More than a few people have scoffed at the Federal Bureau of Investigation’s (FBI) apparent inability to independently defeat the zero day safeguard designed and built into the Apple iPhone 5C used by the San Berdo Two  Islamist terrorists.

The scoffers often suggest the FBI should simply have turned to the National Security Agency (NSA), the nation’s codebreakers.  Couldn’t the NSA or other components of the US Intelligence Community (IC) have cracked into an iPhone 5C?

In OpenCdA’s opinion, the answer to the question posed is an unqualified “Yes.”

We also believe there is a reasonable explanation why the FBI handled this case the way it did. (more…)

According to the New York Times skews paper, the Federal Bureau of Investigation (FBI) has asked the Federal District Court for the Central District of California to vacate its order to compel Apple to find a way to unlock the Apple iPhone 5C used by the San Berdo Two Islamist terrorists.

OpenCdA is not surprised at this outcome.  As we observed in a comment appended to our February 26, 2016 Apple Bites, Part 2 post:

“On the other hand, don’t overestimate the quality of Apple’s or any other product’s engineering and design people. People in those occupations often fall in love with their product and become blind to the vulnerabilities that they have inadvertently (and often carelessly and negligently) engineered in. When confronted with incontrovertible evidence of a major vulnerability, everyone from the lowest snuffy design engineer up through their lying lawyers and the CEO in another country will deny the proof proves what it clearly does prove.”

Neither are we surprised that Apple’s CEO Tim Cook now wants the FBI to tell Apple what the vulnerability is so Apple can fix it.

Good luck with that.

It is not up to the FBI to use taxpayer money to identify and exploit the vulnerability your whizbang engineers stated out of ignorance or intention didn’t exist, then reveal it to you so Apple can gain a significant advantage over competitors (not to mention wiping the substantial egg off Apple’s corporate face).

Neither is it up to the FBI to compromise what may be a very effective intelligence and counterintelligence tool which it or one of its contractors developed in response to Apple’s denial.

We suspect the FBI and the rest of the Intelligence Community will consider giving Apple what it wants pursuant to a still-evolving Vulnerabilities Equities Process, but only after the value of the information to others has perished.

Or maybe Tim Cook really is a 21st century skunk … ? After all, the skewspaper article didn’t identify the company which did the break in.

On March 3, 2016, the Congressional Research Service released an interesting report entitled Encryption: Selected Legal Issues.

The new report “… first provides background to the ongoing encryption debate, including a primer on encryption basics and and overview of Apple, Google, and Facebook’s new encryption policies.”

Then it provides “… an overview of the Fifth Amendment right to be free from self-incrimination; survey the limited case law concernig the compelled disclosure of encrypted data; and apply this case law to help determine if and when the government may require such disclosures.”

Finally it provides background on the All Writs Act and applies the associated case law to the case of the San Berdo Two and “potential future requests by the government to access a locked device.”

OpenCdA hopes that FBI Director James Comey was intentionally misleading the House Judiciary Committee during his testimony on March 1.

According to today’s Los Angeles Times article headlined FBI isn’t the only agency that failed to unlock the San Bernardino killer’s iPhone, Director Comey implied that the FBI had sought help from other members of the US Intelligence Community to unlock the San Berdo Two‘s iPhone 5C, but other agencies had also been unsuccessful.

We hope Director Comey was being intentionally misleading; lying if necessary under oath to Congress.  We hope the Intelligence Community has, in fact, quietly and successfully been able to gain access to information stored on the iPhones.

We also hope that Apple was fully and completely involved and cooperative in the effort.  This LA Times article headlined While it defies U.S. government, Apple abides by China’s orders — and reaps big rewards explains what Apple has at stake.  With a little reading between the lines, we hope OpenCdA readers can also see what’s at stake for the United States.

It is in the best interest of our national security that the People’s Republic of China and our other enemies continue to believe that Apple’s iPhone security measures are unbreakable even by the US Intelligence Community.   It is also in our national security interest that if the security of Apple’s iPhones has been compromised, Apple is aware of it and is working to develop even more effective security.

Frankly, we hope that Apple is a 21st century skunk and that Tim Cook is another Kelly Johnson.

OpenCdA’s post on February 19th titled Apple Bites provided a link to the “G’s” motion to compel Apple to devise a way to block Apple’s own ten-tries-you’re-out-forever safeguard against a brute force password attack on an Apple iPhone 5c.  The “G” wants access to the iPhone 5c used by the San Berdo Two.

Apple was given until today to respond to the “G’s” motion.

Here is Apple’s response:  Apple Inc’s Motion to Vacate Order Compelling Apple Inc. to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance.

We don’t know how the Court will rule.  Although it is a case probably ripe for litigation, we wish that both parties could enlist an outside third party to help them arrive at a non-litigious solution if one is possible.

Our suggestion (made while we’re holding our nose) is that at this point, the US Congress may more appropriate than the courts to address the national security issues raised by private key encryption in the public’s hands.

The Congress, if the children we elected to go there can ever learn to play well in the Fantasyland-on-the-Potomac sandbox together, owes it to the public and private interests to reach a compromise that enables lawful counterintelligence and counterterrorist operations affecting the national security to continue effectively while at the same time not infringing on a private corporation’s freedom to build a better mousetrap.

By now most readers probably know that the US Department of Justice sought and received a federal court’s order directing Apple to help in preserving and extracting the encrypted information on the San Berdo Two‘s iPhone 5c.

Apple’s CEO, Tim Cook, refused to comply with the court order.

Today the DoJ filed a motion to compel Apple to comply with the first order.  Here is the Motion to Compel filed by the government today.

It addresses two major concerns voiced by Cook.  The first concern is that Apple would have to devise a method to access the information; the ability to do that was not part of the process.  The second concern was that the method would make vulnerable all certain models of Apple iPhones, not just the individual phone seized in the San Bernardino incident.

The government points out in the motion that Apple has already acknowledged it can devise a method to access the information; Apple can comply with the first order.

The government also explains how the method will remain in the hands of Apple and not be turned over to the government or any other party.  The government asserts those safeguards should be sufficient to satisfy Apple.

It seems to us that both Apple and the government have reasonable concerns and objectives, and we hope that the Court will find a way to enable Apple to comply with the Court’s order while at the same time preserving Apple’s proprietary interest in its intellectual property.