where does this myth come from that one cannot prove a negative?

Well then, how would you prove you’ve never killed anyone?

YOu can prove certain kinds of negative.
eg There are no classical glueballs but not others.

Usually the method is by reductio ad absurdum.

Actually – come to think of it I think Ramos may have done just that – his rant is sufficiently absurd.

Derek Kertonsays:

Re: Re: Re:2 Re: Re: Re: Re: Proving A Negative

US Law and the rules of logic are not the same thing.

US Law clearly states “innocent until proven guilty” which means the negative is assumed, and thus does not need to be proven.

Logic holds that you cannot prove a negative, because there is no evidence to prove something does not exist, or did not happen. Another way to spin it is “Absence of evidence is not evidence of absence.” This is not a logical law, but rather an approximation first expressed by skeptic James Randi, who pushed the burden of proof to people who affirmed the supernatural.

More precisely, you CAN infer a negative to a fairly high degree of confidence in some situations, but you cannot fully prove it.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re: Proving A Negative

Apple is not being charged with a crime.

Yet the San Bernardino County Prosecutor’s amicus brief sure does make it sound like he’s contemplating charging Apple with a crime.

Thinking it through? Charging Apple with a crime might be one way to test whether Apple’s corporate management cooperated with any agency of the federal government to develop or code-sign an exploit tool for the iPhone 5c. If the People of California charged Apple, then I’d expect Apple, if they could, to defend by bringing forth evidence of their cooperation. Still, such cooperation might be considered a state secret, and the actual facts might never reach the public eye.

Anonymoussays:

Re: Re: Re: Well then, how would you prove you've never killed anyone?

I could respond that that is

  1. A personal question
  2. Just one out of an infinity of potential negatives, and that failure to prove one does not prove your general case.

Can you prove that you are leaving the world a better place than if you had never been born?

If you cannot, does that make it a negative?

Anonymoussays:

Re: Re: Proving A Negative

“arguing that it is Apple’s burden to prove that there is no such dormant cyber pathogen. PROVE A NEGATIVE, APPLE!”

“Where does this myth come from that one cannot prove a negative?”

This is what religion does they say they have a god, and their proof is it is written so it is so. Well the DA wrote it, so it must be so. Like me writing GOD does not exist.

Well I would like proof of GOD, So come on you religious nuts prove it! Don’t ask me to disprove him, you have to prove it, I wrote it, so it is so.

That is the oldest I know of the myth, it all comes from religion.

Anonymoussays:

Zdziarski: This means jailbreak

?On Dormant Cyber Pathogens and Unicorns?, by Jonathan Zdziarski, Zdziarski’s Blog of Things, Mar 3, 2016

This Means Jailbreak

Next, lets take a look at how a cyber pathogen would work on an iPhone to begin with. Any serious kind of attack on a network would likely require raw packets or other forms of low level networking. The iPhone does not allow for PF_INET and SOCK_RAW, or other kinds of low level packets, to be used from within the app sandbox.?.?.?.

A jailbroken iPhone means that the code signing on the device has already been compromised. There are a number of commercial forensics tools capable of imaging a jailbroken iPhone simply because this code signing barrier is out of the way? it also means that the one big piece to what the FBI is after (Apple?s code signing) isn?t in fact needed at all?.?.?.

So if indeed the iPhone is being used to launch a never before-seen low level cyber attack against Farook?s employer, then the iPhone itself is likely already jailbroken, and there?s simply no need to even involve Apple at all.

kenichi tanakasays:

Just where the hell does Crazy Mike Masnick come up with these bizarre ideas? What I’m referring to is his comments in the article:

Did you happen to overhear someone planning a crime, but you can no longer remember what the person looked like? You’ve violated their due process rights.

That is a very bizarre comment for Mike to throw out there. Just because you can’t remember what someone looks like, it doesn’t violate their due process rights. Matter of fact, it helps the person who committed the crime because you are no longer a qualified witness against him at trial.

While the “brief” is bizarre, Mike Masnick’s comments are even more bizarre. This isn’t disrespect, but it’s apparent that Mr. Masnick didn’t take the time to think his comment through or he was very tired when he wrote the article above. I was rolling my eyes at the ceiling when I read that because it made absolutely no sense.

OldGeezersays:

Re: Re:

Eyewitness testimony has been proven to be very unreliable and many innocent people have spent years in prison on that being the entire case against them before new evidence clears them.

It is rare that police artist drawings from witnesses end up looking anything like the criminal. I remember laughing while watching an episode of Forensic Files that a drawing police actually released looked a lot like Elmer Fudd from the Bugs Bunny cartoons.

If you were to ask me to describe the check out clerk that I chatted with for several minutes while he rang up my groceries just a couple hours ago I couldn’t give you much. He was white, maybe mid 40’s and about my height. I don’t think I could pick him out of a line up.

shanensays:

Finally! But don't you want MY money?

Glad to see that they got their funding, but why not replace that project with another deserving project to consider? Even better, why not offer several choices for us to consider? Even better than that, why doesn’t someone (could be TechDirt) act as the charity share brokerage and hold the money for to-be-funded projects?

Davidsays:

When was he proclaimed king?

No person but the San Bernardino County District Attorney and his deputies are authorized to decide when criminal charges are brought or not brought, or to whom to provide a grant immunity from prosecution in San Bernardino County.

Uh what? Who died and made Ramos megalomaniac? His job is to serve the law, not be it. They do not have the power to “grant immunity from prosecution”.

The only time when he rather than the law and circumstances determine the decisions is when he is incompetent and/or not doing his job. Like a mason who claims he is the one deciding where bricks go.

Davidsays:

Re: Re: Re: Re: When was he proclaimed king?

It’s also the duty of a mason to “decide” where to lay a brick. But that’s just following the laws of physics, the art of his profession, and the plans from the architect. The decisions don’t reflect his will but his expertise. They are not deliberate.

Reading his words, Ramos confuses making the decisions demanded by dutiful execution of his job with power. He thinks he can “grant immunity” against the law. He thinks he gets to “decide” about who gets charged or not rather than to “determine”. If he does his job properly, the decisions are prescribed and he is not wielding power rather than enabling it.

Anonymoussays:

Re: Re:

Not so much actually.
It went from the brief where you could be thinking “This is written by a first year law student who have played waaay to much Ace Attorney and aparrently uses google translate to translate it to serbian and then back to english” to this full blown piece of insanity, where you are wondering if maybe someone spiked your coffee with some very potent drugs and you are just having a very bad trip.

alsays:

Why not ask the UK instead?

Sigh
All this fuss over these laws and what rights. But its perfectly simple.

All the government has to do is ask the UK to get Apple to create this software for them ( Investigatory Powers Bill 5353- Power to grant authorisations). Companies can be compelled to remove “electronic protections” that they have applied to their users messages and devices)

“oh look, You did it for the UK, how about us then?”

Ho hum, job done. Time for a beer

orbitalinsertionsays:

Oh dear. Violating due process. By his definition, then, this happens every time the cops leave any case unsolved, or don’t really bother (which is often), whether it is murder or fraud or a stolen bicycle. Further, the courts and prosecution also violate due process since they do not seek to expose the full truth, but merely win their case. Also, the entire Earth should be held in contempt for not coughing up anyone or anything that was never found. Squints really hard in the direction of things like concrete and fire and random holes in the ground.

Capt ICE Enforcersays:

Re: Re: Re: Re: Re: Re: Doing the right thing

Remember, it is not the terrorist that are not hanging us. Sure they do bad things to a few people. But the elected officials who are supposed to Represent us, Not Control us are the ones who are really wrecking it for all of us. Remember, people die ever second of every day. Nobody is immortal (Disclaimer… Chuck Norris is)

SteveMBsays:

Re: Re: Doing the right thing

If they would have destroyed this phone like the others we wouldn’t have this discussion.

Obviously, they filled this phone with phony evidence designed to lead the authorities on wild goose chases and discredit them (well, discredit them worse than they already are). The clear conclusion is that the phone should be left lock and the case should be dismissed.
There is no evidence of this, but I wouldn’t call it a total hypothetical.

American Patriotsays:

American Constitutionalism

Anyone who willfully and intentionally undermines the laws and purpose of the US Constitution and who is a citizen under which is prescribed to be governed by the US Constitution should immediately be charged with HIGH TREASON. That should be especially quick and decisive for judges who above all else should know the LAWS contained therein more than anyone else.

Anonymoussays:

Re: Re: American Constitutionalism

If that were true you would lose most of your police and government employees. Somehow I do not think they are willing to arrest themselves for their crimes.

If the people are going to hold their leaders accountable then they cannot rely on the corrupt and criminal elements in their government to support them on it.

Whateversays:

I guess I have a problem with the whole discussion because, while the words chosen and the over the top presentation are almost too much to handle, there are some good and valid points.

The question of a computer virus, while more than a little off the beaten path, actually makes some sense. It’s been often discussed that attacking the US water supply would be a terrorist’s wet dream, the perfect way to harm as many people as possible and o inflict long term suffering on many. That this guy was working for the water department, and had a device which regularly connected to the work network from inside any firewalls or general protections does create the potential for some risk.

There is a miniscule chance that he may have planted a back door or otherwise hacked the network of water department. It’s insanely small, but the point is still valid. They had someone who appears to have planned terrorist acts working inside the company, and they have valid reasons for concern.

I also think in some ways (but perhaps not the way they claim) that it is true that Apple has ended up in the position of deciding what should / could be accessed. It’s not correct to try to paint it as being above the law, but it does raise points.

It’s easy as hell to call this guy out, the brief is way over the top. But underlying it, there does appear to be at least a smidgen of reasonableness. Dismissing it out of hand to is to miss that point.

Anonymoussays:

Re: Re:

I have a huge problem with the DOJ position, in that it assuming that people cannot protect their papers etc. from the prying eyes of governments, when governments take an interest in those papers. Doubly galling is that this position is being pushed by a department that does everything that it can to prevent public oversight of its activities, by refusing and delaying the release of papers that the law says it should release..
If some criminal escape because of strong encryption, so be it, as it is a fair price for privacy. The alternative is that the law abiding citizen ends up being preyed on by criminals and governments, as if their is much difference.

Whateversays:

Re: Re: Re: Re:

There are two things against that argument:

First, ignore technology for a minute, and let’s consider normal circumstances. Someone commits a heinous crime, and the police get warrants for “home, office, storage facilities, lock boxes, and the like…” and they go and search all of those locations. Private papers in a safe? They break open the safe. In the lock box or safety deposit box? They get it opened. Your right to privacy more of less ends when the warrant is issued.

So given a valid set of warrants, and given that every other location for documents and information could be searched, what makes the phone so special as to not be subject to a warrant like everything else?

(for what it’s worth, paper documents written in code would likely be decoded).

Second, and equally important here, is that the owner of the phone (not the criminal, the government) wants the phone decrypted. The question of privacy in this instance is, well… not exactly clear.

That One Guysays:

Re: Re: Re: Re: Re: Re:

Both of those can be addressed with the same idea actually.

What makes the phone ‘not subject to a warrant’, and makes the ‘warrant’ problematic(to say the least) is that what is being demanded is not something currently in Apple’s possession. They cannot hand over the information on the phone, they don’t have it, nor can they access it without extensive effort on their part due to bungling on the FBI’s part.

The ‘warrant’ is not asking for something that currently exists, it’s demanding that Apple create something in order to gain access to the contents of the device, and that’s the main point of contention, whether or not companies can be forced to create something in order to undermine their own security(along with the idea of whether or not companies can be forced to bypass their own security in general).

John Fendersonsays:

Re: Re: Re: Re: Re: Re:

“given a valid set of warrants, and given that every other location for documents and information could be searched, what makes the phone so special as to not be subject to a warrant like everything else?”

Absolutely nothing, and the cops have every tool available to them that they have available in those other cases. They can legally crack a safe, and they can legally crack encryption.

That’s not what this debate is about. This debate is about the government being able to tell everyone that they cannot have locks on their doors that are too strong.

Anonymoussays:

Re: Re: Re:2 Re: Re: Re: Re:

That’s not what this debate is about. This debate is about?

I continue to disagree. Imo, this ?debate?, in large part, is a deception exercise.

Given the technical characteristics of the ?Apple make: iPhone 5C, Model: A1532, P/N: MGFG2LL/A, S/N FFMNQ3MTG2DJ?, it remains my firm belief that the government has the capability to obtain the decrypted contents of the ?Toshiba THGBX2G7B2JLA01 128 Gb (16 GB) NAND flash? without Apple’s assistance.

Given the totality of the circumstances in this case, it remains my belief that it is rather likely that the government either ?? has exercised that independent capability, or ?? has already obtained voluntary assistance from Apple resources. Either way, it remains my belief that government already knows what’s on the specific iPhone at issue.

Thus, much of the ?debate? is deceitful.

Anonymoussays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

or ? has already obtained voluntary assistance from Apple resources.

Let me amend that. Please strike the word ?voluntary.?

It remains possible that Apple resources have cooperated with or provided assistance to the government under concealed duress.

The amended second bullet point should thus read:

or ? has already obtained assistance from Apple resources.

That One Guysays:

Re: Re: Re:3 Re: Re: Re: Re: Re:

Given the totality of the circumstances in this case, it remains my belief that it is rather likely that the government either ? has exercised that independent capability, or ? has already obtained voluntary assistance from Apple resources. Either way, it remains my belief that government already knows what’s on the specific iPhone at issue.

I partially agree, and partially disagree.

Can or have they cracked the security on the phone themselves? Quite possibly.

However, as at this point I am firmly of the belief that their entire interest in the case rests upon the precedent they hope to get from it, rather than anything on the phone itself, even if they could, with absolutely minimal effort on their part even, I have no doubt whatsoever that they wouldn’t.

They don’t care about the phone, all they care about is what it can do for them, that is why they’re pushing so hard in the case, so in that fashion I would absolutely agree that the ‘debate’ is deceitful, as the reasoning behind the government actions(‘we just want to investigate every possible angle’) is not even remotely in line with their actual motives.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re:

their entire interest in the case rests upon the precedent they hope to get from it, rather than anything on the phone itself

Not necessarily.

The government has a history of concealing sources, methods and capabilities.

Consider what happened: It was a high-profile incident of domestic terrorism, with a possible bioterrorism angle. The federal response came in by Dec 3, and the President and Congressional leadership were briefed quickly. The resources would have been pouring in: ad-hoc teams assembled, and thrown into action. In that situation, it’s possible that capabilities were revealed to task force members who were not cleared to know about the existence of those capabilities.

Part of the government’s interest may be in attempting to preserve the secrecy of their sources, methods, and capabilities.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

In that situation, it’s possible that capabilities were revealed to task force members who were not cleared to know about the existence of those capabilities.

Part of the government’s interest may be in attempting to preserve the secrecy of their sources, methods, and capabilities.

Oh, further?

Once the immediate crisis was under control, and the urgent need for inter-agency cooperation and inter-government coordination had passed, then various agencies may have reverted to bureaucratic turf-protection, and budget-envy.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

It was a high-profile incident of domestic terrorism, with a possible bioterrorism angle.

?Domestic? should be qualified here. Asterisked: ?Domestic(*)?. Or maybe the word should be elided altogether.

Tashfeen Malik

Tashfeen Malik (July 13, 1986 ? December 2, 2015) was born in Pakistan but lived most of her life in Saudi Arabia.

(Footnotes omitted; not checked.)

It was a high-profile terrorism incident, taking place in California, with a possible bioterrorism angle.

Anonymoussays:

Re: Re: Re:6 Re: Re: Re: Re: Re: Re: Re: Re:

?Domestic? should be qualified here. Asterisked: ?Domestic(*)?.

According to the following report, after the San Bernardino incident, NSA obtained telephone metadata and looked for foreign involvement.

?NSA chief: ?Paris would not have happened? without encrypted apps?, by Michael Isikoff, Yahoo, Feb 17, 2016

In an exclusive interview with Yahoo News?.?.?. [National Security Agency Director Adm. Michael Rogers] confirmed for the first time that the law was used successfully by the NSA after the San Bernardino terror attack to retrieve the phone records of the two perpetrators, and the agency ?didn?t find any direct overseas connections.?

(Emphasis added.)

What’s unstated here is whether or not NSA found ?indirect? overseas connections in the phone metadata.

Anonymoussays:

Re: Re: Re:4 Re: Re: Re: Re: Re: Re:

Can or have they cracked the security on the phone themselves?

Btw, since I haven’t re-mentioned this recently?

The iPhone 5c contains ?Elpida B8164B3PM-1D-F 8 Gb (1 GB) DDR2 RAM under the A6 system-on-a-chip.?

The A6 SoC also happens to be used in the iPhone 5 along with Elpida LPDDR2 SDRAM, stacked in a ?package-on-package (PoP)? configuration. This A6 die photo from UBM Tech Insights, which accompanies an Anandtech article shows the ?2 x 32-bit LPDDR2 memory interfaces.?

The LPDDR2 SDRAM could be sourced from another manufacturer than Elpida. More to the point, the SDRAM could also be replaced with another physical device which interfaces with the A6 application processor.

An attacker with logical control over the ram has a powerful degree of control over any code executing on the application processor. In particular, I very strongly suspect() that time-of-check to time-of-use vulnerabilites would be exploitable with hardware control over the ram.

?

() Very strongly suspect: Really high confidence.

Anonymoussays:

Re: Re: Re:5 Re: Re: Re: Re: Re: Re: Re:

I very strongly suspect(*) that time-of-check to time-of-use vulnerabilites would be exploitable with hardware control over the ram.

That’s not to discount the probability that other, less-invasive hardware techniques could also be used to exploit TOC-TOU vulnerabilites, and thus run unsigned code on the A6.

Anonymoussays:

Re: Re:

That this guy was working for the water department ? the network of water department

Rizwan Farook

Occupation

Farook worked as a food inspector for the San Bernardino County Department of Public Health for five years before the shooting. From July to December 2010, he was a seasonal employee for the county. He was hired as an environmental health specialist trainee on January 28, 2012, and became a permanent employee on February 8, 2014.

(Footnootes omitted. Checked: ? LA Times ?CNN.)

?Food inspector? for the Public Health department is not quite the same as working for the Water and Sanitation department.

Anonymoussays:

Re: Re: Re: Re: Re: Re:

sure it is, he makes sure there IS sewage and sanitation!

Although I linked to the San Bernardino County Special Districts Department, when I was googling around for that link, it appeared to me that cities in San Bernardino County might organize their water supplies similarly to Genesee County, Michigan, and the City of Flint Department of Public Works.

?Food inspector? for Public Health is simply different.

Anonymoussays:

Re: Re:

How exactly is Apple deciding what should and could be accessed? They have worked in large degree with law enforcement in trying to obtain information that might be on the phone. But again, this isn’t the crux of the matter. If the fbi wanted to create a backdoor, it should turn to its own experts or those in the nsa, or elsewhere. Apple should not be required to thwart its own security software because of the hypothetical beliefs of law enforcement, as has been pointed out time and again. It should not be forced into endangering a far greater number of users because of the asinine assertions of people like Ramos. Does Apple’s stance have implications for obtaining information on that phone. Probably. But to draw from that they they are setting themselves up as deciding what should and could be accessed is a great leap and a terrible misstatement.

Wyrmsays:

Re: Re:

Let’s consider this possibility for a few minutes…
1- you say yourself that the probability is insanely small… so how does that make a probable cause? Given the chances, that’s more of an “improbable cause”. Good reason to reject it as a reason to break communication security.
2- if they had such a masterfully executed plan, why throw the whole concept of keeping it hidden and risk everything by starting a suicide attack like this? That’s the kind of stupid plan that only exist in James Bond movies, just so the hero has something to start investigating.

Whateversays:

Re: Re: Re: Re:

I look at the chance being insanely small in theory, but in practical terms considering the guy committed a terrorist act, you cannot discount the concept so easily. So while the probability under normal circumstances would be insanely small, with a deranged terrorist there is potential.

Does it rise up to probably cause? Well, considering his other actions, it’s hard to discount it entirely.

Moreover, you don’t need probably cause here: The owner of the phone is asking for it to be accessed. There is no privacy expectations or need for probably cause in play here.

Anonymoussays:

Re: Re: Re: Re: Re: Re:

Moreover, you don’t need probably cause here: The owner of the phone is asking for it to be accessed.

Consent is certainly an exception to a warrant requirement for search and seizure.

But it’s wrong to say that the government has a valid warrant in the absence of probable cause. And it’s duplicitous to argue that the presence of consent necessarily implies that the probable cause standard has been met.

Techmavensays:

This is why lawyers should go to accredited law schools...

I read this nightmare of a brief and thought to myself, ‘this can’t be real… It’s so bad, it must be a 1L’s doing.’

Well, I’m half-right. Ramos is what happens when you elect a DA who can’t even get into a real law school, and attended a school boaating an 8% bar passage rate. Hack brief writing and laughable lawyering.

This is why

https://en.m.wikipedia.org/wiki/California_Southern_Law_School

Anonymoussays:

Re: Re: This is why lawyers should go to accredited law schools...

boaating

?boaAting???

That reminds me of a comment I saw over at Ars the other day on this topic. The commenter was talking about ?nuclear missile lunch sites?. I thought to myself, ?Lunch sites? Pastrami on rye.? It was just funny. ?Nuclear missile lunch sites.? Amusing.

?

?

Then I thought, ?With or without salmonella? Maybe it’d better be hold the mayo?on that pastrami on rye.? Suddenly, it wasn’t quite as funny anymore.

letherialsays:

even the late baby boomers are stupid

This case gets so confusing on what it is about. Its really about what the all writs act lets the government do, can the government force apple to get engineers already working on something and move them to do break this device? If that is not a undue burden then i dont know what could be.

If the government can force apple to build software, can they get them to build other software? Maybe a effective brute force program? wont they need one? what about android products, could they get apple to try and crack a android program? all these of course sound ridiculous, but this entire case is ridiculous, so lets not leave out the far extremes…Michael Ramos clearly isn’t

Stephensays:

What is he doing there?

An interesting issue is raised in this article: “…what Ramos is doing here and how he got elected to be San Bernardino’s DA”.

The key word here is ‘elected’. District Attorney should not be a political job, where each candidate tries to prove that their cojones are larger than the others’. The DA is a government official who should serve the government of the day with free and frank advice, and professionally prosecute those cases that need to be prosecuted.

As soon as you start electing public servants, you start encouraging the wrong people to seek the position and to become performers rather than hard working servants of the public. They don’t need to know anything about their job, and in the case of DAs all they need to say is “I’m tougher on crime than that guy” (while I normally use ‘guy’ as referring to both sexes, in this case it is pretty much always a male who performs the role of DA – maybe there’s a typecasting issue there).

So take the job away from politicians who are simply hanging around until they get a judge-ship (speaking of which…). Find the most qualified person, regardless of their ability to lie in public, and get them onto the job! This whole idea of electing everyone in public office, or of getting rid of them when you elect their new boss, is poisonous and results in getting the best ACTOR for the job (Ronald Reagan comes to mind – and he wasn’t even a good actor). Losing all the talent and institutional memory every three or four years is just crazy. That’s not ‘improved democracy’, it’s just encouraging all of your officials to focus on the next election rather than the job you want them to do.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow