FBI Looks Into Unlocking Minnesota Mall Stabber's iPhone (cnet.com) 99
An anonymous reader quotes a report from CNET: The Minnesota man suspected of stabbing 10 people in a mall before police fatally shot him left behind his iPhone. Now, FBI agents are looking into unlocking his iPhone as part of the investigation. The FBI says Dahir Adan, 20, attacked several shoppers on September 17 in a frenzy, asking his victims if they were Muslim before he stabbed them. ISIS claimed responsibility for attack shortly after. FBI director James Comey told the House Judiciary Committee his agency is reviewing Adan's electronic devices -- but is having issues getting into his iPhone. The device remains locked, as agents are "exploring technical and legal options," Minneapolis FBI spokesman Jeff Van Nest said. He declined to specify what model the iPhone was.
Hook, line, and sinker (Score:5, Insightful)
Re: (Score:1)
Re: (Score:1)
We have no interest in giving up any civil liberties. We will, however, happily hand over all of our muslims.
Re: Hook, line, and sinker (Score:1)
That is giving up our liberties.
Re: (Score:2)
Are you trying to claim that the FBI failed to get a warrant to access a deceased person's iPhone? After all, the only thing that has to be achieved to search people's papers and property is a warrant.
What exact civil liberty is being given up here?
Re: (Score:1)
Hmm Slashdot censoring words?
If it wasn't for some random AC, I would've never found out about Gaynigge rs from Outer Space (not sure if that's a good thing or not)
http://www.imdb.com/title/tt02... [imdb.com]
Re:Hook, line, and sinker (Score:4, Insightful)
The point the OP was trying to make is that many, perhaps most, of these attacks are perpetrated by mentally unbalanced individuals, and are not planned attacks by an organization. Yet, the media and the politicians love to play up the, at one time, Al Qeada, and now, ISIS angle because it's good for the terrorism industry. Or they're stupid - it's not always easy to tell. But the reason for the American public's gullibility is clear. If there were any doubts about the intelligence of the American electorate before, this election has settled the matter.
Re: (Score:2)
Re: (Score:2)
ISIS took credit for my stubbed toe last week and these god damn dipshits eat it up ever time. Thanks for being a bunch of fucking gullible retards, America. Begin so incapable of generating even a modicum of rational thought, you deserve every single bad thing that happens to you. Smarten up, you stupid assholes.
ISIS appeals to the obsessive compulsive individuals, who are fully absorbed in their religion, because the religion satisfies a desire to feel good. ISIS makes that individual want to feel great, by doing it's evil deeds. The religion, from what I read, does not tolerate other religions, and thus, there is the motivation to do evil.
well, knives are apparently the new IED (Score:2)
Please (Score:2, Funny)
Can we start using background checks for knife purchases. How many more incidents like this one before America gets smart and passes sensible knife laws.
Re:Please (Score:5, Funny)
You seem on edge, guy. You're probably the kind of guy who cuts in line and talks back with razor-sharp humour.
Re: (Score:1)
We don't need laws, we just need smart knives that only cut when used by the rightful owner.
Terrorists (Score:5, Funny)
Re:Terrorists (Score:4, Funny)
Or... terrorists hate the freedom of OSS and prefer the over-priced walled garden model.
Re: (Score:1)
Re: (Score:2)
Or... terrorists hate the freedom of OSS and prefer the over-priced walled garden model.
Well I'm not surprised. Have you seen how beautiful their walled gardens are? [google.com]
Re: (Score:1)
Every ?terrorist? killed has shown signs of mental health issues, looks like that moron actor Ronny Rayguns idea of crippling social mental health services to save on taxes has been blown up, shot, stabbed and run down, right in all the innocent victims faces. How many lives would have been saved if that idiot had not been allowed to cripple social mental health services and letting US law enforces shoot mentally ill persons at will is not a solution, neither is tying them down and torturing them to death
Re:Terrorists (Score:5, Informative)
I know your hate is strong, your facts are not.
Do you know how hard it is to involuntarily institutionalize someone due to mental health issues? If you can articulate where you are (ie "in a room, strapped to a bed") and don't make any overt statements about a desire to harm yourself or others... you are going to be left go after just a day or three.
This was more due to the ACLU and legal challenges and not law/policy of Reagan. Sorry.
I specifically call out 'involuntarily institutionalize' as that at least gives the hope that someone notices someone is a bit crazy and might do something bad... do you honestly think that the person pondering doing evil is going to say "you know what, I can just so easily go check myself into the dr, spend a few months with some shrinks & meds and be all better and not kill anyone"? Of course not, their mind is so warped that doing what we call evil is good/normal to them.
Re: (Score:2)
I am purposely not placing my marker as to where I think the correct line is, I am simply responding to a loon who thinks that a single person was the reason we can't treat those he deems as being mentally ill, as he lacks a great deal of understanding of just some of the history on the issue well before the the 80's.
Re: (Score:2)
Making involuntary instutionalization almost impossible was a gift from the left.
Getting rid of government funding for voluntary psych wards was mostly (state-level) Republican cost cutting.
It is debatable whether any self-radicalized Americans would be slowed by it, much less foreigners.
Re: (Score:2)
Look at most of the local terrorist caught, there is a consistent record of mental health issues and this usually comes out a few weeks after the initial beat up. They do not have to be institutionalised you moron, they just need treatment they can not afford, get that treatment and they are not a problem, don't get that treatment because they can not afford it and everyone else pays that price and then they either get shot or fail to get treatment in prison. They cut back on public funding of mental healt
Re: (Score:1)
Re: (Score:3)
Why, oh why can't we get terrirists to use Android devices?
The new line for the Johnnie Cochran's out there (Score:1, Interesting)
The new line for the Johnnie Cochran's of the world: "If you can't unlock, you must acquit." The reality is that police do have a right, with a court order to search everything related to you, especially if you commit multiple attempted murders. The public has a vested interest in knowing if you had any co-conspirators among other things. That said I am all for strong encryption on all electronics. I think the best solution is some middle ground. I don't know where that middle ground is. The reality i
Re:The new line for the Johnnie Cochran's out ther (Score:5, Insightful)
Said right does not require a safe manufacturer to build backdoors into their safes, nor alter the complexity of math.
Easier said than done. The contents of a letter remain secret because people treat it that way. The contents of a safe remain secret because people treat it that way... and have a physical impediment to easy access. The contents of an encrypted device remain secret because the system is designed not to be easily be openable by anyone other than those the legitimate owner has chosen thanks to lots of math.
Currently, there is no legal requirement for a company like Apple to have a way that they & only can unlock a phone, in fact they've purposely engineered ways to make it more difficult.
It's easy to say "but in the case of terrorism, we should have the right to compel them!" ok... where do you want that right to end? Are you & Apple ready for divorcing spouses to be going to court to order the seizing of their spouses cell phone and ordering Apple to decrypt it to prove infidelity?
Such an ability also lowers the bar not only for law enforcement to legitimately investigate (via search warrant) suspects, but also the ability to plenty of others in law enforcement & government to go fishing.
Re:The new line for the Johnnie Cochran's out ther (Score:4, Insightful)
The current U.S. administration has said (at least in internal documents) that all conservative Christians are potential terrorists and are a bigger threat to security in the U.S. than ISIS. Since this policy has gone uncontested for at least 6 years despite all evidence and statistics to the contrary, I guess all the bureaucrats don't have a problem with this. If we say that encryption must have back doors "because terrorists" then aren't we saying that any group that is out of favor politically should loose their 4th & 5th amendment rights?
Re: (Score:2)
If we say that encryption must have back doors "because terrorists" then aren't we saying that any group that is out of favor politically should loose their 4th & 5th amendment rights?
They want to deny 2nd amendment rights to those placed on the no-fly list so why not?
Re: (Score:2)
I see nothing that goes against the fourth or fifth here.
The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
For the Fifth in fact, it doesn't even apply, the guy is dead.
Re: (Score:3)
Giving any government backdoor keys will always be bad.
What about physical access to device. Should the device contain the decryption key, so that it could be decrypted if the flash chip is removed?
Disassembly that might take a tech an hour or two?
I ask not for government but for other third parties. If you die should your spouse gave legal right to access your phone and encrypted storages?
Re:The new line for the Johnnie Cochran's out ther (Score:4, Interesting)
The device always contains a decryption key... it's just a matter of how hard it is to get to... and it may not actually be located in flash memory.
Disassembly yes, retrieval, no.
What do you know about focused ion beam hacking? http://semiengineering.com/eve... [semiengineering.com]
Short version: A reverse engineer can take a dozen or two chips of the same kind, slowly grind them down layer by later, selecting the best example of each level, then continue the process. Once you've gone through all of the layers you can actually construct a pretty accurate design of the internals. From there, you can use a FIB and some probes to actually get access to the inner workings of the chip.
Chip designers for years have to various extents attempted to take steps to prevent this. The one advantage they have is doing so is very difficult & expensive... but a successful hack can more than pay for itself.
Which is a fair point. If your loved one goes missing and leaves their phone behind, unlocking it to find out who they were recently talking with may be difficult if not impossible. If someone dies, your window to use their finger to unlock the device is quite short.
This is only a wider version of a long standing problem... as I don't know many people who make it a point to stash a BitLocker/TrueCrypt/etc keys to a safe spot that will be discoverable upon their disappearance or death, but secure enough that an angry spouse or law enforcement agent wouldn't be able to uncover.
Re: (Score:2)
The device always contains a decryption key... it's just a matter of how hard it is to get to... and it may not actually be located in flash memory.
The device may only contain the decryption key in the same sense that the device contains the plaintext. If the decryption key is produced from data stored in the device and data entered by the user, then a brute force attack will depend on whichever one has the least entropy which will normally be the user's key. Usually this is small because large passwords are inconvenient but if the password is strong, then there will be no practical attack which relies only on the device.
I like the thought that this
Re: (Score:2)
Currently, there is no legal requirement for a company like Apple to have a way that they & only can unlock a phone, in fact they've purposely engineered ways to make it more difficult.
Absolutely. A "masterkey" system like that would be such a huge target for corporate/government espionage. It becomes the Golden Snitch. Even if it took decades to plant someone at Apple and have them work their way up to gain access, it would still be worth it.
Re: (Score:2)
That is beside the point, since this is all about *Uncle Sam* knowing what is up with Clarise without Clarise's husband ever having an inkling.
Re: (Score:3)
Today it is about Uncle Sam wanting to know, just as it was long ago just about Uncle Sam being able to send a subpoena to Google or Microsoft for the contents of someones inbox. Once that ability exists, private lawyers will find sympathetic judges who will agree to use it in private legal matters as well.
Don't believe me? Chat with a divorce lawyer sometime as to the weapons one or both members of the case end up using against each other.
Re: (Score:1)
Re: (Score:2)
Says the person who has offered a single argument as to why an investigatory tool created for government would not later be available to private cases.
Stored data is stored data, and the law and court history is pretty clear as to who can get access and when (where there exists an access method).
Re: (Score:2)
Given the suspect is dead, they have no remaining privacy rights... and a warrant to search such a device is trivial to get.
Re: (Score:1)
Given the suspect is dead, they have no remaining privacy rights... and a warrant to search such a device is trivial to get.
Just don't forget that Apple has no ability to decrypt this single device.
The FBI however has officially stated they can decrypt any iPhone, so it is the FBI that needs to be served the warrant, and is obstructing justice if they refuse to do so.
Before claiming Apple could do so with a hackory firmware update, don't forget your own words:
This one given subject is dead and has no privacy rights.
But the rest of us are alive and well, and DO have privacy rights, so this is clearly not a legal option.
Also be ve
apple can make an ios build that does not auto (Score:2)
apple can make an ios build that does not auto wipe
Re: (Score:2)
Re: The new line for the Johnnie Cochran's out the (Score:2)
There is no middle ground. Strong crypto does not allow for the possibility you suggest.
Re: (Score:3)
There are workarounds... the most recent notable example/request being requiring Apple to push a one time update to the San Bernardino terrorists device which would remove the pin lockout counter so that the FBI could try every single combo without fear of wiping the device.
This idea runs into legal issues as given such an update would be required to be signed by Apple (so that the device trusts the update), it constitute government compelled speech... which the first amendment tends to prevent.
The bugger i
Re: The new line for the Johnnie Cochran's out the (Score:4, Insightful)
There also has to be a limit to how much work the government can compel people to do for free to help them uncover evidence. Creating, testing and pushing an OS update is pushing it in my mind.
Otherwise, why bother paying for infrastructure projects? Just start pressing people into evidence-discovering gangs: "You, you and you. We think there's a corpse buried somewhere under here, start digging. You brought your own shovel, right?"
Re: (Score:2)
There also has to be a limit to how much work the government can compel people to do for free to help them uncover evidence
That's an easy answer, nothing for free. The government is willing to pay for this work. No involved is talking about unpaid work.
Re: (Score:2)
That's an easy answer, nothing for free. The government is willing to pay for this work. No involved is talking about unpaid work.
I want to see the government pay for a brute force attack against a strong key. Given the rate of currency inflation, it will be practically free.
Re: (Score:2)
https://assets.documentcloud.o... [documentcloud.org]
The actual court order did not compel Apple to do anything for free, and offered one possible way for them to do it, but also left Apple open to suggest another method. It asked Apple to do an estimate of how much they wanted to be paid, and the way they wanted to do it, to be approved by the FBI.
Re: (Score:3)
The bugger is that there is always a way, it's just a matter as to how much time/money/leverage is available.
How much time and money and leverage do you need to decipher a message encrypted with a one time pad that was burned to ash in the explosion?
Re: (Score:2)
We must not allow an infinite monkey gap to exist!
Re: (Score:2)
How much time and money and leverage do you need to decipher a message encrypted with a one time pad that was burned to ash in the explosion?
It takes the same amount of time and money to decipher a message encrypted with 128 bit AES or any equivalently strong cypher and key, all of it.
Re: (Score:2)
Crypto like AES is only theoretically secure, and we know the spooks have had their hands in the design all major crypto algorithms in use today.
XOR is mathematically proven.
Re: (Score:2)
It would certainly be pretty big and devastating news if it was discovered that AES was compromised and even more so that it was compromised by design. There are alternatives to AES like the 4 other finalists of the Advanced Encryption Standard process: MARS, RC6, Serpent, and Twofish.
Re: (Score:2)
Re: (Score:2)
It would sicken me if mundane crime, or even terrorism, in this country, lead the way for places like China and Russia to have backdoors so they could continue with their boot stamping on a human face, forever [brainyquote.com].
Re: (Score:3)
Let's not forget how we got here. Once upon a time, phones didn't encrypt and nobody cared. Then we got secret courts with no working knowledge of the word no, an NSA that decided to ignore the bit about only spying on foreigners, an FBI that decided to get into the spy business, LEOs all the way down to the local yokels thinking it's OK to go fishing and read everyone's papers and effects based on less than probable cause as long as it's electronic, and judges bending over backwards to avoid addressing 4th
Re:The new line for the Johnnie Cochran's out ther (Score:5, Insightful)
Why should I give up my right to have a secure phone just because some idiot can't keep his sword in his scabbard? It doesn't matter what he's done or if he's alive or dead, I'm not required to have useless encryption on my devices.
Sure, the police have the right to search his stuff all day long. They can disassemble his phone, unsolder the flash chip, clone it, and try PIN after PIN against the image as many times as they want. They can hire Bruce Schneier, they can subpoena Apple, they can send his phone to the NSA, they can even ask Chuck Norris to roundhouse kick it open. They absolutely have the right to try anything to get in to the phone. But they don't have the right to succeed. They don't have the right to make us make this task easier for them.
And despite your most fervent wishing that some middle ground exists somewhere, the fact is no middle ground is possible. This is simple logic we're talking about here -- encrypted data is either secure, or it's broken. It's a boolean, not a tri-state value. And law enforcement and intelligence agencies have proven with every leaked secret that they abuse whatever trust or tools they're given, and the volume of abuse increases over time. They have constantly violated our rights and abused our trust, and every single time they start down that path the leaked data shows they've overextended their reach. It's not only irresponsible to trust them again, it's reckless. We can't trust them with a key escrow system, not even with a court protecting us - they'll just stand up another secret FISA court to get around the rules.
Besides, the existing system worked pretty darn well. Bad guy starts stabbing people, policeman shoots him dead. I don't care what his stupid motives were, because they truly do not matter to anyone. Why should we bother giving his fetid ideas a single extra minute of daylight? Let his defective brain and rancid motives lie buried in the ground with the rest of his corpse in an unmarked grave, and never be shared with the public or media. It's not like learning his motives is useful to anyone. We can't just arrest people who simply share those ideas - people always have the right to think extremely stupid and anti-social thoughts; they just don't have the right to act on them.
Re: (Score:1)
There is no third option for encryption right now, but that does not mean there can never be one. You argue that there are only two solutions, either good encryption or weak security, and while that may be true right now, and may even always be true from a technical standpoint, there may be other creative options available over time. Maybe it boils down to as you said pulling the phone memory physically and then cloning it and running every possible password until it works. As long as there is a way to g
really? (Score:3)
The Minnesota man suspected of stabbing 10 people in a mall before police fatally shot him left behind his iPhone.
I didn't realize taking it with you was an option.
Re: (Score:2)
Of course not. Apple gets a kickback from Heaven by forcing you to get a new one.
Jurisdiction? (Score:2)
Local mall. Local police. Why is the FBI in on this gig?
Yeah for sure they shouldn't get another bite at the [encryption debate] Apple... but why are they even involved and why won't someone say "Hey they have no standing here. This was a simple case of a stabbing and a shooting and it's all local and the FBI has NO JURISmyDICTION here!!!" ?
E
Re: (Score:3)
Because of ties to terrorism? ... and having more tools to try to recover data than your local PD?
Re: (Score:2)
Local mall. Local police. Why is the FBI in on this gig?
Yeah for sure they shouldn't get another bite at the [encryption debate] Apple... but why are they even involved and why won't someone say "Hey they have no standing here. This was a simple case of a stabbing and a shooting and it's all local and the FBI has NO JURISmyDICTION here!!!" ?
E
ISIS claimed responsibility. They are an international terrorist organization. That automatically makes it federal jurisdiction.
Re: (Score:2)
Local mall. Local police. Why is the FBI in on this gig?
The knife traveled in or affected interstate commerce.
Re: (Score:2)
Well, there were hand-written documents (the bad guy's "blackbook" of phone numbers, for example). There were wiretaps for phone surveillance, and the murderer had to make his phone calls from actual physical locations - not an ever-changing array of cellular and/or IP devices. If he sent a letter, the USPS could intercept it and send it on its way again undetected after the LEO folks read it. While a given operator with sufficient training could m
Apple favors rich people, shafts regular people. (Score:1)
Given that encryption came due to pressure from celebrities and Apple's failure to unlock to help cases impacting ordinary individuals, it's a bad thing.
Re: (Score:1)
Given that encryption came due to pressure from celebrities and Apple's failure to unlock to help cases impacting ordinary individuals, it's a bad thing.
Citation?
Apple favors rich people, screws regular people. (Score:2)
Given that encryption came due to pressure from immodestly exposed celebrities and Apple's failure to unlock to help cases impacting decent, hard-working, ordinary individuals, it's a bad thing.