11 comments

[ 2.9 ms ] story [ 38.3 ms ] thread
Apple has a been a member of prism since 2012, so is this not all moot?
There's one thing to do it quietly and another to stir up public debates. Now it's a 'talking point', something the media talks about, so it can't be hushed.

The value of this letter is not that Apple may be forced to do something, but for the discussion it triggers: device security, state access and the reach of surveillance.

PRISM covered monitoring and tracking of your device and the data it sends/receives. This order is to unlock the device itself. A pic taken on the iphone but never uploaded anywhere wouldn't have been caught with PRISM.
I would suggest that this will affect civil rights cases for much longer than a generation. The very law that the judge cites (All writs act) is 225 years old.
I think Germany would have a lot of interesting things to say about government overreach into private affairs
It will not affect anyone's rights. Why - FBI is not using any form of prevention of the creation of secure devices.

Apple designed their devices in such way that there is way for them to circumvent their security. The fact that apple must comply is their own fault.

It is obvious that the security scheme of iOS is weak - it is security trough obscurity. They tried to make secure encryption with only 18 bits of user input. If the user provided all of the 128/256 bits the case would have been moot.

So what is the moral - when you design security solution - make sure that you can give the FEDS complete control over all of your data and company resources and they still would not be able to harm your consumer. How? Make sure the user and only the user can set the keys.

The TSA demanded that luggage manufacturers begin making luggage that can accept a special key that only the TSA is supposed to have. The luggage companies complied.

Within a week, a TSA officer took a close-up picture of all 7 key variants; from this image, 3D models of the keys were made, and now you can print all 7 keys and open anyone's TSA-approved luggage.

The FBI is slightly more competent than the TSA. Slightly. I doubt trusting them with any access to my device is a good idea.

Yes. But that is why you shouldn't use apple products - because they left a theoretical backdoor in their devices. As long as the US law does not prevent manufacturers from producing arbitrary level of secured devices - it is totally OK for the FBI to enlist half of the world in attempts to crack it.

The best security comes from open and auditable security schema and strong keys.

If I make good implementation of AES and someone encrypts a file with it but provides its own password - I can give the feds the AES spec, the source code, I can even consult them on dictionary attacks and so on - and they still won't be able to decrypt it.

Apple decided to go the other way.