most people are not aware of apple's position
what they have already done for the fbi
and
what specifically will not do
and
it is more than reasonable
did you read the apple letter?
Last edited:
Apple challenges 'chilling' demand to decrypt San Bernardino shooter's iPhone
- Thread starter serpentdove
- Start date
most people are not aware of apple's position
what they have already done for the fbi
and
what specifically will not do
and
it is more than reasonable
did you read the apple letter?
Most people don't know what the court actually ordered them to do.
Ask Mr. Religion
☞☞☞☞Presbyterian (PCA) 	
Gold Subscriber
LIFETIME MEMBER
Hall of Fame
Yes and no. They are being asked to create a special piece of software containing the unique ID of the particular device (MAC address, IMSI, or whatever). Granted once the software is created, changing the unique IDs for other phones of the same operating system becomes trivial, but it is not something that gets into the wild unless Apple is careless with its intellectual property (IP), the same IP that covers all of Apple's software and hardware implementations.
It seems to me that Apple can protect their IP, but I have to wonder that once the legal precedent is set, how often governments will be coming to the court asking for a repeat of the San Bernardino effort. If Apple prevails in its resistance to the court(s), this forces governments to contemplate reverse engineering their devices and places Apple's IP in a much weaker position. It can also force the government to use its power of security review of all patents having encryption intellectual property by the NSA more stringently. All patent filings with such content are routinely reviewed by the NSA as part of export control (and for, ahem, its own purposes). Some patent filings are rendered classified and never published because of this.
It may take years to do so, but once a government is determined, studying already published Apple patent applications and issued patents will lead to reverse engineered clones. Accordingly, Apple would be better off controlling what it owns and suffering the experience of courts compelling them to help when it serves what a court considers to be a greater good.
AMR
That's very interesting. I'd missed that they were demanding a mechanism for electronic entry, though it makes sense that they would be.
I trust apple knows what is in their best interest
I think a simpler attack would probably be to just overwrite the code that does the checks with no-ops, and then you've got code that can be used by any script kiddie with access to it on any phone. Since it requires a positive check, and there's no obvious way to build in meaningful cryptographic security, it's pretty hard not to be susceptible to that sort of thing.
Apple isn't especially prone to data breaches, so I think you're right about the likelihood. But it's certainly more likely than if it didn't exist at all.
That's one of the reasons I think this case is important. This case involves especially unsympathetic subjects, so it's a great test case for the FBI. But fundamentally, once the principle is established, why couldn't Apple, or Google, or Microsoft, or anyone else be compelled to write code for any old situation?
Here's another concern: If Apple can be made to actively help the US government, how does that impact their ability to sell their products to countries that might not trust the US government? China is Apple's second-largest market.
I think that presents less hazard to Apple's business. And the NSA likely already works pretty hard on this.
Now that is chilling.
There's one legal theory that I subscribe to personally, so far largely untested, that software constitutes free speech, and that the government fundamentally doesn't have a right to prevent its dissemination on First Amendment grounds. It would be ineffectual regardless, as the US doesn't hold anything like a monopoly on crytography, and making it harder to export such software from the United States would likely move the development overseas, where most of the major tech firms are already well established.
I think the most surprising thing about this case, at least for me, is that the FBI needs Apple's help at all. I suspect that this may have been chosen as a bit of a test case in the hopes of creating a precedent that can be used elsewhere.
There's a pretty significant body of case studies on the difficulty of keeping information secure, especially that which is stored digitally. Just ask the US government (IRS, OPM, DoD, even the NSA).
A hypothetical national security benefit (though not an unreasonably presumed one) takes priority over the security of every iPhone user in the world, and the business interests of the innocent company that made the product? I think that's far from clear.
The government is. The order makes clear that either the phone will be in the government's possession, or they will have remote access to it.
https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf
The government shouldn't even be asking. The fact that they make attempts to overstep bounds they are fully aware of is a red flag in and of itself, and it's been up for a good while.
If you give the government an inch, they will attempt a mile. It's not a matter of if, but when. This is why we don't give the government the ability to regulate guns- the tiny bit we gave them, they turned into multiple gigantic programs.
Once a trend starts of them prying into these things, the more it's going to evolve into a far worse beast than if we just find intel the hard way on whatever they are looking for.
~the more you depend on government, the more that it swells~
If you give the government an inch, they will attempt a mile. It's not a matter of if, but when. This is why we don't give the government the ability to regulate guns- the tiny bit we gave them, they turned into multiple gigantic programs.
Once a trend starts of them prying into these things, the more it's going to evolve into a far worse beast than if we just find intel the hard way on whatever they are looking for.
~the more you depend on government, the more that it swells~
That's an access point problem. This needn't have any.
Every iPhone customer in the world isn't having their security threatened. Only a couple of dead criminals and those who may have conspired with them.
It's a pretty big or, but I think it would be fairly easy to get the court to make certain nothing in Apple's proprietary toolbox is taken.
There has to be some level of access. The NSA's hack was a contractor with a thumb drive and a plane ticket to China.
That's really not true. That's the goal, but there's no way to ensure it.
How?
This is where we differ. It isn't a program they need to have plugged into a network. It isn't something that has to come out of a safe except for use and that use could be isolated as environments go.
Restricting access and/or control. The point is the data, not the program.
Ask Mr. Religion
☞☞☞☞Presbyterian (PCA) 	
Gold Subscriber
LIFETIME MEMBER
Hall of Fame
I am not an attorney, but I wonder if the first amendment attaches to software as an expression of free speech. Granting for the sake of argument that it does, I would argue that free speech does not protect the person yelling "Fire!" in a movie house when there is no fire. Hence there are limits.
For the Apple case what is their limit? Suppose the phone contained the decoding sequence to stop a bomb from killing thousands. Is Apple within its free speech to refuse to comply to an order to gain access to the code? I suspect they will readily do so. So it seems to me, using a terrible analogy, that once the woman who protests she is not a prostitute when offered $1000, but will engage for $1M, the only issue is really one of coming up with the right price. Where does Apple draw the line when it comes to protecting its own sense of independence versus the common good? Does Apple weigh the good of its customers' privacy moreso than the pursuit of justice? Do we? Yes, yes, I know the old saying that persons willing to give up freedom for safety deserve neither, but even behind that statement lie a host of assumptions, that when tested, yield different results.
In one sense I am glad the case is before the courts. In another, I am sorrowful for the circumstances that brought it before the court. Such is the often hard Providence of God now working itself out in public.
AMR
Ask Mr. Religion
☞☞☞☞Presbyterian (PCA) 	
Gold Subscriber
LIFETIME MEMBER
Hall of Fame
Sure there is access, but to an isolated set of RAM and instrumented probes for decoding what passes between RAM and the input-output. I do not see how seeing this data reveals the full design of Apple's hardware and software architecture. Can nefarious activities on the part of the government employees reading this data occur? Well, yes. Just as access to an IP address on a router allows hackers to start probing logical ports to find one of the hundreds defined in an operating system that is open permits administrative level access to the entire router and points beyond. But, are we just going to assume that this is going to occur on such a high profile situation? We should not be considering extremes here, thinking the hoof beats we are hearing are zebras, when it is only horses.
AMR
This is a tangent, but it's an interesting question. A programming language is just a language that is optimized to be understood by a computer. There's not necessarily anything special about it. In fact, some computers can understand English, and thus you could construe English as a programming language, and potentially use it to represent a program. If you start trying to control what mathematical concepts (which is all that crypto really is) can be shared, it seem pretty clearly and directly like the prohibition of the expression of certain ideas.
Certainly, there are limits, but this would be like a series of digital banned books, a clear prior restraint.
In other words, does a clear and present danger, as opposed to a murky and hypothetical one, alter that calculus? I don't know. Maybe, maybe not. It's at least along the lines of what Oliver Wendell Holmes laid out in Schenck v. United States. I think you're right that it would alter Apple's, although in that case, I suspect time would prevent a solution like this one anyway.
Any right bears some level of risk. Courts seldom interpret them in absolute terms, even when the Constitution lays them out as such. The flip side of that question is, if free speech always carries some risk, how can it ever be justified? How much risk is too much before it isn't worth it? The right balance is likely not found at either extreme.
I agree. And yet, it seems to me like this is a new and untested intrusion of government power for dubious gains relative to the risks.
It's definitely a question worth posing. I can only hope that we don't end up losing our privacy completely in the process. There have been a lot of worrying statements from law enforcement and national security agencies about crytography in the last few years.
It also has to be developed by Apple, and tested, which probably involves loading it onto several devices. And then they would have to retain it for some indefinite length of time while the FBI uses it.
And then next month, when the FBI has some other phone that they can't get into in a money laundering case, they have a precedent set in this case, and if you can do it in one criminal case, you can surely do it in another, and they go back to court (or Apple doesn't even resist it), and before you know it this one-time, exceptional case has become so routine that they do it hundreds of times a month and no one bothers trying to keep the FBI from having as many copies of it as they want, and sending clandestine copies of it to the NSA and the CIA. And then there are thousands of copies, all of which need to be maintained, and so they check it into their revision control in a special branch because at that point doing anything else no longer makes sense, from which it eventually leaks and goes wild. It's a slippery slope.
If I were Apple, I would fight this with the understanding that if the order stands, this type of request is going to quickly become routine.
I've spent a significant portion of my professional career ensuring that access to digital things is appropriately restricted, and it's always more dangerous to have something that you need to protect than it is not to have it at all if you can avoid it. That's the bottom line. You don't store stuff you don't need if it's at all sensitive, or you create an unwarranted risk.
Last edited:
I don't think it's even the entire security apparatus that they're worried about. I think it's just this one lock mechanism that would be fundamentally undermined by a version like this existing in the wild.
And you can bet every single government agency gives a lot of thought to what IP addresses and what ports can be accessed, from where, and how, to the point that each point of access must be justified.
http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf
The risk is real in both cases.
But, are we just going to assume that this is going to occur on such a high profile situation? We should not be considering extremes here, thinking the hoof beats we are hearing are zebras, when it is only horses.
I don't think the question is properly how we calculate the risks. And I don't think we're entitled to assume that they are necessarily low, especially if you consider some of the lengths (http://www.theguardian.com/technology/2013/sep/16/nsa-gchq-undermine-internet-security, http://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220) to which the NSA has gone to weaken cryptographic systems that are widely available. What seems to me to matter is, how much risk (including the risk that the FBI or the NSA might deliberately and clandestinely hijack the code for use in other cases) can Apple be compelled over its own objections to accept on behalf of itself and its customers for the sake of a criminal investigation in which they are merely incidentally involved.
gcthomas
New member
The Ninth Circuit Court of Appeals declared computer code to come under First Amendment free speech provisions, in Bernstein v. US Dept of Justice.
https://www.eff.org/cases/bernstein-v-us-dept-justice
https://www.eff.org/cases/bernstein-v-us-dept-justice
this is not free speech
and
it is not search and seizure
it is asking them to create something that does not exist today
in the apple letter
you should read it
and
there is no good reason to not believe what they say
apple states that they have already complied with the law in every way possible
and
they clearly state that it is not possible to break into one phone without endangering all the others
so
why don't you all believe that?
gcthomas
New member
Two things , Chrys. First, I have read it and agree with Apple. I think that the free speech provisions will be a good defence for Apple if they want to avoid developing new code. Second, phones later than the 5c in the case (ios 8.0 and onwards) are not vulnerable to this sort of reprogramming, so Apple are exaggerating a little about the future risks.
But in general, I don't like security service overreach.
But in general, I don't like security service overreach.