Texas Ranger serves Apple with a search warrant for iPhone in Texas shooting

Digital Trends ^ | Posted on November 19, 2017 2:34 pm | By Steven Winkelman

[mrsmith]

ALL Constitution haters want a world of force- not law.
Where a warrant won’t bring justice guns will.

Amazing what a big PR budget can do, even against the most inspired form of government ever.

[Swordmaker]

Someone needs to that this stuff to the Supreme Court so we won’t need to jerk around getting an answer in the future.

The US Supreme Court has already ruled on such All Writs court orders as was used in the San Bernardino terrorist case on what they can and cannot be used to order . . . and their ruling was what Apple was relying on in refusing to follow such an order.

Apple argued that it was inappropriate to require Apple to do what the FBI was asking them to do which was to what came to be termed an FBiOS, a version of iOS that would allow bypassing the inherent, built-in security which prevented anyone but the user from accessing the encrypted data. The US Supreme Court had ruled in a previous case that such an order was only appropriate to require a business to do something the business normally did in the course of their daily business, but not to do something they did NOT normally do. Apple did not normally create custom operating systems to order, nor did they routinely decrypt customer's data, even for the customer who had forgotten his/her password, etc. Consequently, under the law, the All Writs court order was completely outside Apple's normal business and not something an All Writs court order or the court had the power to require.

[Jarhead9297]

See post 22 as SCOTUS has in essence ruled on prior cases. If the data on the cloud is too encrypted and not under Apple control to break such encryption (like the iPhone) this too will apply. If not then a warrant would be valid. If not then I hope Apple does fight this to the end. I care about my data and my privacy. Some warrants are as useless as the paper they were written on.

Case in point, monkey FISA court and Trump wiretap.
I do not do not do not trust the Government and I don’t care who is CnC

[Swordmaker]

I have a lot of respect for the Texas Rangers, but the way this is being handled at their end looks like Keystone Kops. Why wait so long? Why not accept Apple's offer? Why issue a warrant for the wrong thing? WTF?

Contemporary reports when Apple first made the offer say the authorities, whether the Rangers or the FBI responded, "No thanks, we have our own forensic people who will take care of it. We don't need outside help." i.e. "Don't call us, we'll call you!"

[mrsmith]

Ruling is not to my point. Obstructing justice is not good for society.
Yes, I know you think force is better than law, but you’re wrong. Bad as Man’s justice system is it’s better than your alternative.

[mrsmith]

Tagline repair

[DesertRhino]

The intelligence community is a nest of treasonous thinking. They stand for the deep state, not for individual liberty.
Adams, Jefferson, Madison and Washington would be ashamed of them.

Thems just the facts Mac.

[DesertRhino]

They refused apple offers because they don’t want assistance. They want to gain control over and stop apple security.

[Swordmaker]

I know you have done it dozens of times, but can you please post up details of how secure this phone is, and the absurdity that someone can just demand apple to “break into” it?

Glad to. . .

Essentially, your passcode can be any character string combination. That gives you the possibility of having up to 223²⁵⁶ passcode combinations. I'm not going to try and figure out how much smaller a number the Apple limitation of no consecutive characters would make it, since that would eliminate double, triple, quadruple, etc., all the way up to 256 identical characters in the passcode. I'm not sure I would even know where to begin calculating that. . . But no matter, it's still a huge number.

Think about that very huge number. Just 16 numeric numbers plus a four digit date code makes it almost impossible for fraudsters to hit on a valid credit card number. Adding the three digit security code makes it even harder. Nine numbers in our Social Security numbers makes it almost impossible to hit valid SSNs. Here we have a possible combinations almost infinitely larger than either of those that can be used to encrypt your data.

But it is even better than that, Cold Heat . . . because after YOU select your passcode to use, your Apple computer or device entangles that passcode with the 128 bit Universally Unique Identifier (UUID) assigned to your device. Now, that gives a potential 223³⁴⁸ possible passcode combinations. That combined, entangled KEY is then converted to a HASH on your device so that it cannot be reverse calculated from the HASH, and then used to encrypt your data to a 256 bit Advanced Encryption Standard (AES) file, unlockable only with the original key. . . which is kept only on the device as a hash.

A Googol, is 10^100, a very large number indeed. This number of possible passcode combinations is FAR larger than a Googol.

Most people are NOT going to use a 256 character passcode. But a sufficiently complex shorter one is sufficient.

Apple may be required to hand over to the government what they are holding. . . and even be required to help the government gain access to what they have. But what can they do if they do not have the technology to do ANYTHING to gain access to the data they have stored?That is the situation as it stands.

How long would it take to try every possible combination of characters and numbers and symbols that could have been used to encrypt your databy brute force, n o? Good question. Because that is what would be required, unless they can force YOU to reveal your passcode.

Let's assume your Passcode was a short, but complex, 16 character code. Recall, however, that it was entangled with your computer's or device's 128 character UUID, so the base is now 16 + 128 or 223¹⁴⁴, not quite so large as the that previous number, but still huge. . . and quite a bit larger than a Googol.

1,­052,­019,­282,­033,­700,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,000,000,000,000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000

That's 1.052 duovigintillion possible combinations, give or take a few.

If the government's supercomputer could check 50,000 passcodes every second, It therefore test 1.5 TRILLION possible passcodes a year. Let's grant the government agency a 100% faster supercomputer and say they could check 3 TRILLION passcodes a year, OK? That means it would take their supercomputer only a mere. . .

5,260,096,410,168,500,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,­000,000,000,000, 000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 YEARS

to check all the possible passcodes to decipher your encrypted file that had been encoded with your 16 character complex passcode entangled with a 128 character UUID. It is possible they could, if they were outrageously lucky, get the data deciphered next week, but it more likely will take them a good portion of 5.26 Billion Vigintillion (10¹⁹⁵) Years to break into your data. Double, triple, quintuple, or even multiply the speed of the government's super computer by a factor of 1000. . . it makes only infinitesimal differences in the amount of time it would take to break your passcode. That's the law of very large numbers at work.

But, DesertRhino, it's even worse than that. The actual encryption key is not made of the user's passcode. It's constructed of FOUR elements of which the user's passcode is only peripherally related. That passcode is used to start the process. It is used to create a ONE-WAY mathematical HASH which is calculated each and every time it is entered to be compared with a stored HASH that was first calculated when it was first entered. If it is the same, then an Algorithm is used to entangle that created HASH with the OTHER THREE components of the encryption key. Those components that make up the rest of the encryption/decryption key are:

1. The UUID mentioned above which was randomly created at the silicon foundry when the Secure Enclave was burned. It is a random string of characters that only exist inside the Secure Enclave and which are NOT RECORDED anywhere. It will likely look something like this "b(e5IBa3d!0MºG≤971c4ß4189ec$fe2d1∆ߨaNSG^Fbcd@*6¶6be˚¥˙®7*8fhr•§¢09ejl43db©m306øˆå5™dfw¬˚ekœ´¨t40…˚61ep3. . ."
2. The Unique Device ID (UDID) which is a 40 character string that is the same for every device in a model line and looks something like this: "2b6f0cc904d137be2e1730235f5664094b831186"
3. A Completely RANDOM number generated by an algorithm using inputs from the environment surrounding the iOS device at the moment the user finishes inputing his/her passcode for the very first time, taken from the devices camera, microphone, position sensors, etc., so that each one is truly unique. Apple has never revealed the size or provided an example of the random number generated.

These three components are entangled with the ONE-WAY HASH created from the user's passcode, which recall can be any string from 4 to 256 characters from the 223 available on the virtual keyboard, to create the actual key used for the 256 bit Advanced Encryption Standard Key which can therefore be ridiculously long. All of which is done and kept inside the Secure Enclave's encryption processor which is NOT accessible to the iOS device's data processor or it's data bus. Apps and and radios have no connection to the Secure Enclave.

The user's passcode itself is at no time retained on the iPhone. That one-way HASH. if it could be read out of the Secure Enclave, cannot be used to reverse to find the user's passcode. Apple is never made aware of the user's passcode, the UUID, or the Environmental Random number. The only data that Apple knows is the UDID because they assign it to the all devices in that model.

I hope this covers what you wanted, DesertRhino.

[Swordmaker]

IF the data is in the cloud the data is stored as encrypted data. Apple would have to deliver the unencrypted data or the keys so LEAs can retrieve the data. At least that’s how it used to work. Been out of that area for a while.

Apple only has to deliver what it has. If the data is encrypted, Apple is only obligated to decrypt it if it has possession of the keys. IF Kelley encrypted it with HIS key, then Apple is not in possession of the key and is obligated to only turn over the raw data they possess. It is then up to the law enforcers to find a way to decipher the raw data. The police agencies can, if they wish, enlist Apple's assistance to do that for a reasonable fee. Apple is free to accept the contract or not.

[Squeako]

Amazing Apple security/encryption bookmark.

[Swordmaker]

He’s enjoyed 2 years in jail so far. Hopefully the Supreme Court will take his case and start to put an end to the high-profit encryption practices of Apple and others.

Two years he's been in jail by his own choice to NOT UNLOCK his iPhone. That is HIS choice. Not Apple's. . . yet you blame Apple, not the potential child-porn holder? How delusional can you be?

I see you are still as clueless as you were two years ago. This is NOT about high-profit. This is about technology of encryption being a binary question. It is either secure or it is not secure. Backdoors make it NOT SECURE. Our businesses and our government REQUIRE SECURE devices. In fact, our government required secure devices. You can't have it both ways.

[mrsmith]

LOL! (as always at your inanity)
Why on this very thread there are people saying Apple’s encryption will protect them from warrants.
And you encourage them.
If any Apple employee did that it would put the company at serious risk.

Soon someone with deep pockets and/or the political will will hold Apple responsible for the consequences of its irresponsible greed..
Damages could burn through billions fast.

[plain talk]

That all sounds right and what I ran into.

[Swordmaker]

“It’s better for you than the US Constitution!”
Yeah, that’s a common remark from demonstrable fools.

Excuse me? Where did DesertRhino say that? You have a reading comprehension problem where you see words that were not there. YOU ARE DELUSIONAL!

One of these encryption marketers needs to get sued for the cost of cracking their public nuisances.

So, you think that an iPhone which has built-in, as opposed to added-on, third-party encryption which can be added by anyone, is somehow a nuisance? This demonstrates your complete and total ignorance of the technology that is available on the market. . . and your delusions about what is and is not possible. This is called closing the barn door after the horses have escaped. It's the same as gun control. The badges can always have encryption. . . they are not going to stop. You are an idiot if you think that just making a law that says you must have a backdoor in your encryption will cause them to put one in THEIRS.

It’s be an open and shut case.

Only in your addled brain.

Apple, though, has a lot of money to throw at media and politicians. I think they could win the issue with the mob.

You are truly a nut case. You want the deep state to have complete control of the population.

Apple wins the case with people who truly understand the issues involved, and the importance of having true encryption, not loose un-secure devices.

[mrsmith]

Whata boring bore of a troll you are LOL! Yes, the manufacturer of a dangerous product can be liable for damages.

And the whole business world uses secure encryption that is accessible to authorities.

Few would claim to be ignorant of these facts- but a failing troll just trolls harder.

[Swordmaker]

Why on this very thread there are people saying Apple’s encryption will protect them from warrants.

I've read this entire thread, idiot. Not a single person on here said any such thing. If you think anyone said that, that is your delusional thinking interfering with your reading comprehension putting words into their writings. . . because YOU WANT THEM TO BE SAYING THAT IN YOUR DELUSION!

Soon someone with deep pockets and/or the political will will hold Apple responsible for the consequences of its irresponsible greed..
Damages could burn through billions fast.

Why? Apple cooperates with legal search warrants. You are a dolt who thinks that somehow Apple is responsible for the crimes of others that might be hidden on Apple devices that criminals may own.

YOU think like a liberal who believes that gun makers are responsible for crimes of the killers who use the guns to commit those crimes. The analogy holds true here.

May I suggest that Democrat Underground seems like a better fit for you than FreeRepublic?

[mrsmith]

I count two.
(warrants are how our government accesses data)
OF COURSE ONLY A TROLL WOULD REQUIRE THAT SUCH COMMON KNOWLEDGE BE POINTED OUT

Yes, eventually your behavior is so silly people quit bothering.
Success for you!

[Swordmaker]

Whata boring bore of a troll you are LOL! Yes, the manufacturer of a dangerous product can be liable for damages.

This is a manufacturer being held responsible for the USE OF A PRODUCT being used as it is INTENDED TO BE USED, idiot. How is it "dangerous" when used as intended to be used?

Show us that gun manufacturers are held liable for damages? How about automobile manufacturers? How about match manufacturers being held responsible because an arsonist used one to light a forest fire? That would be like a vault manufacturer being held responsible because it kept the money safe. YOU REALLY ARE DELUSIONAL!

And the whole business world uses secure encryption that is accessible to authorities.

Really? In which business world is that? NO. Mrsmith. THEY. DO. NOT.

Please show us that your bank uses encryption on your credit transactions that are insecure. Show us that international money transactions are done in a way that can be hacked. Show us the international corporations which use internal or external communications that are encrypted with encryptions that can be read by authorities as the pass around the world when they choose to read them. YOU CANNOT! They, like Apple, use 256 bit AES Encryption, which is certified by the National Institute of Standards and Technology (NIST). To be able to sell cellular phone for government or Enterprise use, the device must MEET that standard. . . BUT YOU WANT IT TO NOT MEET THAT STANDARD! That makes you an idiot who would rather our nation and our businesses be vulnerable!

"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use."—WIKIPEDIA

Your claiming such a thing occurs happens shows your complete level of IGNORANCE of the state of the art in encryption, which is currently 256 bit Advanced Encryption Standard (AES) encryption. Our government uses it. . . in fact our GOVERNMENT DEFINES IT! Our financial industry uses it. It is, to put a point on it, UNBREAKABLE at this point with the current technology available.

Per Wikipedia: "At present, there is no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES when correctly implemented."

Where did you get the idiotic idea that the "whole business world uses secure encryption that is accessible to authorities"?

It is available ONLY IF, and ONLY IF, the business permits them access. It is NOT at the whim of the "authorities."

The authorities can only have access to the data, if the business give it to those authorities and only then usually under a proper court order which the business will decrypt the data voluntarily BECAUSE they follow the rule of law. If they do not do so, contrary to your assertion, the authorities will not be able to gain access.

Few would claim to be ignorant of these facts- but a failing troll just trolls harder.

Oh, the irony of that statement coming from YOU of all trolls! ROTFLMAO!

PLEASE, PLEASE, Oh, PLEASE, show me that you know more about the factual reality of the math of encryption than I do. . . because you have demonstrated time, and time, again, you have not the inkling of a clue about encryption.

[Swordmaker]

(warrants are how our government accesses data)
OF COURSE ONLY A TROLL WOULD REQUIRE THAT SUCH COMMON KNOWLEDGE BE POINTED OUT

Then your knowledge is lacking.

Apple was presented with a search warrant in the San Bernardino terrorist attack and it was executed. It requested all data in their possession related to iCloud data that was from the iPhone in question. They provided it. ALL OF IT.

They were then ordered by a Federal Magistrate Judge, using an All Writs court order, a catch all type of order, to CREATE a new version of their software which was intended to be able to be installed on iPhones that disabled the security protections. This was, as I wrote, an "All Writs court order" which was NOT A SEARCH WARRANT. This court order required Apple to create this an entirely new version of the iOS operating system for the iPhone 5c and then turn it over to the FBI for their use to bypass the security that was built-in to the original iOS.

The FBI who wrote the order for the judge tried to cover what they were attempting to do by adding language that supposedly would limit it to ONLY that specific iPhone by supposedly limiting it by serial number, but that was essentially lipstick on a pig. . . if it could be installed on that iPhone 5c, it could be installed on every iPhone of that type, not just THAT iPhone, by merely changing a line of code that carried the serial number, a trivial task for any coder. This was actually beyond the scope of what the law allows an All Writs order to cause any company to be required to do.

You see, mrsmith, you DON'T know what you are talking about. It's the same in this case. So you are going off half-cocked again. Blithering about things you are ignorant about just as you did in the San Bernardino case and are again being handed your head by people who DO know what they are talking about.