Apple Engineering VP: The FBI Wants Us To Make Everyone Less Safe
from the that's-a-problem dept
As so many have tried to frame the Apple v. FBI fight as one of "privacy v. security," the fact is that it's really about security v. security, where it really comes down to what are you more afraid of: the off-chance that someone will secretly plan a terrorist attack on an encrypted iPhone, or the much more likely issue with millions of phones being stolen or hacked into by criminals looking to swipe your private information. Apple's VP of software engineering, Craig Federighi, had now taken to the pages of the Washington Post to try to highlight this issue, and explain that the FBI and DOJ are really trying to make everyone a lot less safe.But the threat to our personal information is just the tip of the iceberg. Your phone is more than a personal device. In today’s mobile, networked world, it’s part of the security perimeter that protects your family and co-workers. Our nation’s vital infrastructure -- such as power grids and transportation hubs -- becomes more vulnerable when individual devices get hacked. Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person’s smartphone.And he also has a good response to those, like Manhattan DA Cyrus Vance, who insist that they just want Apple "to go back" to the way they had security on phones prior to iOS 8. In other words, make everyone less secure. Their argument is that if that was okay a few years ago, why isn't it okay now. And the answer is that security holes are found over time and they make systems less and less secure. So taking a step back is not just like going back a couple of years, but much, much worse, because now lots of people know how to get past the security features:
Of course, despite our best efforts, nothing is 100 percent secure. Humans are fallible. Our engineers write millions of lines of code, and even the very best can make mistakes. A mistake can become a point of weakness, something for attackers to exploit. Identifying and fixing those problems are critical parts of our mission to keep customers safe. Doing anything to hamper that mission would be a serious mistake.And, as he notes, the FBI's demands in the San Bernardino case are akin to doing the same thing to the security of iOS 8: creating a vulnerability that will almost certainly "spread around the world in the blink of an eye." It's a good, straightforward piece explaining why the FBI and DOJ's demands are so dangerous here.
That’s why it’s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. They have suggested that the safeguards of iOS 7 were good enough and that we should simply go back to the security standards of 2013. But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers. What’s worse, some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: craig federighi, encryption, protection, security
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
The FBI has not asked Apple to roll out an new OS for everyone. They haven't told them to put a back door on every phone. They are asking for a single device to be made more accessible.
The latest overhype from apple is (and I am not kidding) that the FBI wants them to turn on cameras and microphones so they can film and listen to you. Really.
Apple has pretty much turned to a turd on this one. They are outrightly being dishonest. Fuck Apple, seriously (and I don't say that often).
[ link to this | view in thread ]
Re: Re:
(Like you wouldn't if you could?Think of all the pirates you could catch, right?)
so, whats is your pin number?
{if this goes thru,I bet I can get Your pin within 6 months of it happening...}
[ link to this | view in thread ]
Re: Re:
That may be true, and yet it doesn't necessarily follow that the FBI should be granted its request. Don't forget that the FBI is lying outright in this affair as well, find your own path.
> The FBI has not asked Apple to roll out an new OS for everyone.
Correct. The FBI is asking Apple to craft a custom OS with reduced security, and a mechanism by which they can install that OS, bypassing any security measures, onto a targeted phone.
> They haven't told them to put a back door on every phone.
Incorrect-ish. They are asking for every phone, now and in the future, to be vulnerable to this custom OS.
> They are asking for a single device to be made more accessible.
Correct-ish, but not the whole story.
The FBI is asking for the entire ecosystem of iPhone devices, now and in the future, to be vulnerable to a process by which critical security mechanisms on the device can be circumvented.
Sure, the FBI is asking for this for just one phone (twice), but the rest of the law enforcement community is lined up to make this request for just one phone any number of times.
And the odds of the process itself not becoming available to malicious actors (not counting the FBI)? That number decreases to zero over time. I'm not sure how much time that is, but it's probably measured in years not decades.
> The latest overhype from apple is (and I am not kidding) that the FBI wants them to turn on cameras and microphones so they can film and listen to you. Really.
I was of the understanding that this has been possible in a variety of phones for years now, and not just by law enforcement. Regardless, the nature of the request being discussed is bad enough, and this request can be discussed separately if it turns out to be the case.
> Apple has pretty much turned to a turd on this one. They are outrightly being dishonest. Fuck Apple, seriously (and I don't say that often).
Sure. But don't let that set a terrible precedent that will fuck the rest of us, seriously.
[ link to this | view in thread ]
>They haven't told them to put a back door on every phone.
>They are asking for a single device to be made more accessible.
This is simply false. It is an example of the FBI lying. The FBI has said:
(1a) This is only for a single phone
(1b) But there are twelve other phones that we want, which we will ask for (presumably one at a time) after we get this one
(2a) This will not impact any other jurisdiction, nobody else will be asking for anything more just because of this.
(2b) However, the ADA for New York has a stack of one-hundred-odd phones that HE is saying he will ask for help with.
None of those are Apple statements, all are from the FBI or other US authority.
The first two statements CANNOT both be true, ergo it is the FBI that is lying (although I suppose we can't know which statement is the lie, or if both are false.
Likewise, the second two statements cannot both be true; the US goverment official must be lying.
Apple has said that if the government can demand as a matter of law THIS rewrite of their operating system, what rewrites can be restricted? Again, the answer is logically obvious. Since we already know that governments have been turning on cameras and microphones where they could, obviously if they could demand that help more often, they would.
Apple has also said, and it is a simple matter of law, that if evidence from the phone is used in court, everyone involved--defense attorneys and their technical experts--have the legal right to inspect the code used to decrypt the phone. Apple has said, and it is a simple matter of fact, that in those circumstances no power on earth could keep the back door secret--it would leak, and any phone would be vulnerable.
This is a much better argument even than it appears. The obvious answer is, that the FBI has no intention of using that evidence in court.... but they are trapped in another lie and can't tell the truth now, because that would completely destroy the rationale for using the all writs act in the first place.
This is not about Apple, or about terrorists--these terrorists have already gone to the Supreme Court and won't be remanded. This is about the FBI being able to collect information on anybody,--but not for use in court, for the purposes of blackmail. It's the 21st century version of the J. Edgar Hoover blackmail files.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
Correctish, but not really entirely true at all. You left out the part where the phone would have to be in their possession, that they wouldn't just roll it out remotely on random phones, etc. This is all the hype Apple is pushing, that the FBI will suddenly be able to hack your phone, turn on your camera, and catch you humping a dead moose (or whatever it is) and use it against you.
"Sure. But don't let that set a terrible precedent that will fuck the rest of us, seriously."
I don't think there is any terrible precedent here. Apple isn't being asked to make all devices less secure. They are not being asked to make it so any hacker can access your phone. They are not being asked to install a backdoor. If your pincode is 8 to 10 characters long, this OS patch (it's not a full OS, it's a patch to remove 2 security hacks in place to make up for insanely short pincodes) won't change anything. The police could take your phone, apply the patch, and spend then next decade trying to get into your device. A backdoor would be "push button, and you are in". Nobody is asking Apple to do that, or any of the other scary things they are invoking.
Apple really is overdoing it.
As a side note, how long do you think it will be before Apple faces a serious tax crackdown in the US? Weeks? Days? I can't help but think that the FBI will be putting pressure on in any way they can to get this job done.
[ link to this | view in thread ]
A long post about why!
The disabled security would also be god sent for terrorists. If emergency calls is routed to fake responders it would make havoc on the police's ability to respond. It would also make it much easier to get access to places they shouldn't be allowed in. Both in homes and in sensitive areas.
I disagree though, when it comes to why. There is no lack of very serious crimes in USA, that the FBI does not bother to investigate. One such overlooked crime is rape, where there is hundreds of thousands of rape kits that isn't even analyzed. If you count every women in USA from newborn to geriatric centenarians, there is still more than unanalyzed rape kit / 1000 women!
A large number of these is done by serial rapists.
But both the local police and FBI have a disdain for victims. Being a victim is week. It is considered "emotionally stressful", for the police, to talk to the victim and investigate. And because of the disdain for victims, 500 to 1500 dollars to analyze a kit is "not worth it". There is an absurd number of rapes that isn't reported to the police.
There is a significant segment of the police that view the public as potentially dangerous. When the police train for how to handle possibly armed citizens/criminals, the citizen/criminal tend to suddenly try to shoot. This makes to little emphasis on how to handle unarmed and not dangerous suspicious looking citizens, and the police is often not mentally well equipped to handle this and is too aggressive. This causes actual harm and unnecessary friction. Frequent assassinations by a few police officers makes this worse for all police officers (and for the citizens).
This makes the police want to force it their way. It also makes it want to force themselves into the citizens phones, as every citizen is a potential enemy.
Having a armed car in the garage and brandishing guns and forcing their will is also better at inflating the ego than doing tedious work.
[ link to this | view in thread ]
Though, how knows. I often cringe at unnecessary vulnerabilities introduced in systems.
[ link to this | view in thread ]
Re: A long post about why!
Should be:
If you count every women in USA from newborn to geriatric centenarians, there is still more than one unanalyzed rape kit / 1000 women!
[ link to this | view in thread ]
Re: A long post about why!
Once you grok and handle that basic idea, you start to realize that Apple is hyping this to the very ends of the earth.
Want your device to be secure? Use a longer pincode. 10 digits (like a phone number) would be more than enough.
Don't buy into Apple's lies. They are on the attack and they are trying very hard to mislead the public, all I suspect to avoid admitting that their entire security and encryption scheme comes down to a 4 digit pin code... not very secure in reality!
[ link to this | view in thread ]
Re: Re:
Feel free to offer any proof of that. In the mean time ignore Apple and listen to the countless security experts and other tech companies who have explained in great detail why this is such a bad idea. Let's hear you try to refute all of their claims as well.
"The FBI has not asked Apple to roll out an new OS for everyone. They haven't told them to put a back door on every phone. They are asking for a single device to be made more accessible."
It's extraordinary that anyone would still be trotting out the "just one phone" line at this point. That one has been so well and truly debunked that even law enforcement has stopped claiming that.
[ link to this | view in thread ]
Re:
Why? The case if for a single phone. If successful, they will likely go through the same steps of discovery and move for a warrant to get similar access to those phones as well. Both statements are correct and neither is a lie.
The lie is Apple saying "it's about every iphone every made!". Pay attention to who is not telling the truth!
[ link to this | view in thread ]
Re: Re: Re:
The trick is that they are not talking about the same things, they are intentionally talking about something that just isn't in the cards on this case: Rolling out a less secure OS to every iphone in the world.
See, the problem is they are correct and honest if you take the assumption that FBiOS would be rolled out to everyone phone in the world. It will not (Apple controls the universe). So the scare factor they are rolling out is about something that does not exist.
So it's hard to argue their points, because their points exist in something that isn't happening. Apple has gotten plenty of people to discuss a weird world where somehow everyone ends up with the OS patch made for a single phone, applied under Apple's update control. The only way it gets out and APPLIED in the wild is if Apple does so.
Even with the patch (which would only disable 10 tries max and lockout "features"), you would still have to brute force the pincode. At 8 digits or longer, the amount of time required to do that would be beyond any reasonable expectation.
You also have to remember that any file decryption requires the physical device. Downloading the encrypted data and trying to decode it won't work, you need their security chip to provide the rest of the method to decrypt the data. So the patch would have to be on the phone and then a pincode brute force system run against the phone for, oh, MONTHS to try to get in.
"It's extraordinary that anyone would still be trotting out the "just one phone" line at this point. That one has been so well and truly debunked that even law enforcement has stopped claiming that."
Yet it is just for one phone - to start with. Moreover, even if expanded out, it's a phone at a time, not a global patch for all iphones - which is the scary universe Apple is trying to paint.
Can you show any indication that Apple will be forced to roll out an update that makes all phones significantly less secure than they already are to all phones in the US (or world) as a result of the FBI warrant?
I don't think you can.
[ link to this | view in thread ]
Re: Re: A long post about why!
A longer pin code does nothing to make you more secure if
the gov't has a means of bypassing it .
Basically you should just go and give your local law enforcement a set of keys to your front door , the passwords to your bank accounts , the authorization for them to see your medical records and anything else that you would want to be kept private , cause hey if you have nothing to hide so why should it matter if they have the ability to make sure you've got nothing to hide .
Don't worry they will keep it secure for you :)
they'll never use it less they need to........for others protection from you ..............
[ link to this | view in thread ]
Re: Re: A long post about why!
And it were obvious very early, as his own phone were destroyed and he willingly choose to not destroy this one.
If the precedent is set, a longer pin code or physical access to the phone would not matter, as there is no fundamental legal foundation protecting Apple from further demands. This is about who has the final say about backdoors and privacy.
There is a very low probability that the introduced vulnerability will stay secret.
This goes for all US software. I hope contingency plans is in place to move important systems to safer software quickly enough!
[ link to this | view in thread ]
Re: Re: Re: Re:
Nobody credible has claimed that. Your entire argument is based on a gross falsehood. What a waste of your time...
[ link to this | view in thread ]
Re: Re: Re: Re:
How about your contact list? Browser cookies? Default names to 'harmless' apps?
How much are you willing to bet that I can't social-engineer that dead gmail account back open, and go on from there?
That IS, after all, what you ARE betting.
[ link to this | view in thread ]
Re: Re:
You say fuck Apple? I say fuck you.
[ link to this | view in thread ]
Re: Re: A long post about why!
You have absolutely no idea how the technology works and I am thoroughly convinced you are trolling here. You are making assertions which are factually, provably false.
Go away.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: A long post about why!
There is a very low probability that the introduced vulnerability will stay secret."
Two things here, first and foremost, since Apple's encryption system (as documented here by Mike) requires the one way system of their security chip, Apple cannot so easily backdoor or compromise that feature. Instead, the feds are aiming at the weak point in the chain, the short pin code. They are not getting it disabled (because you need it to crack in encryption) and instead they will have to brute force it.
The trick is that if the 6 digit code takes a day, the 7 digit would take 10 days, 8 digit would take 100 days,and 10 digits would take 10,000 days - and it all must happen on the target device.
The vulnerability is already there, there is no "secret" about it. Since you cannot update an iPhone with out Apple's digital signature, it means that even in the wild, the code is useless, because it cannot be applied.
Sorry, but the arguments are weak.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
/s
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re:
This has been explained in great detail already. The precedent is even worse than anything else (and I'm including loss of trust and all the forensic process there). If it can be forced on Apple it can be forced on anybody. That's horrifying.
Besides, it has been clearly discussed that this code will leak putting millions at risk.
So you are full of bullshit. It has been pointed out already but it doesn't hurt to keep it visible.
As a side note, how long do you think it will be before Apple faces a serious tax crackdown in the US? Weeks? Days? I can't help but think that the FBI will be putting pressure on in any way they can to get this job done.
Ah the despotic, totalitarian way. Not that we haven't seen the US using the Govt might to screw people in the past, no? You can see it and yet you fail to see how allowing the FBI to have their way and establishing a precedent is incredibly dangerous. Oh wait, you can. It's just you being an asshole.
[ link to this | view in thread ]
Security?
I'm betting, Apple cannot do it. They fired some people last November, or the ended their contract. The person that knew how, was in that bunch, I hope the have to pay cooks salary to him for the backdoor. But, then, they pushed several updates, after they gave the OS to China, and that guy, was not there for the update tests, so they are out of the loop. So I bet they can no longer do it.
Or, did China push the updates? Who can tell, now?
[ link to this | view in thread ]
"if that was okay a few years ago, why isn't it okay now?"
So, let's go back to this time. Unlike phone security these procedures are actually proven to be useless so...
[ link to this | view in thread ]
Re: Re: Re: Re:
The simple fact that they "can" role out an update that makes your phone less secure, makes your phone less secure. If they want to keep the people's trust, they need to make it so nobody can crack the phone, especially Apple.
The judge was asking that they make the tool, then destroy the tool.. that's all well and good, but just Manhattan has over 150 phones sitting in evidence because they are locked. There could potentially be thousands of phones sitting in evidence waiting for a ruling just like this. What? Apple is going to create "thousands" of single use operating systems to crack all these phones? That would take a hundred years of manpower to do. The next argument is, the government will pay for it. That's bullshit. Once the cost becomes prohibitive, the Gov will get the courts to make Apple do it on their own dime, or create a permanent hole so they don't have to keep creating one use operating systems.
Apple has thought this whole thing through. There are billions of dollars and thousands of jobs wrapped around this ruling. I appreciate your enthusiasm for our justice system, and disdain for major corporations walking all over it, but in this case the government needs to come up with a crack themselves, or just understand that some phones will be inaccessible.
[ link to this | view in thread ]
ha ha ha!!!
Simple, the Government is already stealing and intercepting everything they can on every one they can. This is not even remotely a secret.
Yes the FBI wants Apple to make this so they can remotely do anything they want to any iPhone they want at any time they want. They will not care about getting a warrant "National Security" is the only warrant they need and pretty much every Judge buys it.
Yes Whatever, we already know, that you know, the FBI will abuse whatever Apple builds them as much as they possibly can.
Just give up the Troll... you actually had a good roll!
[ link to this | view in thread ]
Re: Re: Re: Re:
And if you say it just a few MORE times, THEN it'll suddenly be true.
Idiot.
As a side note, how long do you think it will be before Apple faces a serious tax crackdown in the US? Weeks?
And assuming that's true, who should we fear more? Apple for not unlocking the phone, or the FBI?
I assume you're fine with living in a police state, where your refusal to cooperate is met with coercion.
It amazes me that you're still here arguing FOR the DOJ/FBI after a comment like that.
Just fuck off. Really.
[ link to this | view in thread ]
Re: Re: A long post about why!
I see. So computers ARE able to count from 0000-9999 rather easily.
But 0000000000-9999999999, that'll take a lifetime?
Is that the crux of your argument? Is that your understanding of security?
Because if it is, then frankly, you're a fucking idiot.
[ link to this | view in thread ]
Re: Re:
The case if (sic) for a single phone.
But:
If successful, they will likely go through the same steps of discovery and move for a warrant to get similar access to those phones as well.
Which certainly means "more than 1 phone."
And it's a lie if Apple says:
"it's about every iphone every made!"
So it's clearly about one phone. Now. But likely, it can be about multiple phoneS (notice the S at the end of phoneS, implying PLURAL), by your own statement, which you clearly state is not a lie.
So plural can't imply all? Please explain. We all anxiously await your well-reasoned response.
(OK, we're not really waiting. We just want to laugh at you some more...)
[ link to this | view in thread ]
Re:
Why isn't this point getting more attention? It seems like everyone enjoys debating whether Apple should or shouldn't do what the FBI asks yet no one's really talking about how Apple got into this position in the first place.
Maybe if the FBI did its job at the beginning and didn't wipe the crime scene or tell the San Bernadino School Board to change the password then they could have gotten a good backup and they wouldn't be in this position.
[ link to this | view in thread ]
Re: ha ha ha!!!
And every computerise device that they can lean on the manufacturer to do their bidding, and just think of all those mics in TV's........
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
It's my choice, nothing more.
"How about your contact list? Browser cookies? Default names to 'harmless' apps?"
Actually, my contact list is quite short on my phone, I usually just dial from memory the people I need to reach. I delete the log every so often as well. No doubt if you put a ton of effort into it, you might find a few slivers. The point isn't to make it absolutely empty, it's just to make it more than a little challenging for marketing types to try to connect me from one to the other.
You certainly wouldn't find any banking, credit card, or other information on my phone. Why would anyone want to carry that information with them all the time in something that is easily stolen?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
"The trick is that they are not talking about the same things, they are intentionally talking about something that just isn't in the cards on this case: Rolling out a less secure OS to every iphone in the world."
They are talking about the same thing.
You pretend that the demand from the FBI is only on one phone, not all of them. That's - only technically - true, but you try to explain that means only this one phone will be compromised. Every other phone will be safe.
That's wrong because enabling the FBI this very power that has been explicitly denied earlier by the Congress opens several security holes as has been described in several articles before. (That you have commented on, so don't pretend they don't exist.)
You're saying is just about this one phone that the FBI has in custody, brushing aside all the risks: leak of the software that could be used on stolen phones, risk of other governments making the exact same request, risk of the US authorities requesting broader changes, risk of people denying updates, etc.
"Weakening security on all phones" is not about "deploying a voluntary security breach on all phones". It's setting a while unsecured and untrusted environment in a domain that needs trust and innovation.
I'm still not sure if you're mistaken or outright lying, but
I'm definitely annoyed that you still battle on those irrelevant technicalities.
[ link to this | view in thread ]
Re: Re:
A backdoor that works on just that iPhone will also work on every iPhone of that model running that iOS version.
It's not hype or overhype, it's simply the truth.
[ link to this | view in thread ]