Apple Court Testimony Reveals Why It Refuses To Unlock iPhones For Police (dailydot.com) 231
blottsie writes: Newly unsealed court transcripts from the U.S. District Court for the Eastern District of New York show that Apple now refuses to unlock iPhones for law enforcement, saying "In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform." “Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now,” Apple lawyer Marc Zwillinger said at the hearing. “A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”
Say what you will (Score:4, Insightful)
It takes guts to stand up to government, especially the U.S government.
Re: (Score:3)
Or failing that, lawyers and money.
Re:Say what you will (Score:5, Insightful)
People and companies will stand up to the government all the time, if there is profit in doing so.
Re: (Score:2)
The 200+ billion in their bank doesn't help at all. No sir.
Re: (Score:2)
Why doesn't Apple just buy a sunny island in the Mediterranean and declare themselves a sovereign nation?
That would shut the US government up!
e.g. Formentera in the Balearic Islands. Population 11,000. Spain are broke and anyway have that pesky problem with Catalan independence. (yes I know the Balearics are separate from Catalonia but still)
Re: (Score:3)
It takes guts to stand up to government, especially the U.S government.
I think you're mistaken about who usually needs more courage to stand up to whom in the Huge Corporation/US Government relationship. This time it was the corporation whose interests aligned with the average Joe.
Re: (Score:2)
Re:Say what you will (Score:4, Insightful)
The other reason is that it's the only stance Apple can take that genuinely Google cannot.
That's why Apple is committed to privacy and moving a lot of former cloud based services to on-device services. Because they can go and say they don't sell or transmit your information or need to violate your privacy, while Google can't (because Google needs the information for ad purposes). Sure, you can hack an Android phone to be more privacy aware, but out of the box is a lot better than having to do a million steps to secure it.
It's the one thing that Apple can say iOS is better than Android, and one that can stick until Google changes their business plan.
Re: (Score:3)
I think you are making leaps here for several reasons
- As of 5.0, All android devices have full disk encryption as an option that is just a checkbox away. If you check that box, Google can't unlock your phone any more than Apple can
- The metadata Google uses for delivering advertising is mostly anonymous. The few parts that are not anonymous are the types of things the police would know about you anyway, things like your gender, race, and interests.
- The live metadata Google uses for delivering advertising
Re: (Score:2)
It takes guts to stand up to government, especially the U.S government.
As long as they don't say one thing publicly and a different thing privately.
During the Democrat primary debate, when asked specifically about that, Hillary Clinton implied that the Tech companies were on board (despite them being publicly against it). If she were lying, I wouldn't be surprised. But then again, there could some truth to what she is saying.
Re: Say what you will (Score:2)
Re:Say what you will (Score:5, Funny)
Re: (Score:3)
You have to wonder how they ever solved crimes before there were smartphones
You mean before when smartphones weren't around and folks just committed crimes via payphone? :)
Re: (Score:2)
Let's not pretend that technology in the hands of smart criminal's can't make things much, much more difficult for police. Trailing suspects and intercepting their phone calls isn't exactly going to do much when the criminals are using strong encryption for all of their communication.
Re: (Score:2)
Re: Say what you will (Score:3)
Re: (Score:2)
Re: (Score:2)
Absolutely. The flip side of technology is that it can make the job much easier for police when dealing with not so bright crooks.
Re: (Score:2)
Re:Say what you will (Score:5, Funny)
You have to wonder how they ever solved crimes before there were smartphones
They made a GUI using Visual Basic.
Re:Say what you will (Score:4, Insightful)
IF the government told you to turn over a copy of the key to your house, just in case they need to search it. Would you?
If so, you are obviously the type of citizen the government loves, willing to roll over for your belly rub.
If not, they why would you submit the keys to your entire personal life.
Do you actually trust them to keep their word?
Re: (Score:3)
you've just put in simple words, this complex issue.
simple words are what are needed to explain this to joe sixpack, who really does not yet understand what all the fuss is about re: encryption.
this should be the EFF's (etc) message: "if your house had a super strong door that could not be broken into, and if the government was thinking of asking everyone for a copy of their house keys 'just in case' - would you happily give them a copy of your house key?"
it puts things in simple terms, and most americans w
Re: (Score:3)
Re: Say what you will (Score:5, Informative)
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people."
At least in the United States, the intent of the Founders was specifically to discourage that interpretation. You don't need to be granted the right to unbreakable encryption, it is reserved for you by default.
Re: (Score:3)
Thank you. It really is too bad that our school system no longer teaches anything about the Constitution (with the possible exception of "it was written a long time ago by a bunch of white guys who owned slaves").
It also doesn't help that our current President is considered a constitutional scholar and has yet to find that little gem, as if it were hidden deep in the bowels of the fine print.
Re: (Score:3)
And it's not possible because Apple decided to implement a solution that made it impossible. We aren't having this discussion concerning any other smartphones.
Re:Say what you will (Score:5, Informative)
The simpler solution that you are describing was the kind of system that was implemented prior to iOS 8. iOS devices have had encryption as long as I can remember but the implementation was changed into one that Apple could no longer access. Thus Apple did have access in another system now they don't. Ergo they spent development time and money to implement a solution that they could not access. Whatever your beef with Apple at least acknowledge that this is a positive step forward.
Re: (Score:3)
They aren't standing up to anyone. They are saying it isn't possible currently. But if the government really insisted they would put a system in place where it was possible. As a bonus they would take some tax money to implement the system.
Well, they can hardly take the "we're above the law" position, but I very much doubt they will. Because if the US government officially forces them to include a backdoor, then everyone else wants to know if it's in the rest of the world's phones. And Apple would have to either say "yes" and watch world sales drop due to US spying concerns or "no" in which case foreign phones become a hot item. And you can't very well stop tourists and businessmen bringing phones to the US, so it'd leak like a sieve. The sec
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Isn't it amazing that this is basically the market at work and Apple is being attacked because "they aren't doing this to help you, they are doing this because it will generate more sales for them." Exactly, doing something people want because that is the easiest and most honest way to make money is now considered an evil thing to be doing.
Re: (Score:3)
Uh, doi? (Score:5, Insightful)
One U.S. attorney argued that it was "more concerned with public perception" than helping catch criminals.
Duh? No shit? That's not Apple's job, dipshit. They're not here to make your job easier, stop being a bunch of lazy jackasses.
Re:Devil's Advocate (Score:5, Insightful)
ah, putting words into Apple's mouth is so much fun. Of course, they never said any such thing. Instead, as you could read from the quotes above, they say that they believe in the customer's privacy. You aren't playing devil's advocate, you are willfully misrepresenting Apple's position.
Nice strawman, btw
Re:Devil's Advocate (Score:4, Informative)
Does it matter to me WHY they chose to tell the feds to jump in a lake? Not really. Because they chose to offer a device that has some level of assurance that the government isn't snooping on me illegally they have gained some trust from me, and that means I am more likely to buy their stuff in the future.
The primary purpose of any entity is to ensure its continued existence. If people lose trust in Apple then people stop buying their stuff. Of course this will make them money. I'm just not sure why you think this is a bad thing.
Re: (Score:2)
When did they do that?
catch it in the middle, then, coppers (Score:3)
get a warrant, use a snooper, spend a week cracking the data.
haven't the Big Feds said all the terrorist activity is headed into the Dark Web anyway, and Google says best advice is block them from the indexed web?
lazy ass bastards don't have phone books to read and laugh at silly names any more, so they want to randomly hack phones for fun and profit.
Re:catch it in the middle, then, coppers (Score:5, Insightful)
spend a week cracking the data
How do you propose to do that?
If you assume:
Every person on the planet owns 10 computers.
There are 7 billion people on the planet.
Each of these computers can test 1 billion key combinations per second.
On average, you can crack the key after testing 50% of the possibilities.
Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years
http://www.eetimes.com/documen... [eetimes.com]
Anyone who thinks AES 256 (what iPhones are encrypted with) can be cracked by any computer doesn't understand the math.
That's not to say there aren't potential successful ways to get the information besides brute forcing. I just get a little chuckle out of every time somebody suggests governments have magic computers. Yes, I'm aware of quantum computing and exactly how far along the tech has come and no, it isn't something that anybody has yet. The magic quantum encryption cracking system is still *at least* a decade away. (It may never happen, and if I were guessing, I'd put it at closer to a couple centuries away, but even assuming impossible breakthroughs have already been made, a decade is unreasonably optimistic.)
Re: (Score:2)
Re: (Score:2)
If there is a vulnerability, it is probably in the random number generator... Second most likely place is the secure storage used to protect the key.
Re: (Score:3)
Re: (Score:3)
This is wrong. If you have someone's device, you also have the key. The only thing you'd need is the password (hence the device needing your password at boot). Guess what? Most people have a 4 digit password with a total combination of 10,000. Yes, all your devices could be brute forced in a second.
Stop trolling. Six failed attempts = one minute lockout, seven = five minutes, eight = fifteen minutes and nine = one hour. After ten failed attempts, the system will lock you out completely (default) or erase your data. So there's a 0.1% chance to unlock by chance and you can set up more advanced passwords if that's too much. Otherwise you're stuck unless you can reset the counter or read the embedded key that is fused into the chip, which is physically impossible using the chip itself. Maybe if you get a
Re: (Score:2)
You're not in IT are you? Nobody serious about cracking an iPhone taps the code in. They image the flash chips and run the code breaking in a script.
While that would give you lots of time to work on the encrypted drive contents, that's not to work for brute forcing the 4 digit pass code though. At least not that simply.
You might be able to break open the iphone and do some "rewiring" so as to be able to run against the unlock code using the iphone hardware, using your own custom software, but its going to be a lot more work than simply imaging the contents of the flash memory chips.
Maybe.
Re: (Score:3)
You're not an expert in cryptographically strong systems are you? See my previous post on this subject here: http://apple.slashdot.org/comm... [slashdot.org]
tldr: What you are suggesting is actually impossible. Brute forcing the unlock code isn't at all possible through pretty much any means...reasonable or even unreasonable...maybe...JUST MAYBE...it's possible through absurdly unreasonable means.
If what you are suggesting was actually possible, then the FBI, CIA, and nearly all law enforcement agencies across the USA
Re: (Score:2)
Re:catch it in the middle, then, coppers (Score:5, Informative)
You mistake an iPhone's unlock code with the iPhone's encryption key. the iPhones do typically use a 4-6 digit pin as an unlock code. The user also has the ability to create a full alphanumeric password for the unlock code as well. However, that is simply the code that's used to unlock the actual full encryption key that is stored within dedicated crypto hardware. Apple uses a dedicated chip to store and process the encryption. They call this the Secure Enclave.
Within the secure enclave itself, you have the device's Unique ID (UID) . The only place this information is stored is within the secure enclave. It can't be queried or accessed from any other part of the device or OS. Within the phone's processor you also have the device's Group ID (GID). Both of these numbers combine to create 1/2 of the encryption key. These are numbers that are burned into the silicon, aren't accessible outside of the chips themselves, and aren't recorded anywhere once they are burned into the silicon. Apple doesn't keep records of these numbers.
The second half of the encryption key is generated using a random number generator chip. It creates entropy using the various sensors on the iPhone itself during boot (microphone, accelerometer, camera, etc.) This part of the key is stored within the Secure Enclave as well, where it resides and doesn't leave. This storage is tamper resistant and can't be accessed outside of the encryption system. Even if the UID and GID components of the encryption key are compromised on Apple's end, it still wouldn't be possible to decrypt an iPhone since that's only 1/2 of the key.
The secure enclave is part of an overall hardware based encryption system that completely encrypts all of the user storage. It will only decrypt content if provided with the unlock code. The unlock code itself is entangled with the device's UDID so that all attempts to decrypt the storage must be done on the device itself. You must have all 3 pieces present: The specific secure enclave, the specific processor of the iphone, and the flash memory that you are trying to decrypt. Basically, you can't pull the device apart to attack an individual piece of the encryption or get around parts of the encryption storage process. You can't run the decryption or brute forcing of the unlock code in an emulator. It requires that the actual hardware components are present and can only be done on the specific device itself.
The secure enclave also has hardware enforced time-delays and key-destruction. You can set the phone to wipe the encryption key (and all the data contained on the phone) after 10 failed attempts. If you have the data-wipe turned on, then the secure enclave will nuke the key that it stores after 10 failed attempts. Whether the device-wipe feature is turned on or not, the secure enclave still has a hardware-enforced delay between attempts at entering the code: Attempts 1-4 have no delay, Attempt 5 has a delay of 1 minute. Attempt 6 has a delay of 5 minutes. Attempts 7 and 8 have a delay of 15 minutes. And attempts 9 or more have a delay of 1 hour. This delay is enforced by the secure enclave and can not be bypassed, even if you completely replace the operating system of the phone itself. If you have a 6-digit pin code, it will take, on average, nearly 6 years to brute-force the code. 4-digit pin will take almost a year. if you have an alpha-numeric password the amount of time required could extend beyond the heat-death of the universe. Key destruction is turned on by default.
Even if you pull the flash storage out of the device, image it, and attempt to get around key destruction that way it won't be successful. The key isn't stored on the flash itself, it's only stored within the secure enclave itself which you can't remove the storage from.
Each boot, the secure enclave creates it's own temporary encryption key, based on it's own UID and random number generator with proper entropy, that it uses to store the full device encryption key in ram. Since the encryptio
Love - hate affair (Score:5, Insightful)
For one, I love the fact that Apple is saying "fuck you" to the cops.
On the other hand, it shows the power of multinational corps - they're above the law. Meaning one day, they may do me or others some serious harm and get away free - like Wall Street did.
And as far as my personal privacy is concerned, neither can be trusted.
Re:Love - hate affair (Score:5, Insightful)
Uh, I hate to break the news to you, but that day is already here. The oligarchs can do as they wish to you or anyone else.
Re: (Score:2)
Re: (Score:3)
On the other hand, it shows the power of multinational corps - they're above the law.
If they were really above the law, they probably wouldn't already servicing these police requests (which they are), and they probably wouldn't be in court fighting against having to do it in the future.
Re: (Score:3)
Re: (Score:2)
" it shows the power of multinational corps - they're above the law."
No it doesn't. It shows they are following the law. Just because a cop makes a request, doesn't make it a law. The law doesn't lie or distort fact to obtain results. The law is set by courts and enforced by courts, cops are just minions who are currently out of control.
Re: (Score:2)
When you say "impossible," do you *mean* impossibl (Score:4, Insightful)
the government’s requested order would be substantially burdensome, as it would be impossible to perform
That, to me, would seem to be the end of it. It's impossible. Can't be done. Don't even bother asking.
But then the lawyer goes on to image a hypothetical customer asking:
"why is [Apple] continuing to comply with orders that don’t have a clear lawful basis in doing so?"
How is it complying if it's supposed to be impossible to do so?
Re:When you say "impossible," do you *mean* imposs (Score:4, Interesting)
But then the lawyer goes on to image a hypothetical customer asking:.......How is it complying if it's supposed to be impossible to do so?
You are implying that the lawyers are making an illogical argument (of course, lawyers are always perfectly logical, right? um.....)
Imagine if the court case escalated and went to the supreme court, where the supreme court decided, "you must change your software to make this possible." That is the scenario the lawyers are trying to avoid.
The trick to understanding legal arguments is to remember they happen in context of the law, and are only vaguely related to reality.
Re: (Score:3)
Re:When you say "impossible," do you *mean* imposs (Score:5, Informative)
Re: When you say "impossible," do you *mean* impos (Score:2)
Re:When you say "impossible," do you *mean* imposs (Score:4, Insightful)
How is it complying if it's supposed to be impossible to do so?
The short answer to your question is that the phone in this court case is an iPhone 5s that's still running iOS 7, and thus it predates the safeguards in iOS 8 and 9 that prevent Apple from decrypting it. The lawyer is arguing that even though Apple is technologically capable of decrypting it, law enforcement cannot compel Apple's assistance, since doing so would put an onerous burden on Apple by forcing them to undermine their own business.
To go into a bit more detail, Apple markets itself as being incapable of decrypting their own devices. Which is true...for everything sold in the last two years. But that's a distinction that is lost on most customers, so the lawyer is arguing that if Apple is compelled to assist law enforcement in this case, it would cause direct harm to its business by resulting in exactly the sort of confusion you're having. After all, how would a typical customer reconcile the conflicting information? If Apple is seen decrypting this guy's iPhone while advertising that it's outright incapable of doing so, customers won't buy their products because customers won't believe what's being advertised.
The long and short of it is that Apple is telling law enforcement that if they want the phone decrypted they should do it themselves, since Apple is under no obligation to assist, nor can it be compelled to assist, any more than, say, a bottled water company could be compelled by law enforcement to tarnish their own product by putting a pollutant in the water.
Re: (Score:3)
More specifically politicians but most often that is just a longer spelling of lawyer.
Of course, that's why they want to propose... (Score:5, Insightful)
The problem with this of course, is that it will not really stop the really bad guys from using strong security, since they are going ahead and breaking the law anyways, and while it might stop the otherwise too incompetent person who wouldn't know how to use such facilities from getting away with something they might have otherwise, in general, all this does is mean that most of the stuff that law enforcement is able to access is stuff that is entirely benign and wouldn't be of interest to them.
But of course, no matter how well intentioned the government and law enforcement may claim to be, and even if they *COULD* be fully trusted to not abuse such access to the general public's highly confidential and private data (leaving aside the whole matter that they may not be as trustworthy as they claim aside, and suggesting that even *IF* they could be trusted so completely), if they can decrypt it, then so can the bad guys, who will abuse it and invariably cause harm to completely innocent people. And suddenly, law enforcement actually has a harder job than they had before, because while their job may have become slightly easier with respect to catching otherwise incompetent criminals that don't know how to use strong encryption that isn't legally available, and that they might have been able to catch in other ways anyhow, now they *ALSO* have to work harder to protect the public from the new potential attack vector on completely innocent parties that such regulations would give the bad guys.
Re: (Score:2)
Re: (Score:3)
Re:Of course, that's why they want to propose... (Score:5, Insightful)
Two things: First, US law doesn't extend to other nations... so making encryption illegal here won't stop it from happening anywhere else. Bank fraud and ransom are already illegal in the US... does that stop Russian hackers? Nope. Chinese hackers? Nope.
Second, go read up on Watergate, and tell me you want the government to have the capability to look at the contents of any person's phone. I'm not concerned at all about someone reading my emails. They're pretty boring. I'm worried about the incumbent political party (Dems or Reps... doesn't matter which) ensuring that they STAY the incumbent party... once the democratic process has been subverted, we will never be able to return to it. People keep saying "but warrants" and I keep saying... warrants must be read and obeyed by people... there isn't some technical interlock that ACTUALLY prevents a law enforcement tech from using the back door... just look to newly coined terms like "loveint" to better understand the fallacy of trusting regular people with such power.
It's CRAZY to me to see how many people append "gate" to the end of their meaningless little scandals, because it cheapens the actual nefariousness of the actual Watergate scandal. Imagine where we would be today if they hadn't been caught?
Re: (Score:2)
Re: (Score:3)
Two things: First, US law doesn't extend to other nations... so making encryption illegal here won't stop it from happening anywhere else.
So? A backdoored device is still backdoored even if its used where its not mandatory. And if enough important countries require them, then it'll affect the rest too. Because: economics.
Bank fraud and ransom are already illegal in the US... does that stop Russian hackers? Nope. Chinese hackers? Nope.
Relevance? I never argued that backdoors would reduce crime.
Second, go read up on Watergate,
Hold up!
I am NOT for the government to have this capability, I'm simply explaining why giving it to them isn't as automatically "ineffective" as some people think. If the government has backdoors, it REALLY WILL let them into most criminals and terrorists phones (alo
Re: (Score:3)
I'm simply explaining why giving it to them isn't as automatically "ineffective" as some people think.
I believe that it IS automatically ineffective. The government has yet to point to a single example of a major crime being disrupted through their spying programs, and I suspect it will continue to be that way in perpetuity. The reason is, when you are awash with data, getting even more data rarely helps. One must have a starting point. One must already have a suspect to consider. Once a suspect is identified, then the search through the data can be meaningful, but in every material case that people po
Re: (Score:2)
I believe that it IS automatically ineffective. The government has yet to [..]
I totally agree. But that's a difference nuance for "ineffective". I am saying it will effectively give them a backdoor into (most) criminals devices. I agree completely with you that having one won't necessarily directly help them stop any crimes.
At best it might make prosecution a bit easier, and cut the cost of surveillance down on a legitimate target. But the cost of actual working security isn't worth that.
Re: (Score:2)
But it is actually IN-effective because of the extra work that they will create for themselves trying to protect innocent people from opportunistic criminals that will try and use those same backdoors to cause harm to people that otherwise could have enjoyed at least a first layer of defense via strong encryption. This extra work will tie up resources that they could otherwise use to be catching the people that they are alleging that having such backdoors would simplify.
So yeah.... it's automatically a
Re: (Score:2)
Re: (Score:2)
Your third paragraph is really about a whole separate issue of backdoors; that it gives malicious entities a new attack point... the backdoor itself.
This is true and a good point to make; and I don't dispute it at all.
But it doesn't really address the fact that the backdoors really will affect the majority of criminals TOO which you glossed over implying that criminals would all be using good encryption. That simply wouldn't happen.
Re: (Score:2)
I suggested that *competent* criminals would use good encryption, and it is a specious claim that an ability for law-enforcement to decrypt communications as needed would actually significantly increase the number of criminals that they would catch. It may make some difference, but it would not be significant. As has been noted elsewhere, many criminals don't even use encryption at all. Considering how much EXTRA work it would create trying to protect innocent parties from being exploited by opportuni
Re: (Score:2)
I suggested that *competent* criminals would use good encryption
Yeah, but what does that mean? "competent criminals". Does a criminal have to be both competent at their usual actual criminal enterprises AND have a cross disciplinary expertise in strong crypto alongside that; just to be counted as a "competent criminal"? Because if so, fine, but then the vast majority of criminals, even the really successful ones, aren't going to pass that bar. And it would be pretty misleading to call them "incompetent".
and it is a specious claim that an ability for law-enforcement to decrypt communications as needed would actually significantly increase the number of criminals that they would catch.
No argument there. I never suggested once that it would do that.
Re: (Score:2)
Backdoors? Why? (Score:2)
Re: (Score:3)
What you call a flaw, the government would call a feature.
From the docket (Score:2)
THE COURT: So short of Congress passing a law prohibiting what you want here, it's fair game? Anything else that Congress may have done in terms of considering legislation one way or the other, because it doesn't result in a statutory prohibition, wouldn't be enough to say, it's off limits for the All Writs Act?
MS. KOMATIREDDY: Yes. Short -- essentially yes
This sounds a lot like e-discovery rules (Score:5, Insightful)
I've worked in a few corporate environments where they were extremely paranoid about e-discovery (back when this was a new thing.) Almost always, the answer was to set the retention policy to 30 days, as in, no email backups older than 30 days, no (sanctioned) way to archive email, and everything older than 30 days was purged from mailboxes. This allowed the company to say with a straight face, "I'd love to give you the messages relevant to such-and-such business deal gone bad 5 years ago, but I simply cannot."
It sounds a lot like what Apple's doing -- they purposely built the encryption system with no way to bypass it so they can push it right back on the police and courts -- "Sorry, can't help you!" That gets them tons of great customer PR, as opposed to Google/Android, so it makes sense.
Re:This sounds a lot like e-discovery rules (Score:5, Insightful)
That kinda sounds like a decent analysis, if you don't know what encryption is. If they can give out somebody else's data, it isn't actually encrypted; it is merely obfuscated.
Re: (Score:2)
I wish I could +1 this... well said.
ok, we all know the problems, what's the solution? (Score:3)
Re: (Score:3)
Re: ok, we all know the problems, what's the solut (Score:2)
Apple doesn't have a lot of government business (Score:4, Interesting)
One of the reasons Apple can do this is that its dependency on government contracts is very, very low. Cell carriers are pretty dependent on the Feds and have a lot of revenue/relationships at risk.
That's not saying what Apple is doing isn't great, it's that it's easier for Apple to do that because the cost of doing it is relatively low.
some contempt of court / accessory changes will (Score:2)
some contempt of court / accessory changes will change there tune or maybe some GITMO time.
Re: some contempt of court / accessory changes wil (Score:2)
Magical thinking and mixed agenda. (Score:2)
There is just too much magical thinking.
Apple has built a device and market that gathers money in large ...... all must be secure enough.
and small chunks from millions heck billions of people to the
tune of billions.
Cash into iTunes must be secure enough.
Cash to pay for that phone swiped coffee in the morning must be secure enough.
Connection to HealthCare.Gov must be secure enough.
Connections to Amazon commerce must be secure enough.
These collectively mandate a secure design foundation.
If Apple installed a s
Great Judge (Score:5, Insightful)
It's long, but that transcript is really worth a read. First the judge thoughtfully skewers every argument the government presents, and tries to get to the fundamental principles involved. Then he thoughtfully skewers every argument Apple presents and tries to get them to throw away all of the marketing nonsense and just say what they think the actual issues are. Then he takes it all into consideration and says he'll go try to find the proper balance in his ruling.
No matter how that case comes out, that's one judge who is doing his job.
Page 43 of the transcript: An excellent comparison (Score:5, Interesting)
"The last company that makes lethal injection drugs, decides to stop doing it. In fact Justice Alito referred to this in recent cases - guerrilla warfare by these companies. Right. So the last company that has been providing drugs for execution, says to the Government, we are no longer going to help you out when it is time to execute somebody in Terre Haute. Can -- are they thwarting a lawful death sentence by doing that, and can they therefore be compelled under the All Writs Act to re-import something that is held abroad or release something from existing stock or actually manufacture the drug anew?"
Re: (Score:2)
The sad part is, you could probably accomplish the same thing by requiring them to implement data access fire walling, since most will probably buy the canned 'solution' that comes to market cheapest and fastest, with the least amount of code review or thoughtful design.
Re:The obvious solution (Score:5, Insightful)
Maybe, just maybe, because that backdoor provides a vulnerability that can be hacked. One less complication in the system means at least one less vulnerability to be exploited.
Re:its just more selective than allowing every LEA (Score:5, Interesting)
Even if it is possible, there is the question of cost effectiveness. If it takes millions of CPU-hours to crack -- or, worse, days or weeks of some expert's time to take the cap off a chip, peer with an electron microscope, and poke with an electron beam -- then the nation-state will probably limit attacks to cases where they have exceptionally high expectations of return.
Or the police will break out the $5 wrenches and rubber hoses, which runs into its own set of problems.
Re: its just more selective than allowing every LE (Score:5, Insightful)
Correct, you do not know much about how iPhones work but it didn't seem to stop you from speculating.
If you want to learn how the encryption works, see this explanation [darthnull.org].
Yes, it does use dedicated cryptography hardware. Yes, the key is protected from the rest of the OS.
Re: (Score:3)
... magical palantirs powered by waldos.
I never even found one waldo... how the heck do you get a set of them?
Re: its just more selective than allowing every LE (Score:4, Funny)
Re: (Score:3)
Agreed, but that is a delicate argument, since if a person is already a suspect, then a diary is fair game in a search warrant. However, if someone says "papers please..." and then thumbs through your diary, the search is illegal because they had no cause to search. It's important to point out the difference for those who see it more like a web-blog than a diary.
Re: (Score:2)
Different rulings from different courts in the US. Let's just say the answer is not clear at this point. See https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
A hypothetical consumer could think of anything, including that an iPhone will give them god-like powers and cause women to swoon at the mere presence of said iPhone. In fact, the distortion field has people thinking that spending the extra money gives them perceived status.
You mean it doesn't?! Fuck!