161 comments

[ 7.2 ms ] story [ 215 ms ] thread
Sure. Can it force Apple to sign a compiled binary?
If the FBI is to be believed they can compell anyone to do anything. That is effectively the scope of the All Writs Act.
Which means a police state, by definition. (Which is not "jack-booted thugs," but rather "agencies of the state are above the law"). That is the actual reason for trying to establish "All Writs Act applies to anything we want, and allows us to do anything we want."

This will be the actual issue for the courts (and ultimately SCOTUS) to decide, the specific device is just a pretext. Hopefully the judicial branch will recognize how this can essentially cut off both itself and the legislative branch from any real control.

> ...hopefully the judicial branch will recognize...

Not a lot of hope on that front, as they've already demonstrated a willingness to abandon their duties: administrative subpoenas, tens of thousands, issued by federal law enforcement agencies - not courts.

I see "we'll routinely approve almost anything" as significantly different from "meh, do whatever you please; just stop bothering us already".
You are aware that administrative subpoenas don't need approval right? For example: the FBI takes an interest in me and sends a subpoena to my ISP requesting all opened email older than 180 days. No judge involved. Now one could argue that there is still judicial oversight, it simply occurs after the fact... But like I said, tens of thousands of such subpoenas go out every year - it is pretty unrealistic to think that any serious oversight is occurring.

So it is much closer to "meh, do whatever you please..." but more accurately it would be:

Executive branch: "Yeehaa! Get outta mah way checks and balances, we got bad guys to string up and no time for robe wearing slowpokes!"

Legislative branch: "Sounds like a great idea, white hats can do no wrong."

Judicial branch: "...blank stare...shrug".

That is an interesting question. "signing a binary" is a form of endorsement. If code == speech, as Apple is arguing, then compelling the endorsement of code is, quite literally, compelled speech, which may fall afoul of the 1st Amendment.
Apple made this specific argument in their motion to vacate. IMO it's a powerful one, because the potential implications for certificate authorities seem quite staggering.
Dick Clarke has been saying the same.

> Clarke explained that the FBI was trying to get the courts to essentially compel speech from Apple with the All Writs Act. "This is a case where the federal government using a 1789 law trying to compel speech. What the FBI is trying to do is make code-writers at Apple, to make them write code that they do not want to write that will make their systems less secure," he said. "Compelling them to write code. And the courts have ruled in the past that computer code is speech."

http://arstechnica.com/tech-policy/2016/03/former-cyber-czar...

The FBI is demanding the signing key along with the source code.
Not only the source, they want the signing keys as well:

"For the reasons discussed above, the FBI cannot itself modify the software on Farook's iPhone without access to the source code and Apple’s private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."

If the government compels Apple to give FBI Apple's private keys, the spy state starts to officially exists.

Currently, the best practices assume that such "keys to the kingdom" are, for example by Apple, only in some hardware devices, guarded, needing presence of more than one person to be used and that every signature made with them is permanently considered and logged. Even if FBI protects the keys, their use of the things they sign with them won't be able to be followed: these would be just plain easily copyable programs.

I think even if this were legally viable it would be an unmitigated economic disaster for the US tech industry.
I wonder, would it be possible for companies like Apple to completely up sticks and go somewhere else?

Where would it be ?

There is no place to go, we all must fight the trend.
I guess that if Apple moved abroad, the US would allow the importation of iPhones on its territory only if they can be breakable by the FBI. So either Apple exits the US market (not reasonable I think), or it has to fight the FBI, which it does now.
>no more iphones

Now if that isnt the easiest way to start a civil war, I dont know what is.

Apple should just fire the engines of their spacecraft headquarters and move into orbit. That should solve the problem of the FBI having authority to demand Apple's cooperation.
The spy state already officially exists.

This is just theatrics. This can all be done behind closed doors without public involvement. The terms of this debate were chosen by the executive branch to vilify companies and individual supporters of encryption.

What the government wants is to have this debate in the open and for a large enough portion of the public to accept the argument the government should be able to break into your phone with a warrant.

The "with a warrant" clause is good cop - bad cop. The FBI is making the high road argument that all this is legit and above board and to fight terrorism. On the other hand the NSA is doing the dirty work and then oh by the way now the data they have collected is available to the FBI... You know to fight terrorism.

Seems rather silly to bet on a horse against Apple. Though Americans are largely uneducated and uninformed about signing keys and public private key encryption, in fact good ol Trump said some reactionary ignorant stuff about boycotting Apple..I wouldnt put it past Apple to include a pamphlet or some type of effort to educate people about how important private keys are. Trump and the durr people are all about us vs terrorists and villify Apple but most of it stems from ignorance. If the government wants to bet on that horse I hope it drags them though the mud for a lap or two
> The spy state already officially exists. [...] This is just theatrics.

Indeed. It's more than likely that the FBI could just ask the NSA to break the phone, but if they do so then they have just admitted that the NSA can already do this and will have publicly exposed that capability.

If the FBI is smart then the plan is likely to fight Apple to the end, lose, and then have terrorists, pedophiles, drug dealers, and members of the woodwind sections of orchestras move to the iPhone because "it's so secure the FBI can't get in!" all while letting the NSA break any iPhone they need and bootstrap the found evidence through parallel construction.

> The terms of this debate were chosen by the executive branch to vilify companies and individual supporters of encryption.

I, and Apple too, claim that the terms were chosen to establish a precedent that would enable FBI to next time request from Apple to change their products all without going through the process of creating new laws. Because the current laws don't allow that demand, to "make such software" or "change hardware that way." The FBI cites the "All Writs Act" as what gives them that right (their current demand is already "write new software with a hole"), and that act absolutely doesn't contain anything more than "the courts can issue writs." (!) It sounds like a comedy but it's serious:

https://en.wikipedia.org/wiki/All_Writs_Act

(comment deleted)
For newer iPhones:

Is the software signing key used to sign the OS the Achilles Heel of the Secure Enclave? If so than does Apple resort to a un-updatable, pure-hardware implementation of the Enclave? Would that prevent the FBI from decrypting phone data even if they installed a modified OS?

It's possible to make a secure enclave that will accept updates while the phone is locked, but doing so would wipe the encryption keys. (In this scenario, so long as the secure enclave is unlocked beforehand, it could accept software updates without a wipe.)

It's theorized that Apple considered this option but chose not to go this route because it's a little riskier and a software bug might permanently brick 100 million phones. They may reconsider now.

I wonder how far Apple are prepared to go?

Does anyone know how far they need to go to put themselves outside of US jurisdiction? I know some companies already sign their software releases outside the US for tax reasons. Is that also enough to exclude themselves from being forced to hand over the keys?

I'm starting to picture a world, where software development (as well as corporate structures and finance) are off-shored to development havens, similar to the Swiss and their banking. We already have the start of data havens. How long until these large companies see the benefit from a legal perspective to defend themselves from an over-reaching government?

How would Wall Street react to such a move? Is such a move away from Wall Street even possible? Can companies switch exchanges?

Well wall St would react very negatively if the US could demand source or back doors. It would severely hurt Apple's stock, of which the iPhone is their top performer. I suspect knowing this, they would go all the way and with their 150ish billion in pure cash reserves, the FBI has an awfully big fight on their hands. Apple could easily waste 10-15 years in red tape and appeals with a case like this all the while designing the iPhone so that even with the source it is hack resistant
It's very difficult to sell phones to Americans while thumbing your nose at the American legal system.
Just like it's difficult to sell anything to Americans while thumbing your nose at taxes? Oh, wait....
Who is thumbing their nose at taxes? I'm pretty certain Apple pays all the taxes it is obligated to pay.
The comment was not directed at Apple's tax avoidance, but rather at the fact that most people don't care about what companies do.

Regardless, this is a quote from Apple's 2015 10K filing (whatever that is)

"The Company’s effective tax rates for 2015, 2014 and 2013 differ from the statutory federal income tax rate of 35% due primarily to certain undistributed foreign earnings, a substantial portion of which was generated by subsidiaries organized in Ireland, for which no U.S. taxes are provided when such earnings are intended to be indefinitely reinvested outside the U.S. The higher effective tax rate during 2015 compared to 2014 was due primarily to higher foreign taxes. The effective tax rate in 2014 compared to 2013 was relatively flat."

Keeping the signing keys and servers outside the US wouldn't help much. The FBI could simply start arresting Apple executives who refuse to comply, charging them with obstruction of justice or whatever seems to apply.
What about plausible deniability?

You offshore the control of the key signing, source code and development. If demands are made on US based execs, even through NSL, the execs can state that they do not hold the power to force the outside Apple entity to give over keys or source code.

It isn't unlike how US companies outsource the production of their clothes to Bangladesh in order to avoid problems with US labour laws that prevent children working in factories. Not that this example is noble one I might add. But the similarities are striking.

So people in the tech industry stop living in the US. The world's a big place, and the tech industry is full of immigrants as is.
Maybe one of the first everyday uses of space travel won't be colonisation or exploration, but corporations with nation-state level resources, like Apple, basing themselves off-planet for just these reasons...
Fascinating idea. To what degree would a company need to exist outside national boundaries (physical and legal) before something like this could become a reality? The idea of a giant Apple logo beaming down at us from the moon is mildly terrifying :)

Surely it'd be cheaper to essentially buy a small country (Shadowrun style megacorp?).

You mention Swiss banking but even that has proven to not safe from the US Government. Simple matter is, if you want to sell a product in the US or visit the US you are going to have to play by whatever rules are currently in place.

So taking development off shore or the like won't do much. If anything if the FBI is successful then Apple's business will be hurt world wide as China had already "checked" Apple products to insure there weren't US back doors or such already.

I am curious when it will come to the point where source code is published to ensure that there aren't back doors.

The economic and security impacts of mandating a back doors in phones go far beyond what the President realizes.

Once he sees that he'll change his mind. However, a lot of damage has been done in that law enforcement believes they could get access to data if only us technology wizards would stop being lazy and do some work for them.

Aside from the compelled speech argument, on balance, we are not more secure with back doors, we are less secure.

So long as law enforcement does not understand this, they will not be effective at their jobs, and they will point the finger at technologists in future terrorist attacks. Even if law enforcement officers do not point the finger, they've already convinced so much of the public that it is the technologists' fault.

We need to continue educating each other on how technology works. Seek public figures and ask them to support our cause. This could go on for years, potentially coming up during every terrorist attack.

don't underestimate those power hungry guys up there, we can accuse them of many things, but not for being stupid...
Don't be so sure. We have very little tech representation in the White House. We only have a CTO as an advisor, and a Digital Services team. The DS team is not in an advisory role. They are focused on fixing broken government tech.

We don't even have any tech journalists in the Press briefing room to bring further transparency. In the daily White House Press Briefing on Monday, the 14th, which is the one following Obama's remarks at SXSW, nobody asked any questions about what he said. I'd like to see us get a tech journalist in there.

Megan Smith is CTO of the United States. She is calling for more computer security experts to join her at the White House [1].

> The thrust of Obama's remarks, said Smith, was "making sure that the tech communities are understanding the challenges that law enforcement and their colleagues face so that they're conscious as they're thinking through this."

> So is this still an open policy-making process? "Yes," said Smith. And like others involving "complicated stuff," there's a wide range of voices at the table — including hers. To Smith, the public policy challenges and possibilities raised by the broad range of digital security issues echos the topic she was in Austin to highlight: the need to draw smart technologists to government service.

In other words, the CTO is outnumbered at the table in discussions about encryption.

I'd also like to see her produce meeting minutes for discussions about encryption, or some further transparency. The Digital Services team's self stated founding goal was to increase transparency of our government. However, on this encryption issue, they and Megan Smith have been too opaque. We need more details on what they are talking about. They are our public servants.

[1] http://www.politico.com/tipsheets/morning-tech/2016/03/us-ct...

Would be funny if Obama pushes for backdoors - then gets what he wants - then 2 years later gets his iphone hacked because of said backdoor.
I really hope if they manage to get the source code it leaks and weakens another American technology company, maybe when their industry is dead they will realize its a global market place.
Except that would be absolutely horrible for everyone, so maybe we should hope that doesn't happen.
Honest question: Why would it be horrible for everyone if the iPhone source code was leaked?
There'd probably be a whole mess of 0-days that would come out of it which would impact a lot of people as Apple might not be able to patch fast enough. Though I meant the horribleness of tanking an American company just because.
Why would it be horrible for everyone if American companies were weakened?

There are companies outside the US, you know. It's not like we're going go back to the Dark Ages if American corporations all suddenly ceased to exist. Apple users would be unhappy, of course, because they'd have to switch to LG or Samsung phones, but "absolutely horrible"? Are you kidding?

I think the ecosystem isn't a zero sum game (not profits, but generally the advancement of software). Apple doing well helps other people do well.

Do you really think that if Apple completely stopped existing right now that it wouldn't have a massive negative impact on consumers and other businesses?

Massive? No. Assuming their Apple devices didn't also suddenly stop existing, they'd have a little pain with transitioning to alternatives. There are plenty of alternatives out there to Apple products right now, and with Apple corporation suddenly winked out of existence, that'd leave a big gap for other competitors to take over that space. If anyone is completely and utterly dependent on Apple for their livelihood, that's really their own dumb fault. Nothing apple does is all that critical that you can't get something/someone else to do it, though of course there'd be some pain in the transition. (The same goes for anyone willingly locking themselves into any proprietary vendor.)

I guess one drawback is that we'd probably see a significant uptake in Windows Phones, and they might actually get above 5% marketshare....

Anyway, MS bashing aside, my point is: Apple is just a seller of convenience, nothing they make is all that critical that it can't be replaced. Anything you can do with an iPhone, you can do with an Android phone. Anything you can do with a Mac, you can do with a Windows or Linux PC. It'd be annoying to have to get a replacement device and migrate to it and maybe new software, but "massive negative impact"? No.

Now, if everyone's Apple device suddenly winked out of existence too, that would be a bigger problem, but that's because of the data stored on those devices, not because of the devices themselves being so valuable. But as long as they kept backups of anything important (and not on Apple-branded backup devices...), that shouldn't be that hard to work around either.

I'll also add that it's not that much different for MS. If they suddenly winked out of existence, it'd be a pain, but "massive negative impact", not that much. There are alternatives, and it'd force everyone to have to explore those alternatives finally. It'd be a much bigger problem than Apple winking out of existence, however, because of MS's strong position in business software.

Of course, part of this depends on whether MS's software also winks out of existence, or if only the corporation itself gets swallowed up in a space-time continuum rift. If the software stays, it wouldn't be much of a problem at all: people would just continue using MS-ware as they currently do. A lot of people use illegitimate MS software anyway, so no change for them. Corporations would have less hassle with licensing. The main problem would be security updates, but that's been screwed up lately anyway because MS has been using that to force unwanted updates and ad-ware and spyware.

> The FBI’s brief dismisses all of this as a marketing ploy, and then blasts Apple as a literal threat to American democracy, writing: “Apple’s rhetoric is not only false, but also corrosive of the very institutions that are best able to safeguard our liberty and our rights: the courts, the Fourth Amendment, longstanding precedent and venerable laws, and the democratically elected branches of government.”

Ironically, Apple giving users encryption doesn't weaken the Fourth Amendment; it makes it stronger because it provides the ability for citizens to be "secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" in a way that the courts recently have been unable to.

Also, since when is the FBI a "democratically elected" branch of government?
The FBI is part of the executive branch which is democratically elected.
the FBI is executive branch!?

I would've never occured to me... I thought all law enforcement was on the judicial branch. TIL.

The executive branch is home to the Department of Justice. Maybe that is what you were thinking of? If it makes it easier, when you think about the judicial branch think of judges, and for the executive branch think use power.
I always thought of it as the judicial branch judges, while the DoJ is the executor of the law.
In the US, judges adjudicate from the facts presented. Unlike many other legal systems, judges do not investigate. Roughly speaking, the judicial branch of the US Federal government is very small, little more than judges and their clerks. The US Constitution grants it little explicit power and its principle source of political power, declaring laws unconstitutional, was established solely by the Federal physician's own precedent: one day the US Supreme Court started declaring laws unconstitutional.
>Unlike many other legal systems, judges do not investigate.

Maybe we should change that. Countries like France and Germany don't seem to have all the wackiness in their legal systems that we do.

Most people tend to think that giving unelected judges an armed police force is a bad idea.

Even in France and Germany.

I don't see any evidence the US has more or less "wackiness" in its legal system. It's served us quite well, over the years.
The US Marshal Service is basically the judiciary's law enforcement branch. Yes, the DEA is also part of the DoJ, but the DEA is a lot more akin to the FBI than the Marshal Service.

Marshals do prisoner security and transport, run the witness protection program, and are the legal enforcers of the court's orders. For instance, when the Supreme Court ordered the integration of Southern schools, it was US Marshals who actually enforced the order and were deployed to escort students into their schoools.

It's coming from the top. Obama has backed this effort from the start. The White House wants the Burr-Feinstein anti-encryption bill [1]. They've been waiting for it for months and the press keeps asking about it. From the White House Daily Briefing on March 11 [2],

> Q: Can I do the weekly check-in on if you guys have anything to say on the Burr-Feinstein legislation on encryption coming out of the Senate?

> MR. EARNEST: I don’t have anything new -- which is to say we continue to be in touch with Congress, and I continue to be personally skeptical -- more broadly, going beyond just this specific legislation, I continue to be a little skeptical of Congress’s ability to handle such a complicated policy area, given Congress’s recent inability to handle even simple things.

[1] http://www.politico.com/tipsheets/morning-cybersecurity/2016...

[2] https://www.whitehouse.gov/the-press-office/2016/03/14/press...

The FBI is technically part of an "elected" branch, but it's nonetheless a semi-autonomous agency not directly accountable to the people who voted for the President. Even the President could be investigated by the FBI. We just have to trust that good people were appointed to this agency, and be ready to fight them in court when not-so-good people make bad decisions.
Yeah let's just forget the whole "warrant" bit in the very next part of the fourth amendment.
(disclaimer; not a lawyer) How do you see there being probable cause for the issuance of a warrant? My reading of the FBI-Apple-CDCal-Govt-Reply document (page 2 / line) was that there was not forthcoming or ongoing attack, but evidence of the attack that Farook had executed.
Probable cause? The phone's user shot 22 people. The phone itself belongs to the county, so legally, they don't even need a warrant, but if there isn't cause to issue a warrant in this case, there's never been such cause in any case.
But the phone has no (additional) prosecutorial value against Farook and Apple itself is not in possession of any evidence or information that has to do with the attack, which seems to be the reason why the FBI is using the All Writs Act.

What i am trying to figure out is if the FBI is saying that there is evidence on the phone of future attacks, or information about co-conspirators, or some other material that would lead to additional action. From what I have read, there is no indication that is the case.

What is it the FBI is gaining by unlocking the phone? Other than a legal precedent.

You have no idea what the phone contains, neither does the DOJ, and the whole point of the investigation is to resolve that question.
Not knowing what is on the phone is my point. The FBI is asking for a method to access information on a specific device that impacts all devices of the same type. If there is not a stated reason for positive action, this seems to be unreconcilable with the FBI dismissing concerns about this being a violation of the fourth amendment.

However, I don't know enough about the law to know if probable cause means to take action regardless of the outcome of that action. That seems to be slippery slope toward justified constant mass surveillance.

The whole point of a warrant is to allow investigators to resolve the question of whether evidence is or isn't located somewhere. By your logic, any time a judge issues a warrant, they might as well issue a conviction at the same time, because the question of what the evidence says needs (in your view) to be settled before the warrant issues!
That isn't the intent of my question about the warrant. As I understand it a judge would issue a warrant if there was probable cause that execution of the warrant would prove or disprove the procecution's case against a defendant.

From what I've read, the FBI hasn't made such a claim. Only that it needs to be accessed because Farook committed a crime. The determination of his guilt does not rest on some data stored in the phone.

Going back to my original question, what does the FBI gain in the matter of this case by accessing one device in a way that compromises all existing and future devices? And is the, what I interpret to be a, massive imbalance between cost and gain of the action so great that it represents a threat to the 4th amendment.

The disclaimer that I'm not a lawyer was not intended to be cheeky, but an honest show of ignorance of how these kinds of questions are treated in the judiciary.

They literally have no idea what's on the phone; they're speculating that there might be something useful. A search warrant for searching the possessions of someone who committed a terror act is not out of the ordinary. But I agree with your conclusion.
Don't they have backups which could provide some probability the phones may contain relevant evidence?
Right, that makes sense. I don't have the link handy but the aclu post from a few days ago about a method to brute force the phone by backing up and restoring disk images after a wipe seemed reasonable to me. I also think that the fact that the phone wasn't farook's property but San bernardino government's is a strong argument that there is no expectation of privacy on that particular phone.

It's probable cause for the warrant against (??) Apple that I haven't wrapped my head around. Since apple has no known or suspected connection with the crime itself.

Who wants to start a key escrow company :)

> "no Warrants shall issue, but upon probable cause"

As a non-legal expert, the way this feels to me is that asking for a backdoor is like preemptively issuing a warrant for everyone on the grounds that they might commit a crime in the future that you'd want to investigate. Thus backdooring iOS is tantamount to issuing an unlimited warrant for everyone, which is exactly what the Fourth Amendment is trying to prevent.

The difficulty is that encryption doesn't work with the warrant system. There's no "encrypted before a warrant is issued, but unlockable after one is" without key escrow or something similar.

The real tragedy is that if the government had good intentions about doing so in a responsible manner (setting aside the problems with key escrow in the first place), then the NSA burnt those bridges to the ground between 1990 and 2015.

Action. Reaction.

That is an understandable set of emotions but not really a rational basis for public policy.
"We cannot trust you to use this power responsibly and therefore refuse to delegate it to you" might be the most rational basis for public policy there is.
The power to collect evidence to resolve criminal cases is one of the most fundamental powers of the state. You might just as productively suggest that we can't trust the USG to be a responsible state, and therefore it should disband.
The fact is this: you can't argue with math. It's math. You might ban it, but in this day and age, that's nigh-impossible. The ease of violating any ban, and the number of violators will effectively make the law unenforceable. And you know what will make government even less respectable? Unenforceable laws.
> The power to collect evidence to resolve criminal cases

Is already limited by the 5th Amendment and other caveats. So it's never been unlimited in the US.

You mean the 4th Amendment (the 5th guarantees due process and prohibits coerced self-testimony).

Put aside for a second that 4A is not in play here, because the phone's real owners consent to the search.

4A delegates to the courts the power to determine what evidence is and isn't in-bounds in an investigation. Nowhere in 4A will you find a prohibition on imaging someone's phone. Assuming the judiciary approves of a warrant, virtually nothing is out of bounds to a warranted search. That's what we're talking about here: a search that a judge has authorized.

It's that power that we're talking about clawing back because of a loss of trust in the government. And what I'm saying is, it's pretty silly to pretend that you can claw back the power to collect evidence without calling the whole state into question.

No, I meant the 5th amendment and coerced self-testimomy.

To me, that's an obvious example of evidence the government would like to have in many cases, but we clearly decided it cannot. A judge cannot grant a warrant compelling an individual to waive their 5A rights. That seems to have direct bearing on the idea of providing individuals a right to strong personal encryption.

Admittedly, there are many edge cases (furnishing information about a third party that one has personally encrypted), but we've bounded what the government can and cannot have before.

Although from another comment I made I generally agree with your position that this is a pretty serious point of balance between the individual and the state due to the nature of encryption.

That's the exception that proves the rule. So concerned were we about torture that we constitutionally prohibited coerced self-testimony. What other form of search does the constitution bar from judges? You can't say "the unreasonable kind!", because the constitutional definition of "reasonable" is "whatever the Supreme Court says it is".
I don't think limiting searches categorically has ever been a problem to this extent before (big statement, but maybe?). Because there's never been a broadly-used impediment to the types of searches the government typically conducts that simultaneously requires a sacrice on the part of individuals if it is not available.

Or to turn it around, what has the government historically desired to legally do after obtaining a warrant that it has been unable to do?

We never made locks or strong doors illegal. The closest would probably be mandating log retention at telecom providers for a certain period of time.

I'm not sure we're talking about the same case. The government is capable of conducting the search it demands in this case. Because of the way Apple designed this particular phone, it can in fact assist the government with the search.

The question of how cryptography might stymie whole classes of search entirely is germane to the question of whether we should pass laws restricting default-on cryptography (obviously, I don't think we should). It is not germane to this case, which is not about "mathematics" or even "security", but instead whether the government has the power to compel a product manufacturer to assist in a search of their products.

The government is not capable of conducting the search on its own in the sense of "access the contents of this particular iPhone at this point in time." Unless you have read some very different material than I have or are using different definitions?

Richard Clark seems to think the NSA would have the capability, and they might, but the FBI apparently (and believably) doesn't.

Apple "assisting in a search" is a little overly summarizing in my opinion. I think there's a difference between "we received your warrant, here's the information we have" and "we received your warrant, we will dedicate engineers employed by our company to actively exploit the security we designed into our products."

Is there precedent for compelling lockmakers to provide technical expertise in defeating their own lock systems? I can't imagine that's never come up historically.

Correct, however we're entering into an entirely different area of argument here. Historically, physical safeguards have been utilized, and any physical safeguard can be overcome give a moderate amount of funding and/or time. I'm not aware of any period where a safeguard would need to be intentionally fundamentally flawed in order to allow the government to proceed with their collection of evidence.

The question becomes whether it is within the power of the government to mandate that flaw, or whether they will need to find some other approach. There is also a question of freedom of speech, as it has historically been held that you can be forced to not express something, however you cannot be forced to express something. In regards to key signing, it could be said that that is an expression of authenticity that you endorse whatever is being signed. Can the government force you to give that endorsement? Does the government's power to collect evidence supercede your right to freedom of speech (or the abdication of speech)?

The physical vs virtual component is the most fascinating part of the issue for me. And the fact that "make a virtual thing that behaves like the previous physical thing" is impossible / extremely ill-advised.

We've seen the popular media analogies gradually become more accurate in their understanding that this is a novel question. And, admittedly, hats off to Tim Cooke and Apple for getting more technically accurate descriptions out in the media.

We do seem to be having a more productive discussion socially this time around.

I think the last major rebalancing of rights due to new technology concerned copyable copywritten digital media and... we decided to make a lot of things that are technically trivial illegal. Not the best message to kids that "these things are illegal, but easy to do and unenforceable."

>The power to collect evidence to resolve criminal cases is one of the most fundamental powers of the state.

I agree. But it is no where stated or implied that this should be an unlimited power. In fact, clear limits are placed upon that authority.

If I invent a cypher and store all of my physical written works using that cypher, can the government compel me to decrypt those works upon discovery that they lack the ability to do so? What if I taught that cypher to my family? Can they be compelled? If so, under what authority?

>You might just as productively suggest that we can't trust the USG to be a responsible state

This suggestion is inherent within the Constitution. It is framed upon a mistrust of any Government to not become tyrannical.

>therefore it should disband

uh, what? nice leap.. did you use rocket shoes to get over the gap?

I agreed with your points until the last. :( Assumption of good intentions on the part of all comments usually produces a more productive discussion.
I didn't intend to be inflammatory (at least any more so than the parent), merely point out that a logical leap had been taken that was not entirely faithful (imho) on the part of the writer.

It is certainly not "mistrust government" ergo "disband government", especially when the government in question was formed near entirely upon the notion that a government should exist in a perpetual state of mistrust.

What "clear limits" are you referring to? Remember, this case is about the limits judges have in compelling the production of evidence. What are the limits on that authority?

It's unclear whether you will eventually be compelled into decrypting documents. One circuit says you can't be, because of 5A. But that ruling was situational, and other courts might rule otherwise. Certainly I don't personally agree with the logic that compelled decryption is necessarily testimonial in nature, any more than opening a safe for which only you have the combination is testimony. The primary purpose of the ban on coerced self-testimony is to prevent bogus confessions elicited under torture. That's not at issue here.

I don't understand your "inherent within the Constitution" argument. The Constitution says what it says. I'm citing it.

It is my understanding that the central issue is not the judges authority to compel evidence be turned over to the state. The State is already in possession of the evidence, it is simply in a format that is unintelligible. Apple is not in possession of any evidence.

The issue is whether a third party can be compelled to provide access to that evidence in order to make it intelligible and therefore meaningful. The combination to the lock (which apple claims they would be forced to construct, as it does not yet exist. The government seems to have accepted the veracity of this claim when they agreed to perform the labor if handed the tooling).

What is the purpose of explicitly stating 4A if we can simply trust the government to be a good actor?

It is inherent in the statement of explicit restraint that there is not trust.

Preamble to the Bill of Rights -

"The Conventions of a number of the States, having at the time of their adopting the Constitution, expressed a desire, in order to prevent misconstruction or abuse of its powers, that further declaratory and restrictive clauses should be added: And as extending the ground of public confidence in the Government, will best ensure the beneficent ends of its institution."

I like that they use confidence.. it implies a matter of shades or degrees. Trust seems to imply something much more B&W.

(http://www.archives.gov/exhibits/charters/bill_of_rights_tra...)

I'm sorry, but this still isn't a coherent argument. The Fourth Amendment delegates to the court the decision over whether a search is or isn't reasonable. It is a court that has ordered this particular search. The court is part of the government.

If you can't trust any part of the government, the Fourth Amendment is immaterial: you can't trust the entity to whom is entrusted the power to adjudicate reasonableness.

Its an electronic search of a device in the FBI's possession. Clearly this is a modern issue that exceeds the language of the Constitution etc. Its a fair question - how much extra work can a manufacturer be compelled to do for the FBI, to enable them to understand the device/information they have already seized? The word 'search' is being stretched to the breaking point here.
Fair point. What are the laws on producing evidence, whereby the evidence constitutes a challenge to review?

E.g. If I was ordered to produce logs that may be evidence in a case, and I only had and only produced a 10GB+ text log with a single line the warrant was interested in. Can a warrant order me to parse the log to find the relevant information?

Furthermore, at what point does a digital space become similar to a physical space? When I can carry 3 hard drives that can contain almost as much information as the Library of Congress print collections, is it reasonable to think of them as "one thing" for legal purposes? In that if you have access to the physical container, you have access to all its contents?

If I remember, Lavabit attempted just such a "Big Sky" tactic with the logs (or a similar set of files) in their case and it was deemed a transparent attempt to obfuscate.
I do not concede the point that "electronics" somehow bring controversies outside the scope of the Constitution. The Constitution didn't foresee electrical power, automobiles, or telephony either. Human air travel was a fantasy when the Constitution was drafted, and we didn't have to amend it to deal with airspace controversies.

What I do think is that people who are intimately involved with new technologies will tend to believe that the complexities of their technologies must somehow swamp the Constitution.

I wish that wasn't true. But govt seems to think that way. Personally I think searching my laptop ought to be covered under freedom of the press, but it isn't. Email should get the same protections as snail mail, but no love there.

No, its not the technologists who don't get it.

Anyway to the point: we need to clarify if searching my house, and searching my person, and searching my laptop, and searching my cloud-based email history are in the same class. Hell, even searching my breath or blood isn't protected like they should be. Its a long way from clear, what Constitutional protections are extended to modern situation and which aren't. Technology has challenged everything we thought we knew.

The power of the courts is kept in check by the Legislature. They are not above elements of mistrust.

The court is compelling a third party to perform an act that really isn't part of a search and seizure of items.

Search and Seizure as defined by 4A is over and done with. The Prosecution has searched the "places to be searched" and is in possession of the "persons or things to be seized."

Now can it compel Apple to make them useful? (Potentially useful, as even the State has argued there likely isn't really any useful evidence there anyway.. sorta makes this whole thing look like a dog and pony show.)

I don't think the legislature helps you here, because one of the very first things the legislature did, when it was populated with the framers and signers of the Constitution, was to delegate to the courts the power to compel third parties to assist investigations.
And Apple is arguing that the "All Writs Act" to which you refer is not authority to demand whatever you damn well please, from anyone, at any time. They are arguing that there are well established limits to that authority and that the judiciary is overstepping its bounds here and need defer judgement to elected representatives (the legislature).
I don't think this is accurate. To wit: I don't think Apple's argument is that the limits they're seeking are well established (they are not), only that they are important and sound.

Either way, Congress isn't a check on the Supreme Court. It's typically rather the other way around.

Application of the All Writs Act in this manner is unprecedented. The conditions under which it may be applied are well defined and are not met for this application.

The Supreme Court isn't a factor at this stage.

"Typically" you are correct. The formal method for checking the power of the Judiciary is for Congress to remove Judges from the bench.

Apple is arguing that All Writs doesn't grant the authority that is being used. If that authority is to be sought then it will have to come from Congress. At least one Judge agrees.

That's the nature of the AWA; it's a catch-all. Every new technology or social institution that appears is going to create a new "unprecedented" use of the AWA. But the underlying principle of the AWA is so simple that it was one of the first things that came before Congress: the people are entitled to every person's evidence, and if a third party stands in the way of that, the courts have the right to compel their assistance.
And there are limits to the assistance the court may request.

Creation of new works is just such a limit.

If there is not a limit, then what the courts may compel as "assistance" becomes absurd.

This is the argument Apple is making and it is the foundation of the opinion of at least one Judge that has ruled against use of the AWA to compel the unlocking of a phone.

The argument has the exact same form as the advice "don't talk to the police without a lawyer", and for the laws that support this protocol (right to silence/counsel). That is,

"I don't trust you to be an impartial seeker of the truth who's 'only' concerned with solving this murder rather than railroading me on random charges, therefore I will not answer even simple questions that you deem necessary to conduct your investigation."

(With that said, I really, really don't like the whole "don't talk to police" circlej---, like how it gets overapplied or dangerously applied ... but within a very narrow interpretation it's correct and well accepted enough to carry the implications over here.)

Edit: Correspondingly, the advice would carry a lot less weight in counties with a much better government that actually could be trusted not to look for petty reasons to arrest people. And so a government that prices itself a better steward of privacy could be trusted with key escrow.

A monopoly on violence is the fundamental power of the state, which isn't being challenged here. What is being challenged is the state's methods of evidence collection, which determines an attribute of the state - not its existence. Put more simply: you haven't leapt in your logic, you've presented a false equivalence.
The collection of evidence (more broadly: the investigation of crimes) is one of the core purposes to which the state's monopoly on violence is applied, so the issues are the same.
You are doubling down on a logical fallacy. By your logic a state that has no law enforcement investigations is not a state, regardless of military strength and the sovereignty that enables. Now you may say that you would not want to live in such a place, but you can't with a straight face deny that it is still a state. As far as lumping potential precursor activities (evidence collection) in with the eventual excising of violence (arrest), and a challenge to the former is a challenge to the latter... by that logic the US isn't a state - because there are already plenty of restrictions in place.
tptacek's argument, as I understand it, is that evidence collection is the beginning of the chain that allows enforcing laws.

Not being able to collect evidence precludes legal enforcement, which precludes laws, which precludes the existence of a state in the modern definition. Which is the same line of reasoning that most of the "pro-legally breakable encryption" follow, even if they don't carry it out to conclusion explicitly.

I think it's fair to say a state in which everyone uses strong encryption (that cannot be penetrated by the state in any circumstance) in every digital facet of their lives does look very different from the one we currently have (at least in technologically advanced states).

> ...the beginning of the chain that allows enforcing laws.

Years ago I wrote software for supply chain loss prevention, every so often there would be a crisis (like a hijacking) that put the department into investigation mode - where there was no room for long term strategic thought. But the course was always corrected when the department director would remind everybody that the job was "loss prevention" and not "loss apprehension". So while criminal investigation is currently a big part of law enforcement, it isn't the primary objective. If that concept sounds strange, check out Bruce Schneier's work.

> ...which precludes the existence of a state in the modern definition.

Is that true, have we redefined the state to only include governments with laws? What do we call the entities formerly known as states that no longer fit the new definition? I wonder how long until we redefine law. I'm really hoping that when you say "modern definition" you actually mean "the definition Jay Leno would get while grabbing people off the street who previously gave the matter no thought".

I do agree with your point thought, I think that those who are predicting catastrophe are more concerned with maintaining the status quo - and when they say the world will end, they mean their estimate of the way the world works. The mental crisis is so great for some that they will craft incredibly convoluted justification, and may go so far was to start redefining words :)

> Is that true, have we redefined the state to only include governments with laws?

Honestly curious, how else would you or anyone define it? And are we talking philosophical or real world examples?

I'm sure there must be others, I just can't think of any offhand.

> ...how else would you or anyone define it?

A geographic location where there exists a monopoly on violence. For example: the USG gets to decide who is allowed to kill who and under what circumstances, exclusively, for a specific location. That monopoly can be made clear through laws, but it isn't necessary - consider monarchies with no legislative bodies. Also consider the fact that laws cannot be established without a monopoly on violence, which a lot of people seem to get confused about - thinking the authority over violence is somehow derived from law...

> And are we talking philosophical or real world examples?

I'm really tempted to launch into a rant about cognitive dissonance here, but I'll just save time and say that is a distinction without a difference. As far as examples, like I said, pick any monarchy without a legislative body - Native American history has plenty of that.

To me, the difference between philosophical positions and ones which can survive the tests of the real world are pretty important. But I suppose that's my opinion as an engineer. I've studied a lot of philosophy that's logically self-coherent but completely impractical to let anywhere near physical matter.

I would say that "a geographic location where there exists a monopoly on violence (such as a monarchy without legislature)" nonetheless has implicit laws that guide its hand. And by which it is judged! Indeed, transgressing unwritten social contracts has led to the downfall of most monarchies throughout history. Or to put it another way, co-opted power structures are necessary for the governance of any sufficiently large group, above and beyond sheer force. And power-structures require some sort of bargaining and negotiation even if it's rather one-sided.

Laws as instruments to communicate expectations are what makes scalable organization possible past a certain point, whether they're explicit or implicit.

That's why you don't see any long-lived civilizations with true violent anarchy as a form of government.

> ...difference between philosophical positions and...

Philosophy is a pretty huge domain, where one end of the spectrum is navel gazing Platonic forms and the other is the propositional logic that informs compiler design. It sounds like you describing the trap that medieval scholars fell into, where they would recursively construct syllogisms until they found themselves talking about how many angles could dance on the head of a pin. This is what happens when you fail to check your premise, you end up with a logically consistent delusion. So the "self-coherent but completely impractical" philosophy you've condemned is just a condemnation of poor logic - which doesn't do your utilitarian argument much good.

As far as the the rest, you've now changed the topic from "what defines a state" to "what defines a well judged, scalable, long-lived civilization".

> ...anarchy as a form of government...

One of those words doesn't mean what you think it means :)

The power to collect evidence to resolve criminal cases is one of the most fundamental powers of the state.

But this doesn't mean that the state gets to do that however it wants. There have to be limits on such power.

No state power is unlimited and all state powers end where individual rights begin.

Any state that cannot be trusted to be responsible should be disbanded. See the US Declaration of Independence.

"We got burned giving these people too much power" is absolutely a rational basis for public policy. The biggest threat to your life and liberty comes from the government, not some shady group out of the Middle East.
That bit's definitely in there and it's definitely important for physical goods.

But digital goods are a different ball game. Even if the government is able to mandate back doors be put into phones, criminals will simply change to use other software.

We're going to need to face the fact that terrorists will still be able to hide their communications using encryption whether the US government attempts to rewrite all encryption communications software in the US or not. There are too many moles to whack.

I'd prefer that our law enforcement officers figure this out sooner or later so they can get back to figuring out how to keep us safe given the circumstances. They have a very difficult job which we need to support through whatever means we can. It's our job to help them learn how encryption works.

> Even if the government is able to mandate back doors be put into phones, criminals will simply change to use other software.

People say this a lot. But I'm not so sure. I'm sure they will some of the time, but I bet there are a lot of unsophisticated criminals out there who will use whatever consumer software I use to message my wife about who's picking up milk on the way home today. It's just easier.

We've actually seen evidence to support this position as well. The Paris attackers coordinated over unencrypted SMS when, even now, there are far more secure solutions that one can easily install.

> I bet there are a lot of unsophisticated criminals out there who will use whatever consumer software I use to message my wife about who's picking up milk on the way home today. It's just easier.

For sure there are. Is that a good reason to pass laws mandating back doors in phones? I don't think so. The economic and security impact will be too large.

The FBI is focusing on terrorist cases as a means to win the public on their side. And, many sophisticated criminals have already figured out how to use encryption. The FBI is saying that criminals use Twitter as a means of connect, and then encourage followers to continue conversation via encrypted methods. I guess this is how they get metadata about who is talking to who but not the actual conversation content.

The FBI basically just told the judicial and legislative branches to go pound sand.

No judge is going to be willing to let this level of power grab against the judiciary to slide.

Apple's lawyers must be very happy right now.

I'm almost starting to believe there are forces in the FBI trying to thwart the case for the FBI, by making so ridiculous claims that the legal precedence will be set for a long time, preventing the FBI or any agency to get this kind of power.

But then again, it's more likely they just completely lost sight of how the real world actually functions, and their own mandate.

If this actually does go through, my view of the US will be closely aligned with Iran and North-Korea.

Hmm... I remember a while ago when China was bashed for such an attitude. Isn't that just fascinating?
Separation of powers sure has it's benefits though.
Doesn't this make the FBI's case weaker with the public and the court, given there would then be more points of attack for hackers?

Comey went on record saying the tool should be secure in Apple's hands because Apple knows what it is doing [1]

And, he didn't even think of this tactic until Darrell Issa suggested it at the Congressional hearing [2].

> Issa: Did you receive the source code from Apple? Did you demand the source code?

> Comey: Did we ask Apple for their source code? Not that I'm aware of

It seems like the FBI is grasping at straws here. Does anyone buy this charade? The PR on the DOJ's side is atrocious. From the beginning, "just about one phone" was obviously a lie, and it's all been downhill since then.

For once, the fear, uncertainty and doubt tactics of the government are not working. I'm happy about that but concerned for our future when law enforcement blames technologists for not handing over data to phones. We need to continue educating each other on these issues regardless of what the courts say, and regardless of what ultimately comes out of Congress.

[1] https://youtu.be/g1GgnbN9oNw?t=2h43m12s

[2] https://youtu.be/g1GgnbN9oNw?t=1h21m33s

You're treating the public case the FBI made earlier as if it reflects its actual beliefs and motivations. Looking at the pattern of actions, rather than the rhetoric, suggests something else to me.

And it's a little early to say that it's not working. It's not working as well as they'd like. It's certainly not working for the echo chamber of HN and tech nerds, but what we think is irrelevant. It's not over 'til the fat lady sings, as they say....

Also, best not to get cocky about whether it's "working" or not. Remember that the government can come back to this again and again with carefully-crafted test cases. They only need to get it right once. We have to fight this off successfully every time.
> It's certainly not working for the echo chamber of HN

True. I would also go a bit further and say it doesn't appear to be working with the House Judiciary Committee. I watched all five and a half hours of the inquiry and overall, the committee including the chairman seemed strongly on Apple's side. There were only 2-3 dissenting positions in favor of the FBI.

Really important point as this gets to the supreme court.
By "working" I meant the latest poll has 47% in support of Apple and 42% in support of the DOJ [1]. That is better than the previous poll which was 51% in favor of DOJ and 38% for Apple [2].

The original poll was biased in favor of the DOJ, since it only framed the question as, "should Apple unlock the phone or not". So it is hard to know if public favor has truly shifted.

Regardless, you're all correct that we need to continue educating each other about this. Find public figures and inform them. 42% is a lot of people who do not understand the issue and implications of what the DOJ is asking.

[1] http://www.dailydot.com/politics/apple-iphone-doj-fbi-wall-s...

[2] http://www.people-press.org/2016/02/22/more-support-for-just...

Could anyone explain to me, legally, why the FBI wouldn't be allowed to compel Apple to provide this? The government was able to compel private SSL keys from Lavabit. If the only difference is "Apple has money to fight the court order," then would a court's refusal to grant the FBI access to the source code and signing keys create a precedent that could protect future Lavabits?
If Lavabit refused, some random scapegoat within Lavabit (like, say the CEO, or whoever is deemed as the scapegoat) might get arrested, Lavabit would probably be ordered to close, and our lives wouldn't be affected too much. They're a tiny startup. They can be bullied quite easily without affecting national peace.

If Apple were ordered to close in an instant, there would be mass upheaval, unrest, protests, and huge economic losses just because of the sheer number of people that depend on their products on a daily basis for mission-critical things. Violence would break out. We might even end up facing nothing short of a civil war, and the federal government probably wouldn't want to risk that.

The argument that Apple is too-big-to-compel is in the same spirit as arguing that they're too-rich-to-compel. So my closing question stands: if Apple prevails, how likely are courts to treat this as a precedent if and when the government goes after a small fry again?
I'm not sure if it's a matter of precedent for the small frys. By that I mean, even if there is precedent you still need a tremendous amount of money/legal power to fight.
I would think so. My understanding of the Lavabit case was that it was upheld on procedural grounds and thus not precedent-setting. Apple has the money and the will to fight this so that it is precedent-setting* and thus usable by the not-as-expensive lawyer protecting the next Lavabit.

* By which I mean I could see Apple purposefully fighting this to the Supreme Court, even if it means "appealing" a case they've already won so that it goes to a higher court.

The Lavabit case was decided on entirely procedural grounds—the Fourth Circuit never said that it was OK to compel the disclosure of the SSL keys, only that Lavabit had waived its objections in the district court (at which stage Lavabit was acting without counsel).

Source: I briefed and argued the Lavabit case in the Fourth Circuit.

Fascinating. And saddening. Would Lavabit have been protected if a prevailing Apple had stymied government access to cryptographic keys prior to their coming under scrutiny?
The government didn't start by asking for LavaBit's SSL key. They asked LavaBit to start intercepting communication to/from one user. LavaBit had done so in the past in other cases. LavaBit's refusal to do so in that case thus immediately looked suspicious to the court. LavaBit mishandled the case and tried to escape responsibility with stupid, poorly-argued logic, and poorly handled delays on their part. When LavaBit failed to take prompt action to enable interception, the government finally demanded the SSL keys to do it themselves.

If I were you I wouldn't trust the guy involved in LavaBit in the future, Ladar Levison. He frankly did not seem to be up to the challenge of running a company that is prepared to navigate this space, from the way he bungled the case. He got basic things wrong about how to engage first with the FBI, then with a court over a court order, and made his position worse by ineptly arguing with the court without advice of council. He blew his shot to raise arguments with the court later as a result. Furthermore, he clearly made misleading claims about the security of the product, and I believe knowingly. LavaBit had by that point had already helped the govt surveil other users, all the while maintaining that the communications were secure and that even they couldn't read them.

I have no axe to grind with LavaBit - these are all conclusions I reached by investigating the case myself. You can see this for yourself by reading the court transcripts and news articles. While his intention to provide a secure communications product was noble in the abstract, I would personally trust neither his technology judgment nor his business judgment in how to run a company or handle tough legal circumstances in the future.

He did stupid, immature shit like, when finally ordered to provide his encryption key, he printed it out on paper in an illegibly small font. The court of course compelled him in an industry standard format. That kind of thing is just immature and makes the situation worse for him and his users by extension. http://arstechnica.com/tech-policy/2014/04/lavabit-held-in-c...

Any tech person with an adequate knowledge of encryption and security could have seen through LavaBit's security model. It's not possible to provide webmail in a mode where the webmail provider can't read your email.

http://www.infoworld.com/article/2609583/encryption/how-secu...

> "The ciphertext, key, and password," [Moxie] Marlinspike wrote [in his analysis of LavaBit], "are all stored on the server using a mechanism that is solely within the server's control and which the client has no ability to verify. There is no way to ever prove or disprove whether any encryption was ever happening at all, and whether it was or not makes little difference. ... Even though they advertised that they 'can't' read your email, what they meant was that they would choose not to." Marlinspike also took exception to the way the password supplied by the user also does double duty as an encryption key, a practice frowned upon by password researchers.

The article above also links to Levison's reply which is not convincing at all:

> Marlinspike is assuming that the Lavabit system was designed to be a substitute for the security provided by end-to-end encryption systems like PGP. It was not. Lavabit’s encrypted storage feature was designed solely to protect e-mails at rest.

Huge, huge hedging right there. If you're using PGP then there is virtually no benefit to using LavaBit at all.

> Why protect the data at ...

Surrendering the source code to iOS? That sounds like a huge overreach by a law enforcement agency. That thumb drive would be worth billions of dollars. A $60K/year bureaucrat is supposed to protect it from Apple's competitors? I wonder how long it would be before this prized intellectual property ended in the hands of Samsung, various Chinese companies, maybe a copy floating around Russian and East European networks, and eventually Google labs?

The scary thing is that the FBI, with the support of the President and quite a few top Congressional leaders, could very well win.

Wasn't there something in TPP prohibiting member governments from forcing companies to hand over source code? (I know it's not passed yet)
I hope Apple will further improve iOS encryption so it can not be broken, even by people (FBI or Apple) having access to the source code. There should be no signing key that can be used without first entering the correct PIN in the first place. That's the real problem here, isn't it?
i can imagine reasons why apple would want or need to be able to update secure enclave firmware without the correct pin entered first. #2-3 are highly speculative:

1) fear of a bug. just the right firmware bug and you have 100 million phones lose data, and perhaps bricked too. unlikely, but consider the cost. i would be worried about this if i were in charge of the iphone project and the secure enclave feature were newish. we can imagine pretty good solutions to this one though, with work and time.

2) out of 100+ countries where they sell phones, over time, some will give them a confidential court order saying they must retain this capability. if a foreign court order, they could refuse to comply, but then would have to exit that market -- infeasible if multiple countries. and a different 'version' for just those countries would be noticed over time by security researchers?

3) they might already have an order as such from the U.S., for foreign intelligence purposes. as mentioned a different international version if noticed is a PR disaster for apple. so the easiest way to comply is just do it that way for all phones.

perhaps they push back on the fbi request because that's the one they can talk about, yet it templates the whole issue.

The FBI's purpose isn't to unlock this phone. They already know it has nothing of value on it. What they want is the precedence to use the court to go against the will of congress. This has already been brought up and the people and their representatives shot it down.
I don't understand. Can someone please clarify for me. They physically have the phone right? Could they not just read the whole flash, try a pin, write back the whole flash, repeat? (i.e. take the phone apart)

(given it is a 5C with no secure enclave)

I suspect there are a myriad of technical means to pop the phone, including the method you outline, but I doubt the FBI has the talent or connections to get it done in way that would be presentable to court. (I.E. Nobody in house is capable and any contractors they would hire to do it don't want their methods made public in an open trial)

One assumes the NSA would make short work of this phone's lock if it had been recovered from the OBL compound, but using them in this instance also brings in some dicey legal issues (they "can't" operate domestically) and the NSA is even less willing to give up it's own tactics than a security consulting firm would be.

FBI seems to have chosen to go the "lawyer up and look for a court order and some wet blanket executives willing to hand things over" route-- Tim Cook is, thankfully, well principled enough to tell them to pound sand.

Surely, at some point in time, the FBI will figure out how to recruit technical staff that is capable of doing more than just extorting bitcoins from cyber drug kingpins.

Wouldn't it be straightforward for Apple to design future iPhones to accept device-targeted updates in order to comply with law enforcement requests like the one that started all this? Just add a step: 1) Is this update signed by Apple? 2) Does this update indicate a particular device and if so is this that device?

I wouldn't support the government compelling Apple to implement that, but I don't think I'd have a problem with Apple doing it voluntarily. Of course, if it's not a government mandate then anyone who cares (for criminal reasons or otherwise) can just use other devices that don't have the same system in place, so in the end it's just security theater. But at least it might detour some government attempts to overreach and effectively outlaw encryption entirely.

The UK govt is equally eager to ban/compromise encryption, and I think the challenge for technologists is to find ways around this. How difficult would it be to develop a protocol that concealed encrypted payloads in innocent-looking plaintext traffic? A kind of "clandestine encryption."

I suppose the problem is that individuals might get away with using clandestine encryption, but no convenient service provided by companies like Apple would be able to.

I felt something in my stomach when they implied that people who actually don't care about security are the ones who buys Android phones.
According to the WSJ, less than 10% of Android phones are encrypted.
This is at least much more plausibly legal than drafting Apple employees as slave labor.
Would giving them access to the source code even matter, other than morally speaking?

Meaning, just having the code won't let them crack a phone and it won't let them patch the OS so that its subsequently crackable would it?

When the FBI is worse than the terrorists they need to take a step back and think about the bigger picture a little bit.

I'm very comfortable with President Obama's broad policies an intentions, but when it comes to privacy rights, I have one question: What would Richard Nixon do?