Not well versed in the legal process here... I assume that the hearing is just a formality at this point, and the case is all but certain to be appealed, right?
This is their final response in their own federal district court. The district court will issue its decision. Afterwards the next appeal would be to the US Supreme Court. That level of appeal can take years if accepted, or more commonly, is ignored. In the meantime there can be orders for them to comply in the meantime or face consequences.
What can we expect to see from Apple? Would they comply, if not what consequences would we see them face? Fines or jail-time for those making the decision to not comply?
I thought we were at the step where the case is now fully briefed? Isn't the next step oral arguments at the district court level? Then a District court ruling. Then appeal to 9CA, and so forth. Although if someone files for an Emergency TRO, I'm not sure if that goes to 9CA or to the SCOTUS Justice that oversees 9CA (Kennedy).
The hearing at the district court level will be before a magistrate judge (because of the way that the issue arose in connection with a search warrant). Magistrate judges' orders can also be appealed to the district judge assigned to the case, which happens before an appeal to the court of appeals.
In the same way Apple shifts global tax to Ireland, could they shift the encryption ownership (sorry - there's surely a better technical term I could use) to an overseas holding company where this is likely to be quickly dismissed? Essentially make it like suing Apple in an attempt to control Google search results type thing... its simply a different entity.
Huh... That may be possible! It would require Apple not being able to control that entity, however. They would effectively have to outsource security (seems like a dangerous plan). Also, the gov't could then simply outlaw the outsourcing of security functions for device manufacturers.
If this was about the gov't simply making new laws we wouldn't be having this discussion right? Fortunately we live in a country where the gov't can't simply outlaw things.
Actually they can. I see nothing unconstitutional about restricting companies from circumventing a court ruling on existing law. Even if unconstitutional (which it's not) that does not necessarily prevent a bill from becoming a law.
The entire discussion here is not about Apple circumventing a court ruling. They are appealing the ruling, and until the appeal is complete they don't have to perform any action.
Right now, it would be very unconstitutional (a denial of due process) to prevent Apple from appealing the ruling.
They could use multiple signing keys. One in America, one in Hong Kong, one in Germany, etc. If a firmware update is not signed in all (or N of M) jurisdictions, the secure enclave simply rejects it.
This is an excellent solution. A bit like Ripple's concept of trusting a set of validators are unlikely to collude against you, without having to trust any single one of them: https://wiki.ripple.com/Consensus#Not_colluding
Of course it doesn't stop any particular government from making it illegal to sell unbackdoorable phones in their country.
Here's another possibility. Let's say DOJ wins, or a new law is passed requiring Apple to sign malware version of iOS. Apple risks losing huge market share overseas, where people will stop buying iPhones. Apple spins off affiliate companies in these other countries, distributing controlling share of the affiliate stock to current Apple shareholders. Then apple just licenses its tech to the spin-off affiliates. No control over their ops. (Obviously would be more convoluted, much more -- but that's the basic idea.)
This sounds like a good case for a threshold signature scheme[1] where no one member has all of a complete key and can partially sign without revealing their piece of the key to anyone.
Aren't all algorithms "clever" at some level? I assume you are implying non-mainstream - that always carries risks, but there are some advantages:
1. The software that verifies the certificate doesn't need to be changed - which is quite an advantage if it has already been shipped, or if you need to change the signing rules at a later date.
2. The verification logic is exactly the same as if checking a regular, single signature certificate. Nice and simple, no bugs related to whether all criteria have been met by multiple certificates.
I still think that Internet and technology is much safer in USA. Hey Americans actually care about privacy. In UK or other countries people are ready with lube when government asks them to bend over.
I disagree. I think this distinction results from Europeans being more humble and not from us being more concerned. I'm not convinced that our arrogance serves the freedom of technology or the internet. American's are eager to see themselves as citizens of the country that invented freedom. We assume our capacity for self-determination is absolute and unwavering. We like to see America, which is often great, as a reflection of ourselves. But ultimately this inclination is a double-edged sword. It forces us to accept personal responsibility for our country's flaws. You might think that this causes us to "actually care". I don't. While it is conceivable that a single person can shape their entire country the reality is immensely challenging and uncertain. Anecdotes to the contrary, though numerous and extraordinary, are curated by survival bias. We know this intuitively but can't express it without contradicting our idealism. When faced with a new social problem we essentially have 3 choices:
1. Abandon the pleasant safety of arrogance. Accept the non-totality of your control. Be practical. Do what you can. Risk the indignant judgement of someone that chose #2.
2. Abandon the intuition of humility. Be the solution. Assume you're the next Great Thinker in social progress. The MLK for problem x. Change the world. Care. Inspire people. Avoid narcissism.
3. Capitulate to the most primitive defense: denial/apathy. The government isn't spying on us. If you have nothing to hide then you have nothing to fear. Are you a conspiracy theorist?
The best choice is #1. It's the unconscious choice of most Europeans. They simply lack the arrogance necessary to perceive our little problem with problems. American's are frequently stuck between #2/#3. While these people may appear to care more they are merely sublimating the intense anxiety of their self-imposed challenge. Their choice to meet insecurity with arrogance undermines the optimization of their unlikely success. They struggle to understand their relationship to the autonomous beast that opposes them. Of course, that is only if they choose not to deny the problem exists at all.
It is worth keeping a close eye on the ongoing Microsoft Ireland suit. No matter the outcome of the current appeal the case is likely to go in front of the superme court. Should the SCOTUS rule in favour of the government request this will have grave implications for the tech sector.
And we can still argue, quite reasonably I think, that attempting to put back doors into all encrypted communication methods is a game of Whack-a-mole that we cannot win.
Sure, move everything and leave just a shell behind. Or nothing. But where would they go? Russia? China? Build an island somewhere? And what about defense?
I realize that Snowden has done a lot of good by releasing the information he has, but I really don't care what he personally has to say and his controlled release of the information demonstrates to me that what he's do is as much for attention and his ego as it is anything else.
If Snowden released it all at once, he would've lost leverage. He's playing for much higher stakes than "attention and ego". If he slips up, it's over for him.
It's pretty evident that there were several reasons for drawing it out: keep the story alive until it got mass attention, allow each release to be scrutinized and understood by the public, and to vet the information first to make sure no one is put at risk.
I thought Glenn Greenwald was the one who managed the releases. In any case, why is a journalist any more qualified that Snowden to make these decisions?
I didn't say he was more qualified. I just implied that he was not less qualified. So let's get back to my original question. Why is a journalist more qualified?
Spreading the story out allows the entire story to be told. It's not for his ego. Newspapers have X column inches to fill on a given day, and dumping it all at once would force it to be crammed into those X inches.
And it's not just him. It's Wikileaks and Glenn Greenwald, too, who clearly have motives other than ego.
Spreading the story out allows the entire story to be told.
Ok, I can see that but who is he to decide that? He's not a respected journalist with an established track record. He's the guy who stole a bunch of insider information from his employer. We don't really know what he has or what he isn't sharing with us.
Yeah that's right, he gave up his life as he knew it, became the enemy of one of the most powerful organizations and lives in constant fear just so he can feed his ego, despite every attempt at focusing the story on NSA breaches and not himself. The controlled release of information by media outlets also just so happened to have a stronger effect which had the NSA chasing their tails being caught in their own lies upon subsequent release of new information - but that was secondary, he did it to temporarily feed his ego first and foremost, and perhaps for some lulz.
It's not like he's seen a dramatic, or possibly even noticeable, degradation in the quality of his life. He just traded his life of anonymity for one of fame and constant media attention with some restrictions on where he can travel freely.
I'm sure if he'd turned the data over to a respected journalist, they'd could have managed the release of information just as well. Instead he's kept the data to himself and chooses what to release allowing him to frame the story.
Why should we trust him? I mean his biggest achievement is stealing from his employer.
Were they themselves corporations? Did they avoid taxes using a double Irish strategy? Do tell, this alternate history is becoming more interesting every second.
They had a fucking revolution over EVADING taxes by buying tea from places other than England. They weren't avoiding taxes, they were putting guns in peoples faces covering them in tar and then feathers, throwing all the taxed tea in the ocean and then proceeding to conduct their business however they saw fit, government be damned.
So yeah, in this alternate history the Founders are a lot more fucking bad ass than Apple, going so far as to commit treason to avoid taxes. (Thankfully they won so the whole treason thing was moot)
Then they teamed up with the French to cause all sorts of problems for the English King, they probably would have gotten Ireland to fuck with the English too if they weren't already doing all they could to fuck up England. They would have called it a double irish spit roast.
And now getting back to writs, you might want to see that they created the 4th fucking amendment to give a big middle finger to England being able to issue a writ for whatever the fuck they wanted.
So we don't really have to ask what the founders would have thought because they told us directly. They were so gung ho on fucking with government that they even said if this revolution doesn't work out, have another one, because why the fuck not, and created the second amendment so that if anyone wanted to put guns in people faces again to evade taxes they could.
If they were alive today they'd probably be helping Apple smuggle untaxed iPhones from China free from any sort of government restriction.
But they don't seem to be doing much to help Apple, though. They're just letting this play through, just like they let the executive gain more and more power and they didn't say anything or even encouraged it.
I don't think DOJ knows what they're doing here at all. At worst, they'll force Apple and the rest to have subsidiaries off-shore with the signing key.
We been there before and unfortunately Apple will lose. One word: CALEA [1]
USA telecommunications providers must install new hardware or software, as well as modify old equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or Internet traffic.
Change to: USA cellphone producers must alter their hardware or software, as well as modify remote equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or data traffic.
Carriers are responsible for CALEA development and implementation costs.
AFAIK nobody opposed CALEA and its been years since 2007 when it was implemented.
So unfortunately Apple will lose and their standing that corp cannot be forced to write a code or alter it because of their free will or cost possibly incurred, will not stand the chance :(
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
Apple seems protected under this clause, since they do not possess the information necessary to decrypt. This is also why the feds can't wiretap iMessage.
CALEA requires telecommunication carriers, facilities-based broadband Internet access providers and providers of interconnected VoIP service to provide "reasonably available" CII (call routing) and call content to LEA pursuant to a warrant.
CALEA does not apply and was specifically written to not apply to personal computers, phone manufacturers, OS developers, etc.
If Congress wants to take up a CALEA-2 and start another war against crypto, they are free to do it. But as written CALEA does not apply to the iPhone.
All Apple, Google, and Facebook, need to do to get public favor is add a loading spinner for 3-5 seconds on every refresh/page load and make it clear the government surveillance is the cause. I for one look forward to the 2nd American Revolution.
Or, every time you go to enter your password, present a click-through disclaimer that the FBI may have access to whatever information you are about to provide. Press "OK" to acknowledge that we cannot protect your privacy, or "Cancel" to go back to safety.
I think Apple is legally in the wrong. What the law should be is a different issue, though I also side with the government in this particular case. I don't think the government should be able to force Apple to ship backdoored phones to customers. But I think that the government should be able to require Apple to use its capabilities to hack particular devices with a court order. In other words, Apple should be free to make phones they themselves cannot hack, but not to refuse to help hack a phone that the government has a warrant for.
But I think that the government should be able to require Apple to use its capabilities to hack particular devices with a court order.
That's not the question, though: the question is whether the All Writs Act already grants that power, or whether a new piece of legislation is required.
I think that Apple is right that it is more conservative for the courts to construe the existing legislation narrowly, since the Government always has the option to put specific legislation before Congress to remove all doubt.
Legislation shouldn't be construed broadly or narrowly. It should mean what it says. Sometimes that's called 'narrowly', but that's probably in contrast to approaches where the law means whatever you want it to mean. The All Writs Act is a broad law. It grants the courts the broad authority to issue whatever orders are "necessary and appropriate" in order to enforce their judgments, so long as its "agreeable to the usages and principles of law." Congress is free to pass revisions to the All Writs Act if it pleases.
It's all very well to say "It should mean what it says.", but this is just begging the question - frequently what it says is imprecise, so the meaning is open to interpretation. In the case of the All Writs Act, for example, the Supreme Court found a three-pronged test in New York Telephone.
It's precisely because it is a very broad law that it should be construed narrowly - in this case, that it is intended to be able to compel the co-operation of parties with some real involvement in a case, not to authorise open-ended civil conscription in service of the judicial branch.
I'm not a lawyer, but I found the ruling from New York pretty interesting.
At the heart of the matter seems to be: should congress have to explicitly disallow the government from doing anything it wants? There is extensive legislation saying when companies like (or similar to) Apple need to comply with law enforcement. They are relatively new (the 90s). This means congress has considered the issue extensively, and ultimately decided to not force a company like Apple to comply with law enforcement in certain circumstances. The DOJ wants that to mean that they can still force them. However, the Judge is saying that, effectively, since the issue has been debated and congress has not forced companies Apple to help, this is a legislative choice, and thus being able to force Apple to help through the all writs act would violate the separation of powers.
Basically, if you believe the DOJ's line of thought, congress could decide not to pass a bill giving the courts the ability to do something, then the courts could still use the all writs act to give themselves that power. Because there is no law outlawing it.
I think Apple was wrong to have picked to have this battle in such a poorly defended position. The stand would have been better made over a secure device they couldn't unlock. But obviously I have to now root for Apple, hoping that a terrible intermediate precedent does not get set and that they're able to dissuade new laws as well.
At least the amended FBI request looks a lot less risky.
I'm not sure a device they couldn't unlock really solves the problem. Lets say they did have such a device. Couldn't the government just force them into building a back door even if they themselves can't unlock it?
This is the underlying argument to me, and I feel a bit like a conspiracy theorist saying it. But based on the talk about Apple or Whatsapp or the lack of documented evidence for the latest FCC ruling about wifi radios. It feels more like the government is positioning itself to have private back door access to everything. Not to mention the president basically said just that while speaking at SXSW.
Sure, which is why proprietary solutions are ultimately doomed if USG continues down its totalitarian path. But it would have been a tougher legal battle to constrain what types of software can be written in general, compared to just compelling Apple to unlock one specific device of interest using an existing backdoor. And it seems like once the easier precedent has been set, the worse one will be a much shorter leap.
> It feels more like the government is positioning itself to have private back door access to everything
That's exactly what it's doing. Total Information Awareness is more than just the name of a "cancelled" program, it's a concept which is inextricably interwoven throughout the entire intelligence community.
Apple did not pick this battle, how can you even think they would? the FBI carefully chose this case to break character and go public on despite Apple's request to have the case sealed.
This tragedy is being exploited by the FBI in order to set a legal precedent to further their surveillance powers that would compel a Technology company to use their own resources against theirs and their customers best interests.
The device in question is insecure. For example, if the proper subset of Apple employees' children were kidnapped, they'd be using their backdoor.
As such, Apple could have acted how courts expect a commercial third party to act [0], issued a security advisory for the vulnerability, and made damn sure future devices were secure. Alas, doing so would undermine their model of maintaining a backdoor to owners' devices but only wanting to use it for commercial purposes.
[0] A locksmith doesn't editorialize about which warrants to facilitate, and when he does, the government simply changes locksmiths. The novelty here is that Apple is supposedly the only locksmith that can unlock this lock, so USG wishes to compel them to engage. Given that they're an incorporated commercial entity, I don't hold out hope.
This case should really be open and shut at this point.
The real question is, what happens next in Obama's office, the DOJ and among the American public?
Obama has already tried to get Congress to give him legislation that would force tech companies to be able to give user data to the government [1]. It's slow going. I don't think we'll see that bill this month. Presumably, after that bill was delayed last year, he then directed the DOJ to go to court over these issues with Apple. I predict that fails.
The President has already alluded to the future in his remarks at SXSW. In his view, after the next terrorist attack, Congress will rush through legislation and it will be ugly.
At that point, we will be depending largely on the public's understanding of computer technology and encryption so that we can respond with an even hand. If people support encryption and let their representatives know, then we are good. But if they remain uninformed, there is a possibility that they will feel passing an anti-encryption bill would make them safer from terrorism.
Let's examine a possible future where the case is won by Apple and in the future there is a terrorist attack that used encryption to accomplish its goals.
What will happen? Will law enforcement point the finger at technologists? Will they claim we enabled the attack by blocking legislation that, in their view, would have solved the "going dark" problem they claim they face?
Further, how will the public respond? There is still currently 42% of the population who believes the government should be able to compel Apple to write software, which they do not want to write, that aids the FBI [2].
The clock is ticking. We don't know how much time we have to educate the public about encryption until the next terrorist attack. In my view, we need to,
1. seek out public figures and media who can share our message
2. come up with more concise messaging that is understandable by a non-techie
3. back it up with facts and primary sources
John Oliver is not enough. All the tech companies is not enough. This is as big as or bigger than SOPA. When we fought SOPA, we didn't have the possibility that people could blame us in the future for terrorist attacks if that bill did not pass. If and when we fight an anti-encryption bill, we will be fighting that alarmist view. We will make it much easier on ourselves if we seek to educate the public about the issues and let them make up their own minds.
If and when we fight an anti-encryption bill, we will be fighting that alarmist view.
Somehow technologists have to reframe the discussion. Up to now the government decides the emotional context, sells it to the people, and forces tech companies to react within that context. The government portrays itself as the good guys, or the protectors of society, or the moderate ones, or the fair-minded ones. To the extent that they are not protecting, moderate, or fair-minded, that's what needs to change. The government's disinformation campaign needs to stop. I don't know how to do it, but the technology world needs to set the stage, make its case, and invite the government to meet on technology's terms, not the other way around.
We should argue this issue in terms of security and the economy. Those are the terms politicians and people understand.
See [1] [2] [3] about security
About the economy, Obama himself provides the best argument there. Last year he told President Xi that anti-encryption laws would hurt his economy [4]
I'm interested in starting a grassroots campaign around this issue. Shoot me an email at stillastudent using Google's email service if you're interested in helping.
They certainly would have understood corporate legal status, and done so much better than nearly everyone who comments on it today.
And honestly I don't think it would take most of them very long to grasp the implications of mobile phones, the internet, and encryption. The Founders whose names immediately come to mind were some very intelligent and mentally agile people. While our technology may be incomprehensible to them, the social frameworks into which it fits is not.
The constitution also doesn't mention newspapers and the printing press. You don't need to anticipate the future if you're concerned with very simple ideas of liberty and democracy.
They enumerating rights to individuals against the tyranny of an oppressive government and they were very cautious about keeping the government on a short leash and putting that leash in the hands of citizens -- though they seem to think its supposed to be there other way around.
The Founders probably couldn't comprehend mobile phones and the internet, let alone modern corporations being granted personhood.
Keep in mind that the founders were some of the smartest, most educated and most powerful people on the fucking planet at the time - Franklin even contributed to our understanding of electricity - so I think that view is not only mistaken but beside the point. They had no need to debate the particular sophistry of our circumstances. The corrupting nature of power was clear to them and we should be thankful that for that.
My take as I pointed earlier, would be that they would start selling online only (go to store to look at it only) and shipping devices from Mexico for example. Or if Gov continues their witch hunt, they could clearly mark phones with backdoor from those without, hoping that black market will be able to deliver encrypted phones to those who still want to have Apple device.
Agreed... The Founding Fathers were clearly the most intelligent and capable leadership the country has ever had, but in 2016, I wouldn't ask for the opinion of a person who had signed their name on the three fifths compromise.
Also, most of them would be appalled at the size, scope, and influence of the federal government/bureaucracy and the Supreme Court.
Of course a better appeal would be to the principles of liberty outlined in the founding documents of the United States -- principles most of us take for granted.
I'm curious what you guys think the government should do differently here. There's a valid court order, there's a clear reason for this order to be executed, and the request is restricted.
They do not, for example ask for the private signing keys for iOS. That would be less work for Apple, and actually well within the rights of the govt.
An unpopular argument I realize, particularly in the post-Snowden era, but I would be curious to hear some considered reflections on how the govt should go about this differently. Assume for example that this is not Apple, but instead Enron protecting the laptop of their CTO
And if the state (or any employer) were appropriately managing their devices they'd have access to the data, known which apps were on it, and have remote wiped it.
If Loretta Lynch were informed about how encryption works, she would not be pursuing this case. As it is, she does not understand that she is wasting the time of American government and people.
She does not understand that even if the FBI can get into every Apple phone, criminals can simply choose another form of encryption software to accomplish means of hiding their communications. Assuming the FBI can force Apple to install a key logger to grant them access into encrypted apps, will the FBI then go after Samsung and HTC which are made outside the US?
The whole thing is absurd and a waste of our time. The way in which the FBI is going about this is not going to get them what they want.
I don't know how to get them what they want. That's their job to figure it out. But they should know better about encryption technology. Or someone should tell them. This has gone on too long.
I do not think you have actually read enough about this specific case. For example: the govt is not asking for "the FBI to get into every Apple phone".
If you disagree with this assertion, please provide a link where govt is asking for that.
On Tuesday, Comey said the FBI is asking for access to that specific phone but understood the decision would set a precedent for similar cases.
Asked how many iPhones the FBI would like Apple to unlock, Comey said he could not name a number but that there were "a lot" of phones that hold information needed for law enforcement investigations.
Again, I don't think you've really read what the govt is asking: yes this would set the precedent for them to request via a valid search warrant and on a case by case basis to open maybe even "a lot" of phones. My point is - grabbing the master keys would give them access to all.
Once they set precedent to get Apple to provide them with the software they need, why do you think they won't later compel Apple to provide them with the keys to let them unlock any phone?
Surely it's going to become a burden if the government has to go through Apple for every single unlock request - there may be thousands of them, so for convenience, why wouldn't they demand the software to do it themselves?
It seems like gaining access to this dead guy's phone is not really what the FBI is after - they can already get his call records and SMS's from the carriers, there's not likely to be any actionable information left on the phone.
Yes, this sets the precedent that the govt may request, with a valid court order, to compel Apple to help grab information from a specific phone.
The point I'm trying to make (repeatedly through this thread, which everyone seems to ignore) is that this is a pretty reasonable request.
Notice that it becoming a burden for the govt to request this through Apple every time is in no way a reason why the govt would legally be allowed to "demand the software to do it themselves". In fact, as every single case would require a court order, the hassle of the court order is likely a magnitude greater than asking Apple to comply.
For the govt to "demand the software to do it themselves" would be an entirely new court case. In fact, it is this very case that I do not want to see.
To not think this is where it is headed is naive. Just like the original claim of only one phone was laughable. The FBI wants to get a precedence now so that they can prevent Apple from ever making a phone that cannot be broken into. That is what this case is about and has always been about since the beginning. It is also why Apple took a stand here.
The implication that this is just about one phone is what is so demonstrably false. And it is people like you who we must seek to inform. The FBI has hundreds, if not thousands of iPhones they wish to unlock in this manner. Google it.
Further, what the DOJ does not understand is that if Apple provides the tool for opening this phone, then the government and any hackers who get ahold of that tool will be able to access any phone with the same specifications. As Tim Cook puts it, it'd be the software equivalent of cancer.
Even if the FBI has thousands of phones it wishes to unlock with a valid court order, where is the problem? Why are you against this in principle? How is your phone fundamentally different to your house?
Regarding it being like cancer - why? How can it not be like smallpox? What is hard about clean rooming these phones and hacking them?
IIRC Enron was being investigated under the RICO act. In this case no one is even being investigated for committing a crime, let alone charged with one.
Hmmm.. Unlike Enron before an investigation was started or a conviction was made, it is beyond a shadow of a doubt that several crimes were in fact committed by the users of these phones.
And if they didn't they would be charged with obstruction and that's where it would end. They would not go to Dell and force them to write software that allows a secret FBI password to get into every laptop.
The Enron case was a bad analogy because only billions of dollars were at stake: assume there were details on a Dell computer that would save a dozen or so lives. Do you think Dell wouldn't help? Do you think they shouldn't?
The case at hand is a discarded work phone -- of which call and text records are readily available to investigators. It does not represent a "clear and present danger".
Even if it did I would still fight it in the courts: Warrantless wiretapping, secret Fisa courts. Guantanamo bay prison. Lawyers and congressional leaders being electronically spied on... I do not think its safe for our democracy to continue giving the government tools to spy on citizens.
Your comment perfectly illustrates what's wrong with your side of the argument (but don't worry, you are on the side of most of HN):
Isn't the current case in fact exactly what you would hope to see from a government changing in response to gitmo and warrant less wiretapping? If not - what would you expect to see assuming the govt was changing? Honestly curious here, as you seem to want to fight the govt even in the face of "clear and present danger" and even if they had reformed.
Enron doesn't make encryption software/hardware I don't see how that is a comparable situation? Obviously there are limits to what courts can order in the pursuit of law enforcement goals, and this should be one of them.
> there's a clear reason for this order to be executed
No. They are abusing a law written two centuries ago to compel a private corporation to perform work on their behalf when they have the resources and know-how to do it themselves in this specific case. They are doing it purely to establish precedent so that they can then proceed to do the same, again and again, on an absolutely massive scale. A scale which wouldn't be possible with their resources. This is shameful and shouldn't be permitted.
> I would be curious to hear some considered reflections on how the govt should go about this differently
It's very simple. Stop trying to compel private corporations to do their job for them.
By definition having them be in more places makes them less secure, so clearly I cannot. That's my point though. The FBI is not currently asking for this. But they could.
It's also entirely possible Apple can't easily give them the key, since from what I've heard the key only exists in HSMs. Presumably they have more than one HSM, but I imagine the fact that they'd need to physically give the FBI hardware that's normally used in the course of their business would complicate matters.
> There's a valid court order, there's a clear reason for this order to be executed, and the request is restricted.
All three of these are in dispute.
1. I do not think that this is a valid court order, as I do not think it comports with the text or spirit of the All Writs act. Apple is not specifically inhibiting execution of the court order; the act in question that ostensibly inhibits government action (manufacturing a device with a particular configuration) occurred long before the acts against which the warrant was issued (the act of criminal violence).
If this is within the purview of the government on this basis, then it leaves little imaginable human activity that isn't subject to the government's whim via the All Writs Act.
2. There is no clear reason for this order to be executed because the crime has already been occurred and the subject of the warrant is deceased. Like so many search warrants, the government's request in this case does not name specifically the "things to be seized;" instead, the government wants to seize each and every thing on this phone. Presumably the government wants to seek evidence about accomplices and circumstances surrounding the crime so that it can prevent similar actions in the future. However, in order for this to pass constitutional muster landing anywhere near the text or spirit of the document, they need publicly explain precisely what they are looking for.
3. The request is not particularly restricted; it literally asks Apple to write new software to exacting government specifications.
So,
> I'm curious what you guys think the government should do differently here.
I think that the government is better suited to educate people about encryption, encourage them to protect their own security, and completely abandon the idea that software must ever work in a way that the government dictates. Much to the contrary, we'll be a freer and more prosperous country when software specifically inhibits the government's capacity to overreach and when it is made so that it is impossible to change by an actor under pressure from the government.
This is the core of my point though: by fighting this on the all writs act, you leave the govt no option but to request something that does not compel Apple to do anything: give up the master keys. If that's what you want, fine.
Re: 2
well, a democratically elected judge did. There is literally no other democratic way to figure out if a search warrant should be granted or not. I grant you that if this was your main point (which it clearly isn't) then you might have a case, as I've not looked into that part at all.
Re: 3
Either you did not read my comment carefully, or you misunderstand fundamentally what I mean by restricted: I mean restricted in terms of how much power Apple would grant to the govt. Clearly giving the master keys would be much less restricted in terms of how much power this gives the FBI than what they are currently asking. Let's be honest, this is not about comping a half dozen engineers time for a week or two.
Re: what you think the govt should do:
Honestly your argument here is weaker than anything else in your comment. So you honestly think that the way in which the government should perform their duties in terms of law enforcement is to "educate people about encryption, encourage them to protect their own security"?
Really? Okay, let's play this out: I am a terrorist, and am apprehended at JFK with my iPhone. On my iPhone, there is the contact details of my co-conspirators, already in the US and already with AK-47s ready to shoot up a primary school. Tell me exactly how "educating people about encryption, encourage them to protect their own security" would be helpful in this case?
> I am a terrorist, and am apprehended at JFK with my iPhone. On my iPhone, there is the contact details of my co-conspirators, already in the US and already with AK-47s ready to shoot up a primary school.
Maybe you watched too much 24, but that's just not how these scenarios have played out. You're making the same mistake people make when they imagine hacking being like they show it in the movies: if the good guy can just type fast enough, he can get around the bad guy's defenses, blah, blah, blah. But that's not how it's done, is it? Which makes this a strawman argument.
My point is not a strawman argument - if it was so, then you'd have to prove that nobody is arguing that the govt accessing the information on terrorists phones would be helpful in countering terrorism. The case in point proves this not to be so.
Also, your condescending tone does not help your argument, does it?
No, the government can acknowledge that it cannot compel Apple to do anything. This is in violation of all four points of the All Writs Act. It's really not even close. This is such a strange situation to try to shove into this legal framework.
Re: 2
Even if the search warrant was properly issued, the All Writs act cannot be used to expand jurisdiction to an area where the Federal Government doesn't already have it. The matter of security features on a private phone made by an entity who is not a party in this case is a rock-solid example.
Re: 3
I, and Apple, and most legal scholars who have looked at this case do not believe this order to be particularly restricted. We are talking about forcing a company to rethink a crucial engineering decision on a complex piece of equipment and dedicate engineering effort to rewrite software in such a way that is completely at odds with the needs of the customer.
Your argument is basically akin to saying, "well, they aren't saying they're going to personally kill Apple employees who don't comply, so this is actually a very moderate request."
Re: what the government needs to do if it wants to stay relevant:
You are mistaken if you think that these wild hypotheticals are the way that we make law. Nobody cares about the bizarre narrative of a kidnapper at an airport; case law is made exclusively on the basis of actual case or controversy.
In the scenario you describe, you will sadly probably succeed at an act of horrific violence; I am not moved by your suggestion that the government will be able to stop this action even if the All Writs act did apply in this situation. This is the (relatively small) price of freedom. We live in a country where one is more likely to be killed by a falling vending machine than a terrorist act, but neither is a good enough reason to completely rethink the basis of our legal system.
Of course the US govt can compel Apple to do things that are within the law. If your side wins on your narrow All Writs argument; bully for you. Stand by for the big guns.
Re: 2
So your rock solid argument is what: that I am secure from govt intrusion if I buy a Samsung as the software was made by Google? Hm..
Re: 3
Now you're talking either from ignorance or hyperbole: ain't all that hard to have them take the specific phone into a safe room with custom cloned hardware, bypass the check and unlock it. Don't see how this fundamentally changes thinking on any crucial aspect of their engineering.
(Ignoring comment about equivalency as it makes no sense, but feel free to elaborate)
Re: govt needs to do...
So there is nothing you want to contribute in a conversation about how we balance this dilemma? You don't see there ever being a case for the govt wanting access to the contents of a phone, even with a court order? What about a house or a car? If my house has a key, with a crypto seal on it, and it blows the whole house up if you pick it for more than 10 minutes, that's okay? Nobody should be compelled to help the govt get in?
The story is that the last piece of advice jobs gave tim was to do what he thought was right. I don't think he's trying to be a martyr or anything, but I bet he's trying to do what's right in the situation. Knowing they'll fight this sort of battle really had me considering apple products again honestly, and I gave up that train long ago.
I feel the same way. I don't delude myself into thinking that my individual actions have any measurable impact, but I enjoy exercising the very limited power that lies in giving money to institutions I support, and withdrawing it from those I don't. Apple's definitely on my radar again.
However, I still see no mention of protecting other nationalities. E.g. I'm French, since the 2015 attacks we have a law saying companies should snitch, the iPhone could very well save my fingerprint/pw outside the secure enclave if it ever needs to unlock it. I want to believe Apple is the one company that respects my privacy. Please, Apple, say your device fits my expectations.
They already did. Last time is in this latest brief where they say there is only one version of OS for all devices in all countries. Same is true for their other services (also mentioned in brief).
Tim Cook isn't the only one who should be standing up here.
We all, as technologists, need to do our part in educating the public. This debate will not be finished even if the court case is won by Apple.
The next time terrorists use encryption to hide their communications, who do you think the DOJ will seek to blame? They will blame technologists for blocking anti-encryption bills, and then the public will take an alarmist stance and agree to whatever the DOJ asks.
There is still currently 42% of the population who believes the government should be able to compel Apple to write software, which they do not want to write, that aids the FBI [1].
That's 42% of the population who will attack the IT industry with everything they can muster.
Think of all the Trump supporters. Then imagine that as an attack on encryption. We need to get ahead of this and educate the public and our representatives.
>The next time terrorists use encryption to hide their communications,
Has there been a first time? From my understanding to date there has not been any proven evidence that has been "hidden" away by encryption by terrorists.
In this case they have most of the info, obtained from apple under court order via the iCloud storage which Apple has full access to and can provide to Law Enforcement
In Paris the Terrorists used normal non-encrypted SMS
This entire FUD about "going dark" seems to be completely in the minds of the FBI and Prosecutors likely brought about by watching too many Bad Movies and TV Shows
True, but until such time they have proven it is an issue and that there are not other investigative avenues to be used to capture and prosecute terrorists then they should keep their hands off my encryption
That is how free societies work, we do not give up freedom simply because there might at some point in the future be a problem...
I'm not suggesting that they should break encryption, but I'd like to point out again that it's pretty hard to prove that breaking encryption is necessary in "the fight against terrorism" until they can break the encryption and show us the content.
If they get to the content in other ways we are just going to say: "aha, see you don't need to break encryption after all"
We will never know, but if the iPhone didn't happen and we were talking about a Nokia smart phone, Blackberry, etc. would we see a private company taking the same stance Apple is?
I'm not entirely sure the 1984 ad / counterculture / 'question authority' ethos is baked into other major smartphone companies quite like it is with Apple. I don't get the feeling that we would've seen the same reaction from any of the others.
I also draw attention to Jobs' spiel about the intersection of Technology and Liberal Arts. It's baked into Apple, and I think this is in part a manifestation of that.
I guess smart taxation can be called questioning authority, but claiming moral highground for [1] will be a bit hard.
There are different theories how Apple was able to struck gold with iPhone, but their success is what forcing them taking their stance. I find a bit disingenuous trying to spin this story how Apple trying to do the right thing for the people, glorifying for profit companies goes against common sense. They are doing what they deem best protects their interests, if it happens to lead to better privacy is merely a side effect, and I would argue it is thanks to all the people who were raising awareness.
I completely agree that it's not singular throughout their culture (specifically w.r.t the taxation issues you raise), but I would not be surprised if in an alternate universe where Jobs etc. didn't care about that stuff, Apple just quietly complied with the cops in this case and we as the public never heard about it.
Do you truly believe that 'Apple' or any other company couldn't spin this as holding the key to the feds doing this and thus making sure they comply with the full legal processes we expect of them, rather than letting them hack into the phones and thus circumvent the warrant process?
Ok but in the eyes of the law at the time, george washington was a terrorist (in addition to being 6 feet tall and made of radiation). Of course a guy like Paul Revere would have been pro-privacy. He needed privacy to deliver intelligence on british troop movements.
Some legal scholars view the declaration of independence as part of the constitution (and the primary part). But clearly any 'right to rebel' wasn't recognized during the civil war. So we can conclude that the climate has changed.
Notice that tim cook isn't out there fighting against apple's ability to push code or fighting for me to install debian on my ipad. He's fighting for his own institution's right to resist the orders of a larger institution. This is like the magna carta -- it was about the rights of the british aristocracy, not the lower gentry or the feudal labor force.
Now that they've crossed the IRS and DOJ off the list of federal agencies they give a crap about, next on the list might be the DMV. Apple car anyone?
If yes (and it's a big if) that's just one data point. You can just as easily argue that the industrial revolution changed the labor landscape and personal rights would have entered british common law either way.
Another law that defended the rights of feudal landowners was the fugitive slave act so if there's a pattern here I'm not seeing it.
Well, of course not all things that benefit one group benefit everyone overall, and not everything which benefits Apple benefits us.
That doesn't mean that our interests don't somewhat align with those of Apple in this case.
Iirc, the Magna Carta was one of the first to establish the limitation of the powers of kings, though the direct benefeciaries were not the common persons.
Analogously, I think this conflict , if it ends in Apple's favor, helps reinforce limits on the powers of the government.
Is that not true?
An individual, or a group of a few common people could not win against the government in a situation like this, just as the common people could not have gotten something like the Magna Carta.
Absolutist divine-right monarchy was an invention; maybe the magna carta was an early legal precedent defeating that concept in europe. But this is coming 2000 years * after * athenian democracy. What became the roman empire under legendary nut-jobs like caligula began as a republic formed from small city-states. So you can change in both directions.
This is a really interesting question (and I'm not a historian so don't take my 'legal advice' here).
I think it's important to distinguish between causes. Maybe industrial laborers never would have thought of forming a middle class in 18th century europe without the magna carta. Or maybe rights to life, property & due process are things anyone would choose any time the question is raised, but ordinary europeans couldn't get them until they could earn a living without negotiating with a feudal landowner. My vote is for economics.
I'm not likely to ever be in the situation apple is in. I'm more concerned about the courts compelling me to give my password than compelling me to write a backdoor to a device that I sold to the DOT.
There's never a right to rebel, that's sort of the definition of the word. It's a reaction that comes about when all the legal avenues have been exhausted or hit brick walls.
Well, it asserts it as a right "when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism"
Which is not that different than "all legal avenues exhausted" but you're correct, it does claim it as a literal right. Thanks for inspiring me to re-read it.
Not that international law is the same as contract law, but if you view the federal system as a treaty between each state and the white house, violation of the treaty terms could void the agreement.
The federal system does guarantee rights to the states, but treaty enforcement goes more to balance of power than the text of the agreement. Early on when the local militias were our primary fighting force and we had to hire pirates to be our navy, state rights were secure.
These days not so much. For example, I wouldn't bet on stop and frisk to stop the Army Rangers if NYC voted to return to dutch rule (or Lenape).
Also, not to be a textualist, 'right of the people to alter or abolish'.
You cannot have a right to rebel against that which grants the rights. If the government is what grants rights, then there is no problem with any rights violation as long as they declare you don't have that right.
But we tend to agree that rights are not granted by the government, and while we may not agree what does grant it, the right to rebel against that which does not grant rights does still exist.
The key point of the 10th amendment of the US constitution [0] is that the people already _have_ the rights, and do not need to have them "granted" - rather, the rights of the national state are limited. The constitution grants powers to the government and individual states, and the remaining powers and rights are already the people's.
> The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
This is in contrast to many prior systems of government, where the privileges available to a populace were whatever the monarch decided they could do, or which they had extracted as concessions from the monarchs via agreements like the Magna Carta.
"This country, with its institutions, belongs to the people who inhabit it. Whenever they shall grow weary of the existing government, they can exercise their constitutional right of amending it, or their revolutionary right to dismember it or overthrow it."
It takes the biggest, richest, most loved and most powerful companies to stand up to the insane overreach of government authority. Even then everyone sucks in their breath "Are they really daring to defy the power of the government?"
Everyone else, every other organisation is little people.
Sad that it came to be that governments rule the people instead of the government serving the people.
Yeah. Though, I would suggest that governments (in conjunction with or as tools of unelected aristocrats, feudal overlords, warlords, strongmen, etc.) have always ruled, and it's only in the past 200-300 years that the people have started to take the power unto themselves.
Democracy's a very new and quite brilliant invention, really, when you look at it in the perspective of tens of thousands of years of human social and political development.
There's another thread about this on the front page right now [1]
I suggest that we as technologists get together and inform the public about this issue. I don't know if the EFF is contacting congressmen or not, but we should be informing them and making ourselves available for their questions should they have any about computer technology.
I propose that we,
1. seek out public figures and media who can share our message
2. come up with more concise messaging that is understandable by a non-techie
3. back it up with facts and primary sources
John Oliver is not enough. All the tech companies is not enough. This is as big as or bigger than SOPA. When we fought SOPA, we didn't have the possibility that people could blame us in the future for terrorist attacks if that bill did not pass. If and when we fight an anti-encryption bill, we will be fighting that alarmist view. We will make it much easier on ourselves if we seek to educate the public about the issues and let them make up their own minds.
If contacting the campaign team directly doesn't work, you can make a thread on /r/sandersforpresident or join the Coders for Sanders slack group to influence that group. The devs behind berniesanders.com are active on there too.
It's a great idea in theory. Can you reach him or someone on his team?
I've tried to reach Bernie but have no contacts. Supposedly we're 6 degrees apart but I don't know the path. I tried contacting Ben Cohen of Ben & Jerry's, who is one of his supporters and an activist himself, but didn't hear back.
People are reluctant to address the issue on his subreddit. I've tried posting extensive information on the subject twice already [1] [2]
His supporters are not even informed enough themselves.
It's up to us and the EFF to get the message out there.
I don't have any personal connections but you can try reaching out to someone on the campaign team [1] over Twitter. It's still a shot in the dark but you're more likely to get their attention there than over email.
I've tweeted at a few groups and people recently [1]. Nobody replies or communicates on that service. They just retweet and parrot their own viewpoints.
I'll give it a shot though, thanks. I'm not really a twitter kind of person so I admit I could be doing it wrong.
A website with a nice infographic and a few FAQ's explained in relatable layman's terms(with references) would be great. Give it a straight forward domain like backdoorsaredangerous.org or whyencryptionisimportant.org or maybe both with respective information on each.
I'd be happy to do this, but I honestly don't understand all these issues well enough myself in order to do a good job scaring people as much as possible while keeping it truthful.
That'd be awesome! I know the issues pretty well. I've followed news and online discussion fairly constantly since a month ago. Shoot me an email at stillastudent, using Google's email service
I'm a developer but not a designer, and anyway it'd be great to work with more people on this
One thing I haven't figured out yet is what existing lobbying is happening out there on this issue. For example, is the EFF contacting members of Congress to inform them about encryption? I'm about to write them to ask.
The fact of the matter is that U.S. founders would be appalled by DOJ IPhone request, but the common people are not; that is a problem. It is a problem because the U.S. founders made the U.S. Constitution to tell the Federal Government that the people are free, not the other way around; The U.S. Constitution has a purpose and not a meaning e.g. Article 1 Section 8 of the constitution; The fact that a federal government entity, such as the DOJ, wants access to a private 'citizens'' (yes, legally corporations are people) intellectual property is unconstitutional. This, sadly, illustrates the mindset of the Federal Government and the status-quo. What happened to the people being jurisprudence? The Federal Government is unbound and reckless and it needs to be bound; bound by the U.S. Constitution. The U.S. Constitution that was philosophically created to serve a purpose, and that is Limited Federal Government. . .everyone seems to start in the middle of a problem, but never the beginning. Beginning here being The Federal Government and the problems it has propagated. Maybe then people will realize that its solutions are just problems, solutions that solve problems they created. Now, apropos to the topic. . .yes the founders would be appalled and so should the people. The appeal to the founders argument is an appeal to look back to history and identify with true political values that made this country so great. Else you can just "sit back and listen and they will tell you when you'r wrong. . ."
> U.S. founders would be appalled by DOJ IPhone request, but the common people are not
That's not accurate. The latest poll has more Americans supporting Apple than the DOJ [1]
And that's an improvement over the first poll which had 51% supporting the FBI [2]
Progress has been made and more can be done. Let's continue educating each other about encryption and inform our representatives how we feel. All is not lost and we can still share facts to support a reasonable course going forward.
The Founder Fathers would most certainly not be appalled by the DOJ iPhone request. After all, a Congress consisting of many of the actual Founding Fathers passed the Sedition Act (of 1798), which suppressed the right to criticize the government, and the Alien Friends Act, which allowed for the deportation of non-citizens without any due process.
Having lived through a weak government (the Articles of Confederation), the Founding Fathers viewed the Constitution as empowering the Federal Government, not restricting it.
Maybe you should read the Sedition act a little more carefully. . .it is applicable to any attempt of sedition when one criticizes the government while abiding by the constitution"to intimidate or prevent any person holding a place or office in or under the government of the United States, from undertaking, performing, or executing his trust or duty: and if any person or persons. . .by the powers invested to they/them [entity] by the U.S. Constitution. . ."
Look at the people arrested under the Sedition Act and the purpose with which it was passed. It was passed, and used, by the Federalists to suppress the more outspoken Democratic-Republicans, some of whom were arrested for doing nothing more than criticizing the government.
It's interesting that you point that out; Since the Sedition Act was passed by a Federalist dominated party it only further supports my premise of the U.S. Constitution having a purpose not a meaning for interpretation, which is what the Federalists were doing. . .they wanted to expand the Federal Government (Nationalize), Central Banking System and relationships with the British Monarchy (empire) for which was the complete antithesis of the purpose for the constitution. We are getting into the follies of going against the constitution *past and present (as Thomas Jefferson always argued); we are digging deep; and that is good.
Now, why is the U.S.A a Democratic Republic and not a Democracy? Why is the power to coin money a job exclusive to the Federal Government? (article 1 section 8) (as opposed to the FIAT system of today? I ask you
I disagree completely. The constitution set very serious boundaries of what the government can do and its role. It may be empowering within that role, but it certainly was a leash.
The constitution sets forth very real protections for the accused, for defendants. I see very little that could be stretched to apply to a third party that chooses not to comply with a lawfully obtained order because they disagree with it.
Frankly I doubt the Founding Fathers would ever have conceived of a third party daring to issue a bare-faced refusal to comply with a lawfully obtained order. They would surely have expected that this would immediately turn that individual (or corporate person, as the case may well be in this age) into another defendant, for a new crime.
I really don't know what Apple is thinking. They should have set a line in the sand when they legitimately could do nothing to gain access to the data, as they're so close to having completed in recent hardware/OS revs. That would force congress to pass legislation outlawing secure crypto, or give up. That would be an interesting thing to see, no doubt.
But this? They're playing a very dangerous game for very low stakes, and the only obvious rationale for doing it is the one that the government can and probably will argue is at work, which is as a PR move.
And a judge's signature outweighs your stock price any damn day of the week. Stupid/reckless is my first impression, or maybe it is just brilliant PR. But as a general rule, don't fight city hall for bragging rights. The real fight will happen once you say "tough luck, nothing anybody can do, you want to break in, go talk to to the quantum cryptographers".
Apple's response addresses almost every point you bring up, so I'm guessing you didn't read it. Which is probably why you're posting with a throwaway account.
The whole purpose of this litigation is to determine whether the order was "lawfully obtained."
As for drawing a line in the sand, it appears that the limit that they will not cross in cooperating with law enforcement is in actively creating new features that make the phone easier to hack.
This paints an unfair portrait of the average American. It isn't that they don't care, they just aren't as technologically savvy as this audience.
Take the Edward Snowden leaks. John Oliver did a wonderful segment interviewing people about NSA surveillance.[1] If you ask an average citizen if they are for or against "Section 215" or "X-Keyscore", they'll fall back on vague national security scare quotes. If you ask them if the government should see your dick-pics, then they start to understand what is at stake.
In many people's minds, what the FBI is saying makes sense. What's the big deal? They want to access a single iPhone from a terrorist.
Teach people that it means their nude photos could be accessed by any law enforcement official and I think you'll find that people really do care.
They don't care. While Oliver was able to ask questions to revoke a current response, you could ask similar questions that preyed upon the 'anything to catch the bad guy' mentality and you would see people handing over their rights. The core of this is that the people have been conditioned to hand over their rights and have been conditioned to not realize they are even doing such. Oliver exposed the latter, but the former still exists.
On a technical level I really don't understand something about this situation. All the discussion I see presupposes that the only option for Apple to comply with the FBI is to build & sign this new version of iOS, and then give it to the government, who will distribute it internally to unlock hundreds of phones held as evidence in local court cases across the country, at which point it may or may not (but probably will) be stolen.
It seems like there's another possibility, where Apple takes the phone, signs the compromised version of iOS on an air-gapped computer deep in Cupertino somewhere, decrypts the phone, sends the decrypted hard drive image to the FBI, and then erases the signed version of the software. Why would this process have any higher risk of being compromised than Apple's normal release process for signing new iOS versions?
I get the reason this case matters at a more fundamental level, the precedent it sets and whether or not the government can force Apple to spy on its customers. But there's been so much focus on the technical feasibility of it, and it seems like Apple is exaggerating the argument that it's absolutely impossible to build this new iOS version without it being hacked.
> and then erases the signed version of the software.
And the entire development tree? The local repos on the computer of every engineer that touches it?
You realize that even nuclear secrets get stolen, right? Even the NSA's dirty laundry got aired in public. No serious product remains in the dark forever.
All of which are useless if you don't have Apple's signing key.
The code to ignore the lockout is quite possibly a 1 line fix.
This case wouldn't be needed were that not the case, since otherwise it would be almost trivial to dump an iPhone's firmware image and hex edit the relevant code out.
Not really. Consider this - right now a key part of the discussion is whether compelling Apple to write this software is an undue burden. Most reasonable people would agree that it would take quite some effort. However, if Apple did it once for the terrorist's phone (which no one objects to) then every subsequent request would have minimal burden attached to it. Thus they would have to comply to any subsequent request to unlock, even if the phone didn't belong to a terrorist. What if it only belonged to a whistleblower or humans rights activist? Too bad, minimal burden.
If it becomes common enough, Congress wouldn't face much opposition if they passed a law saying that the status quo (on demand unlocking) be maintained by smartphone manufacturers.
I suggest you actually read up on the filings from both sides before talking so much.
But, by fighting this case on the all writs, they're basically staking their whole position on: "the govt can't compel a private firm to work on their behalf". If that wins, then what's to stop the govt requesting master keys for iOS? Much less work, bypasses all writs.
My point is: the FBI did this by the book (court order). You and most everyone else here makes the assumption that granting this means the FBI can do whatever the hell they like from there on in. That's not true. They would still need court orders.
It is about the future of encryption. If the FBI wins and gets Apple to unlock the phone, will Apple be held in contempt later when they make a phone that they makes them unable to comply with a court order?
> Why would this process have any higher risk of being compromised than Apple's normal release process for signing new iOS versions?
It wouldn't. In fact, since every iOS restore contacts an Apple server to re-sign the firmware with a device-specific chip ID and unique nonce[1], all Apple would have to do is configure the signing server to sign the government firmware only for approved ECIDs (which might require some engineering effort to ensure that the internal process for adding images/ECIDs is secure and well-documented, but nothing unreasonable). Because the signing server is already connected to the Internet rather than, say, airgapped and brought out only when a new firmware needs to be signed, signing additional/alternate images wouldn't increase the risk of key compromise.
I support Apple's moral stance but hell if the "hacker risk" part of their argument isn't bullshit.
Every DA and police department will show up with a stack of phones after the first unlock. Apple would now be responsible for decrypting phones day and night. This has already happened with a department in NYC that wants 100+ iPhones unlocked.
The FBI don't want the data on the phone, it has nothing of value, it's a consent-to-monitor work phone the FBI already has 6 weeks iCloud backups of, that wasn't at the scene of the crime and Farook didn't attempt to destroy, unlike his personal phone which was both at the scene and destroyed.
The FBI didn't ask for the data because they don't want it, they're after the legal precedent that compels any Technology's own company resources against them to compromise the security of their own products so they can use it to compel the hundreds of other phones they have in their possession that they also want unlocked.
Despite having no chance of producing anything meaningful, the FBI chose this tragedy to break character and go Public on because they're using the tragedy for maximimum PR and Political effect to increase their surveillance powers - frankly I find it dispicable that a law enforcement agency is so transparent, egregious and has stooped to such lows to make be making personal statements against Apple they know to be completely false so they can enrich their political agenda.
I'll take this a step further. Ultimately Director James Comey and the FBI want a future where it is illegal or impractical to deploy strong encryption without key escrow.
Few companies, actually practically no one, will offer encryption if it's going to cost them tremendous amounts of money and engineer time to hack each and every device on a piecemeal basis. The siren call of key escrow or an alternate decryption key that they maintain will be irresistible. Or the industry will move back in the direction of unencrypted devices, which would be just fine by the FBI.
308 comments
[ 2.5 ms ] story [ 269 ms ] threadhttps://news.ycombinator.com/item?id=11294164
https://news.ycombinator.com/item?id=11293982
https://news.ycombinator.com/item?id=11293795
https://news.ycombinator.com/item?id=11293778
https://news.ycombinator.com/item?id=11293514
https://www.law.cornell.edu/rules/frcrmp/rule_59
If this was about the gov't simply making new laws we wouldn't be having this discussion right? Fortunately we live in a country where the gov't can't simply outlaw things.
Right now, it would be very unconstitutional (a denial of due process) to prevent Apple from appealing the ruling.
Of course it doesn't stop any particular government from making it illegal to sell unbackdoorable phones in their country.
[1] http://www.iacr.org/archive/eurocrypt2000/1807/18070209-new....
1. The software that verifies the certificate doesn't need to be changed - which is quite an advantage if it has already been shipped, or if you need to change the signing rules at a later date.
2. The verification logic is exactly the same as if checking a regular, single signature certificate. Nice and simple, no bugs related to whether all criteria have been met by multiple certificates.
1. Abandon the pleasant safety of arrogance. Accept the non-totality of your control. Be practical. Do what you can. Risk the indignant judgement of someone that chose #2.
2. Abandon the intuition of humility. Be the solution. Assume you're the next Great Thinker in social progress. The MLK for problem x. Change the world. Care. Inspire people. Avoid narcissism.
3. Capitulate to the most primitive defense: denial/apathy. The government isn't spying on us. If you have nothing to hide then you have nothing to fear. Are you a conspiracy theorist?
The best choice is #1. It's the unconscious choice of most Europeans. They simply lack the arrogance necessary to perceive our little problem with problems. American's are frequently stuck between #2/#3. While these people may appear to care more they are merely sublimating the intense anxiety of their self-imposed challenge. Their choice to meet insecurity with arrogance undermines the optimization of their unlikely success. They struggle to understand their relationship to the autonomous beast that opposes them. Of course, that is only if they choose not to deny the problem exists at all.
https://en.wikipedia.org/wiki/Microsoft_Corporation_v._Unite...
And we can still argue, quite reasonably I think, that attempting to put back doors into all encrypted communication methods is a game of Whack-a-mole that we cannot win.
Edit: I seem to have found it: https://assets.documentcloud.org/documents/2762131/C-D-Cal-1...
(Found via this article: https://www.techdirt.com/articles/20160315/15505433916/apple...)
https://assets.documentcloud.org/documents/2762149/Supp-Neue...
And it's not just him. It's Wikileaks and Glenn Greenwald, too, who clearly have motives other than ego.
Ok, I can see that but who is he to decide that? He's not a respected journalist with an established track record. He's the guy who stole a bunch of insider information from his employer. We don't really know what he has or what he isn't sharing with us.
I'm sure if he'd turned the data over to a respected journalist, they'd could have managed the release of information just as well. Instead he's kept the data to himself and chooses what to release allowing him to frame the story.
Why should we trust him? I mean his biggest achievement is stealing from his employer.
https://en.wikipedia.org/wiki/Tea_Act
So yeah, in this alternate history the Founders are a lot more fucking bad ass than Apple, going so far as to commit treason to avoid taxes. (Thankfully they won so the whole treason thing was moot)
Then they teamed up with the French to cause all sorts of problems for the English King, they probably would have gotten Ireland to fuck with the English too if they weren't already doing all they could to fuck up England. They would have called it a double irish spit roast.
And now getting back to writs, you might want to see that they created the 4th fucking amendment to give a big middle finger to England being able to issue a writ for whatever the fuck they wanted.
So we don't really have to ask what the founders would have thought because they told us directly. They were so gung ho on fucking with government that they even said if this revolution doesn't work out, have another one, because why the fuck not, and created the second amendment so that if anyone wanted to put guns in people faces again to evade taxes they could.
If they were alive today they'd probably be helping Apple smuggle untaxed iPhones from China free from any sort of government restriction.
Isn't that what the government is supposed to represent. Sigh...
USA telecommunications providers must install new hardware or software, as well as modify old equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or Internet traffic.
Change to: USA cellphone producers must alter their hardware or software, as well as modify remote equipment, so that it doesn't interfere with the ability of a law enforcement agency (LEA) to perform real-time surveillance of any telephone or data traffic.
Carriers are responsible for CALEA development and implementation costs.
AFAIK nobody opposed CALEA and its been years since 2007 when it was implemented.
So unfortunately Apple will lose and their standing that corp cannot be forced to write a code or alter it because of their free will or cost possibly incurred, will not stand the chance :(
[1] https://en.wikipedia.org/wiki/Communications_Assistance_for_...
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
Apple seems protected under this clause, since they do not possess the information necessary to decrypt. This is also why the feds can't wiretap iMessage.
CALEA text: https://www.law.cornell.edu/uscode/text/47/1002
CALEA does not apply and was specifically written to not apply to personal computers, phone manufacturers, OS developers, etc.
If Congress wants to take up a CALEA-2 and start another war against crypto, they are free to do it. But as written CALEA does not apply to the iPhone.
Also nice to see the random comment downvotes continuing without anyone bothering to actually respond.
Even Obama made remarks which included the word "fetishizing", etc.
That's not the question, though: the question is whether the All Writs Act already grants that power, or whether a new piece of legislation is required.
I think that Apple is right that it is more conservative for the courts to construe the existing legislation narrowly, since the Government always has the option to put specific legislation before Congress to remove all doubt.
It's precisely because it is a very broad law that it should be construed narrowly - in this case, that it is intended to be able to compel the co-operation of parties with some real involvement in a case, not to authorise open-ended civil conscription in service of the judicial branch.
At the heart of the matter seems to be: should congress have to explicitly disallow the government from doing anything it wants? There is extensive legislation saying when companies like (or similar to) Apple need to comply with law enforcement. They are relatively new (the 90s). This means congress has considered the issue extensively, and ultimately decided to not force a company like Apple to comply with law enforcement in certain circumstances. The DOJ wants that to mean that they can still force them. However, the Judge is saying that, effectively, since the issue has been debated and congress has not forced companies Apple to help, this is a legislative choice, and thus being able to force Apple to help through the all writs act would violate the separation of powers.
Basically, if you believe the DOJ's line of thought, congress could decide not to pass a bill giving the courts the ability to do something, then the courts could still use the all writs act to give themselves that power. Because there is no law outlawing it.
At least the amended FBI request looks a lot less risky.
This is the underlying argument to me, and I feel a bit like a conspiracy theorist saying it. But based on the talk about Apple or Whatsapp or the lack of documented evidence for the latest FCC ruling about wifi radios. It feels more like the government is positioning itself to have private back door access to everything. Not to mention the president basically said just that while speaking at SXSW.
That's exactly what it's doing. Total Information Awareness is more than just the name of a "cancelled" program, it's a concept which is inextricably interwoven throughout the entire intelligence community.
This tragedy is being exploited by the FBI in order to set a legal precedent to further their surveillance powers that would compel a Technology company to use their own resources against theirs and their customers best interests.
As such, Apple could have acted how courts expect a commercial third party to act [0], issued a security advisory for the vulnerability, and made damn sure future devices were secure. Alas, doing so would undermine their model of maintaining a backdoor to owners' devices but only wanting to use it for commercial purposes.
[0] A locksmith doesn't editorialize about which warrants to facilitate, and when he does, the government simply changes locksmiths. The novelty here is that Apple is supposedly the only locksmith that can unlock this lock, so USG wishes to compel them to engage. Given that they're an incorporated commercial entity, I don't hold out hope.
See my comments
The real question is, what happens next in Obama's office, the DOJ and among the American public?
Obama has already tried to get Congress to give him legislation that would force tech companies to be able to give user data to the government [1]. It's slow going. I don't think we'll see that bill this month. Presumably, after that bill was delayed last year, he then directed the DOJ to go to court over these issues with Apple. I predict that fails.
The President has already alluded to the future in his remarks at SXSW. In his view, after the next terrorist attack, Congress will rush through legislation and it will be ugly.
At that point, we will be depending largely on the public's understanding of computer technology and encryption so that we can respond with an even hand. If people support encryption and let their representatives know, then we are good. But if they remain uninformed, there is a possibility that they will feel passing an anti-encryption bill would make them safer from terrorism.
Let's examine a possible future where the case is won by Apple and in the future there is a terrorist attack that used encryption to accomplish its goals.
What will happen? Will law enforcement point the finger at technologists? Will they claim we enabled the attack by blocking legislation that, in their view, would have solved the "going dark" problem they claim they face?
Further, how will the public respond? There is still currently 42% of the population who believes the government should be able to compel Apple to write software, which they do not want to write, that aids the FBI [2].
The clock is ticking. We don't know how much time we have to educate the public about encryption until the next terrorist attack. In my view, we need to,
1. seek out public figures and media who can share our message 2. come up with more concise messaging that is understandable by a non-techie 3. back it up with facts and primary sources
John Oliver is not enough. All the tech companies is not enough. This is as big as or bigger than SOPA. When we fought SOPA, we didn't have the possibility that people could blame us in the future for terrorist attacks if that bill did not pass. If and when we fight an anti-encryption bill, we will be fighting that alarmist view. We will make it much easier on ourselves if we seek to educate the public about the issues and let them make up their own minds.
[1] http://www.politico.com/tipsheets/morning-cybersecurity/2016...
[2] http://www.dailydot.com/politics/apple-iphone-doj-fbi-wall-s...
Somehow technologists have to reframe the discussion. Up to now the government decides the emotional context, sells it to the people, and forces tech companies to react within that context. The government portrays itself as the good guys, or the protectors of society, or the moderate ones, or the fair-minded ones. To the extent that they are not protecting, moderate, or fair-minded, that's what needs to change. The government's disinformation campaign needs to stop. I don't know how to do it, but the technology world needs to set the stage, make its case, and invite the government to meet on technology's terms, not the other way around.
See [1] [2] [3] about security
About the economy, Obama himself provides the best argument there. Last year he told President Xi that anti-encryption laws would hurt his economy [4]
I'm interested in starting a grassroots campaign around this issue. Shoot me an email at stillastudent using Google's email service if you're interested in helping.
[1] https://youtu.be/g1GgnbN9oNw?t=3h35m52s
[2] https://youtu.be/g1GgnbN9oNw?t=3h11m46s
[3] https://youtu.be/g1GgnbN9oNw?t=3h19m39s
[4] http://www.reuters.com/article/us-usa-obama-china-idUSKBN0LY...
So, who knows.
And honestly I don't think it would take most of them very long to grasp the implications of mobile phones, the internet, and encryption. The Founders whose names immediately come to mind were some very intelligent and mentally agile people. While our technology may be incomprehensible to them, the social frameworks into which it fits is not.
They enumerating rights to individuals against the tyranny of an oppressive government and they were very cautious about keeping the government on a short leash and putting that leash in the hands of citizens -- though they seem to think its supposed to be there other way around.
Keep in mind that the founders were some of the smartest, most educated and most powerful people on the fucking planet at the time - Franklin even contributed to our understanding of electricity - so I think that view is not only mistaken but beside the point. They had no need to debate the particular sophistry of our circumstances. The corrupting nature of power was clear to them and we should be thankful that for that.
Would Apple have to re-incorporate outside of the U.S.A?
(1) They could barely agree on anything, so it's not like they would magically agree today
(2) They would also be appalled by women's rights / civil rights, so I don't think this is a good test
Also, most of them would be appalled at the size, scope, and influence of the federal government/bureaucracy and the Supreme Court.
Of course a better appeal would be to the principles of liberty outlined in the founding documents of the United States -- principles most of us take for granted.
She does not understand that even if the FBI can get into every Apple phone, criminals can simply choose another form of encryption software to accomplish means of hiding their communications. Assuming the FBI can force Apple to install a key logger to grant them access into encrypted apps, will the FBI then go after Samsung and HTC which are made outside the US?
The whole thing is absurd and a waste of our time. The way in which the FBI is going about this is not going to get them what they want.
I don't know how to get them what they want. That's their job to figure it out. But they should know better about encryption technology. Or someone should tell them. This has gone on too long.
At this point her actions become a lot easier to understand.
If you disagree with this assertion, please provide a link where govt is asking for that.
On Tuesday, Comey said the FBI is asking for access to that specific phone but understood the decision would set a precedent for similar cases.
Asked how many iPhones the FBI would like Apple to unlock, Comey said he could not name a number but that there were "a lot" of phones that hold information needed for law enforcement investigations.
http://www.reuters.com/article/apple-encryption-congress-com...
Surely it's going to become a burden if the government has to go through Apple for every single unlock request - there may be thousands of them, so for convenience, why wouldn't they demand the software to do it themselves?
It seems like gaining access to this dead guy's phone is not really what the FBI is after - they can already get his call records and SMS's from the carriers, there's not likely to be any actionable information left on the phone.
The point I'm trying to make (repeatedly through this thread, which everyone seems to ignore) is that this is a pretty reasonable request.
Notice that it becoming a burden for the govt to request this through Apple every time is in no way a reason why the govt would legally be allowed to "demand the software to do it themselves". In fact, as every single case would require a court order, the hassle of the court order is likely a magnitude greater than asking Apple to comply.
For the govt to "demand the software to do it themselves" would be an entirely new court case. In fact, it is this very case that I do not want to see.
So when Apple makes the iPhone 7 such that even Apple cannot unlock the phone what happens?
The point I'm trying to make relates to the facts as they are before us.
The implication that this is just about one phone is what is so demonstrably false. And it is people like you who we must seek to inform. The FBI has hundreds, if not thousands of iPhones they wish to unlock in this manner. Google it.
Further, what the DOJ does not understand is that if Apple provides the tool for opening this phone, then the government and any hackers who get ahold of that tool will be able to access any phone with the same specifications. As Tim Cook puts it, it'd be the software equivalent of cancer.
Regarding it being like cancer - why? How can it not be like smallpox? What is hard about clean rooming these phones and hacking them?
Specifics please.
Even if it did I would still fight it in the courts: Warrantless wiretapping, secret Fisa courts. Guantanamo bay prison. Lawyers and congressional leaders being electronically spied on... I do not think its safe for our democracy to continue giving the government tools to spy on citizens.
Isn't the current case in fact exactly what you would hope to see from a government changing in response to gitmo and warrant less wiretapping? If not - what would you expect to see assuming the govt was changing? Honestly curious here, as you seem to want to fight the govt even in the face of "clear and present danger" and even if they had reformed.
No. They are abusing a law written two centuries ago to compel a private corporation to perform work on their behalf when they have the resources and know-how to do it themselves in this specific case. They are doing it purely to establish precedent so that they can then proceed to do the same, again and again, on an absolutely massive scale. A scale which wouldn't be possible with their resources. This is shameful and shouldn't be permitted.
> I would be curious to hear some considered reflections on how the govt should go about this differently
It's very simple. Stop trying to compel private corporations to do their job for them.
I trust those keys with Apple far more than the FBI.
[citation needed]
It's also entirely possible Apple can't easily give them the key, since from what I've heard the key only exists in HSMs. Presumably they have more than one HSM, but I imagine the fact that they'd need to physically give the FBI hardware that's normally used in the course of their business would complicate matters.
https://en.m.wikipedia.org/wiki/Fourth_Amendment_to_the_Unit...
All three of these are in dispute.
1. I do not think that this is a valid court order, as I do not think it comports with the text or spirit of the All Writs act. Apple is not specifically inhibiting execution of the court order; the act in question that ostensibly inhibits government action (manufacturing a device with a particular configuration) occurred long before the acts against which the warrant was issued (the act of criminal violence).
If this is within the purview of the government on this basis, then it leaves little imaginable human activity that isn't subject to the government's whim via the All Writs Act.
2. There is no clear reason for this order to be executed because the crime has already been occurred and the subject of the warrant is deceased. Like so many search warrants, the government's request in this case does not name specifically the "things to be seized;" instead, the government wants to seize each and every thing on this phone. Presumably the government wants to seek evidence about accomplices and circumstances surrounding the crime so that it can prevent similar actions in the future. However, in order for this to pass constitutional muster landing anywhere near the text or spirit of the document, they need publicly explain precisely what they are looking for.
3. The request is not particularly restricted; it literally asks Apple to write new software to exacting government specifications.
So,
> I'm curious what you guys think the government should do differently here.
I think that the government is better suited to educate people about encryption, encourage them to protect their own security, and completely abandon the idea that software must ever work in a way that the government dictates. Much to the contrary, we'll be a freer and more prosperous country when software specifically inhibits the government's capacity to overreach and when it is made so that it is impossible to change by an actor under pressure from the government.
This is the core of my point though: by fighting this on the all writs act, you leave the govt no option but to request something that does not compel Apple to do anything: give up the master keys. If that's what you want, fine.
Re: 2
well, a democratically elected judge did. There is literally no other democratic way to figure out if a search warrant should be granted or not. I grant you that if this was your main point (which it clearly isn't) then you might have a case, as I've not looked into that part at all.
Re: 3
Either you did not read my comment carefully, or you misunderstand fundamentally what I mean by restricted: I mean restricted in terms of how much power Apple would grant to the govt. Clearly giving the master keys would be much less restricted in terms of how much power this gives the FBI than what they are currently asking. Let's be honest, this is not about comping a half dozen engineers time for a week or two.
Re: what you think the govt should do:
Honestly your argument here is weaker than anything else in your comment. So you honestly think that the way in which the government should perform their duties in terms of law enforcement is to "educate people about encryption, encourage them to protect their own security"? Really? Okay, let's play this out: I am a terrorist, and am apprehended at JFK with my iPhone. On my iPhone, there is the contact details of my co-conspirators, already in the US and already with AK-47s ready to shoot up a primary school. Tell me exactly how "educating people about encryption, encourage them to protect their own security" would be helpful in this case?
Maybe you watched too much 24, but that's just not how these scenarios have played out. You're making the same mistake people make when they imagine hacking being like they show it in the movies: if the good guy can just type fast enough, he can get around the bad guy's defenses, blah, blah, blah. But that's not how it's done, is it? Which makes this a strawman argument.
Also, your condescending tone does not help your argument, does it?
No, the government can acknowledge that it cannot compel Apple to do anything. This is in violation of all four points of the All Writs Act. It's really not even close. This is such a strange situation to try to shove into this legal framework.
Re: 2
Even if the search warrant was properly issued, the All Writs act cannot be used to expand jurisdiction to an area where the Federal Government doesn't already have it. The matter of security features on a private phone made by an entity who is not a party in this case is a rock-solid example.
Re: 3
I, and Apple, and most legal scholars who have looked at this case do not believe this order to be particularly restricted. We are talking about forcing a company to rethink a crucial engineering decision on a complex piece of equipment and dedicate engineering effort to rewrite software in such a way that is completely at odds with the needs of the customer.
Your argument is basically akin to saying, "well, they aren't saying they're going to personally kill Apple employees who don't comply, so this is actually a very moderate request."
Re: what the government needs to do if it wants to stay relevant:
You are mistaken if you think that these wild hypotheticals are the way that we make law. Nobody cares about the bizarre narrative of a kidnapper at an airport; case law is made exclusively on the basis of actual case or controversy.
In the scenario you describe, you will sadly probably succeed at an act of horrific violence; I am not moved by your suggestion that the government will be able to stop this action even if the All Writs act did apply in this situation. This is the (relatively small) price of freedom. We live in a country where one is more likely to be killed by a falling vending machine than a terrorist act, but neither is a good enough reason to completely rethink the basis of our legal system.
Of course the US govt can compel Apple to do things that are within the law. If your side wins on your narrow All Writs argument; bully for you. Stand by for the big guns.
Re: 2
So your rock solid argument is what: that I am secure from govt intrusion if I buy a Samsung as the software was made by Google? Hm..
Re: 3
Now you're talking either from ignorance or hyperbole: ain't all that hard to have them take the specific phone into a safe room with custom cloned hardware, bypass the check and unlock it. Don't see how this fundamentally changes thinking on any crucial aspect of their engineering.
(Ignoring comment about equivalency as it makes no sense, but feel free to elaborate)
Re: govt needs to do...
So there is nothing you want to contribute in a conversation about how we balance this dilemma? You don't see there ever being a case for the govt wanting access to the contents of a phone, even with a court order? What about a house or a car? If my house has a key, with a crypto seal on it, and it blows the whole house up if you pick it for more than 10 minutes, that's okay? Nobody should be compelled to help the govt get in?
We all, as technologists, need to do our part in educating the public. This debate will not be finished even if the court case is won by Apple.
The next time terrorists use encryption to hide their communications, who do you think the DOJ will seek to blame? They will blame technologists for blocking anti-encryption bills, and then the public will take an alarmist stance and agree to whatever the DOJ asks.
There is still currently 42% of the population who believes the government should be able to compel Apple to write software, which they do not want to write, that aids the FBI [1].
That's 42% of the population who will attack the IT industry with everything they can muster.
Think of all the Trump supporters. Then imagine that as an attack on encryption. We need to get ahead of this and educate the public and our representatives.
[1] http://www.politico.com/tipsheets/morning-cybersecurity/2016...
Has there been a first time? From my understanding to date there has not been any proven evidence that has been "hidden" away by encryption by terrorists.
In this case they have most of the info, obtained from apple under court order via the iCloud storage which Apple has full access to and can provide to Law Enforcement
In Paris the Terrorists used normal non-encrypted SMS
This entire FUD about "going dark" seems to be completely in the minds of the FBI and Prosecutors likely brought about by watching too many Bad Movies and TV Shows
To be fair it's hard to know if there has been since we can't take a peek into the encryption
That is how free societies work, we do not give up freedom simply because there might at some point in the future be a problem...
If they get to the content in other ways we are just going to say: "aha, see you don't need to break encryption after all"
We will never know, but if the iPhone didn't happen and we were talking about a Nokia smart phone, Blackberry, etc. would we see a private company taking the same stance Apple is?
I also draw attention to Jobs' spiel about the intersection of Technology and Liberal Arts. It's baked into Apple, and I think this is in part a manifestation of that.
Walled gardens are sooooo counterculture init?
1. http://arstechnica.com/business/2015/10/apple-google-microso...
Do you truly believe that 'Apple' or any other company couldn't spin this as holding the key to the feds doing this and thus making sure they comply with the full legal processes we expect of them, rather than letting them hack into the phones and thus circumvent the warrant process?
Some legal scholars view the declaration of independence as part of the constitution (and the primary part). But clearly any 'right to rebel' wasn't recognized during the civil war. So we can conclude that the climate has changed.
Notice that tim cook isn't out there fighting against apple's ability to push code or fighting for me to install debian on my ipad. He's fighting for his own institution's right to resist the orders of a larger institution. This is like the magna carta -- it was about the rights of the british aristocracy, not the lower gentry or the feudal labor force.
Now that they've crossed the IRS and DOJ off the list of federal agencies they give a crap about, next on the list might be the DMV. Apple car anyone?
Another law that defended the rights of feudal landowners was the fugitive slave act so if there's a pattern here I'm not seeing it.
That doesn't mean that our interests don't somewhat align with those of Apple in this case.
Iirc, the Magna Carta was one of the first to establish the limitation of the powers of kings, though the direct benefeciaries were not the common persons.
Analogously, I think this conflict , if it ends in Apple's favor, helps reinforce limits on the powers of the government.
Is that not true?
An individual, or a group of a few common people could not win against the government in a situation like this, just as the common people could not have gotten something like the Magna Carta.
It seems analogous?
This is a really interesting question (and I'm not a historian so don't take my 'legal advice' here).
I think it's important to distinguish between causes. Maybe industrial laborers never would have thought of forming a middle class in 18th century europe without the magna carta. Or maybe rights to life, property & due process are things anyone would choose any time the question is raised, but ordinary europeans couldn't get them until they could earn a living without negotiating with a feudal landowner. My vote is for economics.
I'm not likely to ever be in the situation apple is in. I'm more concerned about the courts compelling me to give my password than compelling me to write a backdoor to a device that I sold to the DOT.
If the DoI is a reflection of understood common law, and it asserts a right to rebel (which, of course, it does), then there is a right to rebel.
Which is not that different than "all legal avenues exhausted" but you're correct, it does claim it as a literal right. Thanks for inspiring me to re-read it.
The federal system does guarantee rights to the states, but treaty enforcement goes more to balance of power than the text of the agreement. Early on when the local militias were our primary fighting force and we had to hire pirates to be our navy, state rights were secure.
These days not so much. For example, I wouldn't bet on stop and frisk to stop the Army Rangers if NYC voted to return to dutch rule (or Lenape).
Also, not to be a textualist, 'right of the people to alter or abolish'.
It's not just John Locke and Thomas Paine making up theories; the page goes on to list several constitutions that explicitly grant this right.
But we tend to agree that rights are not granted by the government, and while we may not agree what does grant it, the right to rebel against that which does not grant rights does still exist.
> The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
This is in contrast to many prior systems of government, where the privileges available to a populace were whatever the monarch decided they could do, or which they had extracted as concessions from the monarchs via agreements like the Magna Carta.
0: http://constitutioncenter.org/interactive-constitution/amend...
http://thenextweb.com/apple/2011/10/27/mystery-solved-why-st...
Why should they? Freedom is not about giving @awinter-py the product that @awinter-py approves of.
Shouldn't we be happy when a corporation has interests that ACTUALLY fucking align with ours?
-Abraham Lincoln
Everyone else, every other organisation is little people.
Sad that it came to be that governments rule the people instead of the government serving the people.
Democracy's a very new and quite brilliant invention, really, when you look at it in the perspective of tens of thousands of years of human social and political development.
I suggest that we as technologists get together and inform the public about this issue. I don't know if the EFF is contacting congressmen or not, but we should be informing them and making ourselves available for their questions should they have any about computer technology.
I propose that we,
1. seek out public figures and media who can share our message
2. come up with more concise messaging that is understandable by a non-techie
3. back it up with facts and primary sources
John Oliver is not enough. All the tech companies is not enough. This is as big as or bigger than SOPA. When we fought SOPA, we didn't have the possibility that people could blame us in the future for terrorist attacks if that bill did not pass. If and when we fight an anti-encryption bill, we will be fighting that alarmist view. We will make it much easier on ourselves if we seek to educate the public about the issues and let them make up their own minds.
[1] https://news.ycombinator.com/item?id=11293949
If contacting the campaign team directly doesn't work, you can make a thread on /r/sandersforpresident or join the Coders for Sanders slack group to influence that group. The devs behind berniesanders.com are active on there too.
I've tried to reach Bernie but have no contacts. Supposedly we're 6 degrees apart but I don't know the path. I tried contacting Ben Cohen of Ben & Jerry's, who is one of his supporters and an activist himself, but didn't hear back.
People are reluctant to address the issue on his subreddit. I've tried posting extensive information on the subject twice already [1] [2]
His supporters are not even informed enough themselves.
It's up to us and the EFF to get the message out there.
[1] https://www.reddit.com/r/SandersForPresident/comments/474b28...
[2] https://www.reddit.com/r/SandersForPresident/comments/49otvu...
EDIT: I'm trying via the coders for sanders slack group now
[1] http://www.p2016.org/sanders/sandersorg.html
I'll give it a shot though, thanks. I'm not really a twitter kind of person so I admit I could be doing it wrong.
[1] https://twitter.com/studentrob/with_replies
I'd be happy to do this, but I honestly don't understand all these issues well enough myself in order to do a good job scaring people as much as possible while keeping it truthful.
I'm a developer but not a designer, and anyway it'd be great to work with more people on this
One thing I haven't figured out yet is what existing lobbying is happening out there on this issue. For example, is the EFF contacting members of Congress to inform them about encryption? I'm about to write them to ask.
That's not accurate. The latest poll has more Americans supporting Apple than the DOJ [1]
And that's an improvement over the first poll which had 51% supporting the FBI [2]
Progress has been made and more can be done. Let's continue educating each other about encryption and inform our representatives how we feel. All is not lost and we can still share facts to support a reasonable course going forward.
[1] http://www.dailydot.com/politics/apple-iphone-doj-fbi-wall-s...
[2] http://www.people-press.org/2016/02/22/more-support-for-just...
Having lived through a weak government (the Articles of Confederation), the Founding Fathers viewed the Constitution as empowering the Federal Government, not restricting it.
Frankly I doubt the Founding Fathers would ever have conceived of a third party daring to issue a bare-faced refusal to comply with a lawfully obtained order. They would surely have expected that this would immediately turn that individual (or corporate person, as the case may well be in this age) into another defendant, for a new crime.
I really don't know what Apple is thinking. They should have set a line in the sand when they legitimately could do nothing to gain access to the data, as they're so close to having completed in recent hardware/OS revs. That would force congress to pass legislation outlawing secure crypto, or give up. That would be an interesting thing to see, no doubt.
But this? They're playing a very dangerous game for very low stakes, and the only obvious rationale for doing it is the one that the government can and probably will argue is at work, which is as a PR move.
And a judge's signature outweighs your stock price any damn day of the week. Stupid/reckless is my first impression, or maybe it is just brilliant PR. But as a general rule, don't fight city hall for bragging rights. The real fight will happen once you say "tough luck, nothing anybody can do, you want to break in, go talk to to the quantum cryptographers".
As for drawing a line in the sand, it appears that the limit that they will not cross in cooperating with law enforcement is in actively creating new features that make the phone easier to hack.
Take the Edward Snowden leaks. John Oliver did a wonderful segment interviewing people about NSA surveillance.[1] If you ask an average citizen if they are for or against "Section 215" or "X-Keyscore", they'll fall back on vague national security scare quotes. If you ask them if the government should see your dick-pics, then they start to understand what is at stake.
In many people's minds, what the FBI is saying makes sense. What's the big deal? They want to access a single iPhone from a terrorist.
Teach people that it means their nude photos could be accessed by any law enforcement official and I think you'll find that people really do care.
[1]: https://www.youtube.com/watch?v=XEVlyP4_11M
They don't care. While Oliver was able to ask questions to revoke a current response, you could ask similar questions that preyed upon the 'anything to catch the bad guy' mentality and you would see people handing over their rights. The core of this is that the people have been conditioned to hand over their rights and have been conditioned to not realize they are even doing such. Oliver exposed the latter, but the former still exists.
US founders would be appalled by the fact that you can't own slaves anymore too. nobody can farm 20 acres of land by himself.
It seems like there's another possibility, where Apple takes the phone, signs the compromised version of iOS on an air-gapped computer deep in Cupertino somewhere, decrypts the phone, sends the decrypted hard drive image to the FBI, and then erases the signed version of the software. Why would this process have any higher risk of being compromised than Apple's normal release process for signing new iOS versions?
I get the reason this case matters at a more fundamental level, the precedent it sets and whether or not the government can force Apple to spy on its customers. But there's been so much focus on the technical feasibility of it, and it seems like Apple is exaggerating the argument that it's absolutely impossible to build this new iOS version without it being hacked.
And the entire development tree? The local repos on the computer of every engineer that touches it?
You realize that even nuclear secrets get stolen, right? Even the NSA's dirty laundry got aired in public. No serious product remains in the dark forever.
The code to ignore the lockout is quite possibly a 1 line fix.
This case wouldn't be needed were that not the case, since otherwise it would be almost trivial to dump an iPhone's firmware image and hex edit the relevant code out.
If it becomes common enough, Congress wouldn't face much opposition if they passed a law saying that the status quo (on demand unlocking) be maintained by smartphone manufacturers.
I suggest you actually read up on the filings from both sides before talking so much.
But, by fighting this case on the all writs, they're basically staking their whole position on: "the govt can't compel a private firm to work on their behalf". If that wins, then what's to stop the govt requesting master keys for iOS? Much less work, bypasses all writs.
My point is: the FBI did this by the book (court order). You and most everyone else here makes the assumption that granting this means the FBI can do whatever the hell they like from there on in. That's not true. They would still need court orders.
It wouldn't. In fact, since every iOS restore contacts an Apple server to re-sign the firmware with a device-specific chip ID and unique nonce[1], all Apple would have to do is configure the signing server to sign the government firmware only for approved ECIDs (which might require some engineering effort to ensure that the internal process for adding images/ECIDs is secure and well-documented, but nothing unreasonable). Because the signing server is already connected to the Internet rather than, say, airgapped and brought out only when a new firmware needs to be signed, signing additional/alternate images wouldn't increase the risk of key compromise.
I support Apple's moral stance but hell if the "hacker risk" part of their argument isn't bullshit.
[1] https://en.wikipedia.org/wiki/SHSH_blob
The FBI didn't ask for the data because they don't want it, they're after the legal precedent that compels any Technology's own company resources against them to compromise the security of their own products so they can use it to compel the hundreds of other phones they have in their possession that they also want unlocked.
Despite having no chance of producing anything meaningful, the FBI chose this tragedy to break character and go Public on because they're using the tragedy for maximimum PR and Political effect to increase their surveillance powers - frankly I find it dispicable that a law enforcement agency is so transparent, egregious and has stooped to such lows to make be making personal statements against Apple they know to be completely false so they can enrich their political agenda.
Few companies, actually practically no one, will offer encryption if it's going to cost them tremendous amounts of money and engineer time to hack each and every device on a piecemeal basis. The siren call of key escrow or an alternate decryption key that they maintain will be irresistible. Or the industry will move back in the direction of unencrypted devices, which would be just fine by the FBI.
EDIT TO ADD - I've expanded my thoughts on this into a post on by blog https://rietta.com/blog/2016/03/16/its-not-just-one-iphone/