How Apple Could Lose By Winning: The DOJ's Next Move Could Be Worse
from the we-can-do-this-the-easy-way-or-the-hard-way dept
Since the conflict over smartphone security, long simmering between Apple and the FBI, burst into the headlines last month, many of us who advocate for strong encryption have watched the competing legal arguments advanced by the parties with a certain queasiness. Many of the arguments on Apple's side—whether offered by the company itself or the myriad groups who have weighed in with friend-of-the-court briefs—have turned critically on the government's unprecedented invocation of the hoary All Writs Act to compel the company to write and authenticate a novel piece of software effectively dragooning Apple engineers into government service.But there has always been an obvious alternative—a way to achieve the FBI's aim of circumventing iPhone security features without requiring any Apple employees to write a line of new code: the Lavabit Option.
That is, instead of asking Apple to create a hacking tool that would permit the FBI to attempt to brute-force a phone's passcode without triggering escalating delays between guesses or deletion of encrypted data, they could simply demand that Apple turn over the source code and documentation the FBI would need to develop its own custom version of the iOS boot ROM, sans security features. Then, they require Apple to either cryptographically sign that code or provide the government with access to its developer credentials, so that the FBiOS can run on an iPhone.
That hypothetical possibility is raised explicitly by the Justice Department in a footnote to its most recent motion in its ongoing litigation with Apple, which explains that the FBI had not gone that route because it "believed such a request would be less palatable to Apple." Having tried it the easy way, the FBI suggests it's happy to do things the hard way: "If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
Apple's latest reply brief clearly registered the company's dismayed response to this legal shot across the bow:
The catastrophic security implications of that threat only highlight the government's misunderstanding or reckless disregard of the technology at issue and the security risks implicated by its suggestion.Such a move would signal a race to the bottom of the slippery slope that has haunted privacy advocates: A world where companies can be forced to sign code developed by the government to facilitate surveillance. In this case, that means software to brute force a passcode, but could as easily apply to remote exploits targeting any networked device that relies on developer credentials to authenticate trusted updates. Which is to say, nearly any modern networked device. It entails, quite literally, handing the government the keys to the kingdom.
What's particularly worrying is that, while this approach is massively more troubling from a security perspective than funneling such requests through the company itself on a case-by-case basis, it would likely stand on a less shaky legal foundation.
Apple's arguments throughout this case have stressed the unprecedented nature of the FBI's attempt to conscript the firm's engineers, noting that the All-Writs Act invoked by the government was meant to enable only the particular types of orders familiar from common law, not grant an all-purpose power to "order private parties to do virtually anything the Justice Department and FBI can dream up." The trouble is, an order to turn over information in the "possession custody or control" of a private party is just such a traditional order. Such demands are routinely made, for instance, via a subpoena duces tecum requiring a person or company to produce documents.
It's likely that Apple's developer keys are stored in a Hardware Security Module that would make it difficult or impossible to produce a copy of their firmware signing key directly to the government. But that might not be much legal help. In a separate iPhone unlocking case in New York, magistrate judge James Ornstein recently rejected the government's argument that a previous All-Writs Act case, New York Telephone Co., required Apple's compliance. In that case, Ornstein noted, the government's
agents would normally have been able to install the authorized pen register without the company's assistance but for the fact that the subject telephone's wires were so placed as to prevent the agents from gaining surreptitious access. The agents thus needed the telephone company not to provide technical expertise they lacked, but only to step out of the way and let them perform their authorized surveillance on company property.But that sounds much closer to what would be involved in a case where Apple is required to authenticate government-written code: Just "step out of the way" and let the FBI access the HSM containing the keys used to sign updates.
Similarly, many of the First Amendment arguments raised by Apple and the Electronic Frontier Foundation—to the effect that "code is speech" and the requirement that Apple create new software amounts to "compelled speech"—would also fall by the wayside. They might still advance such arguments with respect to the "endorsement" implicit in using company credentials to sign software, but a court may not find that as intuitive as the idea that "compelled speech" is involved in requiring engineers to devise wholly novel and potentially complicated software.
Many of Apple's other arguments, of course, would remain untouched: There's the idea that Congress has established a comprehensive statutory framework specifying the means of law enforcement access to digital content via laws like the Communications Assistance for Law Enforcement Act and the Electronic Communications Privacy Act, making the All-Writs Act an inappropriate mechanism to seek authority withheld by Congress. Nor would a "sign our code" approach affect any of Apple's claims about the broader security harms inherent in the creation of developer-authenticated tools to break security. But the long list of legal barriers to the FBI getting its way would surely be significantly reduced.
That means it's not just important that Apple win in this case—it matters how it wins. If the company emerges victorious on grounds fundamentally tied to the mandate to create software rather than the demand to authenticate it, it could prove a pyrrhic victory indeed, opening the door for the government to insist on doing things the "hard way," and inaugurating an era of government scripted malware signed to look like genuine updates.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: all writs act, doj, encryption, fbi, going dark, key
Companies: apple, lavabit
Reader Comments
The First Word
“Say goodbye to American tech companies
Assuming that SCOTUS actually bought off on this bit of stupidity, it would be economic suicide for the US. Every tech company in America would relocate to another country.We would then be forced to fall back on our manufacturing sector to generate GNP. Oh, wait...
Subscribe: RSS
View by: Time | Thread
Nothing could possibly go wrong
I mean it's not like various government agencies have ever been hacked and had highly valuable data grabbed, or had someone almost literally just walk out the door with sensitive files, I'm sure the government would secure all that insanely valuable data in a way that no-one could ever gain access to it.
[ link to this | view in chronology ]
Re: Nothing could possibly go wrong
[ link to this | view in chronology ]
Re: Nothing could possibly go wrong
Not a chance I would trust such treasonous scum with access to what they are demanding here. They sell it off for profit and they know they will not be punished for those actions. there is no benefit to trusting anyone in the government with this until they clean up the corruption in their systems.
[ link to this | view in chronology ]
Re: Nothing could possibly go wrong
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
How many of the following items does America now have:
Secret courts.
Secret court orders.
Secret laws.
Secret interpretations of laws.
Secret arrests.
Secret evidence that can not made available to the defense for national security reasons.
Secret convictions.
Secret prisons where torture is practiced in secret. (But it's okay because it's not done on American soil.)
Americans should feel safer than ever.
Now does it still seem so far fetched that you could be arrested in the middle of the night by thugs kicking down your door?
And the Going Dark problem MUST be solved. We cannot allow there to be secrets we cannot read.
If you've done nothing wrong, then you've got nothing to hide (no secrets).
[ link to this | view in chronology ]
Re: Re: Re: Re:
Hey now, say what you will about Chicago, but it is definitely American soil.
Now does it still seem so far fetched that you could be arrested in the middle of the night by thugs kicking down your door?
Far fetched? No-knock warrants are commonplace these days, aren't they?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: recompense
Don't know whether to laugh or cry.
[ link to this | view in chronology ]
I personally, would never buy another Apple product. I would never trust them again.
[ link to this | view in chronology ]
Re:
It means that you could never trust commercial platforms of any sort at all. Commercial platforms aren't terribly trustworthy as it is, but this would ensure that a trustworthy one is impossible to create.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
It would be quite an interesting development. You'd have people who care about privacy and security looking for companies outside the normal reach of the various big governments, or going to the various platforms like CyangenMod.
I'm not sure how much it would hinder Apple and other US technology companies. When it became clear that ALL governments would be issuing the same orders for custom surveillance versions of their own subjects the impact would be far less. It would take someone like the EU declaring a "right to privacy" to give that region an economic advantage.
[ link to this | view in chronology ]
Re: Re: Re:
I also suspect that most criminals above the petty variety would not be impacted by this sort of action as they would already be using platforms out of the reach of governmental power.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
I kind of like that idea...
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
I know I'm stretching here
[ link to this | view in chronology ]
Re: I know I'm stretching here
Imagine the government being forced to petition for a three year exemption on cracking phones for surveillance. :D
[ link to this | view in chronology ]
Re: Re: I know I'm stretching here
[ link to this | view in chronology ]
Re: Re: I know I'm stretching here
[ link to this | view in chronology ]
Re: Re: Re: I know I'm stretching here
That's simply not true. The DMCA makes circumvention illegal even if the activity you're trying to engage in is otherwise 100% legal.
The real reason the DMCA doesn't apply is because it's the government.
[ link to this | view in chronology ]
Re: Re: Re: Re: I know I'm stretching here
That's simply not true. The DMCA makes circumvention illegal even if the activity you're trying to engage in is otherwise 100% legal.
Which is yet a separate question - whether something is copyright infringement does not hinge (entirely) on whether it's done for financial gain. The DMCA doesn't care about either point - legality or profit.
[ link to this | view in chronology ]
Re: I know I'm stretching here
[ link to this | view in chronology ]
[ link to this | view in chronology ]
FBiOS
[ link to this | view in chronology ]
Why now?
Why is the USA creating a secret police out of the FBI? Did the FBI always want to be the secret police?
This whole episode is very puzzling. Ordinarily, I can attribute some weird government behavior to "lobbying" by special interests, or turf wars between two TLAs or stupidity by a minor agency that blows up on them. This is the FBI, a major agency, and it seems to be doing this with full DoJ, if not Oval Office, approval. I can't make it come out as a turf war, dumbness, or due to lobbying. WTF?
[ link to this | view in chronology ]
Opportunistic government agencies is why
“But what concerns me, Mr. Chairman, is that in the middle of an ongoing Congressional debate on this subject, the Federal Bureau of Investigation would ask a federal magistrate to give them the special access to secure products that this committee, this Congress, and the administration have so far refused to provide,” he said. “Why has the government taken this step and forced this issue?”
He went on to speculate that the reason could be found in an email from “a senior lawyer in the intelligence community,” obtained and published in part by the Washington Post in September 2015. The email said that the “the legislative environment [with respect to mandating backdoors] is very hostile today,” but that “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”
[ link to this | view in chronology ]
Re: Why now?
The Dems need big $$$ in campaign contributions to ensure Prez Hillary; thus the Apple shakedown.
But Apple is merely the beginning: look what the Dems did to the big banks to get Obama elected.
[ link to this | view in chronology ]
Re: Re: Why now?
[ link to this | view in chronology ]
Re: Why now?
[ link to this | view in chronology ]
Re: Why now?
America is more than halfway there imo.
[ link to this | view in chronology ]
Re: Re: Why now?
The Police can murder with little to no justification, laws are being applied and people being jailed under State Secret, courts regularly disregard law, and trying to exercise your rights only gets more of them removed. The President is Openly saying you should have no privacy in the face of Government overreach.
We are in a police state by the facts alone!
And since a lot of people still Love Obama and Bush, this is apparently what America wants!
[ link to this | view in chronology ]
Re: Re: Re: Why now?
Has anybody asked Vicki Weaver?
[ link to this | view in chronology ]
Re: Re: Re: Why now?
If you are in America, ask your DA's conviction rate. At 95%+, how is it not a police state?
[ link to this | view in chronology ]
cisco products would someday soon sit alongside black and white philco tvs in dark corners of the smithsonian, saying, in effect, look at me, please, i used to be somebody.
[ link to this | view in chronology ]
unprofitable altogether. Trust is too much a central part
of the market to be compromised in this way.
People stop buying American.
American corporations emigrate.
Trillions in taxes disappear within a decade.
FBI's plans become an unreasonable burden after it's too
late to fix. The court might realize this in time to stop it.
[ link to this | view in chronology ]
Re:
It's been shown before that they can man-in-the-middle just about any network traffic. The next over the air, or mandatory windows update might contain all sorts of goodies from the NSA.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Impossibility
But impossible? The attacker is a major nation-state. To make it impossible, the physical HSM can't be the only line of defense.
Rather, one would hope that use of Apple's signing keys also require a ceremony which requires information contained within the physical HSM combined with information known only to multiple, trusted(*) personnel.
In a certain sense, the problem isn't that much different than the hardware uid + passcode problem with the iPhone.
(*) “Trusted” is more-or-less a term of art in this context. “Trusted” means having the capability to subvert security. It doesn't necessarily imply “trustworthy”.
[ link to this | view in chronology ]
I do hope to have a seat with a view the day President Trump signs the bill mandating the implantation of GPS enabled trackers that record everything we say and do so we can FINALLY be safe from terrorists. It'll be fun to watch the mark of the beast people finally be proven right as it all goes pear shaped.
We let them take to much, to push to far, and this rock is rolling down the hill very fast. One has serious concerns about how many will have to be crushed to try and stop it... if we even can at this point.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
It's is pretty clear how completely and despicably mentally dishonest you are.
None of these candidate give a flying fuck, they are all in it for the power, and each one is saying what they think will get them elected into power!
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
http://www.wired.com/2016/03/heres-tech-report-card-candidates-guess-got-f/
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Thanks, DOJ. Thanks a pantload.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
In the Lavabit case, the encryption key was just a number. Probably a prime number generated in a matter of minutes by some program.
Apple's source code is the result of millions of man hours of effort and is worth millions, perhaps billions, of dollars.
Clearly I'm not a lawyer, but I find it odd that Apple could be ordered to hand over their source code with no legal proceedings and no compensation.
And the thought that the FBI even entertains the belief that they can just take the millions of lines of Apple source code and just "tweak it" to accomplish their goals in my lifetime makes me laugh.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Well, the source for any specific build can be represented as a single natural number. If we consider the sources for different builds as a set of natural numbers, we can then map that set into another, even larger number.
Not sure where I'm going with this, but you said, “In the Lavabit case, the encryption key was just a number.” So tell me again what work the “just a number” argument does?
[ link to this | view in chronology ]
Re:
The obvious difference is that the encryption key was generated by a program and the computer power used to generate it was probably cost less than a penny.
While Apple's source code is the product of millions of man hours over years of effort.
They are scarcely equivalent.
It's like saying a doghouse and the Taj Mahal are equivalent because they're both "just buildings".
[ link to this | view in chronology ]
Re: Re:
Well, then why did you bother to state that the “doghouse” is just a building?
If your argument is about the semantics of the numbers, then maybe you're saying that Lavabit's number was meaningless and Apple's number is meaningful? You sure that's the direction you want to go?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
If the law is that the government can wipe out Lavabit, then it's no answer to say that Apple is different 'cause they're a big, rich important, meaningful company.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
without a crime, which laws allow the us government to walk in like gang busters and just start stealing shit?
[ link to this | view in chronology ]
Who could do this?
If the solution to USA bullying is to move offshore, well, mission accomplished.
[ link to this | view in chronology ]
Re: Who could do this?
They'd contract it out to Apple.
[ link to this | view in chronology ]
Sounds like an interesting case though.
[ link to this | view in chronology ]
Say goodbye to American tech companies
We would then be forced to fall back on our manufacturing sector to generate GNP. Oh, wait...
[ link to this | view in chronology ]
Re: Say goodbye to American tech companies
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
You mean, like Apple's "goto fail" bug?
https://en.wikipedia.org/wiki/Unreachable_code
[ link to this | view in chronology ]
An option already exists to limit this...
[ link to this | view in chronology ]
Yes, because the DOJ always quits while they are ahead right?
The DOJ will stop at nothing to get all the power it can muster, lie, cheat and steal to gain.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Sadly far to many Americans have forgotten this and are fine with voting in any of the current gaggle of maggots that are currently running for president.
What is interesting, is that each of the current candidates D or R (including our past 3 presidents) would be considered an anathema to the founders on issues of liberty.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Bernie's opposed to that idea, isn't he? In fact, the centerpiece of his whole campaign is opposition to that idea that Apple, Inc. might have any first amendment rights, isn't it?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:WTF?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Afaict, he's against the idea that people have a right to organize themselves for political purposes, and to distribute a movie using video-on-demand.
After hearing that, to be honest, I mostly quit listening to Bernie himself. Here at Techdirt, though, I have heard a number of his ostensible supporters argue roughly that “corporations R teh evil”. I did come away with the impression that Bernie felt that people's right to organize and distribute core political speech ought to be infringed by the Congress.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
Frankly, I didn't watch myself, and wouldn't pay to see it on video-on-demand. I've heard the piece of garbage. I don't really like movies, anyhow.
But people still have a fundamental right to organize. Organized citizens still have a fundamental right to seek to pursuade their fellow citizens. They have the right to make the movie, and to distribute it to people who want to watch it.
So, you can tell me —until you're blue in the face— that censoring the movie is not a big deal. But you just lost me there.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
Crooked lawyers are still crooked at the end of the day.
Look at what little happened to the crooked lawyers in United States VS Riggs.
[ link to this | view in chronology ]
Germany
[ link to this | view in chronology ]
excuse me, please, i just remembered i was going to head downtown to look at that new philco tv everybody's talking about.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Corporate refugees flee the U.S. in overcrowded boats
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The endgame -- if this plays out
1. What is the value of that (new) code on the open market?
2. What countries would be ready, willing, and able to pay that amount?
3. What countries would be ready, willing, and able to coerce, steal, kidnap, suborn, and kill for it?
4. There are, of course, a nonzero number of foreign intelligence agents inside the FBI (just like there are a nonzero number of US intelligence agents inside other countries' agencies). Given that that the USG does not know who they all are, how will the FBI ensure that one of them isn't on the team directly involved in this work?
This is an incredibly dangerous path to tread.
[ link to this | view in chronology ]
Waste of time
[ link to this | view in chronology ]
Re: Waste of time
[ link to this | view in chronology ]
Re: Re: Waste of time
Suicide bombers do not need particularly secure message systems, they are expendable after all, while the puppet masters behind them do need secure communications, as they expect to be around for many years.
[ link to this | view in chronology ]
Re: Re: Re: Waste of time
The best masters are out in the open and unworried.
What did Stalin say..."Ideas are more powerful than guns. We would not let our enemies have guns, why should we let them have ideas. "
[ link to this | view in chronology ]
Re: Re: Waste of time
Scalability isn't the point. Secrecy is.
Terrorists meet and swap 100 GBytes of random numbers for their one time pad keys.
That allows them to communicate for years without having to meet again.
They're not trying to build a computer network; they're trying to commit mayhem.
But the rest of us have to destroy our privacy with weak cryptosystems so that the terrorists can continue to communicate in perfect secrecy?
So the proposed "solution" doesn't stop the terrorists and does infringe on the rights of the rest of us.
[ link to this | view in chronology ]
Re: Re: Waste of time
Yes one-time pads are a usability nightmare. Yes you will need to be an encryption nerd and an opsec nerd if you want the privacy that was once available to all of us. But it will be the best encryption available, because it will be the only encryption available.
[ link to this | view in chronology ]
Re: Re: Re: Waste of time
There are secure open source encryption systems available, and they cannot force changes into every available copy, or prevent people taking a diff between source trees before accepting or rejecting changes. You can be sure that their are people keeping a very close eye on those code bases, including foreign governments. Also encryption systems can be run on naked iron, using smaller arm, or other controller orientated processor.
[ link to this | view in chronology ]
Apple is not Lavabit
The proper response to drastic action (*especially* if accompanied by a gag order) would be for Apple to go public in a huge way, while announcing plans to relocate so it can continue to offer its customers (in free countries) meaningful security.
Meanwhile, I think Apple could afford a few billion for a huge PR campaign that would make it political suicide for any politician to be on the stupid side of this fight.
[ link to this | view in chronology ]
Apple could also Win by Losing
2. Install it for this one phone. Then another and another...
3. The FBI (at gunpoint) won't leave the building without it. And the private signing keys. (Even if this step does not occur, the rest follow...)
4. Inevitably, it leaks. Or is hacked.
5. Tens of millions of phones are instantly vulnerable.
6. Overnight it is major national news. Apple security compromised. And nothing can be done about it.
7. AND IT IS BEYOND DOUBT THAT THE FBI IS RESPONSIBLE.
8. Suddenly all doubters are convinced.
9. Apple sets about to build new models with security.
10. Everyone wants the new models at a much faster rate than natural upgrade cycles.
11. Profit.
[ link to this | view in chronology ]
Re: Apple could also Win by Losing
The "signing keys" are powerful, but they are both easily revoked and also potentially quite indivdualistic. As an example, when you update to ios 9.2, you cannot go backwards to 9.0.x if you didn't like the 9.2 update. Even with a valid signing key, you have already gone past that update so you are done.
Apple could issue a signing key for the individual phone in question that would be a 0.0.0.1 update on whatever is currently on it, and that phone would update, and that signing key might only be able to be applied on phones with a lower number than that on it.
Further, and this is important: It's unlikely that Apple will have to write a whole OS. In reality, they need two very small patches (one that disables the 10 counter, one to eliminate speed blockages), and that is it. It's not going to be a full OS update.
Apple loses no matter what here. It's very likely that any further attempts to make encryption MORE secure will be met with laws at the federal level to limit it. The desire and the will appears to exist in congress to do such a thing. Apple would also look even more like they are trying to block law enforcement by making such a move, which could in turn land them in some legal trouble.
Most importantly: Apple is going to get ass f--ked on taxes in the next year or so, mark my words. There is a pretty big build up in Washington (and around the world for that matter) to deal with the issues of offshoring profits to avoid paying tax. Don't be entirely shocked if the federal government doesn't move to something like a national value added tax or flat percentage of sales for electronic devices, online memberships, subscriptions, and the like. No matter what, Apple is bringing a lot of things to a head and the results generally will not be in their favor.
[ link to this | view in chronology ]
Tax minimisation Vs Tax avoidance
What the politicians and others don't want the the general public to know is - the difference.
Any company worth its salt will always be looking at the tax legislation to minimised its tax burden. That is why they employ good tax accountants for.
The problem is that the politicians don't like sensible and intelligent people looking at the legislation for all the ways that are there for minimising their tax burden.
So the politicians invariably go to the sad sack place of accusing these companies of tax "avoidance" when these companies are only minimising their tax burden.
The tax legislation is created by the politicians who are so completely clueless that they do not understand what it is they are legislating. Those of them that do understand, do so because they know the various loopholes for minimisation are there and they are associated with the beneficiaries of those loopholes.
There are various ways to ensure that government is appropriately funded, including ensuring that overreach doesn't occur. But you will not see these proposals see the public light of day, simply because there are too many special interest groups who will be disadvantaged by these kinds of system (including paying their fair share of the costs of running government).
So,to claim that Apple or any other business is avoiding tax by following the rules put in place by the various rule-making groups is disingenuous to say the least. If you want to fix the problem, you need to first fix the political environment first (including all forms of bribery of the politicians that are currently quite legal).
One possible suggestion is to have true proportional representation. You represent those whom you can get to publicly back you and you need the support of those backing you to vote on any legislation - in other words you need to discuss what position you are to take on any legislation with your constituency.
[ link to this | view in chronology ]
Re: Tax minimisation Vs Tax avoidance
A small point I'd like to add is that tax legislation is often drawn up and tailored to suit corporate tax minimisation schemes by organisations like ALEC (American Legislative Exchange Council).
http://www.alecexposed.org/wiki/Bills_to_Create_Tax_Loopholes_or_Affect_Budgets_Etc.
A deeply insidious situation allowed to happen by those lazy and inept politicians you mention...
[ link to this | view in chronology ]
Re: Re: Apple could also Win by Losing
No matter what, Apple is bringing a lot of things to a head and the results generally will not be in their favor.
Which will then prove the US is deep into totalitarianism.
[ link to this | view in chronology ]
Re: Re: Apple could also Win by Losing
And what do you think will be the result of that? Do you suppose Apple, Google, and every other US tech company interested in providing security to their customers will just shrug and say oh well, I guess that's not going to happen? Or will they start making plans to move operations overseas? And before you say they won't do it, consider how many companies are willing to move huge manufacturing facilities for a tax benefit and then consider how much more important this issue is to a company like Apple.
Not to say that you're wrong. I wouldn't be surprised if the FBI, plenty of federal courts, and Congress would be willing to inflict such a gunshot wound on the US. I would say shoot ourselves in the foot but I think it's going to be more dangerous than that.
[ link to this | view in chronology ]
Silly question
Would a simple solution be for Apple to code their OS so that it requires the phone password to be entered *before* any upgrade can be installed?
The FBI or hackers (are they any different?) could have their special OS version, but it can't be installed unless the owner of the phone enters their password. After x failed attempts the phone is permanently disabled.
Once this OS is installed, installing a user unauthorised version would become a lot more difficult.
[ link to this | view in chronology ]
Re: Silly question
That, and having to unlock the phone and authorize a backup would have kept the door shut. That said, with physical possession of the device, it is always possible to overwrite any writeable firmware with a new version, although that raises issues when it comes to chain of custody with respect to evidence.
[ link to this | view in chronology ]
Re: Re: Silly question
Otoh, in a battery-operated, consumer device it's probably not feasible for Apple to use just-in-time verification on each instruction. Thus, if there is any bus available which makes instruction memory writable by a device external to the application processor, then a TOC-TOU vulneribility will almost certainly exist.
Apple might be able to partially counter that by using symmetric encryption on the contents of ram, decrypting only in the application processor itself, but a bit-flipping attack would still probably succeed in throwing the instruction pointer to a location outside the intended instruction stream.
[ link to this | view in chronology ]
Re: Re: Re: Silly question
That would still leave the issue that the ram itself is not on the same die as the application processor. It's merely stacked in a package-on-package configuration. If they put ram on the same die, I'd expect that yields would probably go down…
[ link to this | view in chronology ]
Re: Re: Re: Silly question
If Apple hardens the device to the point where it can withstand battlefield capture by a major nation-state adversary, then it's likely that no one but DoD will be able to afford one. And even DoD may not be too happy with the battery life: especially over the -55 °C to 125 °C temperature range they're going to want.
[ link to this | view in chronology ]
Re: Silly question
One of the problems is that if Apple is forced to write software to the government specifications, the government might be able to mandate backdoors in all future products.
[ link to this | view in chronology ]
Re: Silly question
[ link to this | view in chronology ]
[ link to this | view in chronology ]
apple-asia?
[ link to this | view in chronology ]
yes
Have you ever bothered to learn about J. Edgar Hoover? Congress decided to limit FBI heads to 10 years after Mr. Hoover let loose of the FBI leadership position.
[ link to this | view in chronology ]
THE DOJ'S NEXT MOVE
"[T]HE EEA’S “THEFT OF TRADE SECRETS” PROHIBITION IS OF MORE GENERAL APPLICATION, INVOLVING THE INTENTIONAL THEFT OF A TRADE SECRET RELATED TO A PRODUCT OR SERVICE USED IN OR INTENDED FOR USE IN INTERSTATE OR FOREIGN COMMERCE, WITH THE INTENT OR KNOWLEDGE THAT SUCH [AN]ACTION WILL INJURE THE TRADE SECRET OWNER. IN ADDITION TO CRIMINAL ENFORCEMENT OF THE STATUTE, THE EEA AUTHORIZES THE ATTORNEY GENERAL TO BRING A CIVIL ACTION TO OBTAIN INJUNCTIVE RELIEF AGAINST ANY VIOLATION OF THE EEA."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Work In Progress
We will not rest until American technology is completely distrusted worldwide and the American tech sector looks like the Detroit automotive industry.
Your Friend,
The Federal Government
[ link to this | view in chronology ]
Sorry but Apple brought this on themselves.
And considering they just lost over a half a billion dollar court case that proved Apple stole programs from other companies and then used them in their phones and tablets and claimed them as theirs (http://fortune.com/2016/02/03/apple-virnetx/) and now not only has to pay a 600,000,000 + fine but has to pay a royalty on each and every phone and tablet that these programs are included in, but they are also taking a major hit in sales because of a chinese company that is making better phones with more features and more hard drive space (some of them have up to 600GB of space) and are thinner then the phones and tablets of Apple and cost about a third. Not to mention they are selling like hotcakes in South Korea and the North Americas (Apples own back yard). And the phones are Android based plus allows you to install anything you wish on it unlike apple. AND when you add in the fact that their stock is taking a major hit on costs, its not looking good for Apple right about now. And finally add in the simple fact that Apple has let go close to 10,000 employees to cut costs, and the writings on the wall. Apple is in deep trouble. And NO CEO costs a company close to a Billion dollars because of stupidity and expects to stay CEO, so Cook might be shown the door very soon.
[ link to this | view in chronology ]
Re: Sorry but Apple brought this on themselves.
[ link to this | view in chronology ]
Re: Re: Sorry but Apple brought this on themselves.
Apples best bet is to just open the stupid phone and end this mess as they are damaging themselves each and every time they start spewing their stupidity on TV or in print. Already every poll taken from a national polling company Zogby-Time Warner-USA Today-Ruters-and so on all clearly show that over 58% of the respondents say that Apple should just grow a pair and open the stupid phone. The longer they refuse the longer this is going to be drawn out and the more damage that is going to be done to their reputation, something they cannot afford.
[ link to this | view in chronology ]
Re: Re: Re: Sorry but Apple brought this on themselves.
I think you're splitting hairs since you also said "the writings on the wall. Apple is in deep trouble".
they can force Apple to unlock the phone no matter if Apple wants to or not as there is already a law that DEMANDS that Apple comply and no judge is going to overturn or rule in conflict of existing law, just as the article said.
That's your opinion, but the case hasn't been decided yet. And in fact it may never be decided since the FBI may decide to drop it.
Already every poll taken from a national polling company Zogby-Time Warner-USA Today-Ruters-and so on all clearly show that over 58% of the respondents say that Apple should just grow a pair and open the stupid phone.
That's not that big a majority, and almost certainly from an audience that doesn't understand either the technical or legal issues, and some unknown percentage of whom aren't even Apple customers. So I doubt they're giving it all that much weight.
[ link to this | view in chronology ]
Re: Re: Re: Re: Sorry but Apple brought this on themselves.
What they do after this will show if they are going to stay innovative, or if they are going to fall into the pack and be an also ran.
Nothing more and nothing less need be said.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Sorry but Apple brought this on themselves.
[ link to this | view in chronology ]