Archive for February 2016 - Page 1

    Apple v. FBI: Apple's Response

    Apple has filed its motion to dismiss the court order that would compel Apple to write custom software to allow the FBI to bypass the security mechanisms on an iPhone 5c that possibly contains data from one of the perpetrators of the December 2015 shootings in San Bernadino, California.

    As a note, I am not a lawyer (nor do I pretend to play one on the Internet). So these are strictly my own thoughts about the motion and the case in general.

    This case is very complex and has many aspects to it. I will not try to ascertain every issue surrounding the case, but will try to point out the ones that I think are relevant.

    The Facts

    Below are the facts, as far as I can ascertain, about the case. If there are some that are relevant that I have omitted, or if some of these are not correct, please let me know.

    • The Courts have ordered Apple to comply with an order that compels Apple, under the All Writs Act of 1789, to assist the Federal Bureau of Investigations (FBI) with defeating the security on the iPhone 5c in question in order to obtain the information on the device.
    • The assistance being asked includes writing software that has never been written, nor would Apple willingly write.
    • The iPhone 5c in question is owned by the San Bernadino County Public Health Department (SBCPHD).
    • The iCloud password was changed by the SBCPHD at the request of the FBI.
    • Apple suggested to the FBI to bring the iPhone to a known network (as in the SBCPHD wireless or the suspect's home network), to allow the iPhone to perform an iCloud Backup.
    • Apple wanted to work with the FBI and asked the FBI to keep the request under seal. The FBI refused and made it public; thereby forcing the issue into the open.

    Some of the FBI and Department of Justice (DOJ) Arguments

    • This is a one-off case.
    • This falls under the All Writs Act of 1789.
    • Complying does not require much effort on Apple's part.

    Some of Apple's Arguments

    • This is not a one-off case.
    • Would be an undue burden.
    • Violates the First and Fifth Amendments of the Constitution.

    The Motion to Vacate the Order

    I read through the 65 page motion and a few passages really stuck out to me.

    In addition, compelling Apple to create software in this case will set a dangerous precedent for conscripting Apple and other technology companies to develop technology to do the government’s bidding in untold future criminal investigations. If the government can invoke the All Writs Act to compel Apple to create a special operating system that undermines important security measures on the iPhone, it could argue in future cases that the courts should compel Apple to create a version to track the location of suspects, or secretly use the iPhone’s microphone and camera to record sound and video.

    Having just finished re-listening to George Orwell's book, and the movie based on the book, 1984, if Apple is compelled to comply, we will very soon be entering into 1984 territory.


    "As Apple has explained, the technical assistance sought here requires vastly more than simply pressing a “few buttons."

    This is referencing the previous instances where Apple was asked to comply with bypassing the passcode for older iPhones running older versions of iOS. With these versions of iOS, the passcode on these devices could more easily be bypassed without much effort from Apple. What would equate to "pressing a few buttons".


    But compelling minimal assistance to surveil or apprehend a criminal (as in most of the cases the government cites), or demanding testimony or production of things that already exist (akin to exercising subpoena power), is vastly different, and significantly less intrusive, than conscripting a private company to create something entirely new and dangerous. There is simply no parallel or precedent for it.

    What the FBI is asking for is something that has never been done, nor has any company ever been compelled to do previously.


    Under well-settled law, computer code is treated as speech within the meaning of the First Amendment...The Supreme Court has made clear that where, as here, the government seeks to compel speech, such action triggers First Amendment protections.

    Apple is arguing, as far as I understand it, that since computer code is considered free speech, Apple cannot be compelled to create computer code, which is their first amendment right not to do.


    Lastly, it will have to be signed with Apple’s cryptographic key verifying that it is Apple-authorized software. Absent Apple’s proper cryptographic signature, this device will not load GovtOS...Apple would not agree to sign GovtOS voluntarily because it is not software that Apple wants created, deployed or released.

    This is similar to the one above. The only way for iPhones to be able to load software onto an iPhone is with Apple's cryptographic key used to sign software. Without this signature the software will not load onto an iPhone.


    The virtual world is not like the physical world. When you destroy something in the physical world, the effort to recreate it is roughly equivalent to the effort required to create it in the first place. When you create something in the virtual world, the process of creating an exact and perfect copy is as easy as a computer key stroke because the underlying code is persistent.

    This argument is one of Apple's primary concerns. If this was a "one off" creation, as the FBI states, Apple could destroy the software. Unfortunately, it's not that easy. Apple would likely be required to retain the code, along with all of the accompanying documentation to be able to indicate in a court how it went about creating the software. This would require them to have documentation about this as well, meaning that Apple could not simply "destroy" the software after its use.


    The All Writs Act, first enacted in 1789 and on which the government bases its entire case, “does not give the district court a roving commission” to conscript and commandeer Apple in this manner...In fact, no court has ever authorized what the government now seeks, no law supports such unlimited and sweeping use of the judicial process, and the Constitution forbids it.

    Apple is arguing that the use of the All Writs Act does not apply in this case because it would give the FBI and other law enforcement agencies the ability to do whatever they want, whenever they want.


    In addressing the twin needs of law enforcement and privacy, Congress, through the Communications Assistance for Law Enforcement Act (CALEA), specified when a company has an obligation to assist the government with decryption of communications, and made clear that a company has no obligation to do so where, as here, the company does not retain a copy of the decryption key. 47 U.S.C. § 1002(b)(3). Congress, keenly aware of and focusing on the specific area of dispute here, thus opted not to provide authority to compel companies like Apple to assist law enforcement with respect to data stored on a smartphone they designed and manufactured.

    Since Apple does not retain the decryption key, it is not able to meet the requirements. The decryption key is derived from a Unique Identifier (UID) that is created during the fabrication process, and the user's passcode. Apple never knows the UID, and without this, it is nearly impossible to break the encryption without the passcode.


    The last one, is just a funny one.

    Indeed, as the Supreme Court has recognized, “[t]he term ‘cell phone’ is itself misleading shorthand;...these devices are in fact minicomputers” that “could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers.” Riley v. California, 134 S. Ct. 2473, 2488–89 (2014) (observing that equating the “data stored on a cell phone” to “physical items” “is like saying a ride on horseback is materially indistinguishable from a flight to the moon”).

    It is a good analogy. A "Cell Phone" these days are being used as a phone less and less. The functions are well beyond this these days. The comparison is quite accurate.


    My Thoughts

    Before I read Apple's arguments, I decided that I was on the side of privacy and security. After reading Apple's arguments I stand by this opinion even more. I think Apple makes a compelling case against having to follow this order. What the FBI is asking Apple to do, Apple does not want to do. It goes against their core principles of privacy and security for their customers. Furthermore, it goes against what the Supreme Court has already ruled is permissible under the All Writs Act of 1789.

    As Apple has argued, it is not up to the federal government agencies to be given carte blanche to use any method that they want to gain access. Congress has already written the laws to restrict what law enforcement agencies are able to do.

    This fight is long from over and will not be settled anytime soon. It is entirely possible that it will make its way to the Supreme Court. We shall see. It is likely that there will be future posts regarding this case in the future.

    Update February 29th, 2016

    I wrote a majority of this story last week when Apple responded, but had not been able to post it until now. Today has brought an interesting change. In a similar case to the one in San Bernadino, there has been a ruling by Magistrate Judge James Orenstein. The case involved the government used the argument of the All Writs Act of 1789 to compel Apple to bypass the passcode on an Apple iPhone. This one was for a case involving drugs.

    Judge Ornstein has denied the government's motion. His introduction states:

    The government seeks an order requiring Apple, Inc. ("Apple") to bypass the passcode security on an Apple device. It asserts that such an order will assist in the execution of a search warrant previously issued by this court, and that the All Writs Act, 28 U.S.C. § 1651(a) (the "AWA"), empowers the court to grant such relief. Docket Entry ("DE") 1 (Application). For the reasons set forth below, I conclude that under the circumstances of this case, the government has failed to establish either that the AWA permits the relief it seeks or that, even if such an order is authorized, the discretionary factors I must consider weigh in favor of granting the motion. More specifically, the established rules for interpreting a statute's text constrain me to reject the government's interpretation that the AWA empowers a court to grant any relief not outright prohibited by law. Under a more appropriate understanding of the AWA's function as a source of residual authority to issue orders that are "agreeable to the usages and principles of law," 28 U.S.C. § 1651(a), the relief the government seeks is unavailable because Congress has considered legislation that would achieve the same result but has not adopted it. In addition, applicable case law requires me to consider three factors in deciding whether to issue an order under the AWA: the closeness of Apple's relationship to the underlying criminal conduct and government investigation; the burden the requested order would impose on Apple; and the necessity of imposing such a burden on Apple. As explained below, after reviewing the facts in the record and the parties' arguments, I conclude that none of those factors justifies imposing on Apple the obligation to assist the government's investigation against its will. I therefore deny the motion.

    This ruling likely means that the case will be appealed, Even so, this ruling will likely bolster Apple's case in San Bernadino.

    There is also this footnote from the Judge:

    In considering the burden the requested relief would impose on Apple, it is entirely appropriate to take into account the extent to which the compromise of privacy and data security that Apple promises its customers affects not only its financial bottom line, but also its decisions about the kind of corporation it aspires to be. The fact that the government or a judge might disapprove Apple’s preference to safeguard data security and customer privacy over the stated needs of a law enforcement agency is of no moment: in the absence of any other legal constraint, that choice is Apple’s to make, and I must take into account the fact that an order compelling Apple to abandon that choice would impose a cognizable burden on the corporation that is wholly distinct from any direct or indirect financial cost of compliance.

    The judge is absolutely correct in this. This is the type of Judge that we need not just on the lower courts, but also on the Supreme Court.

    To read the full ruling, you can go here. It is a full 50 pages for the response.

    Tags:

    Podcasts Connect from Apple

    image

    Undoubtedly you have heard the term "podcasts". Depending on your geek level, you may have not heard of them until late in 2014 with the release of the popular podcast Serial. Even though they may not have become super popular with most users, podcasts have been around well before then, for more than a decade now to be exact. Podcasts got their biggest bump, prior to Serial, when Apple added Podcast support to iTunes with version 4.9 in June of 2005.

    Anybody can create a podcast and have it submitted to the iTunes Podcast Directory. Given the size and breadth of podcast types available in iTunes, many 3rd party podcast applications will use the iTunes Store to verify a podcast.

    Previously, when a podcast creator wanted to submit a new podcast to the iTunes Podcast Directory, they had to use a form to submit their Podcast URL to Apple. Apple would crawl the feed and validate it, and if everything looked alright your podcast would go live.

    The submission process was quite simple, but what happened if you changed hosting providers? You would have to do a manual redirect from your old feed to your new one. Once the redirect was in place, the iTunes Store would pick up the new feed and be updated. While this was as good method, it was not the best.

    Podcasts Connect

    To create a better experience, Apple has created a new portal for podcast creators called Podcasts Connect. Podcasts Connect allows for better management of existing podcasts as well as adding new podcasts.

    With the Podcasts Connect site, to add a new podcast, you login with your Apple ID. Click on the "+" button in the upper left. You will be presented with one field to add your podcast, the RSS Feed. Enter in the RSS feed and click on "Validate". Once you have clicked on the "Validate" button, many checks will be done on the feed.

    These include, but are not limited to, checking the artwork, verify the RSS feed itself is valid, that episodes can be downloaded, a category for your podcast exists, whether or not an explicit tag is provided, and whether the podcast feed already exists.

    If any of these items are not present, or if the feed has been submitted already, the validation will provide you with information about issues to rectify. An example is below.

    Podcast.Connect.Errors

    If your feed passes all of the checks, you will be presented with a preview page, similar to the one below, and the status of the podcast will change to "Prepared for Submission".

    Podcasts.Connect.Preview

    After you have double-checked everything on the page to verify that it is correct, you can click on the "Submit" button in the upper right it will submit the podcast for review. Once it is approved, you will receive an email stating such and it will be available in the iTunes Podcast Directory.

    Podcasts.Connect.Submited.Review

    Editing an existing Podcast

    There are times that you, as a podcast owner, may end up needing to change the feed for your podcast. It could be because you are switching hosting providers, or it could be because your podcast has become quite popular and need to create caching for podcast feeds. With Podcast Connect you are able to edit the RSS feed. To do this perform the following

    1. Login to Podcast Connect.
    2. Locate the podcast you wish to edit.
    3. Click on the cover for the podcast.
    4. In the URL field, put in the updated RSS feed.
    5. Click on "Save".

    On this page you will also notice a couple of features. The first is the "Last Refresh" time. This is good for determining when your podcast was last updated by Apple. There are also a few other features. You can refresh the feed. When you click on this, you will receive a message similar to the one below:

    Podcast.Connect.Refresh

    You can view the Podcast in iTunes, so you can see how it appears to others.

    You can also hide the podcast from the directory. It is not 100% clear whether or not the feed will continue to refresh if hidden. It is presumed that it will.

    The last option is to delete the podcast. This option will be best used if you no longer want to list your podcast in the iTunes Podcast Directory.

    Possibile Future Features

    Even though this is a great step forward forward in allowing easier management for podcast owners. I do think this step could bring some additional options in the future. One of the features that could easily be added would be the ability to charge for podcasts. Within iTunes it shows as "Free". Yet, by adding a couple of options to the page, it may be possible to have a subscription model for a podcast. While I do not think many would take advantage of an option like this, it might be possible. Yet, knowing Apple it may not be very likely to happen anytime soon.

    Final Thoughts

    The addition of Podcasts Connect will make it easier to add and modify Podcasts. While many of the more tech-focused podcast owners would be able to create redirects easily. However, for the majority of non-technical podcast owners will now be able to make changes quite easily. I hope to see more portals like this from Apple that will make things easier for other types of users.

    Tags:

    Apple's Answers on Security

    image

    Last week Apple's CEO Time Cook published a letter regarding Apple's stance on refusing to follow a judge's order. This created uproar within the technology community; and rightfully so given the ramifications that this case will have on future generations.

    This morning Apple has published a Frequently Asked Questions page regarding their letter.

    I recommend that everybody go and read it. It embodies why I signed the Petition that asks the White House to stop attempting to compel companies to create backdoors in their products.

    Tags:

    Apple watchOS Feature Request: iPhone Battery Level

    image

    One of the features that was added to watchOS 2.0 allows the ability to use complications to show information from third-party applications. Even with no third-party applications installed, Apple has some pre-installed complications.

    One of the complications that I would like to see is one that displays the remaining battery on the iPhone. One might think that it may be redundant to have the iPhone's battery level on the watch. While at this moment I could agree, yet I am thinking long term.

    The time I am imaging is three years from now when the presumedly named iPhone 8s is available with the Apple Watch 4. Battery life will likely be much longer on both devices, particularly if Apple takes what user's desire in mind. It is likely that the Apple Watch will get its own cellular radio, which means it will not need to be tied to an iPhone.

    Right now, if I wanted to, I could get approximately 24 hours of battery life on both my iPhone 6s Plus as well as my Apple Watch.

    To be fair, I have the largest of the devices, the 6s Plus and the 42mm Apple Watch Sport. The larger size of both of these devices does allow for more battery, and with these devices having larger batteries, I do likely have longer battery life than most users get with their iOS devices.

    With the Apple Watch getting more energy efficient and getting even longer battery life, in conjunction with a cellular radio in an Apple Watch, it could become a useful to know when you need to charge your iPhone. A subsequent feature that would be nice to have, that would go well in conjunction with the battery level complication, would be the ability to put an iPhone into Low Power mode from an Apple Watch Watch. The ability to put an Apple Watch into Power Reserve is already possible with a glance.

    These are just a couple of ideas that I had regarding some possible features for the Apple Watch. I think these two features would make the product a bit more appealing to users who might be on the fence regarding the Apple Watch.

    Tags:

    iPad Pro Accessory Availability for 02/15/2016

    image

    There have been some additional changes to the availability of the Apple Pencil. It has improved from multiple business days to being "In Stock". With the iPad Pro, Smart Keyboard, and Apple Pencil all being available, this will likely be the last update on the iPad Pro, and its accessories.

    Even with this, the latest available will still be available at https://www.waynedixon.com/ipadpro/

    Apple Pencil Changes

    • United States has gone from '2-4 business days' to 'In Stock'
    • United Kingdom has gone from '1-3 business days' to 'In Stock'
    • Germany has gone from '1-3 business days' to 'In Stock'
    • Italy has gone from '1-3 business days' to 'In Stock'
    • France has gone from '1-3 business days' to 'In Stock'
    • Ireland has gone from '1-3 business days' to 'In Stock'
    • Switzerland has gone from '1-3 business days' to 'In Stock'
    • Denmark has gone from '1-3 business days' to 'In Stock'
    • Belgium has gone from '1-3 business days' to 'In Stock'
    • Norway has gone from '1-3 business days' to 'In Stock'
    • Spain has gone from '1-3 business days' to 'In Stock'
    • Netherlands has gone from '1-3 business days' to 'In Stock'
    • Austria has gone from '1-3 business days' to 'In Stock'
    • Canada has gone from '2-4 business days' to 'In Stock'
    • Mexico has gone from '2-4 business days' to 'In Stock'
    • Russia has from '1-3 business days' to '1 business day'
    • Portugal has gone from '1-3 business days' to 'In Stock'
    • Poland has gone from '1-3 business days' to 'In Stock'
    • Hungary has gone from '1-3 business days' to 'In Stock'
    • Luxembourg has gone from '1-3 business days' to 'In Stock'
    • Czech Rep. has gone from '1-3 business days' to 'In Stock'
    • Turkey has gone from '1-3 business days' to 'In Stock'
    • UAE has from '1-3 business days' to '1 business day'
    • Finland has gone from '1-3 business days' to 'In Stock'
    • Sweden has gone from '1-3 business days' to 'In Stock'
    Tags:

    iPad Pro Accessory Availability for 02/03/2016

    image

    The iPad Pro accessories continue to see improvements. Particularly with the Smart Keyboard, where in many countries is now "In Stock". Even with this, the Apple Pencil has also improved with many places being 1 to 3 days before being shipped. The availability is below, and current availability can be seen at https://www.waynedixon.com/ipadpro/.

     

    Apple Pencil Changes

    • United States has improved from '7-10 business days' to '2-4 business days'
    • United Kingdom has improved from '7-10 business days' to '1-3 business days'
    • Australia has improved from '3-5 business days' to '1-3 business days'
    • Germany has improved from '7-10 business days' to '1-3 business days'
    • Italy has improved from '7-10 business days' to '1-3 business days'
    • France has improved from '7-10 business days' to '1-3 business days'
    • Hong Kong has improved from '3-5 business days' to '1-3 business days'
    • Ireland has improved from '7-10 business days' to '1-3 business days'
    • New Zealand has improved from '3-5 business days' to '1-3 business days'
    • Switzerland has improved from '7-10 business days' to '1-3 business days'
    • Denmark has improved from '7-10 business days' to '1-3 business days'
    • China has improved from '7-10 business days' to '1-3 business days'
    • Malaysia has improved from '3-5 business days' to '1-3 business days'
    • Belgium has improved from '7-10 business days' to '1-3 business days'
    • Japan has improved from '3-5 business days' to '1-3 business days'
    • Norway has improved from '7-10 business days' to '1-3 business days'
    • Spain has improved from '7-10 business days' to '1-3 business days'
    • Netherlands has improved from '7-10 business days' to '1-3 business days'
    • Austria has improved from '7-10 business days' to '1-3 business days'
    • Canada has improved from '7-10 business days' to '2-4 business days'
    • Mexico has improved from '7-10 business days' to '2-4 business days'
    • Russia has improved from '7-10 business days' to '1-3 business days'
    • Portugal has improved from '7-10 business days' to '1-3 business days'
    • Poland has improved from '7-10 business days' to '1-3 business days'
    • Hungary has improved from '7-10 business days' to '1-3 business days'
    • Luxembourg has improved from '7-10 business days' to '1-3 business days'
    • Thailand has improved from '3-5 business days' to '1-3 business days'
    • Czech Rep. has improved from '7-10 business days' to '1-3 business days'
    • Turkey has improved from '7-10 business days' to '1-3 business days'
    • UAE has improved from '7-10 business days' to '1-3 business days'
    • Finland has improved from '7-10 business days' to '1-3 business days'
    • Sweden has improved from '7-10 business days' to '1-3 business days'

    Smart Keyboard Changes

    • United States has gone from '1 business day' to 'In Stock'
    • United Kingdom has gone from '1 business day' to 'In Stock'
    • Germany has gone from '1 business day' to 'In Stock'
    • Italy has gone from '1 business day' to 'In Stock'
    • France has gone from '1 business day' to 'In Stock'
    • Ireland has gone from '1 business day' to 'In Stock'
    • Switzerland has gone from '1 business day' to 'In Stock'
    • Spain has gone from '1 business day' to 'In Stock'
    • Austria has gone from '1 business day' to 'In Stock'
    • Canada has gone from '1 business day' to 'In Stock'
    • Mexico has gone from '1 business day' to 'In Stock'
    • Russia has gone from '1-2 weeks' to '1 business day'
    • Portugal has gone from '1 business day' to 'In Stock'
    • Poland has gone from '1 business day' to 'In Stock'
    • Hungary has gone from '1 business day' to 'In Stock'
    • Czech Rep. has gone from '1 business day' to 'In Stock'
    • Turkey has gone from '1 business day' to 'In Stock'
    Tags: