ignoring privacy routinely ever since 9/11
Or, perhaps, since at least several months before that:
https://motherboard.vice.com/blog/the-telecom-exec-who-refused-nsa-snooping-is-out-of-prison-and-hes-talking
Apple versus the FBI has generated much discussion and conjecture lately. The vast majority of it has centered on the rights and the wrongs, about the loss of privacy, and of the precedent that breaking one iPhone would create. Many are hanging on the blow-by-blow developments for an outcome, to see which side trumps: Apple …
Actually, the FBI has been investigating and destroying privacy for many decades. Go back an look at Hoover and McCarthy and the crap they pulled. The NSA lads are amateurs next to those two. And Hoover's history well after McCarthy was gone. Anybody and everybody was fair game to his mind. I shudder to think where we'd be now if there had been an NSA and an Internet with him around.
Don'tcha just know it bugs the dickens out of governments at how God encrypted the human brain beyond their reach?
Others cite First Amendment rights to speech to protect encryption. I don't see how the right to speak to those who want to listen is related to the right to not have one's speech heard by those one does not wish.
Then there is a bit of Fifth Amendment about not being required to self-incriminate. That doesn't work either else the signature on a check paying a bribe would not be acceptable evidence. Can't be forced to speak against oneself, but past speech is fair game. Encryption would be past speech.
If I was a justice on the SCOTUS I'd say the right to keep and bear arms in the Second Amendment has the most bearing. Recognizes citizens' right to own the means to defend against all comers, including the right to own tools which could be used against the government's wishes.
I'll upgrade my iPhone 5 when Apple announces the theoretically-impossible secure encrypted model (as opposed to the current theoretically breakable just hasn't been done).
@David Kelly 2: the First Amendment implication is trivially obvious: I have the right to speak *in whatever form I want*. I can speak in Navajo, should I choose. Or in an apparent stream of random noise.
Sure, nothing in the First Amendment protects my speech from the government trying to overhear it (that is the purview of the Fourth Amendment, which you forgot, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated").
But the government MAY NOT compel me to either speak in a way that is easy for them to listen to OR (as actually is relevant here) compel someone else to create tools to help them.
The first amendment argument (which is their weakest one probably) is not about encryption per se, but about whether the government can force Apple to say something. In this case, that something is "this is an authorized version of iOS" and the way of saying it is by signing it.
To be honest, that's just a technicality. First, the question shouldn't be whether the government can force Apple to say something, but whether they can force Apple to do something. The case here is about an iPhone 5c that might be attacked by replacing the firmware with a chnaged version, which is claimed to be "speech". On the next model, the iPhone 5s, this is all protected by real hardware, so breaking into the phone (if that is actually possible) would require breaking the hardware which probably doesn't fall under "free speech".
The real question should be whether it is actually a good idea to have Apple crack these security features, and that question probably has the answer "no".
I prefer the way a poet friend put it….
“You can outlaw the morning,
But the sun will still rise.”
OBZ
Having said that...
@ Malcolm Weir
re: “compel someone else to create tools to help them.”
never heard of the Communications Assistance for Law Enforcement Act (CALEA) ??
“CALEA's purpose is to enhance the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities…”
(https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)
If this case was exclusively ruled by facts I would agree with the premise of the article, and there would be no doubt as to the outcome. But we don't live in a logical utopia.
I warned in previous posts that there was rather large helping of emotive language thrown into this (terrorists, murderers) to make people feel they were helping the bad guys if this was not permitted, and that was EXACTLY to break that logic, because we are not logical when you stir emotions into the mix. As I stated, the fact that a large dollop of emotion is thrown in is a strong hint that something is amiss under all that loud noise and indeed, what the FBI is asking for is not acceptable because of the consequences.
If the case was purely about logic it would never have made it to court, and if most post 9/11 laws had anything to do with logic they would no longer exist (and it's doubtful the ideas they contain would even have made it into law).
The FBI has worked very hard to keep this case away from straightforward logic, and that's for a reason, so nice try, but IMHO no dice. For the moment, the outcome is still very much up in the air.
Meanwhile San Bernardino goes one step further and says there's an encrypted virus on the iPhone which could attack the city unless they get the PIN off Apple, or something. The kind of idea that was thought up by writers for CSI Cyber then dropped for being too stupid.
San Bernardino DA says seized iPhone may hold “dormant cyber pathogen”
Even the most sympathetic judge is going to have trouble with that one.
The problem here is the average Congress critter is too dim to understand logic and the average feral bureaucrat is even worse. Any knowledge of encryption and how computers work makes one understand computer encryption is "all or nothing". Any weakening of the encryption/system security means there really is no security only the illusion.
If Apple broke its own phone's security because of US legal demands, China would demand that right. So would Russia. So would every other dictatorship.
How are Russia, China and other dictators going to exercise that claimed right?
The US holds an advantage because Apple is a US corporation and Tim Cook is a US citizen under US jurisdiction and bound by US law.
It's a whole different ball game for foreign countries who can simply be told to fuck off with very little they can do to force compliance with their demands.
> How are Russia, China and other dictators going to exercise that claimed right?
They're going to say "if you want to do business here, you'll be unlocking phones for us or GTFO"
And if they unlock the phone for the US, they won't have an argument against unlocking them for any other country.
"They're going to say "if you want to do business here, you'll be unlocking phones for us or GTFO"
And they won't need wait until it's been done in the US. Everyone now knows it can be done, so it's going to be difficult for Apple to argue that it is impossible.
The article quoted:
If the FBI gets its way and forces companies to weaken encryption, all of us – our data, our networks, our infrastructure, our society – will be at risk."
But that's bollocks. The FBI aren't asking Apple to release firmware to them, they’re not asking for a universal solution, and all of this can be done on Apple's premises with none of it leaving the building. There's no reason why any of this will be less private than Apple's own signing keys. So if it is looked after to the same standard as Apple's own keys, why would it be riskier?
If one wants to assess risk, one should enquire as to how Apple safeguard their keys. They'd be far more dangerous if they ever got out.
"But as part of the trial process that's what they'll have to do to anyway show that the procedure they used to get the data off it is reliable."
No, the FBI have asked that this all be done on Apple's premises.
The FBI have been careful to ask for nothing to leave Apple's premises. Apple cannot show why that is less safe than their own signing keys.
The phone itself need never leave Apple ever again, even if it turns out to contain useful information. Once unlocked the whole mobile forensics thing can happen in their office, with only the results of the examination being permitted off-site.
Something has gone seriously wrong in the relationship between Apple and law enforcement agencies in th US. There's certainly fault on both sides (e.g FBI vs MS - the FBI are being crazy there), but Apple has clearly done something to irk them sufficiently for the FBI to choose to go public with this.
It sounds dangerous to upset one's own government and law enforcement agencies when there clearly isn't a political majority likely to support one's point of view. If Uncle Sam wants to, Uncle Sam can pass a law making the FBI's request un-ignorable.
And the other hundred or so requests currently pending?
And the millions of requests this would unleash?
And the fact that every other country in the world would immediately demand the same ability?
This isn't a slippery slope. It's an actual cliff that the FBI are currently pushing us over.
Certainly it's a big cliff but it is by no means sure that the FBI is actually pushing us over the cliff - see the article for good reasons for that idea.
Of all the three letter agencies involved in the encryption problem the FBI is the one best suited to taking the problem to court. I can't imagine that the CIA, NSA etc would be stopped by a court ruling if National Security was at stake, but the FBI, (I imagine), would feel bound by a final court ruling. And this problem does need a definitive legal response because how else can you convince a Congressman (or worse, a New Jersey property developer) what is allowed and what is not allowed in the US.
@bazza
How do you remove the knowledge learnt from engineers heads?
The ability to do as the Fbi ask does not exist, apples engineers have to effectively work out how to subvert their security and then build this. Even if they then destroy everything used to create the decrypt tool, there is nothing to stop individual engineers popping up in China or Russia or North Korea to recreate the decryption tool. It'll be like those espionage stories of the Cold War where nuclear scientists sell their secrets to the highest bidders.
@chris 17,
"How do you remove the knowledge learnt from engineers heads? The ability to do as the Fbi ask does not exist"
You can't, and it's already there. On reading the newspapers some coder somewhere in Apple's employ has already involuntarily thought it through. And for all intents and purposes it does exist, it simply hasn't been typed in yet.
Apple have their source code and their own signing keys. They can make any change they like and have any iPhone anywhere on the planet accept it. That's the whole purpose of signing keys. The source code changes are almost certainly trivial, something like:
if (PINRetries > 10) {
wipe_phone();
}
Becomes:
if ((serialnum != <Farook's phone serial number>) && (PINRetires > 10)) {
wipe_phone();
}
No matter what side of the debate one is on, we have to recognise that it can be done.
@Richard 12,
"And the other hundred or so requests currently pending? And the millions of requests this would unleash? And the fact that every other country in the world would immediately demand the same ability?"
It is important to acknowledge that whether or not Apple do this for the FBI is irrelevant to the rest of the world. The rest of the world does not need to wait for Apple to satisfy the FBI's request. They can, within whatever the local legal framework permits, apply varying degrees of pressure on Apple and their business in that country. Unfortunately in some countries that pressure may be applied for reasons not generally compatible with a harmonious and peaceful democratic society.
As you implicitly acknowledging everyone now knows it can happen. It is public knowledge. It may (and almost certainly will in some counties) as you say result in millions of requests flooding in. If Apple really, really, didn't want to become the focus of that then it was in their best interests to keep every hint of the possibility as quiet as possible.
However the relationship between the FBI and Apple (and the whole tech industry) has clearly broken down to the extent that the FBI decided to go public. That was never going to be in Apple's interest, and who knows, it may have been wiser to have caved in whilst it was still a private matter. The FBI have clearly wrong-footed Apple in this dispute; Apple clearly did not anticipate it becoming a public matter.
Don't for one moment think that I consider the FBI, politicians or anyone else to be angels in all this. The FBI are acting crazily with FBI vs. MS and their Irish data centre. Politicians in the US and elsewhere have failed to lead and inspire a proper public debate about just how high tech industry should, for the benefit of society as a whole, interact with law enforcement. This whole thing may (and I sincerely hope not) result in a significant increase in successful terrorist plots, a decrease in successful criminal prosecutions, etc. This kind of thing is what happens when lazy politicians fail to properly consider changes in industry and society.
The ability to do as the Fbi ask does not exist, apples engineers have to effectively work out how to subvert their security and then build this
For this case the FBI is asking: "Build us a version that doesn't lock up after 10 tries, and does not delay between tries". Which would take one engineer with the relevant knowledge of that part of the code just a few hours to write and build, then maybe a few days to load and do test runs on a couple of scratch phones.
Regardless of the implications of this demand, it can hardly be called "knowledge that can't be unlearnt".
Actually it can be simply updated with new code without triggering the wipe. All iPhones support software update in DFU mode while connected via USB to iTunes. No password or authentication of any type required. That was deliberate, to allow recovery from a bad flash. Now that they know that 'convenience' feature might be used for evil by having the government force them to create custom software, they are already working on removing that ability in the next iOS update.
That won't affect this phone, or any other phone collected by the FBI or various law enforcement agencies. But it will affect the iPhones they collect a year from now, which will very likely have this update installed.
@ allthecoolshortnamesweretaken,
"In a free country, ruled by a government of the people, by the people, for the people this shouldn't be an issue, surely?"
It depends on your point of view. The elected politicians, who are of the people, are people themselves, and serve the people, may decide to pass a law in furtherance of "better" law and order. If the government makes a decision and can get a political consensus it will, and indeed is required by its democratic mandate, to act on it. There'd not be a whole lot that anyone could do about it then, not even Apple.
There's always immense pressure on governments to do whatever is appropriate to preserve law and order. They fall down on the job, they will get kicked out. Mostly they try to prevent that outcome.
Even if the phone gets broken into on Mars, the FBI will insist - with whatever force necessary - on putting people there to oversee the process.
FBI will require intimate access to at least parts of the technology (the "firmware hack" or whatever is needed), in order to "safeguard national interests". Once they have an OK, these kind of things are rather hard to avoid.
Said FBI people will inevitably be competent enough to compromise the whole situation by "accidentally"... picking up signals...with an airgap device that was inadvertently left activated in one of their pockets, similar to Google "accidentally" mapping private wifi hotspots with some custom code. No Biggie, only we just recorded everything and stored it somewhere secret.
Of course, nothing will prevent said agent to pull an Oopsy McFumblefingers at a local Dunkin' Donuts, by "accidentally" uploading the contents of their device to ATSC who now sells it to all and sunder in a secret sting operation designed to "trace terrorists and disruptive technology operatives" with the predictable Fast and Furious - style escalation into a tsunami of low-grade manure....Said agent gets a fat promotion for doing exactly what they were told in their classified instructions - make sure iPhone gets broken, forever. To add to the overall entertainment value the agent's actual name is Said.
Did I miss something? And will this fit in a 22 minute CSI format or does it have to be an Onion video...
silly point. any foreign gov can order their local cell towers and carriers to degrade or stop iphone access..
if everyone would stop and remember how apple violated a local report reporter rights, had its security force with local help seize his computers and docus and demanded all "keys". then had him "jailed" for a few days and then when after family and friends .....
China has more power here, "labor laws and wages" and free two labor could stop and apple's cost would climb or they hold shipping up for safety...., etc...
Apple automatic update service is a backdoor, tough to use for locals, FBI, most 3nd world countries.... but that's about it.
silly point. any foreign gov can order their local cell towers and carriers to degrade or stop iphone access..
if everyone would stop and remember how apple violated a local report reporter rights, had its security force with local help seize his computers and docus and demanded all "keys". then had him "jailed" for a few days and then went after family and friends .....
China has more power here, "labor laws and wages" and free two labor could stop and apple's cost would climb or they hold shipping up for safety...., etc...
Apple automatic update service is a backdoor, tough to use for locals, FBI, most 3nd world countries.... but that's about it.
"if you want to do business here, you'll be unlocking phones for us or GTFO"
And, incidentally, we also noticed that some naughty people here have beeing driving around while being employed by you. Which is now punishable by ten years hard labour. Unless you rub our back, that is.
And, incidentally, we also noticed that some naughty people here have beeing driving around while being employed by you. Which is now punishable by ten years hard labour.
Not Putin's style, the Russian's probably already has the capability to do what the FBI are asking Apple to do; through the carefully nurturing of Apple employee's...
It wouldn't be THAT hard to move production. Yes, it would be a massive disruption that would cost Apple 6-12 months of production and lead to shortages and cost them tons of profit. But they could move it, and would never move it back.
I imagine the reason you bring that up is since Apple's production is in China, you think the Chinese government might have leverage over Apple. The mere threat of using that leverage would plunge the Chinese economy into a massive recession as every foreign company would see production in China as unacceptably risky and move their production elsewhere as quickly as possible. China's ruling communist party would be unlikely to survive this.
The leverage you imagine China has over Apple is similar to the leverage lots of nuclear weapons give you over another country that has lots of nuclear weapons...i.e., none.
@dougs
1) I don't think China would give a flying .... If apple upped and moved in response to demands to provide iPhone decryption tech.
2) Apple and other tech giants share holders would miss the profits earned on the back of good quality low wage earners and also the significant loss of sales.
3) western nations have more to loose from China than China has from them, global recession looms from upsetting that Apple cart.
You should have read what Apple itself said about this.
The FBI wants Apple to create some new firmware and install it on this one iPhone (forget about the other 12 iPhones that they have for a moment). The problem is that while there is pretty good protection so that you can't install new software on your iPhone unless it is signed by Apple, there is no protection against somebody making a copy of that firmware. And since it is signed by Apple, it can be then installed on any computer.
@gnasher729.
"The problem is that while there is pretty good protection so that you can't install new software on your iPhone unless it is signed by Apple, there is no protection against somebody making a copy of that firmware. And since it is signed by Apple, it can be then installed on any computer."
Your concern is misplaced. Yes, the modded firmware might leak and find its way onto any compatible iPhone, where it will have absolutely no effect. The FBI have asked for a remedy for one specific phone, and indeed the court order specifically limits the effect of that remedy to that phone. From a technical standpoint Apple can very easily brew up a version of the firmware that will have no effect at all except on that specific phone; they all have unique serial numbers. Apple could even make it so the effect was time limited, giving the FBI a limited opportunity to make use of the remedy.
It would be impossible for anyone except Apple to modify the "special" firmware to make it work on another phone. The change would affect the cryptographic hash of the firmware and no iPhone would install it.
Wanna bet??
As an example, last week I watched the Frontline episode describing the increase in opiate abuse in the United States, in this case particularly focusing on the Seattle, Washington area. This increase in opiate abuse is largely driven by "normal people" getting hooked on opiate painkillers like oxycontin or vicadin, prescribed for perfectly understandable medical reasons. Doctors are trying to cut back some on the issuance of these subscriptions, and encouraging alternate pain relief therapies. However, there are still millions of opiate subscriptions being written, no doctor is limited on how many of these prescriptions they can write, and a certain number of these will result in addiction down the line.
There are chemical therapies for people who have opiate dependency problems, including methadone and other, newer drugs. However, distribution of these therapies is strictly controlled by the Drug Enforcement Agency, and doctors are even given limits on how many people they can prescribe these drugs to.
So, during the Frontline episode the journalist was interviewing a local Seattle doctor who prescribes painkillers as well as opiate substitution therapies for patients who have become hooked. The journalist listened to the doctor describe the constraints he works under in prescribing substitution therapy, and asked the doctor "So you can prescribe Oxycontin for an unlimited number of people, but your ability to prescribe (newer substitution drug X, whose name I can't recall) is limited to 100 patients?"
The doctor's reply was "Yes, the irony of this situation is not lost on me."
Don't take it for granted that law enforcement and the intelligence community will not use their powerful influence to force through short-sighted laws that help law enforcement, but hurt society. And if you doubt this influence, just look at how many sitting governors and state attorney generals out there got the endorsement of their state association of district attorneys/police chiefs/sheriffs/law enforcement union vs. their unsuccessful opponents.
If someone followed the money, they would probably find that the FDA is following the advice(?) of the pharmaceutical companies.
At one point, the DEA was investigating doctors for prescribing habits and pharmacies for distributing. Some patients were flagged as "taking too many"... like they knew the pain level. I think the DEA still monitors but isn't as active in this as they once were.
And let's not get me started on the Medicare stance that artificial limbs are a luxury item....
Logic? Yeah.. Logic and government. Damn near an oxymoron.
@ Mark85
Its not the FDA, its the DEA--the United States Drug Enforcement Agency.
The painkillers are free to be marketed universally because they are under the supervision of the FDA, which supports the identification and widespread marketing of effective drugs.
The opiate substitutes are examined for safety and efficacy by the FDA, but they are controlled by the DEA, which apparently doesn't want lots of substitution drugs being used because they A) they feel it would encourage or legitimize opiate drug use (Many opiate painkiller abusers end up moving to heroin eventually) and B) the substitutes are opiates themselves--just less narcotic derivatives of opium, so the DEA is worried that they will be abused or sold by criminals.
"The opiate substitutes are examined for safety and efficacy by the FDA, but they are controlled by the DEA, which apparently doesn't want lots of substitution drugs being used..."
And the DEA in this case has plenty of hard evidence to support this case. Particularly in "redneck territory" in the south, prescription drug abuse (in particular of opioids) is quite rampant. Yes, it's hard to take people out of vices (the whole "what I do in my house is my business" thing), but the thing is that these vices tend to have knock-on effects for the rest of society. If a once-hard-worker stops because he/she is now wasting their days in drink or drugs, what happens to the job, the spouse and kids, and so on?
The UK tried "evidence based policy" on the risks of drugs in society but found it did not tell them what they wanted (or more accurately, what the tabloid papers were pushing). Dr David Nutt was in charge and knows his stuff (you know, life time of research, etc), but that counted for nothing ultimately:
https://en.wikipedia.org/wiki/David_Nutt#Dismissal
It was the west coast where all the special measures to siphon data to "interesting locations" took place. I knew about them as early as ~ 2006, long before Snowden by the way, because while the siphoning was hidden, hiding the special line card development needed to copy the volume of data traffic was nearly impossible to hide.
So yes, it is binary, and it is set to 1. Comply. If it was East coast it would have been analogue and a subject of a long lawyer tussle. On the west coast the bit is flipped to one and that is where the story ends.
Tell that to Joseph Stalin and folks of similar ilk. It didn't matter to the Supreme Soviet what science said. You did what you were told, or you went to the wall or the Gulag. When the first Soviet Five Year Plan didn't work (because it was impossible from a scientific/engineering standpoint), the engineers were put on trial for "wrecking" the Plan and convicted, too. In WWII, Russia suffered horribly because Stalin had killed or imprisoned some of the best scientists that could have helped the war effort against Hitler. And as for Hitler, the Nazi atomic bomb project was strongly crippled partly because "real" Nazis didn't have any use for Einstein's "Jewish physics." Tricky to design a nuclear weapon without E=MC^2.
One certainty in any society is that those in power have one real goal: to remain there. To them, it matters little what science or anything else related to reality shows. They want everything THEIR WAY, based on what THEY believe. If you try to explain to them that science contradicts what they want, they will tell you that you are wrong and need to shut up. I won't mention intelligent design or global warming as examples of this sort of thinking.
Sense can win out over nonsense, but don't bet on it happening always or somehow being inevitable. Right now, we live in a world where science mostly (but by no means always) trumps nonsense, but don't depend on it staying that way or getting better. I certainly hope it does, but keep in mind that a new Dark Ages is always not too far away, unfortunately, if people are foolish enough to go in that direction.
East Coast Law does not recognize West Coast Law. Therefore it does not exist. Rulings will be made and litigated up to the Supreme Court which also does not recognize West Coast Law.
US secret courts recognize only secret laws. We are not allowed to know what they are. Rulings will be made.
"In WWII, Russia suffered horribly because Stalin had killed or imprisoned some of the best scientists that could have helped the war effort against Hitler. "
A great simplification of history. The initial German invasion succeeded because Stalin had purged most of the best Army officers. There was a frantic rush to rescue manufacturing equipment from the invaders and the Germans progressed rapidly while this was being assembled in new factories in rear areas. Russian aircraft were inferior, true, but their tanks were better - and the original manufacturers of the T34 ignored the original specification and put in a better gun without permission from Moscow. They did not get into trouble.
One of Hitler's problems was all the effort wasted on "wonder weapons" that were not. The US could drop atom bombs on Japan because it was a long way from the US, but if the Germans had developed an atomic bomb as successfully as the Americans did, and were able to do as much damage, the result would probably have been a complete massacre of every German. It would not have won the War, but it would have meant that the Allies and the Russians would have laid complete waste to Germany in retaliation. If von Guderian and Speer had been allowed to concentrate on artillery and tanks, it would have been more militarily effective. There is also the question of how an Oak Ridge size plant could have been concealed in Germany - it would have been overrun by the Russians in Russia, Poland or East Prussia.
The country whose politicians currently put the most effort into ignoring science is the US; the War on Drugs and Republican threats to demolish the EPA being just two examples. This current Apple versus FBI debate is another them-versus-science issue. But I think your examples are mistaken. The problem is the desire of politicians to ignore any facts that do not suit their narrative. By that standard their approach to science is relatively rational. It's OK so long as the scientists and engineers don't want any political power.
Not really true. There were Jews working on weapons projects in Germany, so you really don't under stand history well at all. The reason Hitler never got the atomic bomb is because ALL the scientists working on it would not let him have it. It has nothing to do with if they were Jewish or not. And similarly scientist who know encryption in the US should be smart enough to know you can't trust the FBI any more than you could trust Hitler. There is little difference. The point of the article is that science must remain above "just following orders" of the law.
For science to have a change to defy law with the iPhone Apple would need to implement encryption in a way they themselves cannot circumvent. (One way of doing this would be adding a tamper-proof chip akin what is in a SIM to keep the encryption key, which would only spit it out given the correct passcode, and, unlike a SIM, would irrevocably erase its contents after too many misses).
Incorrect. The iPhone 5c does not have the "TPM" (TPM is an Intel term, Apple's implementation of a similar idea is called the secure enclave) The 5S, 6 and 6S do. All iPhones since the 3g are fully encrypted, even the OS...no idea where you got the idea that the OS in the 5c is on a non encrypted partition. That's not the case, the iPhone doesn't even support unencrypted data. Every byte is encrypted, but certain classes of files are encrypted before they are stored on this encrypted filesystem (i.e. doubly encrypted) The OS binaries are, obviously, only encrypted the one time. Read the iOS Security document....60+ pages of goodness that will make anyone who cares about security smile. They didn't think of everything, but they thought of way more than most give them credit for, and it puts the architecture of other consumer operating systems to shame and they are far from done yet.
The reason Apple is able to update the OS without providing the password is because the iPhone allows software updates to be loaded in DFU mode, which is a sort of preboot state that can be enabled when it is connected to the right USB driver. They allow that because it provides a way to recover from a failed flash or other software update problem that would otherwise brick the phone.
All iPhones permit software updates in DFU mode without providing a password or any other sort of authentication. Apple said shortly after the FBI battle hit the news that they had already been working on closing that hole. It was not clear if they mean completely or will still offer a way for authorized users to do updates in DFU mode or not - the main idea was that they would make it impossible for THEM to do updates in similar circumstances even if they want to. Even if they lose this case, by the end of the year 80% of iPhones in the world will be running software that would make a similar request impossible even if this one is seen as precedent. West coast rules, east coast drools LOL!
This case shows how Apple's thinking about security has evolved over time.
stage 1) defend against hackers i.e. normal security
stage 2) defend against government out of control - i.e. post-Snowden - things like making it so Apple doesn't have a copy of your phone's passcode/password so they can't help you if you forget it but they can't be forced by the NSA (or hacked by them) to give up passcodes in bulk without a warrant
stage 3) defend against Apple itself - i.e. post-San Bernadino - protect against Apple being compelled to find ways to hack its own devices even to the point of creating software to do so, via stuff like not allowing DFU mode updates, and I'll wager making it impossible to update the software in the secure enclave at all once installed (unless it is already impossible...that's not really clear)
@dougs
You need to reread the facts on this
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
The later iPhones are not susceptible to the same type of request as the counter of pin code tries is in hardware not software. Even if the 10 tries and key destruction limit us removed, it'll still take over a year to brute force a later gen iPhone with 4 digit pin.
page 4 of the doc you mention clearly shows only the user data is encrypted!!
@chris 17 and you need better sources than a user guide with "facts". All currently existing iPhones are vulnerable, and the "enforced" delay is software-controlled.
Maybe, maybe not. The question is whether the firmware of the secure enclave is possible to update in DFU mode (or at all) which would allow overriding that (the counter isn't "in hardware" it is in the secure enclave which is basically a tiny computer on the A7/A8/A9 SoC, which of course runs its own software independent of (but in communication with) iOS.
So communist China yes is a dictatorship but nowadays allows even more free market than US/Canada and most of Europe...
Russia too nowadays allows more free market and has way lower taxes.
But still Putin and China would be the bad guys while the Democrats with the Obama in the White House and Merkel and the shameful people in Europe would be the good ones?
What have the EU and USA done right in the last 7 years since Obama ? Thanks to Obama the world has been at war like never before with muslim terrorists everywhere attacking inside our countries for the first time in history and with clear help of NSA, FBI and CIA.
Anyone not seeing that must be blind or guilty.
No, Obama and the Democrats aren't the good guys, the Merkel and her gang in Europe aren't either.
You are looking for black and white in a world where none exists. People who hate Apple and think they are the bad guys for stuff like the walled garden, lawsuits, pricing or whatever can still believe Apple are the good guys where this case is concerned.
Ditto for politicians, who can be the good guys for some things and bad guys for the other. And that doesn't even account for the fact that you and I may disagree on some aspects of politics, so something you think Obama is a good guy for I'll think he's a bad guy for, and vice versa.
"But still Putin and China would be the bad guys while the Democrats with the Obama in the White House and Merkel and the shameful people in Europe would be the good ones?"
... and still, you, me, and all the others bitching about Obama, Merkel, Cameron, or Hollande (or their predecessors, depending on our particular preferences) choose to fester in their oppressive and stiffling dominions, rather than moving lock, stock, and barrel to the newly capitalist glorious people's paradise.
Now why's that?
The West Coast doesn't like breaking encryption because doing so would destroy the tech sector overnight. The doors would close and engineers would pack their bags to move to another country. Using encryption correctly, or at least pretending to, is required for everything. Forget about stalking. Forget about bank accounts being drained overnight. Criminal hacking would get real - guns and rockets kind of real - when there's an backdoor key to find out what is in any shipping container, who is in any car, and who is on any plane. US software wouldn't even be usable in the US.
fl "...how you tell the difference between [good and bad guys]..."
Easy.
The winners are always the 'good guys', because they get to write the history books.
Churchill was asked if he thought that history would be kind to him. His reply was, "Yes, because I intend to write it."
Re: Hyperbole
u need to re think china has no power here. relocation where, work force and energy needs... not counting shipping.
Apple can hardly charge ics with problems...... relocation and qualify control..... what other assembler outside can handle this.
Plus China has a lot of rare minerals used in ic production, they can control who buys their exports .....
So,in the end summary; apple collapse is not the end of the market for cell phones or china .... other manufacturers will slowly fill the production lost....
If Apple withdrew production from China, with those newly empty Foxconn factories and unemployed workers, Xiaomi and Huawei, after the boards had finished dancing round the table and sending out for champagne and hookers, would expand production as fast as jigs could be turned out. Which is very fast indeed.
Moving production lines is easy. Moving the worker infrastructure is extremely hard.
Neither 'science' nor the 'law' have any say over the conduct of 'reality'. One is an attempt at a systematic study of 'reality', the other is an arbitrary attempt to control the conduct of human society, but in either case it remains true that:
"Ye cannae change the laws of physics"
And however galling it may be to those who dream otherwise, the truth about reality remains the truth whether any given human being knows that truth or not, or, being aware of it, refuses to accept it.
The 'governemnt' can pass whatever laws it likes, but if 'unbreakable encryption' is possible, with the limits of available knowledge, then people will use it if the have the means and the motivation to do so, and no amount of squealing or magical thinking will change that.
"And however galling it may be to those who dream otherwise, the truth about reality remains the truth whether any given human being knows that truth or not, or, being aware of it, refuses to accept it."
Yes, when our company acquired a CEO who recited the mantra "Perception is everything", I knew it was time to move. As the old limerick says:
There was a faith healer of Deal
Who said, 'Although pain is not real
When I sit on a pin
And the pin goes right in
I dislike what I really don't feel.'
The FBI has no right at all to the privacy technology Apple has developed. Remember Apple is international, so if you force Apple to give it to the FBI, then all other governments, like Russia, China, North Korea, Iran, etc., can and will force Apple to give it to their secret police as well.
Do you really want that?
Snowden showed us that no government can ever be trusted, not even ours.
"I wish I could give the good guys the access they want without also giving the bad guys access, but I can't..."
Actually you can. We need to stop thinking about a single master key that unlocks every phone. Instead, give every smartphone a unique serial number (that is visible), and an associated secret key (invisible), hard coded by the manufacturer into its chipset, that can override its other security features. The disclosure or compromise of any one secret key would be no detriment to any other phone in the world because each key is different, and only works on the serial numbered phone it was made for. Make it as secure as you want, eg ten failed tries and it locks out. Once these numbers are set, the phone manufacturer does not keep a copy of the secret key, nor a process to recover it. The manufacturer gives the serial number / secret key pair for every phone to a central register which keeps them in escrow on a server that is offline (not hackable) and secure like a bank vault. The central registry makes the secret key for any individual phone available to law enforcement or national security only with a court order, following laws that define how serious a case needs to be (eg public safety would qualify, tax evasion might not). Each country that manufactures smartphones could maintain its own national key registry, and law enforcement agencies can exchange information under international agreements against terrorism, as they do now.
and one corruptable/bribable person can bring the whole lot unstuck.
Once the process fails and the Serial number/Secret key pairs are exposed the whole idea collapses like a house of cards. If there is a way that the information can be retrieved for law enforcement there is a way it can be retrieved and distributed to the criminals. Who decides which requests to honor and which to deny.
While people are involved anywhere in the process human nature will come into play. No one is incorruptable you just need to find the right buttons to push.
But that situation exists NOW, WITHOUT the need for law enforcement. Why can't an industrial spy get some insider to obtain a company's secret keys in some way (or perhaps the way by which it was created so it can be duplicated)? I'm sure a secret signing key would be a (social) hacker's holy grail and would be attacked mercilessly.
Anyway, what you REALLY really need are two, maybe three keys, but they allow different things. The "root" key, so to speak, is generated internally by the black box cryptochip and NEVER leaves it. Meaning NO ONE, not even Apple, can possibly know it. From this, two other keys can be generated that CAN be released. One is the "public" key that is kept by the user. That way, ONLY the user can use their iDevice as they see fit. The other is a "wipe" key. This one can be kept by the user AND given to Apple. This is the failsafe which allows Apple to reset the device back to Factory condition, but ONLY by wiping out everything in it. THIS key can be kept in escrow as a last resort, but it'll be of no use to law enforcement since it's by definition a "destroy evidence" key.
Charles 9 If you don’t see a need for law enforcement then consider this scenario: a terrorist group has ordered one of its sleeper operatives to plant a bomb in your city. A SWAT team caught up with him but he was killed in the fire fight. All they have to work on is his iPhone, which contains his orders of where and when the bomb is set to go off. There are many variants of the scenario but they all reach the same ethical / legal issue. What rights should law enforcement have to hack this phone?
Was he a TERRORIST or a WHISTLEBLOWER? Tech can't tell the difference and history's written by the winners...
Ever thought the phone's actually EMPTY? The 9/11 hijackers went low-tech and used trustworthy human couriers to pass on their instructions and used safe haven countries where the law couldn't reach. Given that, there's very little LEOs can do to stop serious terrorists. They can act outside the law; the law cannot. It's attacker's advantage. At some point, the defender's gonna lose.
Oengus Secret keys are released from the government-run registry subject to court order (as I said).
If you don't trust anybody, why would you trust Apple Corporation not to build in their own undisclosed back door, or any of their software engineers to privately create one? What brand of phone do you recommend then?