In capitalism, market share is determined by company decisions that create different amounts of value for consumers.
Thus, any decision that a company makes is in effect "marketing" if the goal is to grow/preserve market share.
It's unfortunate if the underlying mental model of employees of the Justice Department is that we should all sacrifice our privacy (and that of our customers) for some notion of the greater good.
It's scary when anyone thinks that his/her own job interests represent the greater good for everyone else... even worse when that job is a position of governmental authority.
Sorry, blind allegiance to the government is not a religion I want any part of. It's also odd to use the anti-capitalist smear technique of labeling something "marketing" to undermine it.
Well the DOJ doesn't get to unilaterally decide what is the greater good, let alone how to get there. There's multiple civil processes to go through to hopefully interweave the legal, political, judicial, ethical, and technical issues. It should be a battle. A vigorous debate exposes the weak arguments and we ought to end up with the best ones, assuming the predominate state of society is stable. My complaint about DOJ is trying to inject emotional catchphrases, and classic propaganda techniques, to distort a rational process. It makes their position look weak out of the gate.
And it most definitely is! From the privacy perspective, Apple was foolish to contest the order since this phone is vulnerable to Apple - a storage unit owner unlocks the unit for the police, what legal basis does Apple actually have to resist? Our values are driven by visions of ideal systems that can only be unlocked by their owner, but that is not what Apple has created!
Unfortunately, Apple is peeing in the pool for all of us that actually care about digital freedom. This case will set a terrible precedent, and prime government to preemptively address hypothetical devices that are secure.
Um, what? If they didn't take a stand all their claims would be worthless. Their new phones are vulnerable as well, though I would not be surprised for upcoming products to make more use of private keys. (It's a tradeoff between usability and security.)
Their claims are worthless. In order to be secure against USG, Apple needed to eliminate the privilege of their own signing key, at least when the phone is locked. A vulnerability to Apple is a vulnerability to every country where Apple has a physical presence.
It's hard, but you actually have to throw the ring into Mount Doom. You can't just put in your pocket and promise to never use it.
Their claims are not worthless. Let's imagine that they plan on eliminating that privilege when the phone is locked. If the FBI establishes that it can force code to be written using the all writs act now, then it will also be able to prevent them from throwing away the key.
There's a difference between writing code to open one specific device on a legitimate investigation, and restricting what type of security Apple can implement on all devices sold.
But you're right, it's a similar activity. Which is why the ideal move this iteration would have been to nicely go along and avoid setting a precedent until Apple was actually shipping a secure phone.
The precedent is the use of the all writs act for this broader purpose. If it is not challenged now, then it will be established that Apple can be forced to create code to the design of the FBI. This is why it must be resisted now.
All Writs is a red herring. Sure the right to not be forced to take on certain paid projects is important, but that isn't the main principle which Apple is defending.
Even if Apple prevails, then the FBI subpoenas technical documentation and the signing key, and gets an independent party to write the code. The signing key would be another legal battle (and at least Apple is well funded unlike Lavabit), but that ultimately comes down to Apple having the only key to a container for which there is a warrant. Do you see this ever being decided in favor of the key holder's non-involvement, especially in such an unsympathetic case?
That key is a key which unlocks every single iPhone. There would be an extremely strong case that revealing that key would be a threat to national security. I think you'd find the case would be harder than you think.
That's precisely why all writs is not a red herring. If all writs is not limited at this stage, it will be used for exactly what you are most afraid of.
What I'm most worried about is a prohibition on software which implements government-unbreakable encryption, and after that, a prohibition on selling consumer devices with government-unbreakable encryption. This has nothing to do with All Writs, since 1. it wouldn't be forcing anyone to write backdoored software and 2. wouldn't involve a specific ongoing court case.
If revealing Apple's key for the iPhone's backdoor is a national security threat, then Apple can avoid this by simply using the key to open the one specific door a court asks (that's how the argument would go).
So why do you think Apple is adopting the strategy that they have chosen? Your line of reasoning is quite straightforward. Do you think nobody there has considered it?
Companies have an extremely hard time opening up platforms and removing their special privileges. The market friction caused by their closedness is what makes them money, and Apple is no exception.
Plus, they ultimately don't care whether proper crypto is outlawed or not. Sure they'll lobby for it not to be. But if they end up losing they'll just modify their products and still be the least-surveilling company - they're not particularly worried about Free software eating their market share.
An open design for a trusted computing platform would not contain an arbitrary fixed signing key. It would instead allow modifying the trust root subject to some time delay or proof of work. It would be thoroughly documented, giving the manufacturer no special insight into the use or working that any other developer did not have access to. It would thus not be specifically vulnerable to attacks by Apple, and by extension, USG.
Apple believes that proper crypto can be used to provide the best security for their users, and Tim Cook may personally believe that crypto provides the best rights to individuals. But corporations operate in terms of what is legal. If proper crypto were made illegal, that just shifts the playing field for everyone. Apple would still exist and try to provide the best security they legally could - they don't have a mortal stake in this fight.
So basically it has nothing to do with what we're talking about. You just think a completely hypothetical system which has never existed, let alone been subjected to any kind of attack, would be a better alternative, and so you think that what Apple is doing is in error.
It has everything to do with what we're talking about. We can analyze the security properties of systems in advance. It's called engineering.
This attack isn't some discovered flaw, but an explicit property of their system design. There are widely-used systems that hold up to the attack in question. For example, Linux's LUKS/dmcrypt does not have this vulnerability.
Apple wishes to use lower entropy passcodes, necessitating the use of trusted hardware. Few have gone down this road, so I've detailed properties of a hypothetical design that could be free of manufacturer backdoors.
Apple needs to either stop marketing their devices as secure against nation state attackers that can compel Apple, or actually build trusted hardware that's secure from manufacturer as I'm describing. Cryptography is not a "best effort" endeavor.
Accepting your first paragraph as true, even though it is debatable - nobody has even done that with the kind of system you are proposing. Until they do, you are arguing favor of an imaginary system over a real one. It should be obvious that this is not an approach to security.
You had asked what the current situation has to do with open/closed, and I detailed an open alternative. You're now arguing against my explanation as if it affects the main point. I didn't need to describe a better way in order to analyze the failings of Apple's system. If you aren't interested in an example of how open trusted hardware could function, then just ignore it and judge the system on its own merit.
The fundamental flaw remains that Apple utilizes closed-design trusted hardware based on a manufacturer backdoor. This type of system is insecure against the manufacturer (and by extension USG), and marketing it as secure against such is willfully negligent.
> Apple does not market their devices as secure against nation state attackers.
Then what exactly is this court case for?
> You have not detailed any alternative that is
As I had just said, Linux's LUKS/dmcrypt. The authors simply do not have the power to unlock other peoples' volumes.
Some other properties are traded off, but since you are unwilling to discuss system models ("completely hypothetical"), then I don't see the point of detailing the landscape. A system can have a vulnerability without needing a nearly-identical system without the vulnerability for comparison.
> If you want to persist in that assertion, you should easily be able to point to the marketing you are refering to
This case right here! We've got, by most anybody's standards, a legitimate search warrant. There's no judicial overreach with regards to scope; process is the only thing they're arguing in the legal realm. The FBI could adjust their request for technical documentation on the KDF, create their own hardware, and the forced creation aspect would disappear.
The only reason Apple didn't quietly unlock the phone was because the FBI publicized the request (against Apple's wishes), and Apple wanted to avoid the inevitable press field day undermining their reality distortion field of "privacy".
> LUKS/dmcrypt is a small component that cannot provide anywhere near the necessary features to substitute for the iOS security system.
LOL. And yet a default Debian install would be locked for eternity (barring implementation flaws, which are not under discussion here for either system).
You can't have it both ways - arguing the properties provided by each system differ, while simultaneously refusing to discuss security models. You're attempting to narrow the domain to a single point, so that no objective comparisons can be made.
The sheer ridiculousness of this statement leads me to believe I'm talking to an Apple partisan rather than someone who earnestly analyzes security, so I don't see the point of continuing this discussion.
A default Debian install is nowhere near to being able to replace iOS as a practical smartphone OS for 1 billion users.
This is an indisputable fact. What is ridiculous is that you seem to be claiming otherwise.
We are talking about the real world where objective comparisons can very much be made. I'm trying to discus real software - not fantasy extrapolations.
For the record, if an open, secure, and practical alternative existed I'd much prefer it to what Apple has produced, and I have been hoping for such a solution since the iphone was introduced.
It seems a lot more like you're the one with an agenda to push.
Storage unit owner has keys with which s/he can unlock the unit. Police does not ask storage unit owner to demolish his building at his own expense to get access to the unit if owner does not have keys.
Apple already "unlocked storage unit" to police where they had keys by providing police iCloud backups. Now police is asking Apple to "demolish the building".
Yes, police don't ask the storage unit owner to break open the door - they just do it. In this case they're even asking first and willing to reimburse Apple, which is nice for a change.
If you think anything more than one phone's security is being "demolished", then you've been mislead by Apple into thinking their devices have security properties that they don't actually have. If their reputation takes it a hit, it will be due to their negligent design and marketing, not from the inevitably resulting correction. Security does not suffer politics.
This analogy is garbage. No building is being destroyed. The FBI is asking for a key to this one unit, and the fact that Apple even has the ability to make the key should be evidence that the system isn't as secure as you think.
Inside the storage unit is yet another invincible locked container, but the FBI is betting on the key being easy to guess.
This is more like the FBI asking the storage unit owner to turn off the security system that he installed that incinerates the contents of the storage unit when someone tries to pick the lock, but only on the unit that the FBI has a warrant to search. The storage unit owner then responds that although he could put an off switch on that particular unit, it's an outrage and sets a horrible precedent that the police should ever ask him to turn off his security incinerator.
Yeah, I'm with you on this. Apple really does have to help, and they're reluctant purely because they know they made a vulnerable device. Helping would make them look bad because it would bring to light that they have the ability to help.
It sounds like they could have made a device that even a firmware update couldn't break, but they didn't. I really don't see how they can refuse. Your analogy is good.
> It sounds like they could have made a device that even a firmware update couldn't break, but they didn't. I really don't see how they can refuse. Your analogy is good.
This is nearly impossible because the development lifecycle and end-user usability almost necessitates there be software or firmware updates that would be authenticated (to either fix dev bugs or help users).
In a years time we'll forget about it and the result of what will happen. And Apple may do it anyway in the quiet so they win customers by publicity and win the government.
If the government want something done, surely it will have to be eventually? What do apple have to win by going up against them? Gov could make their life pretty difficult?
Transplant yourself to any other police state. Anywhere with a very strong government hell bent on controlling its citizens. Eastern Germany, Or the USSR, or Germany under the Nazis.
How did the government get such power? Immediately via overthrow, or incrementally?
At what point do you draw the line? Has there ever been a government that got some power and then stopped trying to get more? Look at the history of the USA for the past 200 years.
Apple is trying to draw a line in the sand. We can debate about where the line should be, but there has to be a line.
It seems the Justice Department admits that Apple's reputation for privacy and security is of great value to the company. I wonder how it intends to argue, then, that forcing Apple to create a corrupted build of iOS which harms that security and that hard-won reputation does not place an "undue burden" on the company.
They basically argue that Apple is incorrect about security implications and that marketing concerns don't cause undue burden. They also argue that Apple isn't above the law and just because Apple marketed themselves that way doesn't make a burden.
Clearly Apple's security has market value but that needs to be balanced against the benefits to society as a whole. Just restricting this to US law it seems Apple is not defending an existing right to privacy of the "man's home is his castle" sort. Those have been limited from the beginning by warrants and other acknowledged mechanisms of government to poke its nose into people's private affairs in the interest of the general welfare. The "right" that Apple is defending seems new and much more absolute--that you may possess devices may not be opened under any circumstances whatsoever.
The question of whether such rights exist is separate from the question of whether breaking into one device threatens security of all others. If true that seems to call into question the assumptions on which data protection algorithms are based. In other words, assuming you can create truly unbreakable encryption and it only works if there are no backdoors, is that really a data protection strategy that meets the needs of society as a whole? You could argue it's flawed even if the mathematics work perfectly.
What of Yahoo when they allowed Chinese authorities to access an email account? While we might believe in the integrity of the US government, my faith in a backdoor being made available to the Chinese government used responsibly is low.
Opening up accounts as Yahoo did seems like a condition of doing business in that market. It seems unrealistic to expect that Apple will be able to maintain their position against the Chinese government for very long. They will either have to conform or leave the market as Google did. I don't follow how Apple can really win that one if the Chinese government chooses to push the issue.
p.s., I'm not defending the Chinese position in any way. If it were my company I would leave the market.
p.p.s., For anyone down-voting it would be helpful to state your argument for doing so. The Apple case is not as clear cut as some of the learned commentary on HN would have it.
The key issue here is that this is a 5c, which doesn't have the secure enclave. If Apple complies, then this means that there is now a precedent of any IOS device without the enclave to be potentially "cracked" by the authorities with Apple's help.
What I don't quite understand is - how does this affect newer devices, will Apple be legally obligated to build a backdoor to circumvent the enclave from here on (if Apple complies, that is)?
(But even the idea of older generation devices being "fair game" for the government (any government - if it was done for US, it's now possible in any country Apple operates in) is creepy).
Also - what can possibly be on that phone that isn't available elsewhere? Phone records exist at phone companies, social network stuff can be obtained from the facebooks and googles, if they were using watsap - well that's not something Apple could decrypt anyhow...
I'm leaning towards the opinion that Tim Cook was right to make such a big deal out of it, even if it's a 5c.
Apple has told reporters off the record that the FBI could make the same demands for Secure Enclave equipped iPhones, probably because the Secure Enclave can be updated.
That's why they're making their stand in this case.
In the future Apple may make it so that the iPhone must be unlocked before an update could be applied, but that isn't the case now.
Now, if one were really cynical, and by cynical I mean "possess the power of accurate observation", one might conclude that attempts by justice departments around the world to use tragedies to push political policies and legal decisions, as well as the publicity surrounding such, is also a marketing strategy...
I really don't see how Apple taking a stand on this publicly is of any benefit to them from a marketing perspective. I'm sure there are many of Apple's customers who think they should comply with the FBI on this issue and see their refusal as "supporting terrorists". Apple could have decided to just do what was being asked without making it public and the rest of us would go on knowing nothing about it, but for them to publicly make a statement that they were asked to do this and believe it's wrong, I think, shows a genuine belief on their part that it is an overreach and sets a dangerous precedent for the future. I'm no Apple apologist, but I don't think this has anything to do with marketing for them.
This is an interesting filing from the DOJ because they somehow seem incredulous that a private business would have commercial interests. In fact it probably hurts their commercial interests and brand for the reason you stated.
It is positive marketing for them. The fears that oversea customers have about US corporations are real, and drive real spending decisions. There will be economic ramifications to Apple and the entire security industry if the FBI wins this fight. For that matter, if the government gets intrusive enough, the fears of not overseas customers are going to start driving buying decisions too.
And let's be honest... this is marketing by the FBI too, picking a convenient fight on ground of their choosing to obtain this new power. The Justice Department is right, but the Federal Goverment is not in a position to throw stones from their glass house here.
Exactly. This entire tragedy was exactly what they needed to make sure that Americans had the proper amount of fear to begin giving up more rights.
They made sure that the request was public so they could use this event as an anchor against Apple when they refuse to create backdoors.
"Apple wouldn't even use their technology to get the information off of the phone that the terrorists used" will make a powerful headline when the FBI and NSA are asking for the rest of the backdoors they want.
I really wish any journalist would call out the DoJ marketing this strategy with ISIS. They tried this exact same strategy about 3 months ago with a meth dealer, but people don't respond the same to the DoJ trying to get evidence with a drug case: https://ia801501.us.archive.org/27/items/gov.uscourts.nyed.3...
Apple can lose this and still win. The check on courts' power to compel third parties to cooperate in discovering evidence is "unreasonable burden." Here, you have a device that seems like it can be broken without too much fuss. But by fighting this battle, Apple puts itself in a much stronger position to argue that the burden upon them is unreasonable when the government comes around looking to unlock a phone featuring a security enclave. Even if they lose this, they're drawing a line and saying "this is the border between reasonable and unreasonable."
The government's approach is a double-edged sword. On one hand, they can pick an "easy case"--as they have here--and hope to establish a toe-hold. On the other hand, the precedent created by an "easy case" can have an anchoring effect that limits its reach. When a principle is applied to overwhelmingly favorable facts it can leave courts looking for the mirror-image scenario: if the burden is reasonable here, when is it unreasonable?
Regardless of the merit of the FBI's request and Apple's refusal, this is rather hypocritical response from the FBI, since their insistence to make the request public is what triggered Apple's public response in the first place:
<<Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity.>>
In this case, the Justice department is clearly the one with the bigger 'marketing strategy' agenda here by trying to market the merit of their request to the American public and congress.
(As a side note, most of the non-tech folks I talk to seem to be siding with the FBI's request, so at least at some level, the government seems to be winning the marketing battle.)
Consider the possibility that the government is using this all as a means to convince the public phones can be secure, and that apple's cooperation actually matters.
Glass houses, Justice. I'm calling this unprecedented request as part of a high-visibility case exactly the same thing. This is DoJ's opportunity to market their desire to spy on everyone as "national security" and "keeping us all safe!".
I agree that it's a marketing strategy, just 2 or so weeks ago Apple was getting huge amounts of bad press for their poor software development practices. So much so that it had been consuming large publications. I don't take it as a coincidence that Apple released the statement to re-gain some of that lost face. However, I don't think it's a zero-sum game, and I think Apple is definitely doing the right thing by challenging this in the courts. Apple even stated in their press release that they had previously complied with close to 80 FBI requests to unlock devices in varying degrees, but they never disclosed the breadth of what they had done in those past requests. So why choose now? Timing is everything.
I think both sides of the case are engaging in a lot of PR. The original FBI request for unlock looks pretty tame, unlock ONLY that device, disable ONLY a software protection that would delete files on failed attempts. I think the best way to compare it to is physical objects so we can get the software pieces out of the way and reason with it a bit better. Would it be within the FBI's power to ask a Safe-maker to disable a mechanical security measure on a safe that destroyed the contents of the safe when the combination was entered incorrectly after a specific number of attempts, and the FBI had no other way to obtain entry to it?
I'm not sure how far that analogy gets you or what the laws actually are, but the only way to actually get them changed is to challenge them.
Will the FBI insure my Apple stock when it goes down? Cause if they cooperate their stock / sales could go down by a large percentage. And that's not market forces moving it, it's the government. (I know I sound like a conservative, but I'm actually a socialist liberal)
This whole ploy is a blatant marketing ploy. As if there's anything of national security on that phone? Bullshit. They have the metadata already. They're trying to solidify court precedence. It's especially scary that this surrounds scalia's death—I don't think it was planned, but man, the court is a hoppin' place in the news right now.
1) As Bruce Schneier poits out, if Apple can write the code to break the security, so can others (especially if they steal Apple's signing key). (He also says the vulnerability is not just in the 5c but in current iPhones too.) [1]
2) Considering #1, and that every system ever designed has many vulnerabilities, I find it hard to believe that the US government hasn't developed exploits. Perhaps they just don't want to reveal that in such a high profile case.
If Apple doesn't really care about privacy for its own sake, and this public support for customer privacy is just a cynical ploy to get my dollars... Fine.
Let's hope more "greedy corporations" seek out my business by supporting human rights. I'll buy that.
Did it ever occur to them that Apple's executives actually think this is the right thing to do?
It's not just about this case, where any data on the phone will be of at best little value. It's about future cases, and the possibility of widespread abuse of the back door not just for "terrorism", but far less important things like minor drug cases - or worse, wholesale data mining, like the NSA has already done with phone data.
i'm inclined to agree with the justice department here. we need a compromise before govt just takes over and we have a technologically ill-advised government body legally mandating a bad solution (ie crypto of a certain strength becomes illegal for U.S. companies). I think similar to what mike rogers proposed, a two key system, is an acceptable compromise. However, instead of the govt having the other key (and reasonably every other government that might want it, which is the primary problem with this system), the manufacturer instead is required to maintain the key. Then only under legal coercion of servicing a warrant would they decrypt a message. The manufacture has a fiscal responsibility of maintaining their key, as customers would otherwise not buy their products. While the manufacturer is not given the undo burden of recording every message (it is presumed law enforcement has this, but needs to decrypt it). This system gives people access to simple security, while allowing legal action to proceed as it otherwise has prior to widely available encryption. In addition other countries can seek similar legal action, keeping with the laws of their respective countries.
It's going to happen, so lets not fumble like we usually do with progressive shit, and leave it up to the idiots in congress to stumble through an unworkable solution to. Which means, instead of companies playing hardball and just denying requests (basically for PR purposes), they instead proactively design some kind of a compromise system.
82 comments
[ 3.0 ms ] story [ 151 ms ] threadThus, any decision that a company makes is in effect "marketing" if the goal is to grow/preserve market share.
It's unfortunate if the underlying mental model of employees of the Justice Department is that we should all sacrifice our privacy (and that of our customers) for some notion of the greater good.
It's scary when anyone thinks that his/her own job interests represent the greater good for everyone else... even worse when that job is a position of governmental authority.
Sorry, blind allegiance to the government is not a religion I want any part of. It's also odd to use the anti-capitalist smear technique of labeling something "marketing" to undermine it.
Unfortunately, Apple is peeing in the pool for all of us that actually care about digital freedom. This case will set a terrible precedent, and prime government to preemptively address hypothetical devices that are secure.
It's hard, but you actually have to throw the ring into Mount Doom. You can't just put in your pocket and promise to never use it.
But you're right, it's a similar activity. Which is why the ideal move this iteration would have been to nicely go along and avoid setting a precedent until Apple was actually shipping a secure phone.
Even if Apple prevails, then the FBI subpoenas technical documentation and the signing key, and gets an independent party to write the code. The signing key would be another legal battle (and at least Apple is well funded unlike Lavabit), but that ultimately comes down to Apple having the only key to a container for which there is a warrant. Do you see this ever being decided in favor of the key holder's non-involvement, especially in such an unsympathetic case?
That's precisely why all writs is not a red herring. If all writs is not limited at this stage, it will be used for exactly what you are most afraid of.
If revealing Apple's key for the iPhone's backdoor is a national security threat, then Apple can avoid this by simply using the key to open the one specific door a court asks (that's how the argument would go).
Plus, they ultimately don't care whether proper crypto is outlawed or not. Sure they'll lobby for it not to be. But if they end up losing they'll just modify their products and still be the least-surveilling company - they're not particularly worried about Free software eating their market share.
Also, I believe you just called Tim Cook a flat out liar, since he has repeatedly, publicly talked about his and the companies beliefs about crypto.
Apple believes that proper crypto can be used to provide the best security for their users, and Tim Cook may personally believe that crypto provides the best rights to individuals. But corporations operate in terms of what is legal. If proper crypto were made illegal, that just shifts the playing field for everyone. Apple would still exist and try to provide the best security they legally could - they don't have a mortal stake in this fight.
This attack isn't some discovered flaw, but an explicit property of their system design. There are widely-used systems that hold up to the attack in question. For example, Linux's LUKS/dmcrypt does not have this vulnerability.
Apple wishes to use lower entropy passcodes, necessitating the use of trusted hardware. Few have gone down this road, so I've detailed properties of a hypothetical design that could be free of manufacturer backdoors.
Apple needs to either stop marketing their devices as secure against nation state attackers that can compel Apple, or actually build trusted hardware that's secure from manufacturer as I'm describing. Cryptography is not a "best effort" endeavor.
The fundamental flaw remains that Apple utilizes closed-design trusted hardware based on a manufacturer backdoor. This type of system is insecure against the manufacturer (and by extension USG), and marketing it as secure against such is willfully negligent.
If you want to persist in that assertion, you should easily be able to point to the marketing you are refering to.
1. Apple does not market their devices as secure against nation state attackers.
2. You have not detailed any alternative that is.
Then what exactly is this court case for?
> You have not detailed any alternative that is
As I had just said, Linux's LUKS/dmcrypt. The authors simply do not have the power to unlock other peoples' volumes.
Some other properties are traded off, but since you are unwilling to discuss system models ("completely hypothetical"), then I don't see the point of detailing the landscape. A system can have a vulnerability without needing a nearly-identical system without the vulnerability for comparison.
You don't it to be nearly identical, but if it can't do the job, then it is an invalid comparison.
This case right here! We've got, by most anybody's standards, a legitimate search warrant. There's no judicial overreach with regards to scope; process is the only thing they're arguing in the legal realm. The FBI could adjust their request for technical documentation on the KDF, create their own hardware, and the forced creation aspect would disappear.
The only reason Apple didn't quietly unlock the phone was because the FBI publicized the request (against Apple's wishes), and Apple wanted to avoid the inevitable press field day undermining their reality distortion field of "privacy".
> LUKS/dmcrypt is a small component that cannot provide anywhere near the necessary features to substitute for the iOS security system.
LOL. And yet a default Debian install would be locked for eternity (barring implementation flaws, which are not under discussion here for either system).
You can't have it both ways - arguing the properties provided by each system differ, while simultaneously refusing to discuss security models. You're attempting to narrow the domain to a single point, so that no objective comparisons can be made.
The sheer ridiculousness of this statement leads me to believe I'm talking to an Apple partisan rather than someone who earnestly analyzes security, so I don't see the point of continuing this discussion.
A default Debian install is nowhere near to being able to replace iOS as a practical smartphone OS for 1 billion users.
This is an indisputable fact. What is ridiculous is that you seem to be claiming otherwise.
We are talking about the real world where objective comparisons can very much be made. I'm trying to discus real software - not fantasy extrapolations.
For the record, if an open, secure, and practical alternative existed I'd much prefer it to what Apple has produced, and I have been hoping for such a solution since the iphone was introduced.
It seems a lot more like you're the one with an agenda to push.
Apple already "unlocked storage unit" to police where they had keys by providing police iCloud backups. Now police is asking Apple to "demolish the building".
If you think anything more than one phone's security is being "demolished", then you've been mislead by Apple into thinking their devices have security properties that they don't actually have. If their reputation takes it a hit, it will be due to their negligent design and marketing, not from the inevitably resulting correction. Security does not suffer politics.
Inside the storage unit is yet another invincible locked container, but the FBI is betting on the key being easy to guess.
It sounds like they could have made a device that even a firmware update couldn't break, but they didn't. I really don't see how they can refuse. Your analogy is good.
This is nearly impossible because the development lifecycle and end-user usability almost necessitates there be software or firmware updates that would be authenticated (to either fix dev bugs or help users).
To avoid bricks, a full device reset puts the security chip into an unlocked state after erasing the encryption keys.
If the government want something done, surely it will have to be eventually? What do apple have to win by going up against them? Gov could make their life pretty difficult?
How did the government get such power? Immediately via overthrow, or incrementally?
At what point do you draw the line? Has there ever been a government that got some power and then stopped trying to get more? Look at the history of the USA for the past 200 years.
Apple is trying to draw a line in the sand. We can debate about where the line should be, but there has to be a line.
No-ones going to ever know really, bar apple and the gov
They basically argue that Apple is incorrect about security implications and that marketing concerns don't cause undue burden. They also argue that Apple isn't above the law and just because Apple marketed themselves that way doesn't make a burden.
in China.
Can you imagine what a reputation for standing upto governments (in a democracy, but with most of your employees as taxpayers) will look like?
The question of whether such rights exist is separate from the question of whether breaking into one device threatens security of all others. If true that seems to call into question the assumptions on which data protection algorithms are based. In other words, assuming you can create truly unbreakable encryption and it only works if there are no backdoors, is that really a data protection strategy that meets the needs of society as a whole? You could argue it's flawed even if the mathematics work perfectly.
p.s., I'm not defending the Chinese position in any way. If it were my company I would leave the market.
p.p.s., For anyone down-voting it would be helpful to state your argument for doing so. The Apple case is not as clear cut as some of the learned commentary on HN would have it.
It seems here that nobody here is concerned about non USA citizens.
What I don't quite understand is - how does this affect newer devices, will Apple be legally obligated to build a backdoor to circumvent the enclave from here on (if Apple complies, that is)?
(But even the idea of older generation devices being "fair game" for the government (any government - if it was done for US, it's now possible in any country Apple operates in) is creepy).
Also - what can possibly be on that phone that isn't available elsewhere? Phone records exist at phone companies, social network stuff can be obtained from the facebooks and googles, if they were using watsap - well that's not something Apple could decrypt anyhow...
I'm leaning towards the opinion that Tim Cook was right to make such a big deal out of it, even if it's a 5c.
That's why they're making their stand in this case.
In the future Apple may make it so that the iPhone must be unlocked before an update could be applied, but that isn't the case now.
And let's be honest... this is marketing by the FBI too, picking a convenient fight on ground of their choosing to obtain this new power. The Justice Department is right, but the Federal Goverment is not in a position to throw stones from their glass house here.
"Apple wouldn't even use their technology to get the information off of the phone that the terrorists used" will make a powerful headline when the FBI and NSA are asking for the rest of the backdoors they want.
http://mobile.nytimes.com/2016/02/19/technology/how-tim-cook...
https://www.eff.org/deeplinks/2015/10/apples-eula-gives-it-l...
The government's approach is a double-edged sword. On one hand, they can pick an "easy case"--as they have here--and hope to establish a toe-hold. On the other hand, the precedent created by an "easy case" can have an anchoring effect that limits its reach. When a principle is applied to overwhelmingly favorable facts it can leave courts looking for the mirror-image scenario: if the burden is reasonable here, when is it unreasonable?
<<Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity.>>
http://www.nytimes.com/2016/02/19/technology/how-tim-cook-be...
In this case, the Justice department is clearly the one with the bigger 'marketing strategy' agenda here by trying to market the merit of their request to the American public and congress.
(As a side note, most of the non-tech folks I talk to seem to be siding with the FBI's request, so at least at some level, the government seems to be winning the marketing battle.)
Either they are tone-deaf or being deliberately ingenious about things. Neither is a good thing.
I think both sides of the case are engaging in a lot of PR. The original FBI request for unlock looks pretty tame, unlock ONLY that device, disable ONLY a software protection that would delete files on failed attempts. I think the best way to compare it to is physical objects so we can get the software pieces out of the way and reason with it a bit better. Would it be within the FBI's power to ask a Safe-maker to disable a mechanical security measure on a safe that destroyed the contents of the safe when the combination was entered incorrectly after a specific number of attempts, and the FBI had no other way to obtain entry to it?
I'm not sure how far that analogy gets you or what the laws actually are, but the only way to actually get them changed is to challenge them.
1) As Bruce Schneier poits out, if Apple can write the code to break the security, so can others (especially if they steal Apple's signing key). (He also says the vulnerability is not just in the 5c but in current iPhones too.) [1]
2) Considering #1, and that every system ever designed has many vulnerabilities, I find it hard to believe that the US government hasn't developed exploits. Perhaps they just don't want to reveal that in such a high profile case.
----
[1] https://www.washingtonpost.com/posteverything/wp/2016/02/18/...
Let's hope more "greedy corporations" seek out my business by supporting human rights. I'll buy that.
It's not just about this case, where any data on the phone will be of at best little value. It's about future cases, and the possibility of widespread abuse of the back door not just for "terrorism", but far less important things like minor drug cases - or worse, wholesale data mining, like the NSA has already done with phone data.