Quote:
Originally Posted by eschwartz
Actually, I am very much disagreeing with you.
Extracting data from a device, be it a computer or smartphone, isn't fundamentally difficult. (It might take expensive equipment only the government is likely to have, it might take a ridiculously long time, but it can be done.)
It is amazing how many people think their laptop is just as secure as their iPhone, because they have a login password on it. 
Not true at all. You can just boot from a USB drive and view all the files in plaintext. Or if they locked the BIOS, pull out the hard drive and plug it into your own computer.
And that is the most basic, kindergarten-level data attack.
Once the enemy owns the hardware (and can afford to make noticeable changes like taking apart the device) they can do anything.
The FBI is under no obligation to run the brute-force attack against the password, on the iPhone itself.
AS THE QUOTE I QUOTED SAID, peel open the iPhone, insert probes into the disassembled bits and pieces, extract the hardware key using an electron microscope, dump the data that you wish to decrypt onto the banks of supercomputers they keep around for exactly this reason, and initiate a bog-standard brute force attack on the data.
Why on earth would a sufficiently determined foe bother following silly rules like using the officially sanctioned iPhone software just because the data started off on an iPhone?
...
The data will be unharmed. Although there is no guarantee that the brute force attack will succeed -- even without iOS wiping the data after x failed attempts, even when millions of attacks in parallel on banks of FBI supercomputers, a sufficiently complex password could take millions of years to crack. (A sufficiently stupid average one could take days or even hours.)
The iPhone itself will be a pile of scrap, yes. |
So let’s see if I got this right. Are you saying the government doesn’t really need Apple’s help; they can just break open the iPhone case, extract the key and the data and run the brute force attack to decrypt the data outside of the phone with a reasonably good chance to succeed -- at least as good a chance as if Apple were creating a back door for them? But that they won’t do it because it would involve “destroying evidence” as dgatwood put it? (By “evidence” I assume he means the phone itself, not the data inside.)
If that’s what you mean, I disagree. First off, if the FBI could do this with a reasonable assurance of success, I doubt the state of the phone itself after physically dismantling it to remove the data is of any evidentiary importance. I’m sure they extract hard drives from computers all the time by breaking open (destroying) the case, without any concern for the computer’s exterior condition afterwards. It is the data inside that is important. Not the phone or computer case. Any evidence on the outside of the phone (or computer) such as fingerprints can be obtained and preserved BEFORE the device is opened.
Second, has what you suggested ever even been done on an iOS 8 iPhone by any law enforcement agency in the world? Aren’t you just talking a big fat hypothetical? Can you site a qualified computer expert or source who will agree with you that this is even feasible for the government to do in this particular case – and not just a highly theoretical, risky endeavor?
And so, if you are disagreeing with me, after all, as I originally thought you were, then I go back to my original response to you which was: If the government has as good a chance to retrieve the data without Apple’s help as with it, then why would they even be litigating this? Are they playing games? Is all this legal wrangling just for the fun of it? Was fighting with Apple in court over eBooks just so delightful they want to keep forcing these expensive legal encounters at taxpayers’ expense?