54 comments

[ 1.7 ms ] story [ 112 ms ] thread
When I first read part 1, I was slightly annoyed that such a prominent lawyer would take such an approach.

I have to say I must now applaud Orin Kerr, for taking the time to take the opposing arguments into account, and for publishing those reflections in somewhat of an apology. It is rare that a lawyer is prepared to reconsider their position, especially so objectively and publicly.

His initial article also noted that he was prepared to take on board any criticism. As you said, good on him for having that attitude and following through.
He deserves no such applause. The fact that he recanted his position so quickly shows that he literally put no research/effort into his initial article that was published not just on a small personal blog, but on the Washington Post's website. It is completely irresponsible of a man of his intelligence/qualifications to post something like that to a major news organizations website.

edit: If down-voting I'd like to know why as I'm not saying anything inflammatory. Please don't down-vote for disagreeing as that's not what down-voting is for!

The author is (apparently) an expert in his field (the law). He is not an expert in our field (technology, broadly speaking), and certainly not an expert in my field (security, broadly speaking).

He wrote a post based on legal considerations and upon his domain knowledge. One of the interesting things about domain knowledge, or, more to the point, lack thereof, is that without any, one cannot know the exact extent of one's ignorance of other domains.

I am not going to go so far as to assert the author was heretofore unfamiliar with the concept of a zero-day exploit, though it seems likely, but I would suggest that the author is now at least notionally familiar with the concept - and has written quite a good, clear follow-up article devoid of our jargon (which is easily among the worst of the several domains I've been exposed to over the years) indicating exactly and precisely why he reconsidered his position.

THIS IS HOW KNOWLEDGE WORKS. Forgive the caps, but they are appropriate in this case. If we waited for everyone to know everything we think relevant before they wrote anything at all, all we would have written would be recipes. And pornography.

A domain expert wrote a reasoned piece based on their domain knowledge. Others helpfully directed that expert to domains relevant to the piece. The domain expert then (quite speedily, I think) absorbed just enough of that domain's knowledge to draw and state reasonable conclusions.

This is also how the law works, which is why it is so maddeningly slow sometimes.

Editorial or "meta" notes: I upvoted because I don't believe in downvoting (I often upvote downvoted comments for this reason) - but I believe you were downvoted because you were lazy and chose to post ad hominem comments without due consideration.

>The author is (apparently) an expert in his field (the law). He is not an expert in our field (technology, broadly speaking), and certainly not an expert in my field (security, broadly speaking).

He markets himself as an expert on computer law. He also brags about working on a government panel that studied privacy and other security related topics.

You cannot be an expert on computer law if you lack the context that is provided by a basic understanding of privacy / network security issues.

The man is an incompetent fraud at best. Shortsighted and technologically ignorant people acquiring authority is a large part of the reason the United States' computer laws are terrible.

We aren't talking about a complex issue that requires domain specific knowledge, this guy was genuinely surprised that a backdoor designed for admin access could be used by those with malicious intent. If he really cared about justice, he would hand over his license to practice and refrain from talking while there are adults in the room.

There was nothing ad hominem about my post at all. Oh well...so goes HN these days.
The world is getting very squirrely. I feel like when we are talking about privacy, security, rights and such we are awkwardly working with metaphors that are struggling to maintain a logical relationship with the world as it is now and as it will be going forward.

Realistically, a great part of my conversations and hence and great part of my thoughts are digital, therefore aggregated, analyzed, stored, distributed, vulnerable and everything else that comes with digital information.

The spies, the cops, the criminals, the banks, the entrepreneurs are all treating it as a resources they can tap into.

The naïveté in the articles was a surprise to me. If Orin Kerr, professor of law and scholar in internet crime and surveillance, is enlightened* by the suggestion "If Apple can decrypt, so can others", how much would the average lawmaker or judge know?

Keep things like encryption out of regulation; because it can't be.

* edit: was "amused", which was incorrect.

By my reading he took it seriously, what do you mean by amused?
Sorry my bad, language issues. I meant "fascinated, by the idea". What would be a good word here?
I think "enlightened" might be the word you're looking for. It means both that the hypothetical conveys new information to him and that, as a result of the new information, he comes to a new (and improved) understanding of the larger picture.

The sentence doesn't strike me as 100% native phrasing with that substitution, by the way, but it would be clearly comprehensible.

Enlightened is indeed what I was looking for. Thank you.
He still sounds like a government key escrow apologist, just with a newfound appreciation of third party misuse of the mechanisms.

But I guess it's a good start that he acknowledges there can be "net public benefits" that outweigh the wiretapping benefits, maybe at some point he will start appreciating protection against the security state as well.

The guy doesn't really understand how encryption and cryptography and infosec work, making the whole article very laborious to read and quite misguided.

Weep for the future of our world governments, which will be shaped by people like this.

The guy made a reasoned argument and changed his mind on an important point after reading counterarguments.

Seems like the kind of person we need more of. Not going to weep!

He hasn't figured out that iCloud backups are also encrypted, so wait for part 3.
Are full-device iCloud backups additionally encryped?

Apple possesses the key for most data synced with iCloud, or a huge number of iCloud features would not work. According to [1] Apple can still turn over iCloud data.

[1]: http://www.washingtonpost.com/business/technology/2014/09/17...

You aren't suggested that Apple has access to files in full-device backups, are you?

iOS backups are/could essentially be encrypted zip archives (poor example, but you get the idea) - this doesn't require apple to have the key for it.

Is it possible to (en/de)crypt something using a password, if that password changes?

Maybe I'm misreading or thinking wishfully:

"This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud."

And

"iCloud Keychain encryption keys are created on your devices, and Apple can't access those keys. Only encrypted keychain data passes through Apple's servers, and Apple can't access any of the key material that could be used to decrypt that data."

And finally:

"You can choose to disable keychain recovery, which means that iCloud Keychain is kept up to date across your approved devices, but the encrypted data is not stored with Apple and cannot be recovered if all of your devices are lost."

(The last is opt-in, but seems quite explicit.)

http://support.apple.com/kb/ht4865

Not every technical person is (or even can be) an expert in cryptography or goes into a technical field for their career. It's just not practical. This is why our legal system reaches conclusions collaboratively with experts in both the law and the relevant technical fields.

That said, he's got an MS in mechanical engineering from Stanford and a BS in mechanical/aerospace engineering from Princeton. If his technical background isn't sufficient to you, I'm not really sure what to do for you. It seems that you have mistaken him admitting that he doesn't know something as a sign that he is not technical.

His technical background is clearly insufficient in that he doesn't understand the BASIC technical problems in his argument. Yet, he feels he's qualified to authoritatively call for radical government access to our data in a mainstream media publication.

He's changed his position to "need more information to decide". Well DUH! how about getting that information before scaring up a call to backdoor all of our data?

Before we start tossing about accusations against "this guy", let's take a step back to recognize the following simple facts:

1. The author is Orin Kerr, a nationally recognized Law professor, and co-blogger at the single most influential Law blog - the Volokh conspiracy.

2. His highest cited academic paper (421 cites, which is a lot in law world) is titled "The fourth amendment and new technologies: constitutional myths and the case for caution", so this is literally his domain of expertise, so maybe you might want to acknowledge the possibility that he knows what he is talking about.

3. He actually changed his mind based on additional evidence that was presented to him in the form of counterarguments. Given how rarely this happens, anybody capable of doing this in a public forum automatically gets +10 Respect points from me.

4. He has a technical background, as timsally pointed out, including mechanical engineering degrees. Now if he has such trouble grappling with the subtleties of cryptography and security threat models, maybe that is also partially our fault as security practitioners. We should acknowledge that.

5. I am aware that this all sounds like an elaborate appeal to authority, but given the cavalier way people are criticizing the author (as opposed to his arguments), I thought these facts should be stated.

That's great. While I read his articles, I didn't bother to read the name of the author because the validity of a reasoning should be independent of who wrote it. Reading his original article just gave me a headache for the reasons cited in my first comment.

I will agree fully with you on 3), and partially on 5) (only partially, because on one hand I agree with the premise, but otoh if you're in a position of authority your job is precisely to understand despite potentially poor communication from other experts).

(I'm also not sure what my "accusations" are.)

I apologize. I wasn't really replying to you, but also to many of the comments on this story that have been more insulting to Orin Kerr. E.g. "It is completely irresponsible of a man of his intelligence/qualifications to post something", "He still sounds like a government key escrow apologist,", "you should lose your fucking license to practice law.", "Sounds like an apologist and a shill for the entitlement mentality".

I disagree with your sentiment that we should weep for the future of our world governments. I think things are slowly changing around in the right direction, and a lot of that is thanks to people like Orin Kerr who are capable of changing their minds when presented with hard evidence.

I think is it very naive to believe that the States(any State) side with your interest.

In fact, the biggest crimes against humanity had been come from the state: Stalin, Hitler, Pol Pot. They are responsible for tens of millions of dead people, torture, kidnappings or rape and they were the heads of the State.

Hitler or Mussolini came from democracies.

If Apple could access ANY of their devices, they have to tell the NSA how they do it, thanks to "Patriot Act".

This means the gobertment could AUTOMATICALLY access any device, they don't need to ask anybody, only as a pantomime for justifying what they already know.

This is too dangerous, democracy means that power could change if it does not serve the public interest, but people in power want to remain in power by any means.

The biggest benefactors to humanity also come from the state: outlawing slavery, implementing universal healthcare, providing law and order, underwriting transportation networks.

Knee-jerk fearmongering about the government doesn't help anyone.

I am from Sweden. We do trust the state and each others. The society comes really high on the sociological metric of "trust".

That said, it is just ... naive... to argue that "Some instances of X have done good, so let's trust (all?) X".

Especially since these X evolve surprisingly over time, sometimes quickly.

(The whole of Europe demilitarised totally after the cold war and are now surprised we have something like a Hitler as a neighbour.)

Edit: Hmm... that comment was about internal US politics? OK... Living in a country with trusting idiots which believe what they are told to believe, I do know that politics for internal consumption can seem weird from the outside! Both the US extreme left/right seems crazy (say, Chomsky and Fox).

Wariness of the potential abuse of power is no more paranoid than following proper technique handling a sharp kitchen knife.
Yes but extending your analogy, the knife is sharp. I totally agree that the government needs careful watching, but I disagree that we should totally fear all government. A government without power would be like using a butter knife...you probably won't cut yourself, but you'll also have a lot of trouble cooking.
That explanation deserves a slow clap. An upvote is simply not enough.
(comment deleted)
The parent is not talking about being wary, it's fearmongering about what governments do. I think it's naive to think that the government is an evil agent at the same time it provides old-age pensions so people can continue to live when they can no longer work. That rather sounds like action directly in people's interests to me.

Governments are more complex these simplistic, blanket statements and positions.

Actually, they aren't. Go read the Federalist Papers.
An important nuance here is that if Mussolini was a murderer, there are many thiefs, racketeers and white collar criminals in the mix as well. We know and accept those who were such criminals that the idea of international crimes against humanity were formalized around their crimes. On that scale, there are plenty of misdemeanors that go unprosecuted (and unacknowledged),
this is a bit shortsighted. civil liberties have to be defended every day against governments, private corporations, special interest groups, religious entities, etc. it's a continuous struggle and the legal form of such an organization is of second order in importance.
The biggest crimes have come from states because states are the biggest organizations of people. It's almost a tautology.

I think it's just as naive to believe that the State always sides against your interest. Hitler and Stalin were heads of state, but so were FDR and Churchill.

How is it that three of the best schools in the country churned out a computer crime lawyer that knows so little about computers? If you go around calling yourself an expert in computer law when you are clearly a layman in the subject of general computing, you should lose your fucking license to practice law.
Sounds like an apologist and a shill for the entitlement mentality which seems to afflict the entertainment, security, and law enforcement industrial complexes.

Their sense of ENTITLEMENT is ENORMOUS.

"We are ENTITLED to YOUR PRIVATE DATA."

Good grief. I would have thought that it was blindingly obvious that if "Apple" can access information on a phone, that means that some employees of Apple can also do so, and I doubt very much that control of that access is as tight as I for one would wish it to be. Closing the backdoor is a win purely on that basis.

Add into that the large question marks over FISA's legitimacy as a court ( https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveilla... ), and the potential for illegitimate use of the backdoor becomes decidedly alarming.

My way of thinking is to compare a potential backdoor to what would happen if the backdoor doesn't exist. You get a warrant, and now you use the warrant to try and compel the accused to reveal the passcode to their phone. The accused refuses. Now what? Two possibilities: 1) the defendant is protected by the 5th Amendment, and can refuse to answer on the grounds that it may incriminate. If this is how the law goes, then any attempt to backdoor the phone is essentially an attempted end run around the 5th amendment. 2) The courts decide that this does not infringe on the 5th, and is instead covered better by the provisions for warrant-based search as provided for in the 4th amendment. In this case, the courts already have well-established remedies for refusal to acquiesce to a search, which should be used. Again, the backdoor is unnecessary.

the defendant is protected by the 5th Amendment, and can refuse to answer on the grounds that it may incriminate. If this is how the law goes, then any attempt to backdoor the phone is essentially an attempted end run around the 5th amendment.

I'm pretty sure that's not how the 5th Amendment works: Just because your protection against self-incrimination allows you to withhold potential evidence doesn't imply that the government can't attempt to acquire that evidence themselves through other means.

You can refuse to answer questions like "What's written in your diary entry for the night of the murder?" or "Where did you hide your diary?". The police can still get a warrant to search your house for your diary and read it.

There's another scenario which isn't relevant to the 5th or 4th: If the victim of crime was dead/incapacitated OR the perpetrator of a crime was dead (and the big G want evidence against their cohorts, or details on a crime which may harm others (like addresses where letter bombs were mailed)).

Dead people aren't protected by the US constitution.

Kerr's first post claims that #2 is the current state of the law now with respect to passcodes.

In general, 5th Amendment protections do not give people the power to resist warrants for evidence. The law makes a distinction between evidence (which can be compelled via warrant) and testimony (which cannot due to the 5th Amendment). If digital information stored on a phone is evidence covered by the 4th amendment[1], then the court can compel a person to provide it, including compelling them to use their passcode.

Kerr's argument in his first post was that high-profile efforts to actively resist such warrants might lead the courts or Congress to "up the ante" by increasing the possible punishments. For example, imagine if Congress passed a law that failure to enter your passcode in a federal case results in a mandatory 10 year federal sentence (my invented example, not Kerr's). This is the legal equivalent of the "rubber hose" approach to defeating cryptography.

[1] Generally I think we probably do want it to be so treated, because it would be a strong basis for limiting the NSA's power to collect such information.

I don't get why this is turned into some big political/philosophical discussion.

If the government wants a backdoor and it wants Apple to open up iPhones based on court orders then the government needs to make a law explictly ordering Apple and similar to provide this service.

There is a parallel in my opinion in the legaslation for telecommunication companies in many western countries requiring them to log their users activity and when a court and in some cases just the police requires it, give them the data. For a national telco this is major cost; just in Denmark it was estimated by the former telemonopoly TDC to be in tune of 20 mio usd per year.

No company bears that sort of expense out of morals/patriotics.

Secondly other countries than the US may be interested in requiring this feature of the phones sold in their jurisdiction.

> "If the government wants a backdoor and it wants Apple to open up iPhones based on court orders then the government needs to make a law explictly ordering Apple and similar to provide this service."

If such legislation passes Congress and fails to be ruled unconstitutional, 1984 was just 30 years late.

Big Brother is Watching You

WAR (on terror) IS PEACE

FREEDOM (privacy) IS SLAVERY

IGNORANCE (gag orders) IS STRENGTH

(and Apple's 1984 superbowl ad takes on a suddenly literal meaning)

> If such legislation passes Congress and fails to be ruled unconstitutional, 1984 was just 30 years late.

What rot.

The government does not have a right to wiretap, and citizens are not obligated to make their property searchable by the government. The ease with which the government has been able to wiretap and search computers was a side effect of technological immaturity not a design intention. Heck, one can think of wiretapping as one of the first hacks of the phone system.

As the numerous recent data breaches have demonstrated, we need to build systems as securely as possible. Allowing anyone besides the key owner access to the data requires that the system be made fundamentally less secure. We have presumption of innonocence in the USA which means I am assumed to be a Good Guy (tm) until the government proves otherwise by due process of law. Furthermore, a citizen's desire not to disclose information to the government is not ns indication of guilt (5th amendment). The author of this these editorials either forgets or misunderstands these rights -- accepting the argument that everyone should surrender their privacy rights if they nothing hide. Living in a free society requires citizens take some degree of personal risk.

The argument about criminals going dark with crypto is just fear bating and FUD. The criminals you "really" want to worry about are already dark. The only people iOS8 protects are your standard domestic criminals, which if they hadn't already learned how to use crypto trust me --- they likely leak like a sieve through many other vectors (web mail, pc's, ISP, etc).

What we should be debating is job security for domestic police. Because if we do not put user-centric-crypto in everything one day police will loose their jobs to robots and algorithms. Well, at least this argument is only as absurd as the authors FUD.

Does the threat of unauthorized remote access affect the public interest balance much? It shouldn't be impacted by encryption.
Among other interpretations, I'm seeing this as a continuation/expansion of one of Apple's axioms: "No comment." Whatever steps they can take to facilitate not saying any more than they have to about anything is a self-imposed imperative. By expanding implementation of encryption they can avoid compulsion (legal or social) to get embroiled in users' activities and have no reason, even no way, to comment on dubious legal or moral activities of others.

The data services involved exist, from Apple's perspective, solely to entrench users in the ecosystem and thus sell ever more hardware. Implementing robust encryption prevents entanglement in anything beyond that objective goal.

Jeff Bezos's newspaper publishes a legalistic piece impugning Apple.

Who is surprised?

The whole premise of the argument strikes me as odd. Users always had the option of running a phone OS that does not send the keys to the kingdom to the mothership.

Desktop operating systems similarly provide such tools either out of the box (e.g. bitlocker, filevault, dm-crypt) or through 3rd party applications (e.g. truecrypt).

Apple's old security model may have been convenient for law enforcment agencies, but that does not mean that they are entitled to this convenience, i.e. that it is reasonable to demand that this security model is the only one offered to users.

So Apple merely switched to a different model that other systems were already providing out-of-the-box.

While reading this article, one real world metaphor kept coming to mind for me: a safe. That's really what the iPhone is; it is personal information stored behind a combination lock.

Are safe manufacturers required to provide back doors to safes for government searches? Is there any analogy to this in the real world?