September 18, 2014

"Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant...."

"Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data...."
"Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its Web site. "So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Apple doesn't know our passcodes? 

68 comments:

traditionalguy said...

But you cannot be using icloud sharing nor the icloud memory.

traditionalguy said...

Passwords are easy to crack. If the Brits cracked the German Enigma in 1940, Snowden's old friends can crack Apple.

bgates said...

Apple doesn't know our passcodes?

They can arrange things so they don't know. There are pairs of mathematical operations that reverse each other, but one is a lot harder than the other. Imagine if long division had never been discovered but everybody knew how to multiply. As your passcode, you choose '918'. Apple doesn't store that number; instead it generates a random number, say 42, and stores that and 918 * 42, which is 38556. Apple has the 42 and the 38556, and when you try to enter your passcode they can check whether (the number you enter) * 42 = 38556, but they don't know what your passcode is - and since nobody knows how to do long division, they can't work it out.

Scott M said...

Suuuuuuuuuuuuuuuuuuuuuuuuuuuuuure.

HoodlumDoodlum said...

Our?

Curious George said...

Looks like they will now have the felon AND the pompous douchebag markets locked up.

JRoberts said...

I just want to know how to remove that lousy U2 album off my iPad.

I feel like the kid who receives an ugly pair of sox for his birthday from his favorite aunt.

Brian said...

"Apple doesn't know our passcodes>"

Nope. Passcodes are encrypted at the point of creation. They are never stored in clear text anywhere. That's why virtually all computer services' "I forgot my password" protocol involves resetting the password to some new value: they can't just give you the old one because they don't know it.

What Apple is saying now is that with the new OS they won't be able to reset it, either.

Of course this change also means they won't be able to reset your device at *your* request. So if you set a passcode and then forget it, you'll have turned your device into a paperweight. Whether this new risk is worth the protection from Johnny Law is an open question.

Sigivald said...

Apple doesn't know our passcodes?

Correct, unless they're Just Secretly Lying, which is pretty unlikely.

There is, after all, no money in lying about this, and lots of customer goodwill in being truthful and secure.

As bgates said, it's technologically quite easy* to accomplish, and is exactly the sort of thing any good online retailer does with passwords and the like.

(* Where "quite easy" means "actually very tricky to get just right in the technical details, but incredibly clever people have solved them quite handily ages ago".)

JRoberts: Here.

Who knew? You can ask the internet and it will tell you!

Ann Althouse said...

"Passwords are easy to crack."

But my iPhone is set to erase itself after 10 failed attempts. It's a 4-digit number. What are the chances?

Sigivald said...

Brian said: Of course this change also means they won't be able to reset your device at *your* request. So if you set a passcode and then forget it, you'll have turned your device into a paperweight. Whether this new risk is worth the protection from Johnny Law is an open question.

Not quite.

They can (and presumably will) make it so they can reset the entire device to a new, blank state.

That won't decrypt any of your data - which will be Gone Forever - but it will make it not a paperweight.

Brian said...

Correct, Sigivald. My mistake.

Ann Althouse said...

"That's why virtually all computer services' "I forgot my password" protocol involves resetting the password to some new value: they can't just give you the old one because they don't know it."

But if they can give me access to do that, what prevents them from taking access and doing it themselves?

Brian said...

"But if they can give me access to do that, what prevents them from taking access and doing it themselves?"

That's the change that's coming with iOS8: from here on, they won't be able to reset it for you (or anyone else) either.

Note Sigivald's correction to my post, though.

cubanbob said...

Somehow I have a feeling that this is nothing more than a hotel key, no other guest or outsider can open the your hotel room door but the staff have a master key. Still having to wipe out your phone in case you can't remember your pass code is a bit much.

Ficta said...

"But if they can give me access to do that, what prevents them from taking access and doing it themselves?"

That's the change that's coming with iOS8: from here on, they won't be able to reset it for you (or anyone else) either.

Note Sigivald's correction to my post, though.


Or, in other words, the procedure they used to apply to your password (which they then didn't know so could only overwrite/reset) will now be applied to all your data.

Anonymous said...

Curious George said...
Looks like they will now have the felon AND the pompous douchebag markets locked up.

Trusty George has nothing to hide, would rather be snooped by the NSA without proper warrants than let domestic terrorists off the hook.

Guess Apple would not be on the douchebag's side if the Feds had done a better job snooping and catching known terrorists like the Boston bombers than snooping everyone else on the planet.

SeanF said...

Ann Althouse: But my iPhone is set to erase itself after 10 failed attempts. It's a 4-digit number. What are the chances?

If it's all random, they've got about a 1% chance of getting it right in 10 attempts.

But if your chosen passcode is not random, but has some meaning to you, and the person trying to break it has some knowledge of you, the odds get better.

traditionalguy said...

Last question is whether China will let Apple sell iphone 6 with this new anti government feature. There was an unexplained delay in iphones going into the Chinese market on the announcement day.

SeanF said...

I'm sorry, I did my math wrong. 0.1% chance if it's all random.

Brian said...

Look at it this way: somebody at Amazon has got the ability to reset your password there if you ever forget it. They *could* configure their service so that, if you ever forgot your password, you'd be ass out and they'd have to delete all your data and you'd have to create a new account. But that would suck, because you'd lose your entire account history you have to update all your Amazon portal links and all that crap. So you take the chance that Amazon won't do anything you dislike with this power they've got, and in return you get the security of knowing they'll be able to let you back into your account exactly as it is if you ever lock yourself out.

Of course, if you knew in advance that they *wouldn't* be able to let you back in, you might respond by making your password un-forgettable: by writing it down, say, or by using your birthday or committing one of the other cardinal sins of password creation. And so some non-trivial fraction of users may, through this mechanism, actually find their data *less* secure subsequent to this policy change.

damikesc said...

But if they can give me access to do that, what prevents them from taking access and doing it themselves?

Speaking as a major cell phone provider employee --- telling you how to change a password doesn't mean we can do it for you.

Only way I could change anybody's password is if they are feeding me all of the info themselves...and I don't want to deal with that as is.

PB said...

They store the pass codes, encrypted. The word "know" is inaccurate in this situation.

The implication of surety in this matter is likely overrated.

Wince said...

Apple should just hire Learner and Koskinen at the IRS and the data will be toast in no time.

Kylos said...

Regarding 10 failed entries, law enforcement doesn't actually manually type in random passwords to into your phone to gain access. Instead they make a full copy of your phone's (encrypted) contents. They can then try password combinations to decrypt that copy until they find the correct one without failure restrictions. Once they have physical access, it makes things easier (but not simple).

Lucien said...

I don't know if there is case law on this (if only there were a Con. Law professor around)but it sounds reasonable to me that the freedom of speech includes the freedom to speak in a code that the government cannot break. It is certainly easy to believe that many of those in the founding generation would think that using cyphers that the British could not break was a good idea (and maybe one put into practice).

And given recent cases holding that computer hacking, etc., counts as fraud (even though using a mechanical lock-pick does not) there is a possibility that state action to gain information by decrypting codes might be a form of self-incrimination by fraud implicating the Fifth Amendment.

Kylos said...

Also, note that Apple did not say impossible in its press release, it said "not technically feasible". Which, to me, means that the government can still brute force your passcode, given enough time. So, if you're concerned about your data security you should probably stop using a 4 digit passcode and learn how to use a longer passcode or password on your iPhone.

Freeman Hunt said...

Apple doesn't know our passcodes?

No. I once worked at a company and maintained a couple websites where users could have accounts to save checkout time. Their passwords were encrypted, and we could not access them.

Mark said...

My elderly mom has been having increasing memory issues. We have reset her iPad once after she forgot the password, this is even less friendly in case the users have a medical issue.

Joe said...

Understand that Apple has had the power to take over your iPhone, including changing your password, remotely. If their claim is true, they are removing that capability--something most cell phone manufacturers and providers already do.

This is like OnStar suddenly saying they can no longer remotely unlock cars (and doing so in such a way as to imply this is something new and innovative.) A locksmith can still pick the lock.

The downside is that people who buy cars with OnStar are presumptively making that purchase with the remote unlock feature in mind.

While many (most?) people buying iPhones and iPads may not have been aware of Apple's remote capabilities, is this a feature they will miss?

rhhardin said...

The unix manual page for the random number generator warned with a note that the author had written random number generators for years but had never written one that worked.

Joe said...
This comment has been removed by the author.
Joe said...

...the author had written random number generators for years but had never written one that worked.

Meaning the generated sequences are not truly random. It's impossible to actually generate random number sequences which are truly random, even if they may be statistically random. The best you can do is to find a random source of entropy, and even then it's problematic since the tools to measure the entropy often, if not always, introduce biases.

That said, a good random number generator, such as that found in OpenSSL, can create sequences that are sufficient for encryption.

trumpintroublenow said...

Though a great believer in privacy I find this troubling. With a warrant and probable cause the government should be able to access phone records w/o tipping off the target of the investigation.

But I suppose Congress can always pass a law requiring Apple to keep such information in accessible form. In the meantime the many crooks among us will switch to iPhones.

Beach Brutus said...

Maybe Apple thinks this will head off a lot of subpoenas and search warrants thereby saving it the expense of responding to them.

KLDAVIS said...

The definitive word on 'uncrackable' passwords is here.

The gist: why crack the password when you can crack a kneecap?

Christy said...

So, what chance Apple lies, all the bad guys rush out and spend their ill gotten gains on the latest phone, and Government focuses surveillance on those numbers? Efficient resource use. I like it, except my options to be naughty are reduced.

Skyler said...

Steve Uhr asked, "With a warrant and probable cause the government should be able to access phone records w/o tipping off the target of the investigation."

Why? So we can incriminate ourselves? So Big Brother can whip up a magistrate at midnight and the SWAT can come in and seize your phone and find out whom you're voting for?

David said...

"Meaning the generated sequences are not truly random. It's impossible to actually generate random number sequences which are truly random, even if they may be statistically random. The best you can do is to find a random source of entropy, and even then it's problematic since the tools to measure the entropy often, if not always, introduce biases."

That is a paragraph I utterly do not understand.

Bob Ellison said...

If something can be encrypted, it can be decrypted.

KLDAVIS said...

David,

Even those things that supposedly are truly random, we cannot measure accurately enough to capture and leverage their randomness.

There is always some bias in the underlying code, sensor, or observation that opens the door for people who know how to exploit such things.

Anonymous said...

I was wondering if anyone would attempt something like this. It was the only way out of the Catch-22 that I could think of.

Anonymous said...

Last I looked, a court order doesn't care about the how, it cares about the what. Nor does CALEA. The court order absolves the third party of responsibility assuming they deliver acess or content - per their CALEA obligation. Access can be easy or slightly harder. Slightly harder means the service company delivers a specific customer or group of customers a "patch" - or the phone company uses their maintenance channel to the phone to do the same thing. I don't get it.

If we-the-people don't like this, we need to change CALEA (and limit the powers of the executive) through we-the-people's representatives, just like they clearly must have acted in our interests when they established CALEA - else we would have dis-established them and elected better representatives.

Sydney said...

JRoberts said:
I just want to know how to remove that lousy U2 album off my iPad.

Here's how.

MPH said...

Those passwords are encrypted. Not even Apple knows them.

Revenant said...

This is the first thing I've heard that made me want an Apple product.

Freeman Hunt said...

That is a paragraph I utterly do not understand.

Say you want your computer to generate random numbers. What do you tell it to do in order to accomplish that? What is the method of the madness? (And since there is a method, it's not really madness, that is, randomness, is it?)

Zach said...

"Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin" -- John von Neumann, writing about how to produce random numbers.

(John von Neumann being the rare famous person who actually wrote most of the famous sayings attributed to him.)

Robert Cook said...

"But my iPhone is set to erase itself after 10 failed attempts. It's a 4-digit number. What are the chances?"


Mine is also set to erase itself after 10 failed attempts. My password is 11 characters, a mix of letters and other characters.

Robert Cook said...

"But my iPhone is set to erase itself after 10 failed attempts. It's a 4-digit number. What are the chances?"


Mine is also set to erase itself after 10 failed attempts. My password is 11 characters, a mix of letters and other characters.

Zach said...

"Meaning the generated sequences are not truly random. It's impossible to actually generate random number sequences which are truly random, even if they may be statistically random. The best you can do is to find a random source of entropy, and even then it's problematic since the tools to measure the entropy often, if not always, introduce biases."

That is a paragraph I utterly do not understand.


People who use random number generators usually want two things:
1) They want the output to be unpredictable
2) They want the distribution of numbers to be uniform

So if you generated random digits by rolling a six sided die, that would be unpredictable, but it wouldn't be uniform, because you could only get digits 1-6. If you rolled two dice, you could get 1-12, but some numbers are more likely than others.

The entropy of a sequence has to do with the amount of information which is necessary to generate that sequence -- in the dice example, 4 digits in the range 1-6 have 6^4 possible values, instead of 10^4 -- approximately 10 bits (2^10 sequences) of information, instead of 13.

If you're doing a mathematical procedure that requires sequences of random digits, having patterns in the data can screw up your results. So random number generators usually work to generate a sequence that has desirable distribution properties. But the generator is itself an algorithm, so you could reproduce the entire sequence if you knew the algorithm, plus whatever starting values the algorithm used. The true amount of entropy in your sequence is the amount of entropy in the starting values.

The only way to make your sequence truly random is to look at some random process to generate, say, one kilobyte (1024 configurations) of truly random information -- say, by flipping a coin 10 times, and applying an algorithm which generates no more than one kilobyte of data from that starting point (say, by converting binary sequences to ASCII characters). But that's tricky and often expensive, because somebody has to actually flip the coin 10 times, or observe 10 cosmic rays, or something like that.

Stephen said...

Freeman Hunt: Say you want your computer to generate random numbers. What do you tell it to do in order to accomplish that?

Microsoft Excel has a function, randbetween, that produces a random number between and including an upper and lower bound. For example, type in any cell "=randbetween(0,9)" to choose randomly among 0,1,2,3,4,5,6,7,8,9.

It's not clear whether the endpoints 0 or 9 have an equal probability of being selected, so to better ensure randomness I would type "=randbetween(-1,10)" and throw out -1 or 10 if those values should appear.

Bob Ellison said...

Stephen, that's not random.

Beloved Commenter AReasonableMan said...

Revenant said...
This is the first thing I've heard that made me want an Apple product.


I find this hard to believe. Who here can't see Revenant performing his daily Prancercise routine with iPod buds in his ears and the Pet Shop Boys turned up to eleven? I mean, who can't see this?

Revenant said...

I find this hard to believe. Who here can't see Revenant performing his daily Prancercise routine with iPod buds in his ears and the Pet Shop Boys turned up to eleven? I mean, who can't see this?

Don't be ridiculous. I use Amazon Prime Music for that.

jr565 said...

And not surprisingly I have the opposite tske on it than Revenant. I get the argument thst govt shouldn't be snooping on people without probslbly cause. But if cops have a warrant that is probably cause. Don't see why companies should actively work against courts when it corms to,privacy.

jr565 said...

Elkh1 wrote:

Guess Apple would not be on the douchebag's side if the Feds had done a better job snooping and catching known terrorists like the Boston bombers than snooping everyone else on the planet.

but you are admitting they are on the douchebags side. so I guess the next bombers know what phone to buy.

jr565 said...

Probable cause not probably cause. Sheesh.

Bruce Hayden said...

But my iPhone is set to erase itself after 10 failed attempts. It's a 4-digit number. What are the chances?

My iPhone is a generation or two behind, but several years ago, the law firm I was in wouldn't connect iPhones to the internal network because they were so easy to hack. One of the IT people hacked the managing partner's iPhone in a couple of minutes without touching it. So, we were stuck with BlackBerry's until they could find software that was harder to hack. Ultimately they provided encryption software and a harder interface to hack (N digits, with N>=6, instead of the standard Apple N=4). I suspect that absent some add-on software, Android is even worse.

Freeman Hunt said...

Stephen, that's what you are doing at a very high level of abstraction. Say you were the guy programming the bit in Excel that provides some numbers when someone uses that command. What do you tell the computer to do to get those "random" numbers?

And that's why they aren't really random.

Bruce Hayden said...

Microsoft Excel has a function, randbetween, that produces a random number between and including an upper and lower bound. For example, type in any cell "=randbetween(0,9)" to choose randomly among 0,1,2,3,4,5,6,7,8,9.

This function does appear to generate the end points with approximately equal frequency to the interior points. My guess is that it merely adds one to the maximum end point (to calculate the number of integers to return), and then multiplies this number by the results of the RAND function (which returns a floating point number between 0 and 1), then truncates to integer, and adds the base. That, at least was the way we did it back when I was programming in FORTRAN in the 1970s.

But, it is most likely not really random, though it appears to be. Rather, the series is "pseudorandom", with a period of supposedly > 10^13. It does appear to have a somewhat random start point though. Essentially, how they work is that floating point numbers are utilized (typically from 0 to 1), and each "random" number is generated from the previous one. This is hidden in the RANDBETWEEN function by the multiplication by the number of choices, and then integer truncation. This means though that the series of pseudorandom numbers can ultimately be predicted, if you have enough of the series. Also, if you start at the same place (the "seed"), you will get the same series (useful in many applications, such as simulation).

Note that the RAND and RANDBETWEEN Excel worksheet functions do not provide a way to set the seed, and so the series cannot be easily replicated (it is suggest that you use VBA instead, which provides this functionality). Also, random values are typically updated every time that you update the worksheet, which can cause all sorts of problems. Also, it is not clear how robust the Excel pseudorandom generator series are, in terms of passing random number tests (available from NIST, and other places).

Bruce Hayden said...

Let me add to my last post about random versus pseudorandom series of values. As I noted, the result of a pseudorandom number generator is a series of numbers that have a period, after which, they repeat. Computers almost inevitably utilize pseudorandom number generators, instead of generating actual random numbers, because pseudorandom numbers can be calculated. True random number generators typically have to rely on some physical process, like radioactive decay. At a minimum, they require special hardware. And, computers almost never come with such. Definitely not PCs and smart phones. But, that is typically just fine - you get satisfactory results with a somewhat random start (such as munching the time of day) as the initial seed, and then utilize a pseudorandom number generator with a sufficiently long period.

Glenn Howes said...

I'm not a security pro. What I am is an iOS programmer.

If you use a passcode, an iPhone will generate a long key which it will subsequently use to encrypt files which app developers mark as needing encrypting. This key never leaves the phone. This uses built in hardware encryption so it's fast. With iOS 8, Apple has added many types of data that fall under the need encrypting category, so photos, location metadata, whatever are now automatically encrypted.

3rd Party apps can choose what and when data is encrypted, thus I'm writing an app this month that involves keeping a history of where the user ordered rides, so I keep that in a database and I set that database to be encrypted in such a way it's only decipherable when the phone is unlocked.

What happens when you exceed your 10 tries is that the device will throw away the long key. At that point, you might as well wipe the phone. That data is not coming back. I think before this announcement, Apple had some sort of bench mode they could put the phone in that removed the 10 tries to wipe limit and (I guess) had a robot that literally typed in codes as fast as possible. This because, again, the long key never left the device and the decryption has to happen on the device. Now it appears, they've either removed this bench mode or, put in a time delay long enough that the robot would take years to enter a 6 digit pin. Even if you took the phone apart, you couldn't get to that code without the pin or passcode and the circuit that hides it is set to only verify a test pin every longish amount of time.


Now, this does not address the security of backups, either on your home computer or in the cloud.

stlcdr said...

If you buy a safe, should the person you bought it off keep a master key to that safe 'just in case' the government wants to look in your safe?

If I want to look in your safe, why don't I just take the master key from that person? Indeed, there is absolutely nothing of value to them in the safe, so what is the drive to protect that key?

bleh said...

Frankly, this makes it less likely that I'll continue locking my devices with passwords.

Beloved Commenter AReasonableMan said...

Revenant said...
Don't be ridiculous. I use Amazon Prime Music for that.


I stand corrected, once again.



Bruce Hayden said...

Let me suggest a somewhat contrary view at the VC at WaPo by Orin Kerr: Apple’s dangerous game

OK is an expert at the intersection of the 4th Amdt., etc. and digital media, including smart phones. I thought that his best point concerned exigent circumstances - that if the police found an unlocked smart phone on a suspect, that they could more persuasively use the exigent circumstances exception to the 4th Amdt. to justify searching the phone, then and there, without getting a warrant, because the smart phone will be essentially close to unbreakable by the time that a warrant could be obtained.

Anonymous said...

"So if you set a passcode and then forget it, you'll have turned your device into a paperweight. Whether this new risk is worth the protection from Johnny Law is an open question."

No... No.. Just no.

If you forget your password, the device is not a paperweight. You will have to reset the device to it's original state losing any data on the device.

Depending on how and what you backed up, you can recover your data. Even worst case scenario where all your data is lost, you still have a functional device.