104 comments

[ 2.1 ms ] story [ 187 ms ] thread
The thing I hope corporations and people will at some point realize is that the very reason the founders of the USA constructed the nation through the Constitution and Bill of Rights the way they did was to barricade society against the very kind of government demon that is rearing it's vile head these days.

If you take these kinds of cases and carry them to their logical conclusion, there is nothing that will bar the government from using mind reading technology to read your mind even if it is just to assess your "mental state" and preemptively remove you from society, monitor you on a constant basis, set up traps and tricks to ensnare you, etc. The worst kind of enemy is the enemy saboteur from within, which the US and other governments are starting to become.

If you don't mind anime, look into PSYCHO-PASS. It's literally what you described.
I think what you're witnessing here is people and corporations realizing just that.
Being the first generation to live in free Portugal after 40 years of dictatorship I never understood how Americans, specially given the McCarthy phase, ever trusted the government to play nice and by the rules.
Easily - McCarthy was going after evil commies, and we're not evil commies, and we hate evil commies! Full steam ahead, Mr. McCarthy!
So, now they can go to a higher court or something? Or do they respect the opinion of this judge. Other courts in the past had different opinion right? Why is the law so vague that the judicial system can't come to one conclusion?
This is a new and frightening technology to many veterans of the justice system. These are the people who thought computers were a fad or a joke, and they're perpetually surprised at how popular computers have become.

If they appeal, it'll go to a higher court which could overrule the lower court. If a higher court refuses to hear the case (as the supreme court often does), then the ruling of the highest ruling court stands.

The law is vague because current laws were written by people who didn't understand the tech or were writing to govern or regulate a different technology entirely.

the typical path this will follow is will go to the Appeals level and might work its way to the Supreme Court if enough of a push is made. Likely the government will push it up with the idea they can make it happen. Another angle they are going to follow is pushing Congress to legislate the requirement.

So the real question is when does this happen? Will Congress get involved at the behest of the Justice Department and mandate access? If so, how long before phone companies are required to lock out devices running a version of the software that does not comply?

I still want an erase/panic code for my phone, both through pass phrase and touch sensor. That way I could hand over an unlocked phone that is effectively returned to manufacturer specs.

At which point you get nailed for tampering with evidence.
A dead man's switch addresses this threat model. If you don't enter the passphrase every 24 hours, the phone resets to factory default.

The powers that be would be highly unamused. It would make for some interesting case law.

At which point I would say "What evidence?" The government, with its warrant, is seeking to find information on my phone, if there's no information on my phone, who's to say it was there in the first place?
A wiped phone is evidence that you obstructed an investigation. You can go to prison for clearing your browser cache.
There is always a conflict for any order given by any judge
I strongly feel that my personal computing devices are extensions of my brain. They help me think, contain personal thoughts, notes and pictures, allow me to communicate with people I love and determine who I am even to some degree (i.e. without them I would not be punctual).

I deeply hate the fact that anybody thinks anything on my personal devices belongs to them. I think my devices should fall under the inviolability of the physical body and that decrypting them is akin to forcing me to testify against myself.

I do realize how hypocritical I sound carrying an Android device (Googles customers are the advertisers) but I can be a bit idealistic and pragmatic at the same time, can't I?

I can dream of a world both that can deliver targeted advertising where required, but also avoid leaking my personal data... More like facebook style "Male - 40 - Lives in Flordia" would be all that got leaked..
(comment deleted)
The electric medium of the internet as an extension of the brain is a concept which Marshall McLuhan analyzed back in the 1960s. You might be interested in some of the things he wrote:

>My main theme is the extension of the nervous system in the electric age, and thus, the complete break with five thousand years of mechanical technology. This I state over and over again. I do not say whether it is a good or bad thing. To do so would be meaningless and arrogant.

>In the electric age, when our central nervous system is technologically extended to involve us in the whole of mankind and to incorporate the whole of mankind in us, we necessarily participate, in depth, in the consequences of our every action. It is no longer possible to adopt the aloof and dissociated role of the literate Westerner.

>Instead of tending towards a vast Alexandrian library the world has become a computer, an electronic brain, exactly as an infantile piece of science fiction. And as our senses have gone outside us, Big Brother goes inside. So, unless aware of this dynamic, we shall at once move into a phase of panic terrors, exactly befitting a small world of tribal drums, total interdependence, and superimposed co-existence.

Brian O'Blivion: The battle for the mind of North America will be fought in the video arena: the Videodrome. The television screen is the retina of the mind's eye. Therefore, the television screen is part of the physical structure of the brain. Therefore, whatever appears on the television screen emerges as raw experience for those who watch it. Therefore, television is reality, and reality is less than television.
>The discarnate TV user lives in a world between fantasy and dream, and is in a typically hypnotic state, which is the ultimate form and level of participation.

>The inner trip is not the sole prerogative of the LSD traveler; it’s the universal experience of TV watchers.

-McLuhan

> Television will achieve its apotheosis when it is interactive.

> Does TV encourage, or even induce, schizophrenia? Or does it create a separate reality in conjunction with our minds, something that is neither totally our inner life nor totally TV. The networks might call that programming.

- Pat Cadigan, from her forward to her short story "Patterns"

> Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans "the privacies of life." The fact that technologies now allow an individual to carry such information in his hand does not make the information any less worth of the protection for which the Founders fought.

- Chief Justice Robers, in the majority opinion of Riley v California

I disagree. All of the things you say (helping you think, containing personal thoughts, communicating with people) are true of writings on paper. I don't think in 1776 someone would have viewed their personal notebook any differently than you view your Android device. Yet, "papers" have always been considered non-testimonial and subject to search under a warrant. Now maybe that is wrong, and personal papers should always have been protected from search. But that's a different argument.
The Fourth Amendment requires a warrant, which in this case the Government has. The Amendment protects citizens against warrantless searches or open-ended warrants (i.e. fishing expeditions).
So would this be similar to if some bit of evidence was in an obscure language only one person knew and spoke, and the government is trying to compel that person to do the translation?
Good analogy, though in this case I think the argument is that the police can't compel a professor of obscure language to help.
It's more like a professor of obscure language that helped the suspect write the document in question.
Which is definitely applicable in this case. There is more data to be obtained from a person's smartphone than could ever have been obtained from their papers or personal effects; no one in the past could have anticipated recording data on that scale themselves.

I would argue that it's a difference in quantity which produces a difference in kind. When the "papers" in question contain e.g. a complete history of your location for the last four years, along with all of your communications to everyone you know, any search of those papers is by definition open-ended.

So the question should come down to the admissibility of evidence gathered from access to a device. Rather than "search this device" it becomes "search this device's photos" where if the authorities then dug through GPS data for instance it would be a warrant-less search.

The same principle already applies both in the UK and USA to physical searches of your person. If you're being searched for a weapon then patting down is a sufficient search, a strip search is not.

The trouble is that unlocking the device gives access to the whole device. And the willingness of the government to use parallel construction to conceal the origin of evidence has removed the ability of courts to restrict the admissibility of unlawfully obtained evidence. If we can't prevent them from using unlawfully obtained evidence then they have to be prohibited from unlawfully obtaining it under the pretext of looking for something else.
That's not the question in this case, though. The question is whether the Government can compel Apple to assist them in the execution of the warrant.
> no one in the past could have anticipated recording data on that scale themselves.

I don't think that's true. Anyone who kept a personal diary back in 1776 probably recorded more information about their activities and thoughts than an ordinary smartphone user today. And the detailed letters many people wrote each other back then probably reveal a lot more in the way of private thoughts than peoples' text messages today.

Undoubtedly the average person records more today than the average person in 1789. But that does not mean that more detailed record-keeping would have been beyond what people back then could have anticipated. Given the phenomenally detailed records we have from some people at that time, I think it was well within the contemplation of the framers that getting a warrant for someone's desk drawer could reveal extensive personal information.

> Anyone who kept a personal diary back in 1776 probably recorded more information about their activities and thoughts than an ordinary smartphone user today.

Not to volleyball this, but I don't think that's true. Any information in a personal diary is there because it was intentionally, explicitly entered there (even if with the expectation that it would remain private). There is a lot of information on most people's phones that they have not intentionally, explicitly put there.

But a diary will have mental impressions and context that is missing from smartphone GPS records. E.g. a smartphone might tell you that someone attended a radical anarchists' meeting, but a diary will likely reveal what was said in that meeting and the author's mental impressions.

Remember the question we are discussing: could people in 1789 have anticipated the kind of invasions of privacy searches of smartphones enable today? Given the kind of detailed records some people back then kept, not just bland metadata but detailed accountings of their thoughts, I think the answer is "yes."

We are still a long way from smartphones automatically capturing the kind of private thoughts people choose to write down (back then as now).

I'd like to think the founding fathers were some of the smartest and most forward-thinking people of their time and they most certainly assumed that eventually people would need these protections. This is tantamount to the 2nd amendment argument where people assert that the founding fathers didn't intend for it to apply to today's weapons and the counter to that usually is that they didn't know the internet would ever exist yet things written on the internet are still protected speech so both are moot points and the protections still, and should, exist and be honored.
The Fourth Amendment protects people subject to the government (not "citizens", except insofar as those are a subset of "people subject to the government") from unreasonable searches. It sets standards for warrants to be issued, and this is generally read as implicitly creating a rule that, compliance with a warrant issued under that standard are a sufficient and, in all but certain exceptional cases, necessary condition for a search to be "reasonable", but the fundamental protection is against unreasonable searches, not warrantless searches.
My point is that a warrant exists. Nobody is contesting the validity of the warrant -- at least, not yet.
I'm not sure what you're disagreeing with; OP never claimed his/her phone is protected by the fourth amendment.
> I strongly feel that my personal computing devices are extensions of my brain.

You're quite right, but so too are one's personal papers (or they were, anyway, back when people only had paper), and there is a process — the warrant process — for legally obtaining access to those papers.

More important, though, it should not be possible for a third party to grant a second party access to your personal devices. If Apple have no way to break into your device without your permission, then you are secure.

> I think my devices should fall under the inviolability of the physical body and that decrypting them is akin to forcing me to testify against myself.

Agreed — but do note that that right is somewhat more circumscribed than your or I like to imagine. And in this case, they are requiring a third party to decrypt the device, not you.

(comment deleted)
That's also why I think the government shouldn't be bypassing the 4th and 5th amendments by going to third-party companies to get your data. I think civil liberties groups should aggressively push for this to be in the new ECPA reform bill.

They should make it clear from day one that if this doesn't pass, they will oppose the bill - unlike what they did with the USA Freedom Act, where they compromised, and compromised, and compromised to pass..."something".

I should note that Microsoft already supports something like that (warrant directly to the customer), but only for their corporate customers, not for their individual customers (last paragraph before "A new path forward"):

http://blogs.microsoft.com/on-the-issues/2015/10/20/the-coll...

'Nothing was your own except the few cubic centimetres inside your skull. ' (1984 George Orwell)
> I deeply hate the fact that anybody thinks anything on my personal devices belongs to them. I think my devices should fall under the inviolability of the physical body and that decrypting them is akin to forcing me to testify against myself.

If only that attitude were documented in the most basic law of the U.S., clearly defining the strictly delimited powers of the government. Maybe something like this:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

ETA: Yes, I know the government has a warrant in this case. The judge is considering the question of whether that warrant is reasonable.

I think what he's saying is even warrants shouldn't be allowed to search the contents of your personal devices.
> I think what he's saying is even warrants shouldn't be allowed to search the contents of your personal devices.

Indeed. I agree that such warrants should be deemed unreasonable. Unless the government can meet the criteria of "describing the place to be searched", going through a phone is more akin to a fishing expedition.

I think the content of messages, images, etc. on a phone are pretty close to the meaning of "papers" in the quote from the constitution. Not unreasonable to demand in a warrant.
But if the papers sought after would be about work, would you gather every piece of paper from the entire house/phone when you know most of it is irrelevant?
Police authorities executing a warrant do do that, yes. They'll collect everything they can during the seizure, as far as Nightline tells us, then spend their time combing through it all looking for their smoking gun.
And that doesn't violate the requirement to narrow the search and describe exactly what they'll look for?
A phone is a pretty specific place; how does identifying the phone not meet the criteria of "describing the place to be searched"?
> A continent is a pretty specific place; how does identifying the continent not meet the criteria of "describing the place to be searched"?

There's the photo gallery, downloads, multiple social networking apps, SMS, maps, IM, search history, configurations, app list, games, note taking apps, etc...

I think he's not even saying the warrant is unreasonable. It was issued, therefore probable cause must have been presented.

What he's questioning is whether the government has the authority to conscript a third party (Apple) and force them to execute the warrant.

It would be interesting to see what would happen if all the capable technical staff at Apple refused to unlock the device. Would the court pick one at random to compel?
They'd have the ability to pick all of them. Contempt of court to all unless one agrees.

In which case you make the tool require anonymous treshold signatures in where at least m of n technicians must issue the order.

So that if n-(m+1) or more technicians refuse to cooperate, the request fails and you don't know who is innocent and who made the choice to break it.

Unless of course everybody are forced to hand over their keypairs and all - in which case you go yet another step further and give them canary keys which then cause a lock-down (the HSM could even wipe its secret keys completely in this case), and you still don't know who did it.

If the HSM gets wiped, via whatever mechanism, you prosecute (successfully) everyone involved for obstruction of justice. At that point they've all participated in a criminal conspiracy to destroy evidence. The m'th hand doesn't have to know that the n'th hand gave the canary key; that changes nothing. You pre-arranged to allow yourself or a collaborator to commit a crime, and (at least) one of them did - everyone's guilty of the conspiracy charge, go directly to jail, do not pass go.

The law doesn't have to - and never does - respect clever CS constructions.

There is a physical analogy here so we don't have to discuss CS constructions. There are physical safes constructed in a way that prevents opening by any means short of a blow torch. Any paper contents will be destroyed when breaking the safe by this method. Who gets charged with destruction of evidence in this situation?
Not only this but can you be charged with destruction of evidence if there's no feasible way to prove that what's in the safe can actually incriminate you in a crime? In other words, if you don't know what's in the safe and you don't know what you don't know then you can't know what you don't know which means you can't know it is even evidence as it may not even be related or within the scope of the investigation.
I think that this scenario means you are guilty under current law in the US and the UK (we may not like it!) because until it is evaluated the evidence is still evidence.

I'm thinking more of the situation that you locked the safe and also lost the key prior to its contents being declared evidence and that you cannot physically now open it.

I am not a lawyer. I am definitely not your lawyer!

Wiping phone data isn't a crime unless it's done during part of an investigation where that specific data was already targeted. This is like saying if I delete a note from my notes app then I've destroyed evidence because at some unknown point in the future someone might subpoena that note for use against me in a crime I may never commit.
I was referring to the situation in the comment I was replying to, where a number of individuals have both valid and canary keys for unlocking an HSM, and the presence of a canary key when attempting to unlock causes the HSM to wipe it's protected key, but it can't be established which individual did not cooperate.

So the starting premise is that the device in question is already under the control of LE, a group of individuals has the ability to unlock the device (if they provide the correct keys), and they are being legally compelled to do so. In that specific situation, if anyone "defects" (provides the canary key), it's a crime, and everyone can go down for conspiracy, even if they themselves provided a valid key (which, in this scenario, is something we're assuming couldn't be proven anyway) and even if they never intended to break the law. That's the key part of a conspiracy prosecution - it doesn't matter which participant actually committed the crime, all the participants can be tried as if they were the "trigger-man".

TBH I'm not up for tracking all this down in the US legal code (got stuff to do, and IANAL), but here's the statute in the California penal code:

http://codes.findlaw.com/ca/penal-code/pen-sect-182.html

Note, in particular (heavily snipped for brevity/relevance):

> (a) If two or more persons conspire: [snip] (5) To commit any act injurious to the public health, to public morals, or to pervert or obstruct justice, or the due administration of the laws.

> They are punishable as follows: [snippity snippity snip....] When they conspire to commit any other felony, they shall be punishable in the same manner and to the same extent as is provided for the punishment of that felony.

There's no provision that the conspirators (or the prosecution) know which of their number actually committed the crime.

None of this would be relevant for HSMs on devices that aren't part of an investigation, or in general, any situation except one where a group of people are being legally compelled to enable access to evidence.

The bigger-picture point is just that using a split-key mechanism to give plausible deniability to each individual key-holder doesn't actually pose any problem for the criminal justice system. Legal authority would be pretty meaningless if it could be foiled by crypto gimmicks. IRL, it's "haha, very clever, now the HSM gets unlocked or all of you go down for obstruction."

edit: fixing formatting of the quoted blocks

Exactly:

> (a) If two or more persons conspire: [snip] (5) To commit any act injurious to the public health, to public morals, or to pervert or obstruct justice, or the due administration of the laws.

This entire section would not apply, because that was never the intent of any participant during setup - it is a hacking protection fail-safe. They wanted to comply with the law, but after-the-fact some techs defected due to not trusting law enforcement.

But I didn't do it to break the law, I did it to prevent foreign hacker attacks. I have no part whatsoever in any conspiracy, every action of mine was legally justified! There's very very clear and obvious legal uses of this functionality. You need to prove the opposite claim for every single participant separately to throw them in jail, because there's otherwise no way to show they had anything to do with anything illegal. Due process and all that.
> They'd have the ability to pick all of them. Contempt of court to all unless one agrees.

What? No. The judge would be ordering Apple. A whole separate case would need to be brought ordering specific people.

Let's game it through:

1. Tim Cook, following judges order, orders the engineers with the knowledge to unlock the device.

2. The engineers refuse Cook's order. He reports this to the judge.

4. Judge has two options: Order Cook to threaten to fire said employees, or individually order employees to comply. Most likely the former is legally untenable. He thus is forced to do the latter.

I don't believe a judge would or even could go that far, except perhaps in times of war.

The idea here was that every single employee asked to do it refuses, in which case it simply doesn't get done. So then contempt of court becomes relevant for the entire group.
Right. And the 4th amendment is only tangentially relevant to that question, because Apple has no 4th amendment rights over the phone (it's not Apple's phone nor Apple's data on the phone).
IANAL but companies don't have the 4th, only humans.
That's not entirely correct.

In this case, it has come up that Apple owns the software on your phone, and grants you a temporary license to use it. You do not have ownership of the copy of iOS, Apple does. The government has been attempting to use that to their advantage.

CMIIW but conversely, the users have not granted Apple a license for the user's data on the phone so while Apple may own my notes app and I'm merely licensing it, they don't own or have claim to the content within the app.
(comment deleted)
That only applies to the people in the USA (and/or US citizens). Non-US people living in the rest of the world aren't counted.
Something we forget on Hacker News is that the vast majority of data and information requests are not made to spy on citizens without due cause.

The majority of requests are made because someone suspected of a crime (pick any crime: fraud, possession of child pornography, drug dealing) - and they believe there to be evidence on the device.

If we prevented legal authorities from accessing data on your phone, then in theory a peadophile would only have to ensure he/she downloads illegal images to their phone to ensure they cannot be caught.

---

The reason we have warrants is to ensure there is a second layer to verify that a search is proportionate. Obtaining information from a phone should certainly require a warrant issued by a judge; but it certainly should not be completely unobtainable.

It might help your case to pick an example other than trotting out the old paedo boogeyman. I can see the point you're making, but there's a red flag for "THINK OF THE CHILDREN!" fear-mongering.
It's a pertinent example because we think of peodophiles making photos - which is something phones are very good at.

However, it doesn't require much of an imagination to think of other scenarios:

* Keeping records of drug sales on a phone. * Messaging a hitman to carry out a murder. * Recording days and times of homes being empty in preparation for a break in.

Don't particularly care for the example.... but going with your example: Assume the peadophile has photographic memory (or even just an active imagination). If we had the capability of reading out wetware memories from their biological brain (eg. via neural stimulation & recording), would those be searchable with warrants too?
I'm not saying there isn't a line to be drawn - obviously given your example most people would shrink away from the idea of using someones thoughts to convict (literal thought-crime).

It's a question of where we draw the line. If we don't allow a judge to issue a search warrant for a phone where there is reasonable suspicion of illegal activity - why should we allow a judge to issue a warrant to search a car/property/paper-work?

Of course that completely oversteps the line in the other direction though. Conviction rates for many crimes would drop through the floor if the legal authorities have no way of obtaining evidence.

Given how powerful smart phones have become and you come run a criminal enterprise solely through your phone, it is reasonable to expect that the police with a proper warrant would be able to inspect your phone.

But that's what the GP was referring to. "Personal electronic storage" is increasingly becoming an extension of our mind. It may be cellphones today, but the era of implantable media may not be far off.

In fact... for a pretty reasonable sum, I could build a sub-dermal implant beneath the skull with many GBytes of storage that is wirelessly powered and supports USB-like data rates. (See profile.) So this isn't an academic argument.

In reality, I think you could make a pretty reasonable case that my lab notebooks (whether paper or electronic) are just a "more accurate version of my wetware memories." I'm not sure I understand why this "brain extension" isn't afforded more protections accordingly.

I appreciate that this notion wasn't explicitly spelled out in the constitution -- these advances are REALLY new from a historical perspective. But I would wager: The laws will likely need to change.

"We obtain a pseudo-purge resulting from weakness of character and anxiety in the victim. In addition we violate one of democracy's basic tenets -- respect for the strength of man's character. We have always believed that it is better to let ten guilty men go free than to hang one innocent -- in direct opposition to the totalitarian concept that it is better to hang ten innocent men than to let one guilty man go free. We may punish the guilty with this strategy of compelling a man to speak when his conscience urges him to be silent, but just as surely we break down the innocent by destroying their conscience."

"The Right to Be Silent" , The Rape of the Mind: The Psychology of Thought Control, Menticide, and Brainwashing by Joost A. M. Meerloo, 1956

But is it really?

Look up NSA and loveint, and other such abuses of intel. As well as the age old industrial espionage. Is the majority of it really aimed towards protection?

> in theory a peadophile would only have to ensure he/she downloads illegal images to their phone to ensure they cannot be caught.

Only it ensures no such thing. If the police have probable cause to suspect you of a crime then they'll have access to your phone metadata, financial records, etc. With a warrant they can put a microphone and camera in your house. There are ten thousand other ways to convict someone who is actually guilty.

Talking about the majority of requests is irrelevant, because the average is greatly skewed. The NSA's bulk surveillance program encompasses few (if any) requests, but almost certainly collects more data than all the lawful requests combined, probably by several orders of magnitude.

I think it's fine to issue a legitimate warrant for the information stored on someone's phone. But then it's up to the authorities to execute that warrant. If the phone is so well protected that the authorities can't execute their warrant, too bad so sad for them. Just because there's no equivalent of a battering ram for digital devices doesn't mean manufacturers should be required to deliberately cripple their products.

I believe Apple should be required to unlock this phone (with reasonable compensation for their efforts), but this is going to be a limited thing as the older OSes fade, since the newer ones can't be unlocked even by them.

> Googles customers are the advertisers

I see this repeated over and over again, but that's simply not true. The problem is that people treat such relationships as if it's a zero sum game.

But to make an analogy and please bear with me, if you look in nature at a natural food-chain, the relationship between the carnivore and the herbivore and then between the herbivore and the grass that it eats is not zero-sum at all, being actually a synergetic relationship, continuously creating value (in nature this means life). It's a wonderful relationship, with the grass storing sun energy into calories that can be consumed. And the carnivore wouldn't survive without that grass, as no grass means no herbivores left to be eaten. And the herbivores themselves depend on the existence of a natural enemy, otherwise they'd breed too much and quickly deplete their food source. Now skipping over the cultural taboos we have over the relationship between hunter and pray, there's something to be said about the synergies in a food-chain that apply to economic systems just as well.

You can say that Google's customers are the advertisers and by that implying that its users are actually the product that they are selling. But the truth is more complex than that. Because users are not produced on an assembly line, like Apple is producing its hardware. Users have a mind of their own and can install ad-blockers or can switch to other products and services if you piss them off. For these reasons users are not a commodity. And so the fact is that users along with advertisers are Google's customers, being in a synergetic relationship. Of course, if money change hands that's even better and note Google's forays into the subscription based model, along with Google Apps or YouTube Red.

And by your logic, Apple's customers are the carriers and the app developers, which is actually true but note that the interests of the carriers and of app developers can also be in conflict with the interests of Apple's users. Have you noticed that your carrier can disable your right to create a Wifi hotspot with your iPhone? Because I did.

Back to Google, their genius is that they recognized this synergy and played in the interests of everybody. Well, at least in the times of Eric Schmidt. It all went downhill when Vic Gundotra led the Google+ effort. I don't know what's this tendency to hire management from Microsoft, but along with the likes of Stephen Elop I'm seeing a pattern. Anyway, lately I've been dissatisfied with Gmail's support for standards, so I decided that I don't want to encourage a monoculture and switched to FastMail. I hope they'll return to their strategy from the days of Eric Schmidt, because if trust is lost amongst us techies, then it's really hard to regain it - see Microsoft - and us techies are quite an influential bunch.

It's hard to believe something like this wouldn't fall under the fourth or fifth amendment.
The fifth amendment doesn't apply. This isn't self-incrimination.

As to whether the fourth amendment applies - that's the question they're answering in court. Is this a search, in which case the government can compel Apple to disclose useful information, or is the DoJ asking for Apple to do something on their behalf?

The Government already has a warrant; so the Fourth Amendment is satisfied. The question in this case is whether the Government can compel Apple to help them execute the warrant.
There's some interesting case law around locked things. One train of thought is that the govt can force you to give the key to a safe, but can't force you to give the combination to a safe.

The Apple extension would be that the govt can force unlocking by Apple (since they have a key) but not by you. All the more you reason to make it technically impossible ...

Do they have a key? I thought the point of the recent iPhone encryption is that they don't have a key?
In the case mentioned, the phone was running an older version of iOS where they could, in fact, unlock the phone.

But the recent ones make it impossible, yeah

(comment deleted)
>Once we have surrendered our senses and nervous systems to the private manipulation of those who would try to benefit from taking a lease on our eyes and ears and nerves, we don't really have any rights left. Leasing our eyes and ears and nerves to commercial interests is like handing over the common speech to a private corporation, or like giving the earth's atmosphere to a company as a monopoly.

-Marshall McLuhan

He was wrong; we're having much more trouble with public (i.e. governmental) manipulation.
Such trouble would not be so feasible if it weren't for the centralized nature of commercial ISPs and big tech (Facebook, Google, Apple) in general and their collaboration with the government.

https://en.wikipedia.org/wiki/PRISM_(surveillance_program)

I'd hardly call being forced under threat of imprisonment "collaboration".
Whether they want to collaborate or not is trivial. What is important is that they possess the information and tools for easy dragnet surveillance in the first place. Moving towards more distributed network tech like Mesh Networks is the only viable solution to dragnet surveillance I know of.
What I don't understand is: what's different with iOS8 and 9 so that they can't do it anymore? If the difference is that the older version's user data is not encrypted, then why are they asking Apple to unlock it versus unsoldering the flash chip on the phone themselves? Is there a law that prevents the government from doing so?
Why does the DoJ care whether they can compel Apple to help them?

Well, there's a pretty big difference between non-destructively copying someone's phone, and taking the phone apart and unsoldering the memory chip.

Second, if the DoJ starts doing that, the next obvious step for Apple is to put the encryption key in a hardware security module that the DoJ can't crack. This is an arms race that they can't possibly win.

>> Well, there's a pretty big difference between non-destructively copying someone's phone, and taking the phone apart and unsoldering the memory chip.

If you use a password as a key to encrypt data on the device, no amount of hardware or software access is going to reveal the data.

Absent a hardware security module, most users don't pick passwords long enough or secure enough to dissuade offline bruteforcing.
Removing the flash chips wouldn't do anything for you. The encryption key is combined with a UID value stored in the Secure Enclave (assigned during manufactoring). The Secure Enclave is a blackbox which receives values, combines them with its secret key and then spits out the final value. [0] A high iteration count is also used which also makes this process take around 80ms.

Cracking of the passcode must be done "on device" unless someone can extract the UID from the Secure Enclave. Additionally, any device using an A7 or newer has incorrect passcode rate limits enforced by the Secure Enclave as well.

As to what is different between iOS7 vs iOS8/9, I'm not entirely sure. Matthew Green speculates[1] that they may load special firmware that bypasses the "lock" screen which is purely a UI hack. Apparently before iOS8 only a subset of user data was being encrypted compared to what is being encrypted now.

[0] https://www.apple.com/business/docs/iOS_Security_Guide.pdf

[1] http://blog.cryptographyengineering.com/2014/10/why-cant-app...

What I'm taking away from this is:

1. re encryption:

> Apparently before iOS8 only a subset of user data was being encrypted compared to what is being encrypted now.

Which leaves my question unanswered: in that case the government could still unsolder the flash chip and access that data. Your link [1] mentions that this would include pictures and SMS messages, which is probably what they were after.

2. Custom firmware from Apple will help to access encrypted parts since it would allow to run the OS under the cracker's control, who then only needs to brute force the password and not the UID. According to [1] this is still slowed down to 12.5 attempts per seconds (80 ms) and newer iPhone hardware additionally contains hardware enforced rate or number of guesses limits.

Edit: custom firmware would of course also help in case 1 in the sense that it makes it unnecessary to unsolder the flash. But my estimate for the effort needed to do the latter would be around USD 1000 if done exceptionally, perhaps USD 100 if done often enough. I wonder if Apple's unlocking service would be any cheaper. So perhaps the reason it's not being done is psychological (Apple complying is offloading the question whether it's OK), or the law, or worries about the constitution.

Apple still brokers the key exchange, so they can be used to facilitate a lawful interception at that point.
What key exchange? Are you talking about SSL or software signing keys? These wouldn't give the DoJ access to the data on the device in this case. It would only help while the user is still using it, unsuspectingly entering the password.
Can't believe I am writing it, but I am siding with the government here. Apple arguments are just weak. They created their device with the ability for them to decrypt it, not only the owner. So do as you are told.
I think its interesting that Apple has been doing this years, suddenly has a change of heart and now the DOJ is trying to get a judge to get them to do that.

I guess this goes deeper than just the searching of the phone. Is Apple not allowed to ever change its mind, on anything?

Apple doesn't have the authority to execute a warrant.