Apple: FBI request threatens kids, electricity grid, liberty

Re: You don't say !

And yet Apple's business model (and Google's and Microsoft's) depends heavily on persuading people that everything is fine and dandy : 'just put everything into that one little egg basket and your life will be enriched'.

Out of the 3 you mentioned, Apple is the only one who started to work on improving security and privacy BEFORE it became a mainstream press interest. Microsoft and Google could be clones the way they approach the rights of their users and compliance with laws: ignored when it gets in the way of profit..

Re: You don't say !

Indeed.

I also find myself concerned about Cooks preference that the FBI, etc. should have approached Apple on the quiet... and I find myself now wondering whether their ability to operate in Russia and China are possibly down to quiet words already having been spoken with those governments.

Say what you like, but at least the courts can be scrutinised. Apple, as a corporation, isn't as easy for the likes of me to scrutinise; and I just don't trust Cook.

They can't immediately delete all the source code and object code an send the engineers onto other projects as soon as this is finished because, if this works and sets precedent, they'd get another All Writs Act for just this other iPhone. Then another. And so on.

They would also need to testify in court about how the firmware was written, giving more leads to everyone else about how to do it.

Eventually Apple would argue it's too burdensome and they'd get a demand for govtOS instead, arguing TSA luggage keys as precedent or something. And I'm sure the TSA would want a copy of that too, along with the police, FBI, and so on.

Re: Using a Phone to Control the World Is Mad

People's email is on their phone.

Including internal corporate "email" that normally only resides in corporate servers and has never been transmitted unencrypted.

Including information about private systems, that may include passwords.

Including access to password reset facilities.

That's before you consider the social engineering promise of being able to call someone from the CEO's actual phone.

And the general phishing opportunities if you have the entire contents of their phone.

Re: "it be used only on government or Apple premises"

"it be used only on government..."

Exactly. We already know how good they are at keeping electronic data secret.

We also know that given the chance, they'd use Apple's keys to backdoor every iPhone in the USA.

Re: "it be used only on government or Apple premises"

Any intrusion technique that requires physical access to the phone can't be used for mass surveillance. Anyway Apple stance will lead to:

1) More efforts to bring in legislation to force remotely exploitable backdoor, instead of only local access to a limited set of devices under court control.

2) Country like China, Russia, Iran, Saudi Arabia & C. doesn't care because they have quick ways to "ask" any people their PINs or passwords, torturing you and threatening your family are very effective ways, while Apple still makes money (and I wonder if it doesn't already collaborate secretly just to be able to sell in those markets)

3) More incentives for any wannabe "hacking team" to break into those systems to make money - and selling to everybody willingly to pay. An Apple controlled access would be better.

The end result is that non democratic states and and crooks will gain an advantage - while those following democratic rules will be cut off from essential evidences in many crimes. Let's see if China asks Apple the same, and what Apple replies - and if China will never ask it, ask yourself why it doesn't need...

Re: "Apple works mighty hard to ensure its products are secure"

That's why they build it in China...where nobody form that government will ever, ever, have easy access to all the facilities and technologies used to build them...

Building high grade security products follows a certain methodology where you segregate the build phases. You provide the factory with testing software that does not contain operational keys so you can check functionality but don't give away the family jewels with it. The hard work is ensuring integrity of your testing process, but even that can be automated. With current networking technology you can even build in a per-device authorisation phase (a luxury we did not have in earlier years).

Been there, done that, etc :).

Re: "Apple works mighty hard to ensure its products are secure"

I'm not sure why you thinking assembling them in the US would be any more secure than building them in China. Being able to see all the parts that go in it as it is being put together isn't any different than taking one apart and seeing the parts that way. Either way they have no access to alter the software or get hold of Apple's signing key, which is probably located in only a single secure room in Apple's HQ.

If China thought they could get some special information from access to where they are being assembled, it isn't like getting that access would be difficult if they were assembled in the US. They manage to infiltrate US nuclear weapons research programs, so I think getting access to a factory where many thousands of people assemble phones wouldn't present much of a challenge!

Re: Interesting use

Seems the politicos and the enforcement agencies can be played at their own game.

I'd go further here: given that their statements were clearly aimed at misleading the court, I want to know what they have to hide. After all, the general idea was that the FBI is accountable as a law enforcement agency, and this has the heady smell of politics all over it.

Why is the FBI attempting to set policy? That's not its role.

Re: Cognitive Dissonance

It is fascinating seeing The Register cover this case with their strict policy of Apple negative spin; obviously Apple are in the right, but how to paint Apple as the bad guys? Quite the conumdrum but I see it's happening with a negative twist as expected.

You caught a bad case of confirmation bias. Review other articles.

Re: Time for a compromise?

They already have updated their OS - and their hardware. In newer phones it seems that they genuinely wouldn't be able to comply with this order anyway.

Re: Time for a compromise?

Apple was already working on a change that would remove the ability to update software on a locked phone (which was done for convenience...i.e. it allowed recovery from a bad flash)

And no, this is not like a safe manufacturer cracking a safe. It is like a safe manufacturer being ordered by the court to create a special tool that allows breaking into EVERY safe they make, but the FBI saying "but you can bring the safe into your lab and use this tool on it rather than give it to us so that's OK". The problem is that the FBI will come back and ask them to do this for a lot of other safes. And the safe manufacturer will have this tool in their possession, where the possibility exists for it to be copied by an unscrupulous employee (or one that has had his family kidnapped and is under duress) or a burglar (i.e. hacker) could break in and steal a copy of it.

Re: I still think the FBI

Has gone about it in the right way to do what?

AFAICS, they've gone about it in the right way to give them the best chance to obtain a precedent that they'll then take every opportunity to extend until no meaningful safeguards are left. I doubt they give a monkey's about the content of the phone, even assuming it has anything they haven't got from the backup.

the average customer

I don't think people on this forum are average customers. And I don't think the people in Security who decide whether a device has access to their business are average customers either. I know of one such institution that prefers the iPhone precisely because of its "walled garden" and the fact that it will erase itself after 8 attempts.

There will always be a majority of people who don't care about security. And some of them are going to suffer for it. That doesn't mean that a the option shouldn't be available for those who do care.

For the record: I have an iPhone. I work at at a pediatric hospital. I want to be able to be in touch with my hospital 24x7 to provide the best support I can. And I want to protect those kids by having the best security possible for the hospital and that includes the devices that attach to it. I don't care who manufactures the device or what their motives are, profit or philanthropic, as long as they are secure and the more secure the better.

"Though who or what they are really protecting here?"

That's an easy one. Everyone who didn't think it mattered until they ended up on the wrong end of a false accusation and find out too late that it did matter.

Re: There is a backdoor.already

There's a timeout on being able to use the fingerprint reader on the iPhone, after which it requires the password. It also requires the password when it is first booted (so if you are about to get arrested, power off your phone or touch the wrong finger to it 3-4 times in succession)

The way the fingerprint reader works on the iPhone is that your actual password is stored in the secure enclave (so it must get your password from you when you first boot the phone to allow this) so yes it is less secure. But that's a problem with biometrics in general - doesn't matter if you use fingerprints, irises, palm veins or whatever. Fingerprints and irises are particularly bad because they are trivially lifted in public places unless you go everywhere in gloves and sunglasses.