Keeping the Panda at Arm’s Length: The China Factor in the Apple/FBI Battle

I take perverse pleasure (note to self: discuss with analyst!) in parting company with my libertarian/lefty buddies on the issue of the FBI’s demand that Apple assist in accessing an iPhone phone of the San Bernardino shooter.

The shadow of the People’s Republic of China—and the demands it plans to impose on US vendors of telecom/IT equipment in China once the Obama administration has established the benchmark for law enforcement intrusion—hangs over the whole debate.

And I believe the Obama administration has done a pretty canny job of getting law enforcement’s foot in the door while not letting the CCP panda completely in the tent.

First off, some techy details, as I understand them.  (If I misunderstand them, and somebody points them out, I will happily and humbly correct.)

On older iPhones, if the user was lazy and stuck with a four position numerical passcode instead of choosing a fancier, longer option, local enforcement could attach a “crappy Chinese box”, in the words of an iPhone forensics expert (costing a mere $355 and well within the reach of local cops), to brute force the passcode. i.e. input four-digit numbers into the phone until it hit the right combo.  No more.

A few years ago, Apple updated its security strategy and created unique difficulties to law enforcement.  Specifically, the phone’s memory is wiped (actually the decryption key needed to access the encrypted data gets “forgot” by the phone) if 10 unsuccessful attempts are made to enter the passcode.

To make things extra difficult, Apple installed a separate processor on the new iOS8 iPhones in an area called “Secure Enclave” to handle the passcode/encryption duties.  It includes some circuitry with burned-in random numbers (unique to each phone and “forgotten” i.e. subsequently unknown by Apple) that can’t be read for the purpose of “mirroring” or copying the phone’s memory.  If the phone’s memory can’t be mirrored, it can’t be loaded into a computer or a bazillion computers to attack the mirrors simultaneously to try to hit the passcode.  

There are tech rumblings that the burned-in numbers might be vulnerable to physical inspection i.e. peeling off the chip’s epoxy coating without destroying it and reading the circuits with a scanning electron microscope for mirroring.  But not yet.

Supposedly, even if Apple helps out by disabling the wipe function, the FBI still can’t mirror the new phones for parallel attacks; the only phones they’ll be able to break are the ones that a) they have in their physical possession and b) have rather lame, un-terrorist-worthy four digit numerical passcodes that can be bruteforced through sequential attempts on the phone itself.  Gotta wonder if this is really the case, given the FBI’s avid interest in this capability. 

The government’s demand that Apple provide a firmware update that will disable the wipe function on this one phone has elicited a chorus of heroic squealing both from Apple jefe Tim Cook and the privacy/tech/Apple-adoring segments of the Internet, complaints that I find unconvincing and, I suspect, the Obama administration finds rather irritating.

A lot of thought, I believe, has gone into the government’s case, and it is designed to split the baby into three parts that satisfy a) privacy advocates b) law enforcement and c) the US government’s anxieties about inevitable PRC demands for reciprocal treatment from US tech companies.

The symbolic/precedent setting character of this demand is clear from the fact that the specter of the terrorist bogeyperson has been unleashed by invocation of the San Bernardino shooting even though it’s not terribly likely that Farouk kept a lot of vital info about his rampage on his employer-provided/four digit passcode phone (a phone, by the way, that could have been made transparent to his employer with a $20 piece of software); and the fact that the FBI made its demand public instead of just talking to Apple privately.

I will also add my suspicion that the FBI already knows what's on the phone, or simply doesn't care.  Supposedly, in some goof-up during the investigation, the FBI botched a password reset attempt to gain access to the iCloud account linked to the phone, so that the phone couldn't back up its precious contents to the cloud--where Apple apparently can help extract them.  Oops, so sorry, here comes the All Writs Warrant for Apple to create the firmware bypass to the 10-and-out function on the phone itself.

Anyway, the US government is not demanding a back door that would enable the FBI to eavesdrop on the phone covertly while it’s in the hand of the user; instead it wants Apple to develop a utility that allows the FBI to attack an encrypted phone that is in its physical custody and obtained, presumably, under color of law in a criminal investigation.  And it’s only asking for a one-time firmware update prepared by Apple itself and then destroyed, with Apple exclusively handling its signing certificate, thereby denying the US government a real “backdoor” tool, the ability to deliver certified firmware updates into any and all iPhones.

So, no apparent surveillance capabilities (unless the assumption is that the government will do some TAO operation, acquire a target phone, spend a few days burning it up to read the hardwired factors and bruteforcing the passcode, extract the encrypt/decrypt key, and then covertly return the phone to the hapless enduser in order to spy on him or her; yes, inevitably there will be plans of this sort, but only at the outer limits of practicality), to keep the privacy advocates happy; a legup to the FBI on a rather knotty encryption problem; and relatively limited benefits to the PRC, which craves a universal backdoor into the iPhone for nefarious realtime surveillance of targeted individuals and, instead can only occupy itself with extracting one-time assistance from Apple for single phones in law enforcement custody, presumably only for the noblest and best-articulated of reasons.

And I think Apple understands it too, and what we are seeing with this massive Apple-polishing privacy campaign is an elaborate piece of kabuki whose major purpose is to demonstrate both to its customer base and to the PRC government that it will not provide phone-forcing utilities unless it’s a one-phone deal in response to categorical formal legal compulsion, and executed only by Apple and not by turning over the software fix (probably not terribly fancy) and, most importantly, its signing certificate over to some government agency for repeated use at the government’s discretion and maybe without crossing the search warrant/due process/human rights Ps and Qs.

If I was Apple (and the Obama administration and, for that matter, people who worry about PRC bullying of US IT firms for access to source code, surveillance utilities and the like) I would look for a graceful way to cave in response to a one-time demand through a court in a single case.  Better to button up this issue now, in other words, rather than open the door for the Congress to pass a CALEA-style law with a blanket obligation for Apple to cooperate on issues of this sort--a precedent that would make the PRC pretty happy.

Cynic that I am, I would not be surprised if this public spectacle was paralleled in private by a side deal between Apple and the US government to diddle with the physical encapsulation of the Secure Enclave chip to make it accessible to the FBI, and maybe get more liberal with sharing the signing certificate.  After all Apple, though a relatively insignificant provider of goods and services to the US government compared to behemoth spook servicers Google and Microsoft, is facing uncomfortable scrutiny over a $30 billion/year income tax diddle it's conducting through its (physically nonexistent) Irish affiliate; so the Apple executive agenda probably doesn’t include scorched-earth opposition to the United States or, for that matter, against the People’s Republic of China, which now accounts more than 25% of Apple profits.

In other words, a solution cleverly designed to completely please no own.  And, by that criterion, apparently a signal success!

Updated on Feb. 23, 2016 with some additional observations on the San Bernardino phone and the court order vs. legislation angle.

The Lights That Failed: Terrorism Double Standards in San Bernardino, Paris...and Baicheng?

There have been some darkly amusing moments as the media in United States and France have pushed back against the PRC's efforts to shoulder its way into the privileged ranks of civilized nations that have innocently suffered terrorist attacks.  

More problematic is the unspoken corollary: that the PRC doesn't get the Empire State Building and Eiffel Tower lit up in red & gold whenever a few dozen of its citizens get butchered because maybe, even if the victims were 100% innocent, the perpetrators were not quite 100% guilty.  And the PRC & CCP had a share in that guilt.

In my opinion, this is a sterile moral and intellectual debate in the metaphysics of murder, and a slippery slope for those searching for nuance and extenuating circumstances in the straightforward act of one human being killing another.

Condemn PRC's policies all you want, in other words.  But don't try to excuse or explain murder.

On the other side of the coin, the argument about "who deserves" a big budget public commemoration of their violent death is as empty as the argument over "who doesn't deserve it."

My proposal: no more special light shows just for victims of the "terrorist attacks" who happened to meet their ends in the "membership has its privileges" states of the Western alliance at the peak of the news cycle.  

Light up the Empire State Building and the Eiffel Tower...and Tian An Men...and Red Square... for everybody.  Every night.  Lord knows there's enough murder to go around. 

Don't play favorites.

On one level, the tussle over who's a certified Grade A terrorism victim is just another exercise in great power point scoring.  On another, various countries--not just the PRC, I think--benefit from the additional impunity in security operations that identification as "terrorism victim" provides.

But there's more to it.

The canard that some victims are more...meaningful? ....significant? ...worthier?... innocent? than others is, in my opinion, one of the most cynical and destructive strategems of the "war on terror".

"Terrorism" has never been officially defined as a term under international law thanks in some part to the desire to retain a loophole for asymmetric national liberation struggles.  The BBC, to its credit, refuses to employ it as an editorial characterization of whatever massacre of civilians currently gripsthe public interest, whether or not the the victim/perpetrator combo matches the Beeb's preferred good guy/bad guy alignment.

That leaves governments and politicians free to come up with definitions that suit them.  And they're not squeamish when it comes to asserting the absolute innocence of the victims, the total perfidy of the killers...and the utter blamelessness of the government.  I think that's because they want to dodge any imputation that violence experienced by their citizens is "blowback" i.e. a consequence for government actions that were some fatal combination of immorality, incompetence, and recklessness.  Better, in other words, to shield the government as well as the victims under the umbrella of utter innocence.

In addition to odious moral posturing and runaway national security states, the terrorism narrative brings with it another nasty corollary: the desire to assign the guilt elsewhere that governments are incapable of assuming.  That can get ugly quickly, especially when governments, politicians, demagogues, and opportunists find the pursuit of scapegoats near and far convenient and advantageous.  And the government wants its citizens feeling like victims instead of looking at the problem and demanding a solution.

My rule of thumb is: the louder the government says it's terrorism, the more I think it's blowback. 

My proposal: when it's blowback, call it blowback.  And keep the lights on.  For all humanity.

With that preface, here's a look at the intersection of three major terror tussles in the PRC, France, and the United States which occurred over the last few weeks.
 

CH

December 7, 2015 might turn into a new “Day of Infamy” if the gambit Donald Trump announced—banning the entry of Muslims into the United States “until we figure out what to do” about terrorism—successfully normalizes religious discrimination in American social and political life.


If so, it will represent not necessarily represent a victory for terror,  but another case of blowback for the “terror” narrative that governments and politicians are eager to exploit and citizens increasingly willing to adopt.

It’s a global trend.  And when “terror” narratives collide, the response can be enlightening.

Pre San Bernardino, while Paris was still the focus of the Western terrorism narrative as a result of the November 13th attack, the PRC attempted to piggyback on the wave of revulsion in order to gain acceptance of its own brutal campaign against Uyghurs in Xinjiang.  The PRC focused on its pursuit of the perpetrators of a spectacular slaughter of 50 Han security personnel and miners at a facility at Baicheng, Xinjiang as an “anti-terrorist” operation—with flamethrowers!—equivalent to the massive manhunt for the Paris attackers.

This did not go down well with the Beijing correspondent of the French magazine L’Obs (previously Le Nouvel Observateur), Ursula Gauthier, who dismissed Chinese claims to innocent victim parity with France.

Gauthier wrote:

l’attaque de Baicheng ne ressemble en rien aux attentats du 13 novembre. Il s’agissait en réalité d’une explosion de rage localisée...

The attack at Baicheng in no way resembled the events of November 13.  It was in actuality an explosion of local rage…

In the “rough” English translation Gauthier provided “in no way resembled” came out as “not at all like”.  I leave it to linguists to determine if her translation “in no way resembled” or was “not at all like” the original.

This passage was perhaps not Gauthier’s finest hour as a journalist, because there does not appear to be any documentation or reporting for this sweeping assertion concerning the identity and motives of the Uyghur assailants who lived, murdered, and died anonymously and beyond the reach of Gauthier’s inquiries.

And that did not go down well with Global Times, and with nationalist netizens, who savagely excoriated Gauthier in on-line forums.  And that did not go down well with Foreign Correspondents Club in Beijing, which issued a statement supporting Gauthier, decrying her harassment, and taking the PRC government to task for apparent delays in processing her visa renewal.

Per the Guardian:

Following its publication on 18 November, Gauthier was the subject of inflammatory editorials in the state-controlled Global Times and China Daily, plus several websites linked to the Chinse military.

Websites carried thousands of aggressive comments about Gauthier (including death threats) which also published her photograph and her address.

She was also summoned to the foreign ministry where officials unsuccessfully, sought an admission that her article had been wrong.

The FCCC’s statement said: “Receiving criticism is a normal and necessary part of journalistic work, but this is neither proportionate nor reasonable.”

This ugly incident can be dissected on several levels.

First, Gauthier is unabashed chain-yanker of the PRC on the Xinjiang issue.  Her heart is clearly with the Uyghurs as innocent victims of Chinese oppression, and she is prepared to cut the PRC zero slack when it tries in its turn to claim innocent victimhood in the case of Uyghur attacks.

In March of 2014, just a few days after the massacre of 29 Chinese and the wounding of 140 by, apparently, Uyghurs at the Kunming train station,  Gauthier visited Xinjiang and filed a report on a “Voyage to an Empire of Fear”.  It is a good, revealing picture of PRC’s oppressive strategy and tactics against Uyghurs in Xinjiang.

However, she appeared to get caught in an analytic grey zone by going for “compare and contrast” on the situation in Xinjiang and the event at Kunming.

Gauthier wrote of the Kunming massacre as China’s “first ‘experience’ with terror” delivered at the hands of Uyghur assailants, but she contrasted this with the continual terror experienced by Uyghurs in Xinjiang:

Mais si l’on veut savoir à quoi ressemble vraiment la terreur au quotidien – celle qui s’immisce dans tous les interstices de la vie, empoisonne les relations et paralyse les esprits les plus sereins – il faut se rendre précisément au Xinjiang, à l’extrême ouest de la Chine.

But if we want to know what everyday terror really looks like - one that interferes in every crevice of life, poisons relations and paralyzes the spirits of the most serene - you have to go to Xinjiang specifically, to far west of China. 

Gauthier characterized Kunming as a transient event, an experience, a belated, one-time taste of the chronic terror that Uyghurs have endured at the hands of the PRC in Xinjiang for years.

She seemingly invited the audience to draw connections between the two events to the detriment of Beijing’s “innocent victim narrative” for the Kunming bloodbath.

In other words, Blowback.

This approach undoubtedly put Gauthier on the CCP’s radar, and not in a good way.

When she trotted out the trope a second time in November 2015, this time contrasting genuine terror in Paris with Beijing’s faux terrorism in Baicheng—and as a bonus raising the specter of blowback in “China’s magnificent mega-cities” and not just the second-tier backwater of Kunming “so long as the Uyghurs’ situation continues to get worse” --  the propaganda people were ready for her: a harsh but not terribly inaccurate editorial in Global Times, followed by a vicious hounding on the Chinese Internet.

Aside from frustration and anger and a desire to stick it to Gauthier, I assume the CCP is keen to uphold the “terrorist” classification of ETIM, the purported Uyghur independence movement that George W. Bush granted to the PRC, and which helps shield the PRC from international condemnation for its Israel-in-Palestine type policies in Xinjiang.

Western governments and media have demonstrated a tendency to chip away at the Chinese claim in recent years, and the PRC has pushed back.  There was an outbreak of official and apparently authentic public indignation when the US government and Western newspapers apparently resisted characterizing the Kunming slaughter as terrorism.

An example of US chariness in anointing the PRC with the chrism of “authentic and approved terrorism victim” was seen in the immortal response of State Department spokesperson Jan Psaki, even after the UN Security Council had obligingly condemned the Kunming attacks as terrorism:

Well, we acknowledge that China has characterized the incident as a terror act. We extend our condolences for the loss of life. We of course oppose terrorism in all of its forms, and based on the information reported by the Chinese media, this appears to be an act of terrorism targeting random members of the public. We don’t have any other independent information, but again, we of course deplore violence intentionally directed at innocent civilians in any case, regardless of whether — regardless of the cause. So that is where we are.

Thanks, Jan.

Recently, the PRC has become extremely aggressive in pursuing the return of Uyghurs who have fled the country to various countries in Southeast Asia.  The PRC calls it the legal return of illegal immigrants; human rights groups characterize it as “refoulement,” under international law the illegal return to their home country of refugees fearing persecution.  The most striking recent case was the return of over one hundred Uyghurs by Thailand, which attracted vociferous criticism—criticism that the PRC finds easier to ignore as long as it asserts it is handling an internationally acknowledged terrorist threat from ETIM.

So when a Western journalist asserts that the massacre of 50 miners and security personnel is not a “terrorist” act, it’s time to protect the franchise.

And the Uyghur resistance is showing signs of evolving beyond the spontaneous, righteous axe-wielding enthusiasts sympathetically chronicled by Gauthier to something that looks more like terrorism.

Thanks to the PRC policies, there are Uyghur militants in Afghanistan, Uyighur jihadis in western Pakistan, Uyghurs who escaped China and acquired a taste for jihad in South East Asia, Uyghurs recruited as paramilitary assets by the elements in the Turkish security forces, Uyghurs with a mind to obtain training and experience in Middle East battlefields and wreak havoc on their oppressors…

…just as the Paris attackers—Europeans, every one of them, journeyed to Syria for inspiration, comrades, and skills for their carnival of murder in mid November.

The Uyghur attackers perforce use axes and “machetes”; the Paris attackers also took up the weapons at hand— improvised home-made explosives and, thanks to the effective offices of Belgian gunrunners, machine guns and rocket launchers.

One passage of Gauthier’s article which is, I regret to say, inadvertently ironic, OK, I'll admit I laughed out loud, which is terrible thing to do, is her earnest account of the genuinely awful indignities that the PRC metes out on the Uyghurs on top of its omnipresent security activities:

Pitiless repression… is wiping out all aspects of Uyghur life – culture, language, religion, access to education, jobs, even a passport. …

A few examples:

A number of traditional Muslim given names have been banned. Anyone with such a name must change it…
Uyghur restaurants are now obliged to offer their clients cigarettes and alcohol…

Civil servants must eat in public during Ramadan…

Any man wearing a beard is naturally suspected of religious extremism, along with any woman wearing a headscarf…

And now, any young man who stops smoking or turns down the offer of a beer is also suspected of extremism.

OK, that’s Xinjiang.  Let’s look at France.

Starting with the historical big picture, you’ve got the brutal, failed French neo-colonial exercise in Algiers (estimated 700,000 lives, mostly Algerian, lost), which Gauthier perhaps regards as a precedent for the PRC in Xinjiang.

The biggest “terrorist” incident in France prior to the November 13 outrage was the extrajudicial slaughter of an estimated 200 pro-independence Algerian demonstrators by French police in Paris in 1961.
 
As for more recent affronts to the dignity of French Muslims supposedly enjoying the post-colonial French nirvana, I’ll outsource this to Time:

In 2008, a French court denied a Moroccan woman French citizenship on the grounds that her veil and her submissiveness to her husband were “assimilation defects.” Though the New York Times reported “almost unequivocal support for the ruling across the political spectrum,” one Muslim leader told the paper he worried the decision set a precedent for arbitrary decisions of what constitutes a radical Muslim lifestyle. In 2010, the French Senate banned public wearing of face-coverings, including the Muslim face-veil, the niqab. And in 2013, the government launched what it called a Charter for Secularity in School, a set of guidelines on 15 key points of secularism to be posted in classrooms as an attempt to keep religion out of school. The then-government education minister, Vincent Peillon, insisted it was an attempt “to get everyone together,” but it had the opposite effect, with Muslim leaders claiming it stigmatized their community.

Here’s a post-Paris-massacre national emergency bonus, courtesy of Al Jazeera:

France is likely to close up to 160 mosques in the coming months as part of a nationwide police operation under the state of emergency which allows places of worship that promote radical views to be shut down, one of the country's chief imams has said.

The “chief imam”, by the way, is Hassan El Alaoui.  He is France’s prison-chaplain general, and is the first Muslim to serve in that post by virtue of the fact that Muslims, who comprise 8% of the overall French population, compose 70% of its prison population.  In addition to his duties in keeping the lid on the furious, radicalized Muslims inside the prisons, El Alaoui “is in charge of nominating regional and local Muslim imams.”

Post-attack, France has also opted out of the European Human Rights Convention, thereby allowing the government “to impose house arrest without authorization from a judge, conduct searches without a judicial warrant and seize any computer files it finds, and block websites deemed to glorify terrorism without prior judicial authorization."

I think that’s enough ironic juxtaposition for now.

Though it may not go down too well with Gauthier or foes of false equivalence, it can be said France is not the Uyghurs in the blowback/terrorist equation; it’s the Chinese.

And, to be even-handed, I tend to put the San Bernardino shootings in the same class as Paris: not a strategic assault directed by ISIS, but more likely an extremely ugly piece of blowback by Syed Farook and Tashfeen Malik, a devoutly Muslim Pakistani couple perhaps seeking revenge for US violence, specifically in Pakistan through its drone strikes, via Israel against the Palestinian people, and against the ummah in the Middle East generally through its support and conduct of promiscuous military operations that are, quite frankly, impossible to accurately enumerate.

“Terrorism,” which applies moral censure to the perpetrator and bestows innocence by association on the victim, sounds a lot better than “Blowback”.  But it obscures the motive for the crime and vastly confuses the response.

In the case of San Bernardino, we could regard it as workplace murder committed by a psychopathic couple with a warped sense of grievance perhaps intensified by workplace frictions (if one or more of their victims were co-workers who allegedly taunted Farook about Islam, I wonder if we’ll hear about it in the laudatory obituaries)—and, in terms both callous and accurate, the bloody cost of doing business as a global military empire.

Instead, the attacks were, after what appears to be some internal hesitation, characterized as by the FBI as “terrorism,” an attack on the American way of life by a radical Islamist impulse nurtured by ISIS even though the group apparently had no meaningful contact with the couple.  As a result of the San Bernardino murders, the United States is now having a serious conversation, mainly on the conservative side to be sure, about banning Muslims from entry into the United States.

Judging by his television address on December 6, I think President Obama, as well as myself, is bemused and appalled by the runaway development of the ISIS terror narrative.  I expect he would prefer that the nation’s moral and political energies be concentrated on preventing recurrent domestic “terrors” like the school shooting at Sandy Hook—where a US citizen massacred 20 children and six adults (12 more fatalities than at San Bernardino)—through national gun control.

Instead, America is getting a brisk shove down the road to fascism by proposing discrimination against an entire class of people because of their religion…and, if anecdotal evidence is representative, Americans are buying guns by the truckload.

“Terror” transforms a single criminal act into an attack on the nation.  Too often, the response is an exercise in fear and futility.  The perpetrators are usually dead, the accomplices unknown, the threat obscure, the enemy the sense of danger inside our own heads.  A sense of wronged innocence and moral certainty are of limited use in this kind of struggle.  Fourteen years after the War on Terror officially began, after hundreds of billions of dollars, thousands of lives, and at the cost of some essential human liberties and values, nobody seems very close to victory.

Not the United States, not France, not the People’s Republic of China.

Correction on San Bernardino Shooter/Lal Masjid Link

Yesterday I wrote a post, The Bloody Key to the San Bernardino Massacre: Radicalisation at the Lal Masjid Mosque in Pakistan, based upon unconfirmed news reports that President Obama had notified Pakistan PM Nawaz Sharif that a photograph showing Tashfeen Malik, the female shooter at San Bernardino, with fire-eating Pakistani cleric Maulana Abdul Aziz had been found.

The reports have been denied by Sharif’s office, and by Maulana Abdul Aziz personally in a press statement reported by the Pakistan Tribune.

“I swear, I do not know Tashfeen Malik and have never been photographed with her,” he said in a statement issued on Saturday. “I have never even been photographed with my wife and daughters. How can you imagine me being photographed with a na-mahram (woman who is not related to me),” he asked.

…

Umme Hassan, Aziz’s wife and the principal of the Jamia Hafsa seminary, also supported her husband, saying he rarely gives interview to female journalists, and whenever he did give one, Hasan or one of their daughters would sit in the room with Aziz.

“I can say with complete assurance that Malik… never took a photograph with him,” she said.

I find their statements convincing because Maulana Abdul Aziz is apparently allergic to having his picture taken.  Indeed, on the Internet one finds occasional pictures of him in public settings with men, but not women, and no personal “grip and grin” “wall of fame” individual shots with fans and followers, male or female.

And I was too quick to speculate on the possibility that Malik attended the madrassa at Lal Masjid.  As I subsequently found out, she got a degree in pharmacy at Bahauddin Zakariya University in Punjab.

So post in haste, repent in haste.  

There is no demonstrated link between Tashfeen Malik and Lal Masjid mosque or Maulana Abdul Aziz.

I’ve inserted this statement on my previous post.