drwex (drwex) wrote,

  • Mood:

Further in re Apple vs US

In response to my last entry, ceo posted this link - https://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/

This post describes the security architecture and argues that it would be difficult-to-impossible for the FBI to have cloned and cracked the phone in the way I described. In the case that is true and the DOJ do not in fact have the phone's data, we have to re-ask what's going on.

This blog post - http://www.zdziarski.com/blog/?p=5645 - written by someone claiming experience with computer forensics, makes the case that the DOJ order would never stand up in court. That is, once you've allowed Apple to take the device onto its premises unsupervised and load a completely black-box OS onto it, precisely how are you supposed to trust (never mind introduce into court) any evidence gathered from it?

Answer, you can't. It's a non-starter. In fact, there's an incredibly slim chance the phone contains anything relevant or interesting, since the DOJ already has access to everything backed up from it until six weeks prior to the attack (https://medium.com/@thegrugq/feeble-noise-pollution-627acb5931a2#.okjjmoukg).

Which leaves us with some pretty straightforward security theater explanations. Referring back to the Trail of Bits blog post at the top, it's clear that the latest generation of iPhone is incredibly more intrusion-resistant than the older model in question here. I can see how the spooks would be thoroughly freaked by the idea that the next attacker would use that device and they'd be really over a barrel trying to crack it, especially if the next guy isn't so dumb as to back up his terrorist plot onto Apple's cloud. And Apple can't publicly cave without cratering its reputation.

(I'm also indebted to Robert Thau for these links and explanations; afaik he doesn't have an LJ.)
Tags: politics

Posts from This Journal “politics” Tag

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.