FBI's Scorched Earth Approach To Apple Means That Tech Companies Now Have Even Less Incentive To Help Feds
from the stupid-and-shortsighted dept
On Friday, we debunked a key FBI talking point, which the press has been parroting, that Apple had helped the FBI in 70 previous cases, and only changed its mind now for "marketing" or "business model" reasons. As we explained, that's not even remotely true. In the past, Apple helped out because it had access to the content, and so it got it and turned it over following a lawful search warrant/court order. In this case, the situation is entirely different. Apple does not have access to the content that the FBI wants, and is now being forced to create a backdoor -- build an entirely revamped operating system -- that undermines some key security features found on iPhones today. That's quite different.But here's something we didn't point out -- but which was highlighted by Chris Soghoian. The FBI's scorched earth policy here in pushing that talking point is really going to backfire in a big bad way. The lesson the entire tech industry is going to get from this is: if you ever help the FBI and if you ever push back later, they'll use your earlier cooperation against you.
Tech companies: If you provide any voluntarily assistance to the gov, they will use that help against you if you try to fight a demand later
— Christopher Soghoian (@csoghoian) February 19, 2016
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, fbi, going dark, help, tech companies
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Gratitude, FBI style
Yeah, with how the FBI has used the fact that Apple has helped them in the past against the company, tech companies would have to be incredibly stupid to do anything similar in the future.
Demand a legal order from a judge before offering any assistance, and assuming the order is acceptable do exactly what it says and nothing more.
Even if the FBI/DOJ 'win' this case they have ensured that the level of willing cooperation they're likely to receive from companies in the future is going to be dramatically less. If they thought the reception they received from companies they requested help from before was chilly, it's going to be downright arctic now, and their have only their own actions to blame.
[ link to this | view in chronology ]
Re: Gratitude, FBI style
What they didn't do was write a back door to their phones. There is a vast difference between providing information you have, and creating something that doesn't exist.
[ link to this | view in chronology ]
Re: Re: Gratitude, FBI style
Then that's even worse. That means to avoid having cooperation thrown back in their faces later, companies have to actively resist court orders from the FBI. Every. Single. Time. Is this really what they wanted to accomplish?
[ link to this | view in chronology ]
Re: Gratitude, FBI style
If your behavior doesn't help us, then expect us to help ourselves to whatever you have, whether we need it or not. Hmm, what are you hiding there?
Liquid Nitrogen isn't cold enough to chill a government in full tyranny mode, and it appears ours is, or approaching that rapidly. Dismantle and re-boot is the way to go, and all the heat of the sun may be of necessity. Next time, make some rules about corruption.
[ link to this | view in chronology ]
Re: Re: Gratitude, FBI style
The current government have these rules that they are meant to follow, called the constitution and bill of rights. They way they are following those rules suggest that you are an optimist in suggesting that rules will limit tyrants.
[ link to this | view in chronology ]
Re: Re: Re: Gratitude, FBI style
I am pessimistic that a perfect system does or can exist.
Maybe the best way would be to have a more accessible re-set button that the populace can execute, and/or an automated system whereby lying to the government, or by the government, or by politicians (campaign promises not followed) causes a personal automatic reset (proof of the lie by anyone and your position and right to hold any office or work for any government is lost) , or something.
[ link to this | view in chronology ]
Re: Re: Re: Re: Gratitude, FBI style
...although the crickets would be amusing, if we could teach them to chirp in harmony.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Gratitude, FBI style
We could also remove money from politics. If representatives didn't need to fund raise we would remove a significant vector from the corruption venue. The money needed to run all campaigns would be chicken feed compared to other budget 'priorities'. Professional lobbyists is another concern.
We could get rid of PAC's and corporate influences in government. Why should they get a seat at trade treaty negotiations and not the rest of us? Why should their money be able to speak louder than others. Removing money from politics would go a long way in this area, but lots of lunches could sway weak elected people. Remove temptation.
We could make officials, elected, appointed, or otherwise, criminally liable for their oaths of office. Criminal penalties for lying to Congress, prosecutable immediately upon failure to comply or upon proof of lie. Give those otherwise people term limits in government work, not just their jobs. Institutional knowledge is both good and very bad.
We could give Inspector Generals the power they need to do their jobs.
We could remove politics from the Senates 'advise and consent' roles.
We could force Congress to have one issue and one issue only on each bill. With that, some legislatures require a reading of the entire bill, in some cases several times, prior to the vote, with a quorum in place. We could, with that in mind, limit the length of bills and simplify the language used. Along this line we could sunset every law every seven years. This has the dual impact of keeping legislatures busy (few new laws because we need to look busy) as well as culling all the unnecessary crap already in laws. No more riders added to must pass budget bills, etc.
We could eliminate the ability of legislators from 'revising and extending' their comments in the public record where they clean up their comments for political or historical (I always want to amend that to hysterical for some reason) purposes.
We could force Congress to change their rules so that they cannot manipulate things at all, let along easily. Committee passes it, bring it to vote. Party head is Speaker? Come on. Get rid of the parties and elect a leader from the entire conclave, not from a group foisted upon some agenda. Committee chairs by party in majority, how about an actual leader? This will cull a bunch of bickering that is agenda based rather than constituent based.
This list is not all inclusive nor is it meant to be final. Discuss it and other options.
There are lots of things that could be done if the political will existed and didn't remove 'power' from those that have drunk the elixir.
I am not holding my breath, and still looking for that re-set button.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Gratitude, FBI style
That's already a requirement, but Congress gets to decide whether a bill has only one issue. I guess the judicial branch would have to be involved for that to be effective.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Gratitude, FBI style
The counter to that is that it becomes a defacto line item veto. There a a lot of agenda oriented folks that don't want that.
My point is that Congress should not be able to make such a determination, there should be one subject per bill, period. Congress should not be able to make rules to game the game.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Gratitude, FBI style
I didn't say there was any justification for it, just that the only people who have any say on whether Congress is breaking that rule is Congress, so they never say anything about it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Gratitude, FBI style
This button already exists but "The People" have willfully grown ignorant of it. It's called jury nullification.
The other one called the 2nd Amendment has been under assault by BOTH sides for quite some time.
The 2nd Clearly states that "The People" should have the right to keep and bare firearms in case a Militia needs to be raised to fight enemies foreign or domestic.
The Declaration of Independence also states that is is the Duty of "The People" to throw off oppressive forms of engorgement and last time I checked there are still a lot of cowards that deserve NO SAY in the course of our nation because they have willfully given up their liberty for faux safety.
The US government as constructed by the founders is about as perfect as it gets. Any system with evil actors can be corrupted with sufficient amounts of time, control over the education system, and copious amounts of ignorant and cowardly people.
There is a reason for importing a lot of illegals into the USA, it is to water down the country so that it can be turned into even more of a joke of a country than it has already become.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Gratitude, FBI style
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Gratitude, FBI style
[ link to this | view in chronology ]
Re: Gratitude, FBI style
And yet, that 'you helped us now we own you' is EXACTLY how the Mob operates.
[ link to this | view in chronology ]
Re: Gratitude, FBI style
If they win this they will receive your cooperation willingly or not.
[ link to this | view in chronology ]
You have the right to remain silent.
Anything you say can and will be used against you in a court of law.
You have the right to an attorney.
If you cannot afford an attorney, one will be appointed for you
[ link to this | view in chronology ]
Re: Miranda Rights
If Apple becomes a defendant then Miranda would apply.
[ link to this | view in chronology ]
Re: Re: Miranda Rights: Witnesses not so
[ link to this | view in chronology ]
Re: Re: Miranda Rights
Witnesses absolutely have 5th amendment rights, but as you say this isn't a criminal proceeding which I think is the only time the 5th applies.
http://criminal.findlaw.com/criminal-rights/fifth-amendment-right-against-self-incrimination .html
The rights are not the "Miranda rights" it's a "Miranda warning" of your 5th amendment rights. But that doesn't mean only people who have received the warning have the rights. That could be the next thing on the agenda though, after deciding you only have a right to silence if you explicitly invoke it.
[ link to this | view in chronology ]
Re:
In People v. Tom, California’s Supreme Court justices upheld the prosecution of a man based on the district attorney’s argument that the defendant’s silence was evidence of guilt.
[ link to this | view in chronology ]
Just take a lesson from FOIA costs...
Then send a hard copy of the firmware on a4 paper from a dotmatrix printer with an old ribbon.
[ link to this | view in chronology ]
Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Re: Re: Just take a lesson from FOIA costs...
But do they start printing illegibly when they get old? Notice he said with an old ribbon, which would be that extra middle finger pointed at the FBI.
[ link to this | view in chronology ]
Re: Re: Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Re: Re: Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Re: Re: Re: Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Re: Re: Just take a lesson from FOIA costs...
Punch cards are machine readable much easier than a printout is. Even if you have to build a new punch card reader from scratch.
Optically reading the printout, while possible, is a much higher hurdle. Enough so that it makes the FBI consider whether it is cheaper to employ a bunch of humans to hand key in the printed information.
[ link to this | view in chronology ]
Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Re: Just take a lesson from FOIA costs...
[ link to this | view in chronology ]
Warrants
[ link to this | view in chronology ]
Re: Warrants
[ link to this | view in chronology ]
Here's the counter to Comey's "but it's a narrow targeted request" argument.
[ link to this | view in chronology ]
Re: Here's the counter to Comey's "but it's a narrow targeted request" argument.
"Ok, Mr. Comey, you say your intention is not to create precedent, what are you willing to do to ensure that the abuse of bad precedent is not allowed to occur? You say you don't want to undermine the security, how are you going to keep this from undermining the security in the future?"
[ link to this | view in chronology ]
You need to work on definitions of a backdoor. A backdoor would be "presto, here's the data". It would be "enter this 40 character string, and the phone spills it's guts". That is not what they are seeking. They are seeking the very limited concept of modifying the OS on a single phone to make it so there is no 10 tries limit, as well as to remove an artificial processing delay of 5 seconds per try.
The phone will still be secure with those patches applied, and without further efforts to actually hack the phone (aka, pick the lock) they will not be able to read the data. If the user selected a long enough pincode in the encoding proccess, then it's quite possible they will never get full access.
A backdoor would assure full access. There is no assurance here.
[ link to this | view in chronology ]
Backdoor definition
Are you seriously arguing that because the court is only ordering Apple to remove all the security measures over which it currently has control, that it's not a backdoor?
If an ATM manufacturer updated their terminals so it only checked the last digit of a customer's PIN, would you claim that's not a backdoor because an attacker still has to guess one digit? Maybe the customer picked a less-popular number like '6' or '0' and statistically it'll take an attacker longer to guess because it's not '7'. Good to know you wouldn't consider that to be a backdoor.
[ link to this | view in chronology ]
Thank you for addressing this.
Apple figured that iPhone users had poor password discipline and created a system to improve the security of those with poor passwords. Ergo, the system has a known vulnerability. One can argue that is a backdoor already in place.
The code that the FBI wants written is not a backdoor, but a hacking tool that that exploits the vulnerability.
The backdoor / known vulnerability is already in place. To add a backdoor to encrypted data, you have to decrypt the data and re-encrypt the plaintext with the vulnerable crypto.
[ link to this | view in chronology ]
Re: Thank you for addressing this.
Tech lingo is a bitch, I hope that helped.
[ link to this | view in chronology ]
Semantics
The FBI's brute-force software is also a hacking tool. Some of us want a vice-grip and a hammer with which to work.
[ link to this | view in chronology ]
Ah, and yes, there are two vulnerabilities:
b) Allowing for the phone to be updated with code digitally signed by apple.
And this is not addressing vulnerabilities of the TPM, which I'd think the Feds would already have tiger team tasked to discover.
[ link to this | view in chronology ]
Re:
Secondly, this one phone has suddenly morphed into hundreds of phones as law enforcement agency around this country are now coming out of the woodwork gleefully awaiting the precedent to be set so they can demand the same of Apple or other tech companies.
You are a blatantly dishonest person, Whatever. No ifs, ands or buts about it. Honestly, its the only thing I expect from authoritarian people such as yourself.
[ link to this | view in chronology ]
Re: Re:
That's the narrative they would like you to believe. Notice the list Mike put up didn't include any links or backing info. It doesn't describe what they were looking for (or why). It does seem very reasonable, considering that almost every carries a phone these days, that law enforcement would want to look into a small number of devices relative to ongoing investigations.
"Firstly, any time you deliberately create any mechanism to work around the security features of hardware or software, you are by definition creating a backdoor. This has been established repeatedly."
No, it's been repeated loudly often enough, but it's still crap. Removing the two "features" in the OS does not suddenly generate free access to the phone.
From Wiki:
"A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc. Backdoors are often used for securing unauthorized remote access to a computer, or obtaining access to plaintext in cryptographic systems."
Nothing is the FBI request makes a back door by this definition. The normal authentification on the phone would still be in place, only the artificial limits on number of tries and speed of tries would be disabled. A true backdoor would allow access without authentification, which is just NOT the case here.
So you can repeat "backdoor" a million times, but it's just not what is being sought here.
[ link to this | view in chronology ]
Re: Re: Re:
Here, I'll do it for you and and I'll even highlight the relevant passage describing the similarities to what Apple is dealing with here.
I question the legitimacy of any use of a backdoor to assist with users forgetting passwords, as there are better ways to do such things. But make no mistake, what the FBI is asking for here is by definition a backdoor, in an effort to help them "remember" a password they have "forgotten" (read: never knew to begin with).
[ link to this | view in chronology ]
Re: Re: Re:
Bull. Re-try limiting is part of the normal authentication process on the phone.
So you can repeat "backdoor" a million times, but it's just not what is being sought here.
You can lie and deny it all you want, but a backdoor is exactly what's being sought here.
[ link to this | view in chronology ]
Re: Re: Re:
Nothing is the FBI request makes a back door by this definition. The normal authentification on the phone would still be in place, only the artificial limits on number of tries and speed of tries would be disabled.
In other words, BYPASSED. Unless your definition of "disabled" means "working as designed."
[ link to this | view in chronology ]
Re: Re: Re: Re:
The device is still secured and locked after these changes are made, which means there is no bypass.
Yes, they are lowering certain security "features", but those features are not the actual pincode lock system, which would remain entirely intact.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Ah, I see - so it's your definition of "secured" that's all goofed up.
Yes, they are lowering certain security "features", but those features are not the actual pincode lock system, which would remain entirely intact.
You're assuming that the pincode, in and of itself, is the security.
It isn't.
Wanna know why?
Because the ability to count from 0000-9999 is not security.
Apple knows this, as does the FBI.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Ah, so the FBI still won't be able to read it, huh?
More bull.
[ link to this | view in chronology ]
Re:
I'm willing to admit that you could say they are asking for a backdoor with a less secure lock, rather than asking for an unlocked backdoor.
[ link to this | view in chronology ]
Re:
A backdoor would assure full access. There is no assurance here.
Yes there is. Given the hammer is just powerful enough.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Incorrect. If the pincode was 10 or 20 or 50 digits, do you think there would be a powerful enough hammer? Remember, you are limited by the phone itself and it's ability to process authentication requests.
Had Apple required a 10 digit pincode, this would be a moot discussion, as it would take something like 30 years to get in. (assuming the a 6 digit code is a single day, as Mike has claimed, 7 digits would be 10 days, 8 digits would be 100 days, 9 digits 1000 days, and 10 digits 10,000 days... 27 plus years. Even allowing for the law of averages, it would be almost 14 years on average to access the device).
Apple has weak security, saved only by a couple of programming barriers against brute force tries. The weak spot is the entire wall.
[ link to this | view in chronology ]
Re: Re: Re:
People wouldn't use it. They use because humans are fallible and can't remember that much. Even 8 digits may be a little bit too much for most people. Remember we are not talking about the criminal but the freaking 99,9% that are not criminals and will be exposed to the Government if such precedent is set.
Apple has weak security, saved only by a couple of programming barriers against brute force tries. The weak spot is the entire wall.
No it has not. The fact that there are multiple layers to prevent multiple means of trying to get access does not mean their security is weak. Rather it means they went an extra mile to help making the wall as sturdy as possible. And weakening it is creating a backdoor or a spot where one can be forced (which is basically the same). The user may have chosen to use a less complex key but this is not Apples weakness. If by any means they can actually do what is being asked (possibly with enough financial resources they can) it does not mean they should. Which is the entire point of the outrage against the order.
[ link to this | view in chronology ]
Re: Re: Re: Re:
If you can memorize three passwords for three accounts, then you can string three passwords together for one account. I use colons as separators. Here's an example. Generated by:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
As a network administrator, I can say this an ideal but not realistic. The average staff member would be calling daily if passwords requirements had been set at that standard.
[ link to this | view in chronology ]
Re: Re: Re: Re:
yet oddly, we use those same devices to make phone calls to numbers ranging from 7 to 10 digits all the time. Humans are remarkably good at remembering groups of three and four digits, and even longer ones (such as credit card numbers or membership card numbers for things we use frequently. So if we can remember areacode threedigits fourdigits then yes, you can remember threedigits threedigits threedigits for a 9 digit pincode.
" The fact that there are multiple layers to prevent multiple means of trying to get access does not mean their security is weak."
It most surely is a clear indication that the core security is weak. The "door" is weak enough that they need to build walls over the top of it to keep people from being able to get to the door, because they know it's a weak point.
"The user may have chosen to use a less complex key but this is not Apples weakness. "
It's a huge weakness to allow and not discourage overly short pincodes. Apple already upped it from 4 to 6 minimum to unlock the phone knowing that 4 was just too simple. Had they forced 8, as an example, the brute force question would be all but moot (100 days on Mike's based case 1 day to hack 6 digits, more than a year on a more reasonable scale).
Apple's legal action is clear indication that what is being asked is not only possible, but potentially has already been done or a subset has been done already. If they didn't think it possible, they could just shrug, bill the government for millions of hours, and after a long enough period say "see, we told you!". The aggressive natural of Apple's response here tells me that the court order has hit a major weak spot, and Apple is very concerned that someone has let out a really bad secret.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Usually by using an address book so that we do not have to remember those numbers, a fact that you are well aware of and are ignoring.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Multiply that 9 digit code by 87. That was the last count of passwords I use (the average person may use a bit less). I've checked and I absolutely must remember at least 7 different passwords that cannot be managed by services like Last Pass. So it's not that simple. Some of us go an extra mile into paranoia but we are the minority and it's very understandable why.
It most surely is a clear indication that the core security is weak. The "door" is weak enough that they need to build walls over the top of it to keep people from being able to get to the door, because they know it's a weak point.
No it is not. They don't build walls over the top, it's still a door but it is reinforced. The reinforcements are part of it being a strong door. You don't put an extra lock because your door is weak but rather to make it harder in the occasion some criminal can open one of the locks.
It's a huge weakness to allow and not discourage overly short pincodes.
Yes, which is why they made the 6 digit change which seems reasonable and not too long (remember credit card pins are 6 digits). Still, technology can make this moot quite fast which is why you add enforced delays and other layers to avoid brute forcing. I do agree that it is a best practice to have longer passwords but it is NOT practical for daily use. I use an alphanumeric password on my mobile devices that's a bit longer than that and it is inconvenient for daily use. If this can be solved by adding such layers against brute force then it is a GOOD thing. It provides stronger protection with shorter passwords. It's not a weakness, it's a strength.
If they didn't think it possible, they could just shrug, bill the government for millions of hours, and after a long enough period say "see, we told you!".
Which would still be bad. The problem is that the Government asked and it was granted, not if it is feasible or not. And you ignore the fact that a lot of other companies that even compete with Apple are supporting their fight. It seems you are unable to grasp what this is about. It's useless to argue with dumb.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
"Which would still be bad. The problem is that the Government asked and it was granted, not if it is feasible or not. And you ignore the fact that a lot of other companies that even compete with Apple are supporting their fight. It seems you are unable to grasp what this is about. It's useless to argue with dumb."
I understand it very well. They all suffer from the same problems, which is claiming to have amazing security that is likely down to a short pin code that defeats the purpose. None of them (and I mean not a single one) is going to want to come out and say "our encryption technology is totally amazing but fails because you are an idiot who can't remember more than 4 digits for a pincode". They don't want to have to admit that your personal fort knox of information is protected by the cheapest of padlocks.
I understand exactly what it's about, and it's not what is in their carefully crafted narrative.
"Multiply that 9 digit code by 87. That was the last count of passwords I use "
I would say you probably need to get a life, but you probably password protected it and can't get it out anymore. :) Seriously though, out of those 87 passwords, how many of them are absolutely key, that you enter 100 times a day? I can remember my social security, my bank card numbers, my credit card numbers, my government ID numbers, my passport number, and a whole bunch of other things that I only use occassionally. I have 6 digit pincodes for a half a dozen or more bank cards. Those are all things I don't use every hour of every day. A 9 digit pincode for your phone (330330331 example) would easily be remembered by almost everyone because they would use it all of the time.
For what it's worth, if you have 87 passwords to deal with, I am hoping they are all longer than 4 to 6 digits, otherwise your "security" is all in your mind!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
There is nothing obscure about limiting tries, and delaying retries, indeed it is a standard technique whenever passwords and pins are used. If it was a successful method, plastic money would require you to create and remember a long pin, which would reduce the security of the system because people would keep written copies of the pin with their cards.
[ link to this | view in chronology ]
Limiting attempts and delaying retries
If the FBI could disassemble the iPhone and work with the raw data (the emulator approach), then they could modify the rules all they wanted.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
And no, you don't understand a shit. Or you are being an ass (or a bit of ignorance and a lot of ass). Shorter pins do not defeat the purpose. They are practical. To allow practical pins with more security there is the delay and the limit of tries. It is that simple.
They don't want to have to admit that your personal fort knox of information is protected by the cheapest of padlocks.
I've said before, it's useless to argue with you. You are a total moron. But it's worth pointing out how wrong you are to others. You are wrong. The padlock is neither cheap nor weak. It is made in a fashion that you don't need to use alien keys that wouldn't fit your pockets without giving up security. It is simple as that.
I would say you probably need to get a life, but you probably password protected it and can't get it out anymore.
Oh no, I'm just security conscious and don't re-use passwords like the majority of the population. Nowadays you have to sign up to accounts to do even the most trivial tasks (I was forced to get a microsoft account to download a goddamn copy of an Office disk that stopped working for me - as a side note I should have downloaded from the pirate bay). Now you could listen to your own advice and get a life but I think you threw your brain out the window at some point.
Seriously though, out of those 87 passwords, how many of them are absolutely key, that you enter 100 times a day?
I told you in my reply. That you fail at reading comprehension is not my fault. But it doesn't matter, even if you have to remember a few long passwords it may prove to be a challenge. My company enforces 12 digit+ passwords that change every 3 months. Cool security practice but most employees end up using variations of easy passwords in order to remember them so it kind of defeats the purpose (then again if they added a maximum number of attempts they could make the minimum digit smaller and easier to remember, see, see???).
I can remember my social security, my bank card numbers, my credit card numbers, my government ID numbers, my passport number, and a whole bunch of other things that I only use occassionally.
Good for you. I can't remember half of it. But I can remember the detailed specs of my computer up to the DDR timing and my father remembers every single birthday or otherwise important date ever (I fail hard at that). Got my point? I suspect no.
A 9 digit pincode for your phone (330330331 example) would easily be remembered by almost everyone because they would use it all of the time.
True. But would it be practical? It isn't, actually. So It's awesome that Apple made shorter passwords more secure with a quite simple solution.
For what it's worth, if you have 87 passwords to deal with, I am hoping they are all longer than 4 to 6 digits, otherwise your "security" is all in your mind!
Some sites don't accept too much complexity (special characters or even capital letters). In fact I do have 6 digit numeric pins as passwords because the site operators are morons and won't allow more than that. I try to change those passwords frequently when I must use the site. But you see, I don't have to type any password beside some of them and that's why I can use such complexity. It would not be practical in the real world. My mobile password is fairly short when compared to those because a long password is an incredible hassle as I found out the hard way. And even so it is still not practical because I mixed all types of characters. Android does have the same system Apple put in place (the delays) but I chose not to rely in this feature sacrificing the practical aspect. But I do have the option of using a shorter, numbers only password but paranoia is a problem. It would still be safe.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: People who Subsist
Typical large companies "settle" with the IRS three or more years after taxes are due. They aren't following this APPLE vs. FBI courtship, but if they would be having hissy-fits if they were. Direct Government access into anybodies database (in this case in an IPhone), affords the government the ability to short circuit any investigation by the Government interpreting what you meant in a quick email to what they want you to have meant. In this example, going after the meaning of data of unrepresented dead killers.
[ link to this | view in chronology ]
Re:
Get rid of the term, call it whatever you want, and you're left with the following question:
Is the FBI/DOJ 'asking' Apple to create a modified version of their OS, with the express purpose of removing/bypassing security features designed to protect the data on the device by making it effectively impossible to brute-force the device?
Yes or No?
If 'Yes', do you believe that should the FBI/DOJ succeed in their case, that it will create a precedent that it is now legal to force companies to undermine their own encryption, granting access that would otherwise not be possible?
Yes or No?
If No, why do you believe that the precedent from this case would not be used in other situations?
Semi-related, but do you believe that it should be legal for companies to implement or create encryption or other security systems that they themselves cannot bypass or defeat, such that no legal order would be able to compel them to hand over the information contained in the account/service it is stored on, as it would not be possible for them to comply?
Yes or No?
[ link to this | view in chronology ]
Re: Re:
Yes or No?"
Yes, but it is not the encryption, nor does it magically permit access to the data by itself, nor does it provide a "golden key" to the phone.
"If 'Yes', do you believe that should the FBI/DOJ succeed in their case, that it will create a precedent that it is now legal to force companies to undermine their own encryption, granting access that would otherwise not be possible?
Yes or No?"
NO, ABSOLUTELY NOT. Nobody is asking Apple to break their own encryption. If Apple's encryption was strong enough (and not basically attached to a simple pincode) then we wouldn't have this discussion at all. But for two simple programming tricks (limit count and time delay), Apple's entire protection scene would be very very weak.
"If No, why do you believe that the precedent from this case would not be used in other situations?"
I think that it would be used in appropriate situations where weak encryption systems are in place which can generally be accessed through simple methods. I suspect it will be rendered moot by Apple rolling out a more significant / more secure system that will make brute force hacking, no matter the delays or try counters, meaningless. The ruling has value only as long as companies like Apple make weak security (and try to pass it off as super strong).
"Semi-related, but do you believe that it should be legal for companies to implement or create encryption or other security systems that they themselves cannot bypass or defeat,"
Yes I do. But I think that almost any system that has a human interaction point (passcode) is likely to be suspectible to brute force methods because the public wants generally to use the smallest / shortest password possible to make things easy to live with.
On that basis, unless they enforce good and long passwords, they are very likely to ALWAYS have a system that came be compromised. The real "fix" will be there, and nowhere. Until they, I suspect the FBI will use the results of this case as an effective tool for accessing locked phones IN THEIR POSSESSION AS PART OF A CRIMINAL CASE (uppercase to make a sigificant point) and not as some sort of random back door to read your email during a traffic stop.
[ link to this | view in chronology ]
Re: Re: Re:
Dude. The security measure against brute force is a goddamn part of their encryption system. Stripping it (if they can) IS UNDERMINING THEIR SECURITY SYSTEM. It may not be a full door but it is a path inside. Call it door, path, unicorn or golden key it's the same.
NO, ABSOLUTELY NOT. Nobody is asking Apple to break their own encryption. If Apple's encryption was strong enough (and not basically attached to a simple pincode) then we wouldn't have this discussion at all. But for two simple programming tricks (limit count and time delay), Apple's entire protection scene would be very very weak.
It is asking them to weaken their system which may not be breaking it altogether but it's almost that. Security systems are made of a combination of smaller components. There's an elliptic curve for instance but it alone does not account for the entirety. There are other components and some of them happen to be designed to prevent brute forcing. Just pick Gmail, Facebook or whoever and try inserting many wrong passwords. They will react because this is part of their security system. Can you see the implications? The more components you add the more secure it is.
I think that it would be used in appropriate situations where weak encryption systems are in place which can generally be accessed through simple methods.
Simple methods? Writing a modified system, building a copy of physical hardware up to the almost atomic structure etc etc knowing this may not work because Apple deletes the hardware keys is simple? And who says what situations are appropriate? There are PLENTY of examples where the Government is abusing precedents like there was no tomorrow. I know you think there are only Saints in the current Government but think ahead. Countries don't become dictatorships overnight.
Yes I do. But I think that almost any system that has a human interaction point (passcode) is likely to be suspectible to brute force methods because the public wants generally to use the smallest / shortest password possible to make things easy to live with.
Simple: enforce a delay in your algorithm. It does not mean the system will be weak or that the Govt may force them to magically remove that delay.
On that basis, unless they enforce good and long passwords, they are very likely to ALWAYS have a system that came be compromised.
If the there is an enforced, long enough and unstoppable delay between the attempts then even smaller passwrods would be secure enough. Are you saying people should be forced to use longer passwords because you and the FBI say so? Sorry but that's very despotic of you.
IN THEIR POSSESSION AS PART OF A CRIMINAL CASE
And? You are focusing on this specific case, the question is much broader. You fail.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Nope, that's called "narrative building", where Apple and others are trying to make your worried about your personal privacy by concocting nightmare scenarios that just ain't real. This isn't random selecting phone for scanning or remote exploits, it's making it reasonable to unlock a phone's pincode when it's already in police possession, and a warrant is issued by the court to open it.
The nightmare stories being told are whole cloth material. Don't fall for it.
"If the there is an enforced, long enough and unstoppable delay between the attempts then even smaller passwrods would be secure enough. Are you saying people should be forced to use longer passwords because you and the FBI say so? Sorry but that's very despotic of you."
No, rather that the method chosen by Apple to be secure at the type of thing that could be hacked and thus put the device at risk. Short passwords are the "cheap lock", the proverbial weakest link. Fixing the weakest link rather than trying to hide it's existence is always a better choice. Apple phones right now are ripe for a hack, but 8 or 9 character pin codes would all but negate that - without having to worry about delays or other OS based protections that can be changed in firmware.
"Countries don't become dictatorships overnight."
And you having become a paranoid person overnight either. it's takes a whole lot of reading and re-reading the Alex Jones like banter going on to think that the government really gives a crap about your specific personal phone.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
They may be not real now. And I know you are a moron but it's very easy to find of Govt abuse of things that were not supposed to be a problem at the time. The very law that the FBI/DOJ are relying on are a shinny example.
This isn't random selecting phone for scanning or remote exploits
THIS one. What about the rest? As repeatedly said before (and ignored by you) there's plenty of examples of the Govt being an ass and generally ignoring civil rights.
it's making it reasonable to unlock a phone's pincode when it's already in police possession, and a warrant is issued by the court to open it.
This shows how much you are confused. Apple isn't even being asked to unlock the phone. And as repeatedly said before it is not reasonable. You keep focusing in the goddamn crime. If we follow your logic it's ok for law enforcement to do whatever they want, because CRIME!
The nightmare stories being told are whole cloth material. Don't fall for it.
That's what we were told back in 2001. That no Constitutional Rights would be eroded. I don't know how old you are but I'm sure you fell for it and probably still think it's all ok even with the wealth of evidence proving this wrong.
No, rather that the method chosen by Apple to be secure at the type of thing that could be hacked and thus put the device at risk.
And you are painfully wrong. It cannot be hacked unless Apple tramples with the security system directly (if they can of course, we don't know yet).
Short passwords are the "cheap lock"
No, they are cheap keys. But you can use cheap keys if you prevent others from getting a copy of it.
without having to worry about delays or other OS based protections that can be changed in firmware.
That would be the weak link: if it can be deactivated at Apple's will then it doesn't matter how long the pin is because at some point technology will be fast enough to brute force it.
And you having become a paranoid person overnight either. it's takes a whole lot of reading and re-reading the Alex Jones like banter going on to think that the government really gives a crap about your specific personal phone.
I don't know who this guy is. And besides you only have to read history books (up to the very recent history) to see that MAYBE this Government gives a crap (HAHAHAHAHAHA) but what about the next? It's not like the intelligence services are collecting everything you do electronically and keeping it against the Constitution. No, they'd never do it, right?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Whatever
I live the OPM nightmare. Having held a security clearance prior to the break in, OPM "no longer has any data" on me.
"...Don't fall for it"?: our government can't protect any data. ...and you want to give them access to what? Go live in a glass house with no curtains, and post your life on poster boards in your front yard. Though that's the access asked for, know that it is illegal for you to provide it, "We must protect the children" from you.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Law enforcement would would love that for mobile devices, as a quick search of whatever the person was carrying when arrested would likely give them the password.
[ link to this | view in chronology ]
Re: Re: Re:
They are being 'asked' to disable the security protecting the device, the difference between that and a 'golden key' is effectively nothing in practice. A 'golden key' allows them to always have access any time they feel like it, bypassing any protections on the device/system, this does the same thing, it just requires that they go to the company and demand that they remove the security protecting the device first.
NO, ABSOLUTELY NOT. Nobody is asking Apple to break their own encryption. If Apple's encryption was strong enough (and not basically attached to a simple pincode) then we wouldn't have this discussion at all. But for two simple programming tricks (limit count and time delay), Apple's entire protection scene would be very very weak.
That's like saying that without a lock any door is easy to open.
You keep treating the two systems, pin-code and delay/device wipe as though only the first was part of the security, when both of them are. It's kinda like saying that the only security a bank really has is the bank vault door, so taking away all the guards and disconnecting the electronic surveillance wouldn't be negatively impacting the security.
Yes, the pin-code on it's own would be weak, given there's devices that are specifically designed to run through all the possible numbers as fast as possible, that's why the other features were added. It doesn't matter if one someone can simply run through the numbers until they get the right one, if they only have ten tries to do so, with increasingly large delays between attempts.
With the ability to brute-force a password with minimal effort the pin effectively isn't the security protecting the device, the delay/wipe functions are, and those are what are what the FBI/DOJ through the courts are ordering removed, via, and I'm repeating this yet again because it's so freakin' important custom code that Apple is being forced to create to undermine their own security features.
A company is being 'asked' not to hand over something they already have, but to create something with the express purpose of removing security features that they implemented in the first place. How do you not see that as a problem, and how is it that you don't think that if the FBI/DOJ wins this they won't demand that it be done by other companies?
I think that it would be used in appropriate situations where weak encryption systems are in place which can generally be accessed through simple methods. I suspect it will be rendered moot by Apple rolling out a more significant / more secure system that will make brute force hacking, no matter the delays or try counters, meaningless. The ruling has value only as long as companies like Apple make weak security (and try to pass it off as super strong).
That 'weak' security is in this case more than enough to stop the FBI/DOJ cold. That doesn't strike me as very 'weak', but ultimately it doesn't matter how strong it is if a court can simply order it removed to allow access to what it was protecting.
Yes I do. But I think that almost any system that has a human interaction point (passcode) is likely to be suspectible to brute force methods because the public wants generally to use the smallest / shortest password possible to make things easy to live with.
Well yes, if you want the general public to use security you need to make it easy enough that the majority will be willing to use it. That part of security is always going to be the weakest, what companies can do to make up for that weakness is what Apple has done here, making it so that someone can't just keep guessing until they get the right combination.
If a company is dealing with a small, specialized group that is willing to jump through extra hoops to keep their stuff secure, they can make said security more difficult to get around at the user level, but a company that is trying to sell to the general public basically has two options, no security or 'weak' security at the user level, and compensate for that weakness.
On that basis, unless they enforce good and long passwords, they are very likely to ALWAYS have a system that came be compromised. The real "fix" will be there, and nowhere.
Right, which would you say is more secure:
A longer password that can be guessed an infinite amount of times.
Or a shorter password that can be guessed ten times before the content it's protecting is lost.
A longer password on it's own is more secure than a shorter one, no argument there, but it's possible to make the difference moot by adding in additional security, such that what makes the longer password stronger(more required guesses) isn't a factor. It doesn't matter if a longer password took one-thousand guesses to get right and a shorter password only took one-hundred if you only have ten guesses available, at that point it's simply a matter of luck and hoping the one who set the password was a lazy idiot and went with all zeros.
Until they, I suspect the FBI will use the results of this case as an effective tool for accessing locked phones IN THEIR POSSESSION AS PART OF A CRIMINAL CASE (uppercase to make a sigificant point) and not as some sort of random back door to read your email during a traffic stop.
And again you miss what people are objecting to. It's not a matter of 'police might check our phones at a whim'(that's what passwords in general are for), it's the idea of forcing a company to create custom code that allows someone else, in this case the FBI, to bypass security on a device.
[ link to this | view in chronology ]
Re: Re: Re: Re:
He doesn't think it's a problem because it's the government asking, and he thinks the government is always right and should always get what it wants. Or at least I've never seen him say otherwise.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
And when he finds that he has been enslaved, he will complain that nobody warned him of the dangers of granting every request that a government makes.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
I would guess he will have his head so far down in the sand he won't be able to see any such thing.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
If Google or Apple or Facebook wants a little of that information, though, watch him froth at the mouth and lose his shit. Playing with anonymity, the same anonymity that he demands to be stripped from everyone else, is his only advantage. He knows that any attempt to establish his credibility would instantly ruin it. How else could you argue for things like reduced police oversight?
[ link to this | view in chronology ]
Re:
Bullshit. Password attempt limits and delays are security measures meant to counter brute-force attacks. Removing them makes the phone less secure.
To demonstrate your belief in your own nonsense, I'm sure you'd apply this patch to your phone should it ever become available, yes?
[ link to this | view in chronology ]
Re:
If this tool to weaken security it created, it can be used on any phone with the same version iOS. If you don't understand what this tool would do I will try to explain it in a simple manner.
It will allow the government unlimited access to rapidly input (ie.. electronically) random pass codes. This is know as a brute force attack. If the phone has a 4 digit code, it will be cracked in a trivial amount of time. Without knowing how fast the interface is between the phone and the device sending the code it is hard to say how long, but it will be quick.
Suffice it to say, this tool IS the back door.
[ link to this | view in chronology ]
Re: Re:
DUH. No, they won't put in random passwords, they will start at one end of the possible password list (000000) and move towards the end (99999) a step at a time until they hit the code tha unlocks it.
"If this tool to weaken security it created, it can be used on any phone with the same version iOS."
Since Apple uses version signing and other (quite effective) methods to block unauthorized changes to their phones (you know, the ones you "own"), it's not something that can be applied randomly to any phone at any time. Moreover, it has a limited use to hackers and others as it requires physical long term access to the device in order to profit from it. It's not a back door in any sense that it provides access without fulfilling the normal security requirements (entering a valid pincode).
If it was a backdoor, you could put it on any Iphone and have instant access. You will NOT have access even if you apply this update. As a human, entering 1 pin code every 5 seconds (because there is a limit on how fast you can accurately enter them), it's going to take you a year or more of full time (8 hour per day) work to be able to brute force a device. A backdoor would give you this access directly.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Often when someone says "random" it's more accurate to substitute "arbitrary". I think that is the case here. I don't think he meant to suggest the FBI would use a psedorandom number generator to generate passcodes.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
My definition of backdoor is a ham sandwich. The FBI is absolutely not asking Apple for a ham sandwich.
[ link to this | view in chronology ]
Re: Re: Re: Re:
I think it's very important though. The mistake many are going with here is that Apple is being asked for a golden key or to completely and instantly defeat all encryption and passwords. It's just not the case. They will certainly make it easier to get in to the individual phone in question, but they will not be magically rendering encryption or security moot on the hundreds of millions of other devices they have sold.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Rather, the FBI will be able to go to Apple and have Apple break the security, upon demand...for potentially hundreds of millions of devices.
So it it simple laziness by the FBI then?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Isn't it your mistake assuming we do? Particularly here on Techdirt after a number of articles pointing out clearly that Apple is "only" asked to take down the number and delay of retries, I think that's quite a wrong assumption to make.
So calling it a backdoor might not suit your definition of it (no "instant access" here), but it does ours. And it does weaken security all around, even if YOU think that this feature is just "bubble wrap" around the lock. (Must be Titanium-level bubble-wrap though, given how it's so annoying to the FBI.)
You're the only here who doesn't want to call it a backdoor and you're not making your point across. At least you focused on this until TOG asked you very direct questions. (And it was nice of you to reply as straight-forwardly.)
Now if we could drop this nonsense about "backdoor/non-backdoor", we can maybe move on with the actual debate.
[ link to this | view in chronology ]
Re: Re: Re:
If it was a backdoor, you could put it on any Iphone and have instant access.
As opposed to using it on any iphone and getting access in a few minutes to a few hours. Oh the huge, unbearable difference. Do you really believe that if someone wants to get access to a phone they will type manually?
Seriously.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Yes, but only if (a) the phone is in physical possession, because making this change to a remote phone wouldn't do anything (the phone would still be secure and encrypted), and (b) only if Apple makes no other changes ever in their security system of their phones.
I am starting to think that part of Apple's legal objections here are to create a delay while they roll out an iOS update that will enforce stronger passwords or that will otherwise render the court's order moot for any other devices except this one.
"As opposed to using it on any iphone and getting access in a few minutes to a few hours. "
Not a few minutes, sorry - and unlikely even a few hours. There is a limit to how many pincode attempts the phone can process. While Mike optimistically claims less than a day on the current system, the reality is much more like a week to a month.
"Do you really believe that if someone wants to get access to a phone they will type manually?"
Nope, but again, there is a limit as to how many requests the phone itself can handle. You can't go massively parallel (because you can't duplicate the phone), so you are stuck dealing with a single device. It's likely to be no more than 1 or 2 a second from what I can figure.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
No, it would be vulnerable for those that can get physical access to it. Put that in your head: the Government is not the only one that may get access. And more importantly, the Government cannot be trusted to always act within reasonable boundaries.
While Mike optimistically claims less than a day on the current system, the reality is much more like a week to a month.
And it doesn't matter. They'd still have access. Remember, it doesn't matter if China gets access in a few hours or a week. Once the content of a dissident is decrypted it's all over. And that's the point here. The criminals in question should be tried and punished yes. But them alone, not the entirety of the population.
It's likely to be no more than 1 or 2 a second from what I can figure.
Actually it has been pointed before. The actual hardware delay is around 80 milliseconds. And again it doesn't matter.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Still 22 hours... even at that high speed. Add a 7th digit, and it's 220 hours. 8th digit and it's 2200 hours, and 9 it's 22,000 hours.. or two and a half years.
"And it doesn't matter. They'd still have access. Remember, it doesn't matter if China gets access in a few hours or a week. Once the content of a dissident is decrypted it's all over. And that's the point here. The criminals in question should be tried and punished yes. But them alone, not the entirety of the population."
...and you don't think China doesn't already have access? That's another part of the deal here, Apple may not want to admit or expose that they have already made the deal with the devil a long time ago, and all the FBI is asking for amounts to having the "China version OS" applied to an American phone.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I've heard about 1 every 80 milliseconds.
[ link to this | view in chronology ]
Re:
Actually, it's YOU who need to work on the definition.
They are seeking the very limited concept of modifying the OS on a single phone to make it so there is no 10 tries limit, as well as to remove an artificial processing delay of 5 seconds per try.
This is something that defeats the security inherent in the device. As I told you in the other post, (where you also spewed out similar bullshit), per Wikipedia:
A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc.
So, to make it clear to you, for the 5th time - the method they're asking for bypasses normal authentication method. Otherwise, they wouldn't need code to do it. As such it qualifies as a backdoor.
No amount of law-enforcement-induced-delusion spin will change that. Perhaps you'd also like to argue about what the definition of "is" is while you're at it...
A backdoor would assure full access. There is no assurance here.
And you assume that there's no assurance? You seriously want to argue that the FBI might not have the ability to count in sequence?
[ link to this | view in chronology ]
Re: Re:
Once again, it doesn't bypass the normal authentication methods - it only exposes that method without other restrictions. The authentication method is "enter a pincode", and nothing else. Everything else are barriers to using the authentication system.
Remember, if the phone isn't unlocked because of the changes, it's because the authentication method is still in place and still intact.
[ link to this | view in chronology ]
Re: Re: Re:
And once again, you're wrong, and continuing to look like an ass.
Why not stick to things you're better versed in, like complaining about starving artists and piracy?
Because frankly, your understanding of how security works just plain sucks.
[ link to this | view in chronology ]
A simple typo
Sorry, I saw you had a typo in your post. I fixed it for you.
No no, you don't have to thank me. I know how much of a stickler you are for accuracy.
[ link to this | view in chronology ]
Re: A simple typo
For sure it's a deterrent to steal a phone. Or at least to use it or see what's inside.
Now maybe it's hard, but computers get better. If I get a password cracked in a day or 2 from a mobile I stole, I can do a lot of things with it. Or with the data inside, like, for starters, selling it.
And considering that as time passes, you are forced more to using mobiles and devices to do stuff (like ewallets, wait until your bank starts making you pay for using ATMs. And they will); losing or getting your mobile stolen will be more of an issue that is now.
As if it wasn't enough having it stolen, now you'll have to worry if by any chance, some kid that knows too much about computers, has cracked it open or not.
[ link to this | view in chronology ]
Re:
if bruce schneier hasn't come out saying it's not a backdoor... dude. who are you? and what are your qualifications (except for reading a definition on wikipedia) for declaring it not a backdoor?
[ link to this | view in chronology ]
Re:
The fBI had the means to decrypt the phone themselves usinng current technology. There's an Ars Technica article on the subject. I strongly suggest you go read that article, than tell me that what the Feeb swanted wasn't a backdoor.
[ link to this | view in chronology ]
I can tell you it's keeping me from ever visiting the US. If I wanted to visit a country that treats people like it is part of the third world there are much nicer tropical ones to go to.
[ link to this | view in chronology ]
Should Apple do this of free will to assist, they can kiss their global market for cell phones goodbye because the selling point of their data being their data went out the window.
Before this is over with, much of US technology will not be wanted by the rest of the world because they can't trust that what they put in their phones are really private.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
any not engaged in either of those activities is well on the way toward becoming the answer to a tomorrow's trivia question.
[ link to this | view in chronology ]
First Amendment issue
Apple is being ordered to use their private signing certificate to sign code that the government has specified to be written.
In forcing Apple to sign something the government would be taking away Apple's sole right to speak (or not speak) on its behalf by virtue of signing (or not signing) code.
E
[ link to this | view in chronology ]
Forcing Apple's signature
[ link to this | view in chronology ]
Re: First Amendment issue
Good point.
[ link to this | view in chronology ]
Re: First Amendment issue
[quote]The code must contain a unique identifier “so that [it] would only load and execute on the SUBJECT DEVICE,” and it must be “‘signed’ cryptographically by Apple using its own proprietary encryption methods.” Ex Parte App. at 5, 7.
This amounts to compelled speech and viewpoint discrimination in violation of the First Amendment.[/quote]
Apple Inc's motion to vacate order compelling...
p.43
[ link to this | view in chronology ]
Apples Response
Then, later on when everyone stops buying iPhones and AFTER TPP is enacted, one of Apple's wholly-owned Asian subsidiaries should make an ISDS claim against US Govt for loss of earnings due to this crappy order.
A win for no-one.
[ link to this | view in chronology ]
Technological Solution
[ link to this | view in chronology ]
[ link to this | view in chronology ]