Opening Pandora’s iPhone

According to Greek legend, Pandora, the first woman on Earth, was given a box that she was instructed never to open. Curiosity overcame her, however, and when she lifted the lid, all the evils of the world flew out. ((Men are always blaming women for all of their troubles. I think history has shown that men don’t need any assistance in creating trouble. We’re really, really good at creating trouble all on our own.)) ~ Endangered Phrases, Steven D. Price

On Tuesday, February 16, 2016, a judge at the United States District Court of California issued an order compelling Apple to assist the FBI in decrypting a phone used by one of the shooters involved in the San Bernardino shootings. Apple has balked at the request.

The key is finding that backdoor that can be used appropriately by law enforcement with the appropriate judicial oversight. Search warrants and appropriate court involvement,” Stickrath said. ~ Steubenville rape trial also hindered by iPhone encryption, NBC4i.com

No. That is not the key. That is not the key at all.

There are no fourth amendment issues here. No one is objecting to the police searching the phone with proper judicial oversight.

Hypothetical

The San Bernardino shootings were bad enough, but let’s take this to its logical extreme. Suppose the FBI thought there was information in a suspect’s home that might help them PREVENT an imminent terrorist attack involving a tactical nuclear weapon.

Yikes! That’s about as bad as it gets, but plausible, no?

I’m absolutely convinced that the threat we face now, the idea of a terrorist in the middle of one of our cities with a nuclear weapon, is very real and that we have to use extraordinary measures to deal with it. ~ Dick Cheney ((The Military Quotation Book by James Charlton))

The FBI, having gone through all the proper procedures, goes to the suspect’s home to search for evidence. Only, there is a problem. The home is impenetrable, has only one door, and that door can only be opened with the homeowner’s password. And the homeowner is dead

The FBI goes to the company that built the home and installed the door and asks them for their assistance in opening the door. Perfectly reasonable request. The homebuilder would have to be some kind of monster ((Or Apple?)) to turn down such a request.

One of the great mistakes is to judge policies and programs by their intentions rather than their results. ~ Milton Friedman

Here’s the thing. First, this homebuilder has installed the same type of lock on every one of the 1 billion (and counting) homes they have constructed. Just to put that in perspective, there are around 7 billion people on the planet.

Second, if the homebuilder creates a passkey for this home, the key would work on the doors of all the other 1 billion homes too.

And of course, we’re not really talking about 1 billion homes. If the FBI asks this homebuilder for a master key, they’re going to, soon enough, ask all the other homebuilders for their master keys too, right? Effectively, a master key to almost every home, almost everywhere, will be in the hands of the FBI.

Trust

No problem, right? The key will be safe and secure in the possession of the FBI, right?

Right?

The truth is that all men having power ought to be mistrusted. ~ James Madison

Well, it’s possible that, every now and again, the FBI bends the rules just a bit. But they only do so to get the bad guys, right? And we’re one of the good guys, right? We have no reason to fear the FBI having a passkey to our homes. We’ll never give them legal cause to use it, right?

Giving an encryption key and the power to use it to the government is like giving car keys and whisky to teenage boys. ~ paraphrasing P.J. O’Rourke ((Giving money and power to government is like giving whiskey and car keys to teenage boys. ~ P.J. O’Rourke))

Even if we assume the FBI is 100% trustworthy 100% of the time ((That’s a mighty big “if”. I can trust my dog to guard my life, but I can’t trust him to guard my food. Similarly, I can trust law enforcement to guard my life, but I can’t trust them to guard my privacy.)) , we’ve still got at least three big problems.

Problems

1) Once the key is in the FBI’s possession, the FBI computers can be hacked and the key stolen.

2) Once the key is made, the integrity of the encryption will have been compromised and other clever people will be able to copy or create a duplicate of the key too.

3) If the FBI can order a key made, so can every other governmental body. From New York to New Zealand, from Chinatown to China, from South Africa to North Korea — everywhere the builder builds, they will have to provide the governing authority with a master key.

CbqPx0bWIAEC5vO
Source: Privacy Camp

History

If you want to see the future, look to the past.

— If you don’t believe the police will unlawfully use the key, then I encourage you to study the history of the fourth amendment
— If you don’t believe the key can be duplicated, then I encourage you to study the history of encryption
— If you don’t believe that government computers can be hacked, then I encourage you to study the history of computing
— If you don’t believe the key will be abused, then I encourage you to study the history of humankind

There is nothing new in the world except the history you do not know. ~ Harry S. Truman

Dilemma

So, do we allow a horrendous crime to occur we could have prevented? Or do we catch the scumbag and prevent the crime at the cost of subjecting our homes (actually, our smartphones) to a search by anyone powerful enough to demand, or clever enough to copy, the master key?

The answer can’t be “both”. It’s either/or. One or the other. You can’t have your encryption and eat it too. ((You can’t have your cake and eat it (too) is a popular English idiomatic proverb or figure of speech. The proverb literally means “you cannot both retain your cake and eat it”. Once the cake is eaten, it is gone. It can be used to say that one cannot or should not try to have two incompatible things. The proverb’s meaning is similar to the phrases “you can’t have it both ways” and “you can’t have the best of both worlds.” ~ Wikipedia))

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety ~ Benjamin Franklin ((From the Quote Verifier, by Ralph Keys: “So many quotations are misattributed to Benjamin Franklin that it’s refreshing to consider something Franklin actually said but for which he rarely gets credit. His actual words, in the Pennsylvania Assembly in 1755, were “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” Twenty years later, in 1775, Franklin wrote in a political critique, “They who can give up essential liberty to obtain a little temporary Safety, deserve neither Liberty nor Safety.” This thought of Franklin’s is sometimes credited to Jefferson.”))

I know where I stand. Where do you stand?

The boisterous sea of liberty is never without a wave. ~ Thomas Jefferson

Author’s Plea: I know it’s asking a lot, but let’s try to keep the political rhetoric out of the comments. The issue is divisive enough without it.

“It is the certainty that they possess the truth that makes men cruel.” ~ Anatole France

Let’s just take it as a given our political opposites are all mindless idiots and move on from there.

“Truth springs from argument amongst friends.” ~ David Hume

Published by

John Kirk

John R. Kirk is a recovering attorney. He has also worked as a financial advisor and a business coach. His love affair with computing started with his purchase of the original Mac in 1985. His primary interest is the field of personal computing (which includes phones, tablets, notebooks and desktops) and his primary focus is on long-term business strategies: What makes a company unique; How do those unique qualities aid or inhibit the success of the company; and why don’t (or can’t) other companies adopt the successful attributes of their competitors?

200 thoughts on “Opening Pandora’s iPhone”

  1. Nice article John.

    And, I’d say to Trump: OK, so now you have a message from your wife: ‘meet me downstairs, I have something for you!’. Sent from her iPhone of course, he goes, and is confronted by a nutter with a frying pan – expecting him right there and then. Bang over the head Donald, ouch! How did that happen you ask? Well, YOU asked for this. You will never know who to trust again when it comes to technology if this fight goes your way.

    1. I think you’re achieving the opposite effect of your intentions. You’re ‘cough’ “Trumping up support” for Trump’s position. I’d love to see the rat bastage get a frying pan to the head! 😉

  2. I really liked this article. Thanks for putting the non-existent 4th Amendment issue to bed early on. Even if it were a 4th Amendment question, a properly considered and issued warrant would take care of that.

    There was some extremely good conversation over on Jan Dawson’s thread on this matter. This has been a great civics lesson for me, because it has caused me to consider and re-evaluate what it is I think I know. It was perspective setting, if not necessarily perspective adjusting.

    Not that I have come to an answer, but I have cleared some of the noise around the matter, at least for myself. The remaining legal questions become, to use your examples.

    -How impenetrable are you really allowed to make the house.

    -To what extent is the builder required to cooperate with the government. There is indeed a point of undue burden.

    Then, I came across this:
    http://www.bloomberg.com/news/articles/2016-02-19/secret-memo-details-u-s-s-broader-strategy-to-crack-phones

    Within, they better describe what the FBI is requesting. It’s that Apple modify the device’s firmware to disable the “10 failed attempts wipe”. The FBI then would do the work to crack the encryption. Is this undue burden? It does seem to be a pre-existing back door.

    Regardless of one’s position on this matter, it’s not a casual activity. It’s highly resource intensive and expensive. Government would need a good reason, and they certainly can’t spy on us “on the fly”.

    This is not meant, in any way to assuage, the justified suspicion with which we’ve been led to have towards our government. This is not only justified, but healthy. It’s also a much broader question.

    1. As you say, Klahanas, Jan Dawson’s article on the topic was excellent and I encourage everyone who hasn’t already, to read it.

      http://techpinions.com/apples-principled-stand/43669

      I read Jan’s article, all the comments, and many, many other articles on the subject as well. I felt that many of the articles I’ve read were letting the trees (details) obscure the forrest (principles). Yes, there are a lot of legal and technological nuances to the case in hand. For example, perhaps what the FBI is asking for in this case is not the technological equivalent of a passkey…yet. But it will be one day soon. On the other end of the spectrum, it’s now been reported (rumored?) that the FBI may have purposefully manufactured this crisis by resetting the iPhone’s passcode themselves.

      All very intriguing, but I’m more interested in the big picture. This article may not provide any answers, but my hope is that it has asked some of the right questions.

    2. “How impenetrable are you really allowed to make the house.”

      As I said in the article, I think it’s either-or. You can’t have no encryption for the police and strong encryption for everyone else. They’re incompatible. The chain of encryption is only as strong as its weakest link.

      “To what extent is the builder required to cooperate with the government. There is indeed a point of undue burden.”

      This kind of question to a recovering attorney like me is like catnip to a cat. Of course the police can ask for cooperation, but can they order a company to damage their business in the process? This is a fascinating legal question — but I think it’s better to focus on the overall picture rather than the details associated with this one specific case.

      1. Thanks. That’s why I phrased them as open ended questions. This is not something to be taken lightly. It’s also, due to my known position on Apple, why I kept things generic.

        Regarding the company, or anyone else, this is a civil liberties matter. But it’s not as broad as some fear. There is no “on the fly, real time” retrieval of information, whether warranted, or not.

        Putting that we were at war aside for a moment. Let’s pretend that organized crime had invented the “Enigma Machine” and used IBM computers to execute the code. Wouldn’t, shouldn’t, society expect assistance from IBM to some degree? That this would need to be court supervised is not in question.

        In the ’90s the PGP controversy, where Phil Zimmerman was investigated over creating a difficult to break encryption program raised many of the same questions. At that time encryption algorithms were considered “munitions”.

        If I were to look into my (very deficient) crystal ball, I see the return of “military grade” and “civilian grade” encryption coming into law. Minimally, you would need a license, with commensurate terms, to use the “military grade”. Tech either will participate in the policy, or the imbeciles will just write even worse law.

        On Apple, I defend their right to defend themselves in every legal avenue and venue. I support the need for having, and defending the 4th Amendment. Whether I really think Apple is being sincere (maybe, not ruling out) is immaterial to the matter at hand. This is a much larger issue.

        From a business (therefore less noble) perspective, Apple sold a lot of devices, in large part due to their security claims. They made a lot of money due to those claims, now it’s time to back up your mouth. When you play god (or saint) much will be asked of you. Since the requirement of cooperation with law enforcement exists, it’s not entirely improper to use these facts in assessing what is “undue burden”.

        1. “Let’s pretend that organized crime had invented the “Enigma Machine” and used IBM computers to execute the code.”

          Let’s say that terrorists, criminals and pedophiles were encrypting their phones. All of this is actually happening today. But if you decrypt their phones, you give the power of decrypting all phones to hackers and governmental agencies everywhere.

          The choice is stark.

          1. I agree, that’s why I propose looking into levels of permissible encryption and under what conditions. For the 4th Amendment to work we absolutely need a means to legally search.

            What deters the widespread decryption even for one phone? That you need a supercomputer to do it, even for the weaker form.

          2. “I propose looking into levels of permissible encryption and under what conditions”

            You’re disagreeing with my underlying premise (which you are most certainly free to do). You can’t have levels of permissible encryption. It’s all or nothing.

            If you or anyone else can show me otherwise, then I will alter my opinion accordingly.

          3. Mathematically, you’re correct. On a societal level, there is gray, it’s not either all or nothing. But I must state some assumptions…

            The first is that the government is behaving legally.
            The second is that the government is behaving legally.
            The third is that based on the actual difficulty of decrypting, even the weaker forms of encryption.
            The fourth is that the government is behaving legally…ad infinatum.

            In order for someone to be targeted, due to the immense difficulty and expense (not to mention time) of cracking the encryption, that person must possess something of value to justify said cost, time and difficulty.

            Even that wingnut McAfee says he could do it in two weeks. That’s for one phone! One thousand phones with different ciphers is two thousand weeks. One million, well, you can do the math. And that would be with a corresponding number of warrants.

            So, being these things did indeed used to be States Secrets…
            You can use the strongest form of encryption, but some trusted party has to have the cipher, which can only be released under warrant, and which can immediately be changed after the warranted investigation. Weaker information would need weaker encryption and be less worthwhile having.

            Anyway, I’m trying to set the spirit in how it might be practical to implement, not the details of the implementation.

            If I really want to scare us all, the nuclear launch codes are held somewhere. There are people possessing the means of accessing them. They don’t leak (I truly hope). It’s not all or nothing.

          4. The government’s request for information is both legally and morally correct. That is not in question.

          5. Not to dwell on details, then, but it sounds like you are really only suggesting that there be a procedure and key to release the “tools” that would allow the brute force hacking of a phone to be feasible (instead of almost impossible). Still not particularly practical.

            If a key for the actual encryption on a given phone is “held”, “known”, “handed over”, “released”, “changed”, or whatever, by someone (be that Apple, or some “trusted party”, or whomever), then, as John suggests, there isn’t any meaningful encryption taking place. You can’t have levels of encryption. With the iPhone, a unique key for each phone is determined by a random ID within the device, and stored in the secure enclave. Apple has no record of it. They don’t want a record of it.

            So, either the phone must be brute force hacked (with varying degrees of practicality, with some help from Apple, and thus with varying degrees of having a chance of success); or, there’s no real privacy, and “encryption” is hardly any different than having a “private” password for a “secure” account on Google, Office 365 or any other online service which frequently get abused / intercepted / hacked / lost / stolen, etc. as we all fully well know.

          6. “but it sounds like you are really only suggesting that there be a procedure and key to release the “tools” that would allow the brute force hacking of a phone to be feasible (instead of almost impossible). Still not particularly practical.”

            Just possible. That’s all.

            For something faster than brute force, I don’t care if it’s a tribunal of judges each having only a piece of they key, and they must all agree for it to work. (Hey, that’s actually a good idea).

          7. “In order for someone to be targeted, due to the immense difficulty and expense (not to mention time) of cracking the encryption,…”

            True today.

            What about year 2020 and quantum computing. The cost will be pennies and difficulty will be seconds unless Apple ad tech prevail.

            The FBI wants in today because they want access forever. Pfft to privacy.

          8. I don’t know if quantum computing will be live in 2020 or 2050, but when it does kiss today’s encryption goodbye. The first sign of a hack would, at best, be a locked phone.

            At that time, it’s not hard to imagine that encryption bits will increase exponentially as well, requiring the same level of difficulty as today.

          9. Is it wise to give the keys away today on this politically well positioned case? Perhaps if we stop government intrusion now, tomorrow we will have quantum encryption. Perhaps not.

            But it isn’t it wiser to preserve privacy as long as we can?

          10. Privacy is not absolutely preserved now. It never was. Not only due to shenanigans within law enforcement, but with legitimate law.

          11. This isn’t about privacy. The phone was owned by the terrorist’s employer. It’s about wearing the encryption for every phone. That means that everything — from personal information to banking information — would be susceptible external attacks.

            Privacy would definitely be harmed, but this has much more to do with security.

          12. “You can use the strongest form of encryption, but some trusted party has to have the cipher, which can only be released under warrant, and which can immediately be changed after the warranted investigation.”

            I am a little surprised at your faith in government and the warrant process in light of our recent experience with the Patriot Act where pervasive abuse of the secret warrants program by law enforcement at all levels has been widely documented.

          13. I did not mean to pose that as a black and white question. It’s human nature it seems, and I don’t exclude myself, that when people are debating a topic, they somehow get maneuvered into advocating extreme positions that they don’t really mean to take.

            No, anarchy is not the alternative. The alternative, as always, is greater deliberation as to how much coercive investigatory powers we concede to government. My position is that what the FBI is asking (to be able to decrypt any device that they want to decrypt) is too much to ask because in the end, bad actors will always find alternative encryption methods. Thus we have set back hard won advances in privacy and transactional security, which is ever more crucial in this ever more digitized world, with nothing gained in exchange.

            I am okay with government able to monitor, with proper warrants, where the 1’s and 0’s go when they get sent out of my phone, they can even record it and try to make heads and tails of what those signify, that’s just the same old wire-tapping updated to present day situation. But I do not want anyone to have the ability to reach into my phone to pull out and decrypt the 1’s and 0’s I keep there. I am getting on in years, my short term memory isn’t what it used to be, and the number of usernames and passwords I would have to keep in my head is just plain unmanageable.

  3. What makes this case confusing is the issue of externalities. Of course, it makes sense to help the FBI to get into this particular phone. However, the externalities arise because developing the tools to brute-force this phone will invalidate the security of every other phone in the world.
    National security was never at risk in the San Bernadino case (remember how the initial thinking was that this was just a daily-going-postal event). However, demanding the creation of the tools that weaken security on every phone in the world, has a far greater risk of damaging national security.

  4. “Second, if the homebuilder creates a passkey for this home, the key
    would work on the doors of all the other 1 billion homes too.”

    Are we even sure of that ?

    1. Everyone on cyberspace who seems to have some knowledge of the underlying technology sounds pretty sure of that. Not even the FBI is claiming that the decrypting method, i.e. Build us an FBiOS, that they are pursuing works only for that one iPhone. They’re only saying that they only want to use it for that one iPhone. (Then it seems they coughed while appending the phrase “for now”)

      So strictly within the bounds of plausibility and reasonableness, I think we’re pretty sure of ‘that’.

      But for the sort of people who believe that the science is ambiguous on whether or not global warming is human-induced, or whether or not smoking causes cancer, or whether or not humans walked the earth with dinosaur companions, they probably will never be sure of ‘that’ or any other ‘that’ that threatens their desired subjective world view.

    2. “Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.” – Tim Cook

  5. I think there are 2 issues:

    1- “Might makes right”, geek version. I disagree with that

    2- the very easy slide from warrant-based (good) to mass surveillance (mostly bad) to hacking (always worse). I can’t help but think there are technical solutions to that issue, maybe complicated and onerous, but that’s what living is a law-based society entails: product safety / labor / … are complicated and onerous too. It’s not doable after-the-fact, but going forward designing a controlled and limited backdoor might be possible, and worth it.

    As a side note, this is a PR move on both sides. A live phone would be easily hackable. Ditto a touchID phone. And Apple in China seem much more conciliatory with the authorities, and much more… discreet… about their stance ( http://qz.com/332059/apple-is-reportedly-giving-the-chinese-government-access-to-its-devices-for-a-security-assessment/ , http://qz.com/618371/apple-is-openly-defying-us-security-orders-but-in-china-it-takes-a-very-different-approach/ ).

    1. “the very easy slide from warrant-based (good) to mass surveillance (mostly bad) to hacking (always worse). I can’t help but think there are technical solutions to that issue”

      Thinking that there is a technical solution doesn’t make it so. On the contrary, technology is telling us just the opposite.

        1. ALL the analysis says that you can’t weaken encryption in only one specific place, if you weaken it anywhere, you weaken it everywhere.

          1. “Finding a source should be easy then ?”

            Very clever O. Your hook’s into this thread and you’re off to the races.

            Tally ho.

          2. That’s an actual issue. Making the jumps from unlocking one phone on time to unlocking several phones once each to unlocking all phones all the time (as if most phones weren’t mostly unlocked, or mostly only locked by TouchID) pretty evidently kills the debate. I’m really wondering why so many jump to these conclusions.

            And make such a big fuss about it: Apple would have gladly handed over the data if it had it on its servers. It’s really only about unlocking the phone.

            Apple keep saying if they do this in the US, they’ll be asked to do it somewhere else. They’ve already done stuff in China they’ve done nowhere else (hosting servers in the midst of a gov-friendly facility, and most probably shown their source code) and kept very quiet about it. Maybe they’ve done / will do more.

            The debate seems to be steered towards “if it’s done once, it will be done again, and again, and always”. For the cliché fans, I’ll submit “If it can be done, it will be done”. Apple did confirm it can be done…

          3. I’m going to catch heat on this one, but if they’ve showed their source code, what did they really show? BSD (already public), with a UI and already published encryption algorithms? Hardly a big deal.

            As far as servers in China goes, last I checked China is a sovereign nation. If Apple wants to do business in China, they have to play by China’s rules.

            On the other hand, do I think Apple is being purely altruistic? No.

          4. I mentioned this once before, but I don’t see anyone else talking about it re: servers in China. I worked on a project for users in China. The reason you host in China is to be inside the Great Firewall of China, it’s a better technical solution. We were delivering the same thing without hosting in China previously, but using a server inside China makes it better, performance is improved. We didn’t have to set up a server in China, we chose to because it’s far better for the users in China. We weren’t forced to use a server in China, it wasn’t the law (in our particular case at least), it’s just a better way to do it. Of course we’re careful about what goes on the server, what we allow control of, but that isn’t terribly difficult.

          5. So many words and you ask for link to somewhere they state that opening one phone doesn’t necessarily lead to opening billions.

            Take the hint. Apple’s going to court and they seem to be prepared to argue exactly that. This will be a Supreme Court case.

            There’s your content, free.

          6. from your link “For years, the government could come to Apple with a subpoena and a phone, and have the manufacturer provide a disk image of the device.”

            Buuuut… it thought the current spat was about setting precedent… turns out it has already been set ?

          7. “For years, the government could come to Apple with a subpoena and a phone, and have the manufacturer provide a disk image of the device.”

            As I understand it, you get what you get with a disk image. IF the data is encrypted, it still needs un-encrypting. But with iPhones, that entails a key from the actual phone in question itself, not a cloned device, because that key is unique to each phone. Apple doesn’t know it. So, the phone needs unlocking to get it to participate in the un-encryption of the data from the phone, which Apple has not been prepared to do.

            In this case, getting Apple’s help to “unlock” the phone, means substituting the OS for a special one, so that the security features are disabled from delaying brute force attempts, and from erasing the data through failed attempts. The phone must still be subjected to a brute force password guess attack.

            Apple is not unwilling to help authorities to some degree. There is a precedent for Apple helping. But Appel doesn’t want to set the precedent of creating a workaround special OS to install OVER the normal OS, just to defeat the security features built-in. THAT “tool”/”instrument” would forever be out there for anyone in authority to request on a whim (and to lose, share, abuse).

            So, there are a couple of security features going on, and you keep conflating them. A four-digit passkey/passcode/password is one thing. An iPhone user can also bypass that himself with his fingerprint. I don’t know if this has been hacked or not, as you keep claiming. But the encryption, which seems to entail keys from both the password and a unique, unknown ID on the device itself, is another thing. And a user can set it so that several false attempts erases the data.

          8. That tool wouldn’t be forever out there, the FBI is only asking for remote access to the phone, not for the unwiping tool, not for Apple to unlock the phone. The tool would still be fully under Apple’s control on Apple’s premises, though I’m sure warrants would be forthcoming for the rare cases of locked + not backed up+ not using TouchID iPhones.

            The fingerpint scanner has been hacked. Back in 2014, with a simple photo of the fingerprint. Maybe it’s better now and you need an actual mock-up from a lifted print, or a dead/live man’s finger (which is *not* protected under the 5th amendment as opposed to passcodes, so compliance is mandatory)

          9. Please, oh please read and understand the link provided earlier before further commenting –http://www.zdziarski.com/blog/?p=5645

            In summary, for forensics and chain of evidence reasons, it will be very hard to keep the tool secret or hidden.

          10. The disk image method only worked for pre-iOS 8 iPhones. Subsequently, the disk images are encrypted beginning with iOS 8, so it is different now.

          11. Indeed. The point is this isn’t a new request for some out of this world snooping ability. It is the resuscitation of an old possibility law enforcement always had up to now.

          12. “Buuuut… it thought the current spat was about setting precedent… turns out it has already been set ?”

            You misunderstand. Apple has been cooperating with the police both in the past and recently. If the phone had been run over with a car and the police had come to Apple asking for their assistance, Apple has and continues to do its best to provide the information on the phone to the police.

            The big difference now is the the police are asking Apple to weaken their now encryption — the very encryption that they put on the phone in order to make it secure.

          13. The police are asking for the same data dump they’ve always asked for, and gotten, before. If Apple had the phone’s backup, Apple themselves say they’d have given it.

            Now Apple has added a lockscreen that’s fairly unbreakable as long as you don’t use TouchID, and since the phone is locked the police want to bypass that, and bypass it remotely. That’s what Apple is objecting to.

          14. And as you just argued in your two differing paragraphs, the precedent has clearly not been set for the latter.

          15. Yes. Apple is not objecting to the police getting the data. They’ve already helped the police recover much of the data. Apple is objecting to having to break — and therefore weaken — their encryption.

          16. Hence my “might makes right” issue: law enforcement used to be able to get the data, to everyone’s satisfaction and nobody’s objection (mostly), now they can’t. Not because a change in the law, but because a change in the “strength” of the encryption, by a private company.

            I’m done down with that type of decision being made by a private company, anymore than I am down with someone blocking a fire exit because they got lotsa concrete and want to secure that door.

          17. obarthelemy, the logic you employ is bizarre. Comparing Apple putting encryption on a phone to someone blocking a fire exit is bordering on insane.

          18. How are not both examples of might makes right ?
            I know analogies are tricky, the gist is that because you can do something, it doesn’t you should. Some stuff is prohibited/forced for the greater good, and that should not be a individual’s/a company’s decision, but the citizenry’s.

          19. “Apple did confirm it can be done…”

            Apple did not confirm that it can be done; if you have a source, please point to it. The DoJ motion only says Apple has not said it cannot be done. Apple told reporters on Friday that it hasn’t said it is technically feasible to do so.

          20. Unlike you, I updated my response over 9 hours earlier with corrected information – for or against Apple, doesn’t matter. But you continue to assert as “facts” statements that are clearly not so as a result of your all-consuming anti-Apple obsession.

          21. Don’t feed the troll. There’s no convincing him of anything. Facts are irrelevant. He just wants attention.

          22. “Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.” ~ Tim Cook

            Let’s Outlaw Math | – Monday Note
            http://www.mondaynote.com/2015/12/14/lets-outlaw-math/

          23. There’s several caveats about that sweeping generalization though:

            1- since the locking mechanisms are hardware-specific, “any iPhone” really means “any same model iPhone”

            2- “unlock any iPhone in someone’s physical possession.”. that’s the point though, nobody’s asking this software to leave Apple’s hand, so this should be “unlock any iPhone in Apple’s physical possession”. Are these wrong hands ? Can’t Apple already do whatever via their servers anyway if you got the right warrant, optionally secret ?

            3- IIRC, the “important security features” are a) limited number of tries b) increasing delay. That’s 2 lines of pseudocode, I’m sure a lot more IRL, but this doesn’t seem very “onerous”.

          24. 1) If the government can ask Apple for help, it can ask anyone else too. That means all phones are affected.

            2) Sorry, I don’t quite follow you. My point, as always, is that once Apple does it once, they will asked to do it again, as will other phone makers, by governments all over the world. Further, any attempt to weaken encryption, weakens the encryption for everybody else too.

            I’ve provide citations. If you don’t want to read or accept them, then there’s nothing more for me to do or say.

            3) “this doesn’t seem very “onerous””

            That’s because you refuse to hear what has been said over and over again. The FBI is asking Apple to create an entirely new version of iOS. Pretty onerous.

          25. re 3) the government is asking Apple to remove the attempts number check and the increasing delay in iOS passcode check subroutine, and to allow remote submission of passcodes. That’s not an “entirely new version of iOS”, that’s 2 small tweaks to a small part of iOS.

          26. I’ll say it again: “onerous” or the real words used by the Court – “undue burden” isn’t only measured by the difficulty or time needed to execute a fix. It involves much more than that, but you refuse to hear it.

          27. Obarthelemy, you are just as stubborn as a jackass. Read before you post:

            “Building a version of iOS that bypasses security in this way would undeniably create a backdoor” – Tim Cook

            The court order and the FBI open letter both acknowledge that they have asked Apple to prepare a customer version of iOS that would then allow the FBI to rapidly go through the various pin combinations.

          28. I don’t think anybody is disputing that ? I’m just saying this is not a “entirely new version fof iOS”, just a very very small variant with no max tries, no delay, and remote passcode entry. surely less than 1% of iOS code, not an herculean task.

            Sorry if clarifying things means being a jackass in your book. Sorry for you, I mean.

          29. “That’s not an “entirely new version of iOS”, that’s 2 small tweaks to a small part of iOS.”

            We disagree (as usual). What the FBI is asking Apple to do is not trivial and it’s not “tweaks”.

          30. Imagine Windows 11 is released, with a new lockscreen that allows typing your password on your smartphone. MS would be booed out of the room for calling that “an entirely new version of Windows”. Exact same thing.

        1. Apple responded publicly to the FBI making this public. That doesn’t make it “a PR move on both sides” anymore than defending oneself in a fight makes it “aggression by both sides”.

  6. Another issue that I haven’t seen brought up very often is that code is speech protected under the first amendment. How far can the government go forcing Apple and their employees to create speech under duress? What if there is an unspoken conspiracy to slow down the development process, does the government get to declare contempt? What if the software engineers within Apple all publicly declare that they refuse to work on a back door? Can the government compel them anyway despite their first amendment rights?

    1. Let’s say Apple decides to comply (theoretically). These conscientious objectors sure have the right to resign.

      Eminent domain, conscription, deputation, employer record keeping for immigration purposes, are all stronger forms of encumbrance, yet society accepts them.

    2. I too think the first amendment issues are fascinating. But again, I prefer to focus on the broad overall picture rather than the particular nuances of this specific case.

    3. People get compelled to do and write stuff to comply with the law all the time, ask any accountant / HR guy / engineer / salesman / … This is not different because it is IT.

      1. “This is not different because it is IT.”

        With all due respect, you simply don’t know what you’re talking about. The courts are not asking Apple to “comply with the law”. They are asking for Apple’s assistance in breaking a code that Apple is attempting to make unbreakable. And they’re asking Apple to create an entirely new version of iOS for this purpose. The courts may or may not rule that this is burdensome to Apple, but it is most definitely not to be dismissed as a trivial inconvenience.

        I tried to make my article hypothetical precisely to avoid these arcane discussions. Argue about the details all you want. In the end, we either crack the encryption on all phones or we don’t. That’s the bottom line.

        1. With all due respect it’s you who’s confused: that’s exactly what Volkswagen is being asked to do with its cars: change them, onerously and expensively, to make them comply with the law. If a judge/jury decides what the FBI is asking is within the law, Apple will have to onerously and expensively break into that phone, same as VW has to fix its cars.

          “In the end, we either crack the encryption on all phones or we don’t.”. There’s 3 distinct issues:
          1- on all phones or for a single phone
          2- wholesale/automated or phone-by-phone
          3- now or in the future
          4- bonus question: what is Apple doing in China ?

          I’m
          1- not sure the discussion is as black and white as it’s made out to be
          2- very sure it’s only an edge case: live and TouchID iPhones are fully hackable
          3- not sure I’d rather have a private company hold the keys to my data than a democratically elected government. The end of privacy on iPhones is a change of policy and firmware update away.

          1. VW broke the law, and they already admitted it, when they put in the defeat device. Apple did not break any laws when they put in their strong encryption system, the FBI doesn’t even accuse them of breaking any laws. So, NO the cases of VW and Apple are not comparable at all.

          2. VW concealed its failure for years to meet the law, and were then caught in both the failure and the concealment. The failure already occurred, and there was no challenge from VW that the law was in error, or that VW was mistakenly accused.

            Apple has not yet failed to meet the law. Apple received a request and challenged the validity of the request/order, as is its right. The district court decided the request was valid and ordered Apple to fulfill the request. Apple then challenged the court order, as is its right. If the judicial system (all the way up to the Supreme Court) decides the request/order is within the law, and then Apple refuses to act, it will then have broken the law.

            It really isn’t hard to see that the two are not the same.

          3. The two are about complying with the law. I have no problem with Apple arguing the law doesn’t allow the request, but I have no issue with the “onerousness” of complying if the justice system finds in favor of the FBI: it’s basically REMing out the delay line and the wipe line.

          4. The Appeals/Supreme Court will eventually better define what is an “undue burden” in the context of the All Writs Act (or the legislative branch will supersede it with a specific statute). But even now, many legal scholars and precedents show that it involves weighing more than just the technical difficulty or time to execute the task.

          5. I think that’s the only interesting point: do Apple’s security features outrank the state’s search and seizure powers.

            I’d rather they didn’t because I think a representative government is meant precisely to handle that kind of situations. Private companies are not here to correct government overreach, the ballot box is.

          6. I am highly sympathetic to the ideas you raise. A company, being a collection of individuals, can indeed protest and participate in civil disobedience. Civil disobedience does have consequences…

            What I say has nothing to do with Citizens United (which made a company a “person” for political fundraising purposes). It’s the company’s officers who are personally liable, under the law.

          7. But isn’t the FBI arguing that the law says Apple muist decrypt the phone ?

            The FBI is asking for Apple’s assistance. Apple has broken no laws.

          8. Apple has legal grounds to refuse, in claiming the order presents an undue burden. Which it certainly does, although the court seems to have considered only the direct costs.

          9. That’s what they’re contending, yes. But Apple has every right to contest that in the courts. What you seem to be saying is “If the FBI says so, then we should all obey.” You know that such a thing is not right in any country claiming to be a democracy.

          10. Indeed, neither side’s rights and responsibilities are limitless.
            They are (ideally) bound under democratically established constitutional law.

          11. I’ve got no problem with Apple checking the FBI’s request is legal.

            I do have problems with umpteen commentators chiming that “If Apple unlocks that one phone, all phones will be unlocked and wide open for anyone all the time”. First, that’s how it was before and no one ever complained, second, that quote is probably untrue on several levels.

          12. Well, we’ll find out then what the courts determine to be be the “legal truth” about how much the unlocking of one phone puts hundreds of millions of other phones at risk.

          13. 1- that’s not what the ruling will be about, but just about whether having Apple make a no-wipe ROM (not even unlock) is too onerous
            2- it’s not about millions of phones, it’s about locked AND not backed up AND not TouchID iPhones. There’s probably only one ^^

          14. Apple has indeed complied with (apparently, all) legal orders to divulge information in its possession. That’s NOT what is at stake here. Here, the FBI has gotten a court to order Apple to create software that would allow the FBI to crack the phone.

            Over the protestations that such software would be extremely dangerous to Apple’s hundreds of millions of other customers, that the existence of such software would present a huge target for hackers, (by external or internal spying), and an opportunity for every sovereign state on the planet to tell Apple “do it for us as long as you want to do business here, like you did it for your own corrupt government that lectures us on human rights.”

          15. Indeed. I’m not sure it befalls Apple’s to solve the ills of governments all over the world though, and they seem happy to cooperate with some repugnant regimes as long as it’s kept quiet (see China).

            As for any software purpose-made for one iPhone model and kept on Apple’s premises being bound to leak and infect wwide models it was not written for, you have a very low opinion of Apple security ? Plus Apple themselves say they could do what’s requested for iOS 7 and before, and nobody ever raised a fuss ? Why now ?

          16. “First, that’s how it was before”

            I know I’m just banging my head against a brick wall here, but no, the above statement is not true. The difference now is that the courts are asking Apple to hack their own encryption. Apple has always helped the police to get data from phones. Breaking encryption designed to protect the phone is a whole different kettle of fish.

            “I do have problems with umpteen commentators chiming that “If Apple unlocks that one phone, all phones will be unlocked and wide open for anyone all the time”

            Sure you do, because you haven’t comprehended the dozens of comments that you don’t agree with.

            “Building a version of iOS that bypasses security in this way would undeniably create a backdoor” – Tim Cook

          17. precisely

            Ask a company to create a backdoor in their system, in my opinion is a non-starter, but force them to open a phone or hand over data that could help them fight crime, in a case by case basis with a warrant in total transparency is the way it should be

            I do not want the government to be forced to hack my iPhone simply because Apple and their fanatical are afraid of what China might do next.

          18. No, the FBI is arguing that Apple install special software—that currently, only Apple can install—to allow the FBI to unlock the phone by brute-force guessing that would ordinarily be expected to wipe the phone’s contents.

            The Court that ordered Apple to do so, was operating within its understanding of the specific case. Courts generally hate to go beyond the immediate case at hand, until it rises on appeal to consider broader issues.

            I think the FBI has played the Court by not revealing its negotiations with Apple (which apparently agreed to do it just this one time as long as it was (a) a legal order, and (b) under court seal, i.e., secret. The FBI, which has publicly called for prohibition of ALL default, end-to-end encryption, took Apple’s description of what would work, then blew it wide open to force Apple. Extreme bad faith, followed by more, i.e., the FBI impugning Apple’s motives and starting a propaganda campaign against it.

            All legal, as long as you turn off our courts’ promise of “equal justice under the law,” and let the FBI arbitrarily damage a compliant, fully-legal party, while it runs roughshod over Americans’ constitutional rights.

          19. AFAIK, Apple didn’t agree to do it as long as the request was kept secret, they just asked for the request to be secret, not committing to complying. I think it’s good that their request for secret was denied and that this debate is happening publicly.

            What constitutional right ? The right to resist search-and-seizure ?

          20. What right? The right to privacy. The right to be free of unreasonable search and seizure.

            And the long deliberate process to determine whether or not those rights apply in this particular case is has just begun.

          21. “that’s exactly what Volkswagen is being asked to do with its cars”

            You are a fountain of non-sequiturs. Volkswagen broke the law and is being asked to get their cars in compliance with the law. Apple is being asked to assist the police. Totally different.

          22. Unless assisting the police is part of the law, which I think is the issue being discussed ?
            Actually, not so much whether assisting is part of the law, but whether asking Apple to let the FBI try to unlock a phone is too much to ask ?

          23. That is the issue being discussed. The judge specifically said Apple can appeal, which is what it’s doing. They haven’t broken the law, and I suspect that if they lose the appeal, they will comply with the law.

          24. I fully expect that Apple will abide by the courts’ final judgement once all appeals have been exhausted. Then they will also ultimately abide by the demands of China, Russia, Saudi Arabia, and other despotic nations who will surely follow suit if Apple loses on this.

          25. Which is as it should be. If we don’t like the laws, as an electorate, we should have them changed.

          26. And that is why in establishing the case law for this unprecedented situation, wider considerations than just the FBI’s investigative needs or my privacy demands must be considered. I just hope that the US courts are wise enough to reach a verdict worthy of King Solomon.

          27. This is a hard one, due to consequences (on all sides), not only precedent.

            I still think a tribunal of judges, each holding pieces of the backdoor (a changeable backdoor in fact), that must all agree in order to break the encryption might be a good idea.

            Otherwise, not only is there the potential to abuse search and seizure, you can kiss online banking and online commerce goodbye.

          28. The (rubber-stamping) record of the FISA courts vis-a-vis the Patriot Act does not give me much confidence in your proposed remedy. If you’ve heard of ‘regulatory capture’, what happened with the FISA courts was ‘prosecutorial capture’.

            What seems to happen too often in the US is that just at those very moments when the watchdogs of liberty need to stand fast and resist the fear-mongering is when they fold like a crap poker hand. The Patriot Act, the Iraq war based on dubya’s dubious intelligence, Guantanamo, Japanese internment, McCarthy hearings, etc.

          29. Trouble is, to change them, you have to elect the right president and both houses. Each representative also carries baggage, many laws you definitely don’t want. So, changing a single law is virtually impossible.

          30. I am afraid we are fighting a losing battle. The latest ideas are that corporations be above the law and accountable to nobody. Economic freedom is more important than individual rights. Companies should not be constrained in any way. Any constraint is a constraint on freedom and is the thin end of the communist wedge.

            Ask the Republicans in the USA or Conservatives in the UK.

          31. Then they will also ultimately abide by the demands of China, Russia, Saudi Arabia, and other despotic nations who will surely follow suit if Apple loses on this @aaaardman

            In fact, they should as long as it’s about citizen residing in these country and that he is not against the laws of the country or citizen living in another country which is illegal according to international laws.

            It is not Apple Job to determine what is good or bad in terms of security, that is the job of the citizen and the government of the country to determine that through their own democratic or oppressive process.

          32. Apple is not determining what is good or bad in terms of security. Apple is voicing its own opinion about what is good or bad in terms of security. In a democracy, this is something anyone can do and not be punished merely for voicing one’s opinion. Only you seem to think that if Apple, or any corporation airs its own opinion, then it is a usurpation of everyone else’s rights.

            With Apple having spurred the public discussion then, it is the courts who after (hopefully) weighing all the relevant issues, will decide “what is good or bad in terms of security”. And if enough people disagree with the courts, then Congress can pass a law to reflect the people’s will.

            You have a very poor understanding of democracy if you think that 1.) people are not allowed to voice their opinions, 2.) people cannot lawfully contest orders issued by government, and 3.) pronouncements by private entities, including corporations, somehow have authority above and beyond any other person’s pronouncements.

          33. I’m just against activist companies taking a stand against the government or the law for moral reasons.

            All of these Tech Company should work with government to better protect the population within the framework of the law, instead of trying to fight or turn the population against the government whose job is to serve and protect us

            for all we know these company could be helping the Chinese government doing the same for security reasons in China in total secrecy as they used to help the NSA spied on us in total secret since the 9/11 something we will not even know today had Edward Snowdon not going rogue.

            they need to work with the government to better protect the general population but in total transparency

          34. All these things you say could be true. But evaluate the stance taken by a company (or anyone, for that matter) based on the stance not on the company. If the stance makes sense to you and you agree with it, then by all means support the stance. Nobody in his right mind is saying “support Apple’s position because it is Apple’s position”. That is foolish.

            But this one from you: “I’m just against the activist society taking a stand against the government or the law for moral reasons.”

            What in blazes do you mean by that? Are you actually saying that you are against dissent, especially if it’s for moral reasons? If it’s for selfish, greedy reasons, it’s okay? Are you actually for totalitarian governments?

            Or this one: “. . . instead of trying to fight or turn the population against the government whose job is to serve and protect us.”

            Do you actually believe that governments always “serve and protect us” and that they don’t make mistakes that harm us? What a naive view of the world.

          35. i already stated why i am against company acting as activism when their primary objective is to make money and wont hesitate to turn they back on morality the moment is become a problem financially.

            While a lot of you silicon valley elite are just concern about securing you privacy or your nude pic the vast majority of the population are more concern about drogue dealer, child molester, theorist, criminal having the ability to operated in their fragile neighborhood in total secrecy because of their encrypted IPhone.

            You guys need to stop repeating Apple PR non sense of unbroken encryption or all or nothing security, because the last time I remember the Chinese, Russian, and many other group of Hacker had no problem broken the unbroken encrypted server of all these major corporations hence it is ridiculous to think that somewhere your iPhone encryption system is more difficult to break.

          36. Okay, remember this: If the iPhone or any other smartphone becomes decryptable, there are, right now, nonbreakable encryption apps freely available in cyberspace that criminals and theorists, and terrorists, can install in their phones.

            The Wall Street Journal had an article yesterday about how ISIS and/or Al Qaeda have told their operatives to install a freely available encryption app that the US government built and released to the public for use by dissidents in human rights-abusing countries.

            Oh, and I’m not Silicon Valley elite. I proudly reside in the Midwest, fly-over country to coastal residents.

          37. there are no such things as unbreakable encryption apps,
            Unlike hardware based encryption, it is easy for the FBI or NSA to broke the encryption keys of these applications without losing any data or to simply intercept the communications data stream

          38. Then what’s the fuss over iPhones if there’s no unbreakable encryption? Getting lost in your own argument again? Try inventing some new definitions for old terms, that usually helps you get back on your circular track.

          39. From my understanding the FBI does not want to devote time and resources to hack the phones when Apple can easily unlock them simply by changing a couple code line

            I think this is the best approach when it comes to security and privacy because the alternative will be the FBI having a group of hacker ready to hack any phone they want or require companies to create a backdoor in their system

          40. Perhaps now, but nothing prevents them from creating a group of hackers capable of doing just that in the future, and believe me it will be the last thing we want.

          41. If it is simply that “the FBI does not want to devote time and resources to hack the phones”, then for sure, the Courts will rule against them. Where o where did you get your “understanding?”

            And you don’t think the “FBI have a group of hacker ready to hack any phone they want”? They already have such a group; and I’m sure it has already hacked every mobile OS but iPhone running iOS 8+.

          42. I am totally confused by all your comments. Are you arguing for the sake of having something to say?

          43. Not only that, but real criminals use real encryption.

            Which highlights something else. Throughout history each and every invention has been used for both good and bad. Computers are no different. They have raised the level of the individual’s goals. People are more effective. So are bad people.

            You’re right, the Wisdom of Solomon is required here so that law and order can effectively deal with these individuals, in a democratically acceptable fashion.

          44. “for all we know these company could be helping the Chinese government doing the same for security reasons in China”

            Well, that doesn’t’ make much sense, Kenny. Apple could have avoided this entire imbroglio by cooperating with the government. If they were cooperating with China or any other company, I’m sure they would be cooperating with the U.S. police too.

            Further, if Apple cooperated with China — even if secretly — it would still have the ill-effect of weakening their encryption overall.

          45. If I told you 3 years ago that all of these companies were helping the NSA to spy on us in total secret, you wouldn’t believe me either, it would not be logical for you then, as well as Apple helping the Chinese government makes no sense to you now.

            it is my believe that there’s no way the Communist Party in China would let Apple, a foreign company sells encrypted iPhone to their militants in china who want to topple the Communist government without the mean to monitor communication on these Phone, Apple is either in bed with the Chinese government or the government has the ability to hack these IPhone in China.

  7. I don’t think you understand what the FBI is asking for. They’re not asking for a key, or even a tool. They are ok with Apple installing this software and giving the FBI Remote access to try pass codes. That isn’t going enable them to unlock any other phones.

    The problem here, and what the FBI are really after, is precedent. This case isn’t the big one, it’s a prelude. Governments want access to all the devices but they know heavy handed lawmaking isn’t going to get them it, so they’re playing a slow, tactical game.

    This case is a good starter for them because everyone agrees the event that took place is bad, no one will deny that it would be ideal if they could get that data. It forces Apple, the biggest player in this game, to deny an otherwise reasonable request which has potential PR ramifications.

    I really hope Apple sticks to their guns and wins this because if they don’t they’re going to be on less solid ground for the real fight, and that is the one that’s really going to matter to the rest of us. It will determine the future of privacy in the US and likely elsewhere.

    1. Agree with much of what you said, one thing though…
      This isn’t only Apple’s fight, nor would I be willing to live by only Apple’s outcome. Either way.

      1. Evaluate the outcome based on the outcome itself, not based on who petitioned for it.

        The Magna Carta was the outcome of a demand by a small group of highly privileged oligarchs (i.e earls and other lesser nobility) against perceived abuses by an even more highly privileged monarch. None of the petitioners sought the charter out of concern for the rights of the ‘lower orders’, and yet it is one of the key episodes in the evolution of democracy.

        1. That is what I’m doing, what I’m not doing is abdicating society’s overall interests and future actions on what a corporation manages to achieve. That is, unless those are aligned with the interests, both present, and future, of society.

        2. Could I, as a Brit, point out to ypu that 800 years later we still have a frigging monarch, emasculated as that monarch might be? (What is the term fpr a queen? Defeminised doesn’t sound right.) We still don’t have a constitution either.

    2. “The problem here, and what the FBI are really after, is precedent.”

      Absolutely true! That’s why Tim Cook is taking such a strong stand. I believe he will stay with it, because he knows it’s the right thing to do.

      1. Absolutely true! That’s why Tim Cook is taking such a strong stand. I believe he will stay with it, because he knows it’s the right thing to do. @observer

        it’s the right thing to do for whom?

          1. So you think Tim Cook the CEO of a major for profit corporation care more about the security of the general public than the FBI whose job is to serve and protect us?

            how can one be so naive?

          2. “So you think Tim Cook the CEO of a major for profit corporation care more about the security of the general public than the FBI whose job is to serve and protect us?”

            Well, Kenny, the proof is in the pudding. Cook is doing everything possible to provide us with encryption that will keep our data safe. The government is trying to weaken that encryption. The answer to your should be obvious (even if it isn’t obvious to you).

          3. Well, Kenny, the proof is in the pudding. Cook is doing everything possible to provide us with encryption that will keep our data safe. The government is trying to weaken that encryption. @faFalKirk

            do you have proof to back that up
            Apple has been asked to unlock a damn phone, not their server

            In addition, security is not just a matter of protecting your pictures from hacker, it is also about preventing criminal activities that could harm the general population.

            it’s look more to me that Apple is just trying to protect their business and reputation as the most secure product supplier in the world while the FBI seeks to protect the general population from criminal activity that could benefiting from all of these non sense.

            last time a remember Apple was one of the company that helped the NSA spied on us in total secrecy, why didn’t they fight back then?

          4. You ask for proof that Apple is fighting for security, then you spew totally evidence-free allegations that Apple helped the NSA.

            It must be fun to live in a world where evidence to the contrary only supports your beliefs.

          5. Apple has incentive to protect my privacy. The FBI has incentive to be able to access my data. Draw conclusions accordingly.

          6. Do you not know or understand what Edward Snowden revealed the US government (executive and judicial branches together), whose job is to serve and protect us, did in secret?

            Do you not know the Lord Acton quote “Power tends to corrupt and absolute power corrupts absolutely” refers to the lack of criticism (or accountability) over the power of authorities (Pope, King)? That quote was written in 1887, giving us more than ample time to understand it by 2016.

            Truly, how can one be so naive?

      2. I believe there are a number of factors that are incentivizing Apple to fight to maintain the security of their devices and by extension users’ privacy. Tim Cook seems like a trustworthy individual and I like to think we can take him at his word on that, but even failing that Apple is increasingly leaning on privacy as part of its value proposition. I also believe this stance aligns with Apple culture and I think Apple is a very culturally driven company.

        Whatever the reason its clear to me that Apple’s interests align with mine far more than the FBI’s as their goal is to catch criminals by any means possible, regardless of how their methods may affect me. That’s a laudable goal but a balance must be struck between my rights and their methods, and they are certainly not the ones to determine where that balance lay.

    3. Apple will never give anyone a remote access to their servers to run the software. Period. It is a security issue.

      1. Of course. What the FBI were saying would be ok would be for Apple to allow them to enter pass codes into the device remotely, such that th would not have physical access to the device while the custom software was on it.

        But again it’s just a ruse.

        1. I afraid I don’t understand the explanation of the setup. The phone is locked by a passcode, so the decryption software would need to be external to the phone and it won’t matter where the encrypted device physically is : at FBI or Apple.

          1. The only software that can decrypt the contents of the phone is already on the phone. The FBI want Apple to create a version of iOS that doesn’t wipe the contents after 10 tries and doesn’t have the inter-try delay. Apple would create, sign and install this software on the device and this would allow the FBI to try as many combinations of passcode as they wish.

            In addition to the above they want passcodes to be able to be entered remotely via the Lightning port so they can be tried more quickly than manual entry. To make it more difficult for Apple to deny their request they suggest that Apple could posses the device and allow passcode attempts remotely.

  8. Thanks for explaining things so well, to a person with a thin understanding of the technological issues at stake

  9. From Apple’s point of view, iPhone security is maintained not only by the encryption via the Secure Enclave key but also by the disk erasure after n passcode tries, increasing delays between passcode tries, and Apple-only signing of software.

    Also, Apple hasn’t said it’s technically possible to change the software that controls the erasure and delays without affecting the stored data. The Government motion says Apple hasn’t yet asserted that it’s not technically possible, and most observers speculate that it is possible. If it is possible and the Court decides in favor of the Government but doesn’t reject “unbreakable” encryption, I’m sure Apple will change iOS 10 to close this “hole.”

  10. This case is on course towards defining a new normal for privacy and digital security. Either society goes with what the FBI wants, which is that ultimately, the only permissible secrets are the ones we keep in our heads (let’s pretend for now that we don’t know what the words ‘water boarding’ mean since that pertains to a different 3-letter agency) or we go with what the FBI’s detractors want, which is “we’re willing to risk slightly less security in exchange for robust privacy and digital security”.

    The way all aspects of our lives are rapidly digitizing, seems to me the latter option is inevitable. Especially if the ‘no secrets’ option doesn’t really slow down terrorism at all. I.e. We cannot unlearn encryption technology; even if smart phones are by law made decryptable, bad actors will be able to deploy their own robust encryption system.

    Slightly off topic. I believe, Ted Olson, former Bush Deputy Solicitor General, whose wife perished in one of the 9/11 jets, is taking on the case for Apple. That says a lot about what’s at stake in this case.

  11. My problem with this line of thinking goes to the fact that many of you keep on assuming that somehow we are better protected by A major corporation like Apple than the Government that we pay and sworn to serve and protect us.

    If a rogue FBI agent can use this Golden Key to abuse IPhone user’s so can a Rogue engineer at Apple.

    it is the Government’s job to protect the Public not corporation
    if the Chinese government want to have access to IPhone of a Chinese Citizen Apple has no business telling them no so long as it’s legal and technically feasible.

    I am not a big Fan of activist corporation on behalf it’s customer because of the thing called false Hope.

    1. “many of you keep on assuming that somehow we are better protected by A major corporation like Apple than the Government that we pay and sworn to serve and protect us”

      Your statement is so backwards it makes my head spin.

      The government is doing NOTHING to protect our privacy or our security in this case. They are doing just the opposite.

      Apple has encryption on their phone. You are free to use it, not use it, or use the encryption of a competitor.

      1. There are no such things as unbreakable door, or unbroken encryption system when it comes to technology. if you know about computer system you’ll know that anything that was done by a group of engineering can also be undone by another well funded one, and sometime by the same group

        If McAfee is right and can unlock the phone without losing the metadata with his group of hacker which i think he can, so can the Chinese government or any well-funded group of hacker

        Like any for profit corporation, if Apple wants the government to provide more protection to user they should lobby congress or builds public awareness about it to change the law instead of refusing to obey it on moral basis.

        Corporation need to work with our government to better protect us, not to fight about who is right or wrong

          1. “Corporation need to work with our government to better protect us, not to fight about who is right or wrong”

            Dude, the government is doing the EXACT OPPOSITE of what you stated above. Apple is trying to build encryption into their phone and the government is trying to weaken it.

            The government is NOT trying to make anyone’s phones more secure.

          2. Apple wants to protect their customers, while the government wants to protect the general population and prevent theorist attacks or criminal operating in the dark

            they both want the same damn things therefore should work together to better achieve it.

          3. I think you should call on the gun companies to do the same thing and work with the govt.

            Since it looks like there are to be no laws against guns in the US (apparently that is as unreasonable a stance as say, a right to privacy under a totalitarian regime), then perhaps the gun companies could shoot themselves in the foot (pardon the pun) and create products that don’t actually shoot — at least not until the trigger scans the shooter’s fingerprint, sends it to the FBI, and gets approval back. That would be a great product! I vote for it.

            I think most gun enthusiasts should be at least as excited about that as most of us are about personal phones carried about our persons that don’t actually keep our own stuff private.

          4. you just need to lobby the government to change the second amendment and then talking folks Gun away.

          5. Why? Leave the guns in place, and just have them neutered in the name of public safety and the convenience of law enforcement who have to sweat in bullet proof vests every day. Problem solved. Think of the children. Tourism to the US would probably go up, too.

            It’s what you want Apple to do: neuter their own product.

    2. Talk about missing the whole point by about a billion light years. The shockwave from that miss was so strong, the LIGO sensors mistook it for a gravity wave chirp.

      Groan . . .

    3. “If a rogue FBI agent can use this Golden Key to abuse IPhone user’s so can a Rogue engineer at Apple.”

      Which is why the Golden Key (whether a backdoor vulnerability or even just judicial precedence) is best avoided to begin with.

      Joe

      1. Except that Apple already have one which is the reason the FBI is asking them to bypass the encryption measure instead of trying to reinventing the wheel

        1. No, the Golden Key does not exist, the FBI is demanding that Apple create it. Or more to the point, the FBI is trying to set a legal precedent which means other companies in the future will also have to create a Golden Key upon demand. Keep in mind that the FBI’s request is probably unconstitutional. I’m making an assumption that most Americans agree with upholding the constitution.

          1. It does exist the FBI is simply asking Apple to modify it to their liking, by inserting a couple code to undone certain things

            There is nothing unconstitutional about it

          2. “It does exist ”

            It does not exist. The FBI has asked Apple to create a specialized version of iOS in order to help them force unlock the passcode.

          3. When we are talking about master key what we mean is the ability to bypass encryption system which Apple surely can hence the reason why they’ve been asked to do just that

          4. Oh, you also redefined “Master Key” into a concept rather than an actual physical object or app to suit your position. I am not only fascinated but now mesmerized by the way your mind works.

          5. You just redefined the word “exist” to suit your position. It is fascinating how your mind works.

          6. do you know how Apple can update your IPhone IOS version or unbrick without losing any of your personal data?

          7. Stop obfuscating. That has nothing to do with what the word “exist” means. You are taking “the potential to exist” to mean exactly as “exist”. In the real world where we live, there is a big difference between the two.

          8. I have the ability to put an exterior door in the north wall of my house. So in your mind because I can create a door in the north wall of my house, that means I already have a door in the north wall of my house. Cool. That was easy. I always wanted a door there. Thanks Kenny.

          9. No, it’s just a simple example which demonstrates the meaning of the word “exist”. Thanks again for putting a new door in my house. Really. It’s awesome.

  12. Though i agree in general with much of what you say, the specific case being discussed right now does not fit your analogy.

    First of all, the FBI and the judge have made it clear they are only asking Apple for something targeted to one specific iPhone. I don’t think there is any doubt Apple can put code in the firmware which ties it to the specific phone. To use the firmware on another phone, you would need to know how to alter it to work on another device, and more importantly, you would need Apple to sign it before it would work on another device. This pretty much means that, no, this is not a master key.

    Second, if Apple complies with the order, it will only help the FBI brute force crack a 4 digit pass code. If the suspect used a complex pass code, there are other limiting factors which will make it effectively impossible to unlock the phone using what the FBI has asked for. So, again, not a master key.

    Finally, as far as I know, the code/firmware Apple is being asked to develop does not need to be delivered to the FBI or any other 3rd party. Instead, the device will be sent to an Apple facility where it will be loaded onto the iPhone. Thus, the only way for this special firmware to make it out into the wild is if there was a breach/leak at Apple (I am assuming Apple can remove the special firmware before returning the physical iPhone to the FBI). I have a lot more faith in Apple keeping this code safe than I do of any government law enforcement agency.

    All of that said, this takes away from what I am sure are Apple’s real concern: precedence. Once they write code to unlock one specific iPhone, they will have a hard time arguing against doing so in the future. Put another way, Apple does not want Apple to be the master key.

    1. “the code/firmware Apple is being asked to develop does not need to be delivered to the FBI”

      And if granted, the FBI and any government authority around the world will ask for it again.

      “if Apple complies with the order, it will only help the FBI brute force crack a 4 digit pass code”

      And the next time, the FBI (and other authorities) will ask for more.

      “the code/firmware Apple is being asked to develop does not need to be delivered to the FBI or any other 3rd party”

      Once you create a vulnerability, you make the phone more vulnerable.

      I wrote my article as a hypothetical because I didn’t want to get bogged down in the particulars of this one case. This case may turn on a dozen technicalities. But in the long run, what matters is that:

      1) If Apple does the, the government will ask them to do it again;
      2) All governments will ask for this.
      3) Weakening encryption will make it easier for hackers to steal the key or break the existing encryption.

      1. I agree with your points. As I wrote, the San Bernardino case is more about precedence of forcing Apple to unlock a phone than creating a backdoor or weakening encryption.

        One thing I am certain of: regardless of what happens in this case, Apple is going to make future iOS releases and devices harder for even Apple to help unlock.

        1. “Apple is going to make future iOS releases and devices harder for even Apple to help unlock”

          I agree. I’m not sure if Apple can do it, but if it’s at all possible, they’re going to make future versions of iOS unbreakable. The problem – and the reason we’re where we’re at right now — is that the phones need to be upgraded. That’s the vulnerability that the FBI is targeting. they went Apple to “upgrade” a single phone to a new, weaker, less secure, version of iOS.

          1. “they went Apple to “upgrade” a single phone to a new, weaker, less secure, version of iOS.”

            More of a patch, but okay. Technically, that’s true. So was my last Windows update.

      2. Regarding your points.

        1) As long as it’s properly warranted, from a legal point, so what if they ask again? They should.

        I’m not assuming sinister intent, but don’t think anyone expected it to come to this. In retrospect Apple’s policy made themselves the central figure in the solution to this case, in large part, by weak or inadequate law (and yes, a strong measure of hubris).

        2) All governments with which any company does business can ask for anything they want under their laws. These are sovereign nations, aside from treaties between nations, there’s nothing preventing this. Never was.

        3) The wise and adequate solution to this point is what really matters. It also minimizes the occurrence of #1 and should be what concerns everyone.

        I’ll echo, yet again, that for the US at least, tech companies sit with policy makers to come up with a democratically viable answer to this issue.

        1. “so what if they ask again? They should”

          Well, that’s kind of the reason Apple is taking a stand now. They want to stop the government from asking them to break their encryption every time they ask Apple to. If the government can do that, then Apple really doesn’t have any encryption at all.

          “All governments with which any company does business can ask for anything they want under their laws”

          That’s very true. Amazingly, it was the U.S. — not some repressive regime — that asked Apple to do this first. The argument is that if the U.S gets the ability to crack Apple’s encryption, then the floodgates will open. Everyone will ask.

          1. I don’t see a way of any company maintaining control without incurring encumbrance. Law enforcement is not going to just go away.

          2. Apple is really asking Congress for a law that delineates what businesses have to do for law enforcement. Preferably it would say that to ensure privacy and security, device encryption is legal and can’t be prohibited, and device mfrs/cloud service providers can’t be ordered to break encryption and security to retrieve data. Something more clear than the “this subchapter does not authorize any law enforcement agency or officer to” in CALEA.

            Apple believes the lawsuit (and appeals all the way to the Supreme Court) will give Congress enough time to get a better written bill passed.

          3. Agreed. Congress needs to pass a wise law, not for any company’s benefit, but for society. This would balance the requirements of the 1st, 4th, and 5th amendment.

            Heaven help us…

    2. A couple of quotes from a Bloomberg article that I found thanks to @AArdman:
      “‘This is not just one magistrate in San Bernardino,’ said Olson, 75, whose wife died in the Sept. 11, 2001, terror attacks. ‘There are hundreds of magistrates, there are hundreds of other courts’.”

      Olson …“served as an assistant U.S. attorney general in the 1980s and was the U.S. solicitor general under President George W. Bush. He also served on the President’s Privacy and Civil Liberties Oversight Board from 2006 to 2008.”

      “‘The implications of this are quite serious,’ Olson said of the court order. ‘People in foreign countries are going to be very, very susceptible to invasions of their privacy if Apple can be forced to change its phone.’”

      In other words, a VERY credible, VERY knowledgeable expert is happy to present Apple’s case to courts for their consideration. While that’s hardly the definitive answer to anything, it should at least stop the blowhard assertions that it’s an open-and-shut case that Apple should betray its hundreds of millions of customers who want only to enjoy the protection of their government, and find themselves needing protection from it.

      1. I did not mean to imply Apple should give into the the government’s request. In fact, I believe they should resist as best they can.

  13. I love Mark Miller’s take on this:

    “What do we owe to future victims of repressive governments?

    If encryption is weakened, it is the bad guys, not the good guys, who will benefit most.

  14. I’m not usually a fan or believer of the “slippery slope” offense/defense. Reasonableness (while not necessarily reason) steps in and handles things quite nicely and more often than not. Or at least the slope wasn’t in the direction warned.

    However, I have seen incrementalism work quite well. And we often hear courtroom arguments centered around precedence. It seems most envelope pushing cases rely on either precedence or setting precedence.

    Are their other instances where either the FBI or law enforcement in general has made this kind of play and it paid off with even more opportunities than originally argued?

    I mean we all kind of take for granted that law enforcement wants more access to things they don’t always have or need access to on the grounds that it helps their investigations. But how often has law enforcement wanted something and it lead to an unforeseen windfall (at least perceptually by the public)? Are there other examples of the slippery slope?

    Joe

  15. Apple’s next course of action seems clear to me.

    Establish a company in the country of Iceland. Set it up so it designs hardware and software security systems. Divest 51% of that company to a legal resident of Iceland. License the security systems from that company.

    At that point, Apple could not be compelled to bypass the security, because it would be an unlawful breach of their license.

      1. That’s the beauty of this arrangement. Under US law it is illegal to interfere in a lawful contract. To attempt to compel a company to breach a contract would clearly be an ‘undue burden’ to said company. And the blatant disregard for international trade agreements would open the US government to trade sanctions.

  16. One aspect of this that is overlooked. Organizationally Apple would task a small team of experts to get this done ‘right’. What sw expert would want to be on a team that’s interfacing with a customer that has the power to compel, take sworn testimony, and, if need be, indict, and possibly incarcerate. (See past FBI history.)

    Additionally, the FBI said quite loudly, “We are only talking about one phone.” Do we have any believers here? (Ask the NYC DA about the 175 phones he’d like to open.)

    Not to mention that the FBI totally ignores the support of government snooping worldwide when America destroys the foundation of privacy. (Hello China, Russia, Saudi Arabia, Everywhere.)

Leave a Reply

Your email address will not be published. Required fields are marked *