The only type of assistance that I would be okay seeing Apple provide is assistance in physically removing the flash memory chips in a non-destructive manner. After that, the government could develop/employ their own brute-force decryption attempts.... But isn't that something that should already be possible without any help from Apple? How many months/years would it take a super computer to crack Apples encryption?
The only type of assistance that I would be okay seeing Apple provide is assistance in physically removing the flash memory chips in a non-destructive manner. After that, the government could develop/employ their own brute-force decryption attempts.... But isn't that something that should already be possible without any help from Apple? How many months/years would it take a super computer to crack Apples encryption?
This is essentially impossible. No one is trying to "crack" the encryption system. The request from the FBI is to modify iOS to allow a brute-force passcode attack.
So does this prove that a 4-digit passcode is strong enough, so long as you set it to wipe after 10 attempts? No need for 6 digits or more complex passcode?
Not at my company which requires 8-digit passcodes
4-digit codes have other problems though. People often use dates (e.g. a year or a month-day combo) for 4-digit codes. These are pretty open to social attacks.
So does this prove that a 4-digit passcode is strong enough, so long as you set it to wipe after 10 attempts? No need for 6 digits or more complex passcode?
Not if you're passcode is abcd, 1234 or your home address. Otherwise, probably. But you better make sure you don't leave your phone somewhere some child or "prankster" can get at it though, or you may have to set it up as new again...
That's naive of you. How many times has law inforcement got a court order for a wrong address or used "extraordinary circumstances" as an excuse to enter/search.
Where does it end. Today is "terrorism", tomorrow it's "traffic stop".
But your argument is also naive. This isn't an all or nothing proposition. No organization is immune to failure or abuse. That doesn't mean that anarchy is the only acceptable solution. A system of checks and balances can reign in the most egregious abuses and still allow a level of protection. Perfect? Not by a long shot. Needed? That's a political discussion that we're having right now.
The truth is that this is more of a commercial threat to Apple than a threat to freedom in the US. If Apple complies they can expect to either give in to requests from China or to be banned from the China market. Either way they lose trust and brand credibility. Their motivation for this fight is not all about protecting citizens. It's also about preserving shareholder value. So take both the FBI's comments and Tim Cook's with a grain of salt. They both have an angle they want to spin.
If you put this on the phone there is no checks and balance because anyone in theory could get in if they reverse engineer it and create the software, which believe me they will. Got 35 years of software and systems engineering behind me and if they is even a small opening, you can get in.
If you leave the hooks in for this software, it's a way in for anyone.
Not only that, how Apple could even refuse China, France or whatever have the same access to these "hooks".
Do you trust all of them?
In a global world thinking about laws just locally is idiotic just like thinking you can kill ISIS or whatever by having access to their phone. This is "magical thinking".
If you think that's not how the US thinks well the NSA guys just said that the Paris attacks wouldn't have occured without encryption despite the fact they were using over the air SMS to communicate with each other! There are massive reactionary forces in the US and around the world just waiting for people to be complacent enough to think it can never happen to them.
That's inane. They still need court orders. They can bust doors open, but they don't go around busting down doors on a whim.
That's naive of you. How many times has law inforcement got a court order for a wrong address or used "extraordinary circumstances" as an excuse to enter/search.
Where does it end. Today is "terrorism", tomorrow it's "traffic stop".
Not only that, seizures and confiscation of belonging with the flimsiest of reasons is rampant all over the US (and there are studies on that).
Most policing is done with the minimum of oversight and its there that there exist the biggest risk of people's rights being trampled on; minorities and disenfranchised are the first to pay the price for that.
The only type of assistance that I would be okay seeing Apple provide is assistance in physically removing the flash memory chips in a non-destructive manner. After that, the government could develop/employ their own brute-force decryption attempts.... But isn't that something that should already be possible without any help from Apple? How many months/years would it take a super computer to crack Apples encryption?
I believe there is a need for some physical device characteristic to get part of the decoding key; attacking the data directly without this info would likely be impossible. I also think that would be a much bigger programming job (if you're trying to emulate the hardware and firmware part fully). Everything in this case firmware/software/hardware work together to make this harder that just removing the encrypted data.
In secure enclave phones the hardware itself makes it impossible to bypass the delays in trying a new pin; so even if Apple deactivated the lockout and wipe the keys, you'd likely only be able to get in if those users used a stupid code like "123456".
The White House may THINK what the FBI and Judge Pym is demanding is for one phone. But they're either wrong or they're lying. Demanding an entire software kit be delivered isn't a "one phone" solution. That's a masterkey.
If Apple loses this fight, what's going to stop countries like China, Russia, etc from forcing Apple to do the same thing since the U.S. government did it.
What does or does not happen in American courts is meaningless to the Chinese and Russians. China already has a law to force tech companies to provide backdoors to connected devices. They are just beginning to enforce it. Neither the communists nor Russia's strong man government need wait upon America's FBI to give them ideas on this.
Apple should move to comply with the FBI immediately by making a counter-proposal. Either Apple maintains physical security of the hack effort on their own premises, giving nothing back to the FBI but the resulting data, or the fight climbs to the Supreme Court.
I would also appreciate hearing Apple demonstrate that they understand the nature of warfare has changed, or at least expanded. This is a war and they are not displaying the sort of comprehension they should have of what is reasonable to expected of good citizens.
"Either Apple maintains physical security of the hack effort on their own premises, giving nothing back to the FBI but the resulting data, or the fight climbs to the Supreme Court." That would test the FBI bluff this is for just that one phone. I like it.
The WH seems to forget that it has been proven time and time again, concerning matters of security, that government can't be trusted. Can you imagine some FBI or State Police guy or the crazy moron Sheriff Joe in Arizona? One the door once and you can never close it.
Apple's
refusal to help with a terror investigation where 14 people were
butchered has erased my sympathy and appreciation for them. At this
point I am ready to see Tim Cook perp walked into a jail cell and am now
annoyed it has not yet been done.
What has been asked of them is
easy for Apple to do and would cost them nothing. The court has
directed that Apple be paid for its work. The court allowed that Apple
could contain the work to their own facility. The court order makes it
clear that the hack should be keyed to the phone's unique identity and
that it must not work on any other phone. If Apple has further concerns
over containing their modified OS they should propose additional
security safeguards. Be a part of the solution, haggle this thing out.
Not pull a Public Relations stunt, which is all this is truly about.
For example Apple could have proposed:
1. No network connectivity. Do the work on isolated, stand-alone computers.
2.
Isolation from cell tower and wi-fi signals. This can be done with
commercially available jammers or a Faraday cage room. Or both.
3. No viewing of the OS source code by non-Apple employees.
4. The phone leaves Apple facility only with the original OS and content restored, not with the altered OS.
5.
Apple makes it clear they will destroy the work when finished. They
should not do that, but they are behaving like spoiled brats so I expect
them to do this anyway.
The only reason Cook is not making such a
counter offer is because he does not want to be involved in solving
crimes. Not even if he is paid to do so. Because the world's troubles
are not Apple's concern, only PROFIT is Apple's concern.
But your argument is also naive. This isn't an all or nothing proposition. No organization is immune to failure or abuse. That doesn't mean that anarchy is the only acceptable solution. A system of checks and balances can reign in the most egregious abuses and still allow a level of protection. Perfect? Not by a long shot. Needed? That's a political discussion that we're having right now.
The truth is that this is more of a commercial threat to Apple than a threat to freedom in the US. If Apple complies they can expect to either give in to requests from China or to be banned from the China market. Either way they lose trust and brand credibility. Their motivation for this fight is not all about protecting citizens. It's also about preserving shareholder value. So take both the FBI's comments and Tim Cook's with a grain of salt. They both have an angle they want to spin.
If you put this on the phone there is no checks and balance because anyone in theory could get in if they reverse engineer it and create the software, which believe me they will. Got 35 years of software and systems engineering behind me and if they is even a small opening, you can get in.
If you leave the hooks in for this software, it's a way in for anyone.
You don't understand what's being proposed. No one is suggesting that Apple put "hooks" into iOS. The request is that Apple create a special load that will be placed on this phone. It won't be released to the public and the passcode entry bypasses won't be rolled into the production releases. Apple's concern is that once the software exists, someone other than Apple will get hold of it.
But even that seems dubious. The code needs to be signed and I think (but I'm not sure) that the signing could be tied to this specific phone's UUID. Apple's real concern is with the precedent and the effect on their image and business in other countries. The rest seems like a smokescreen to me.
Apple's
refusal to help with a terror investigation where 14 people were
butchered has erased my sympathy and appreciation for them. At this
point I am ready to see Tim Cook perp walked into a jail cell and am now
annoyed it has not yet been done.
What has been asked of them is
easy for Apple to do and would cost them nothing. The court has
directed that Apple be paid for its work. The court allowed that Apple
could contain the work to their own facility. The court order makes it
clear that the hack should be keyed to the phone's unique identity and
that it must not work on any other phone. If Apple has further concerns
over containing their modified OS they should propose additional
security safeguards. Be a part of the solution, haggle this thing out.
Not pull a Public Relations stunt, which is all this is truly about.
For example Apple could have proposed:
1. No network connectivity. Do the work on isolated, stand-alone computers.
2.
Isolation from cell tower and wi-fi signals. This can be done with
commercially available jammers or a Faraday cage room. Or both.
3. No viewing of the OS source code by non-Apple employees.
4. The phone leaves Apple facility only with the original OS and content restored, not with the altered OS.
5.
Apple makes it clear they will destroy the work when finished. They
should not do that, but they are behaving like spoiled brats so I expect
them to do this anyway.
The only reason Cook is not making such a
counter offer is because he does not want to be involved in solving
crimes. Not even if he is paid to do so. Because the world's troubles
are not Apple's concern, only PROFIT is Apple's concern.
Why should Apple be forced to create a weapon for disabling any of their products?
You want to be outraged, try the government's multiple points of failure incliding vetting of those murdering scumbags. They not only let in his openly hate-filled, zealot wife, they gave him a job and then also this particular iPhone. They couldn't even properly process public information on her Facebook page, along with their activity.
The government has proven time and time again to be acting in bad faith of both written law and its spirit. Any further requests for more power are also in bad faith.
The government is not interested in this case, this motion is denied to build for a law requiring government supervision of everyone's privacy. They'll ultimately use it for blackmail and leverage. The FBI has a terrible track record, its creation and history are a stain on our country.
That's naive of you. How many times has law inforcement got a court order for a wrong address or used "extraordinary circumstances" as an excuse to enter/search.
Where does it end. Today is "terrorism", tomorrow it's "traffic stop".
But your argument is also naive. This isn't an all or nothing proposition. No organization is immune to failure or abuse. That doesn't mean that anarchy is the only acceptable solution. A system of checks and balances can reign in the most egregious abuses and still allow a level of protection. Perfect? Not by a long shot. Needed? That's a political discussion that we're having right now.
The truth is that this is more of a commercial threat to Apple than a threat to freedom in the US. If Apple complies they can expect to either give in to requests from China or to be banned from the China market. Either way they lose trust and brand credibility. Their motivation for this fight is not all about protecting citizens. It's also about preserving shareholder value. So take both the FBI's comments and Tim Cook's with a grain of salt. They both have an angle they want to spin.
It's both an existential threat to Apple's highest profit consumer products AND a threat to our protected constitutional rights. It just so happens that Apple's interests are perfectly aligned with OUR interests.
Comments
4-digit codes have other problems though. People often use dates (e.g. a year or a month-day combo) for 4-digit codes. These are pretty open to social attacks.
Otherwise, probably. But you better make sure you don't leave your phone somewhere some child or "prankster" can get at it though, or you may have to set it up as new again...
If you leave the hooks in for this software, it's a way in for anyone.
Not only that, how Apple could even refuse China, France or whatever have the same access to these "hooks".
Do you trust all of them?
In a global world thinking about laws just locally is idiotic just like thinking you can kill ISIS or whatever by having access to their phone. This is "magical thinking".
If you think that's not how the US thinks well the NSA guys just said that the Paris attacks wouldn't have occured without encryption despite the fact they were using over the air SMS to communicate with each other! There are massive reactionary forces in the US and around the world just waiting for people to be complacent enough to think it can never happen to them.
Most policing is done with the minimum of oversight and its there that there exist the biggest risk of people's rights being trampled on; minorities and disenfranchised are the first to pay the price for that.
Everything in this case firmware/software/hardware work together to make this harder that just removing the encrypted data.
In secure enclave phones the hardware itself makes it impossible to bypass the delays in trying a new pin; so even if Apple deactivated the lockout and wipe the keys, you'd likely only be able to get in if those users used a stupid code like "123456".
https://assets.documentcloud.org/documents/2714001/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf
Apple's refusal to help with a terror investigation where 14 people were butchered has erased my sympathy and appreciation for them. At this point I am ready to see Tim Cook perp walked into a jail cell and am now annoyed it has not yet been done.
What has been asked of them is easy for Apple to do and would cost them nothing. The court has directed that Apple be paid for its work. The court allowed that Apple could contain the work to their own facility. The court order makes it clear that the hack should be keyed to the phone's unique identity and that it must not work on any other phone. If Apple has further concerns over containing their modified OS they should propose additional security safeguards. Be a part of the solution, haggle this thing out. Not pull a Public Relations stunt, which is all this is truly about.
For example Apple could have proposed:
1. No network connectivity. Do the work on isolated, stand-alone computers.
2. Isolation from cell tower and wi-fi signals. This can be done with commercially available jammers or a Faraday cage room. Or both.
3. No viewing of the OS source code by non-Apple employees.
4. The phone leaves Apple facility only with the original OS and content restored, not with the altered OS.
5. Apple makes it clear they will destroy the work when finished. They should not do that, but they are behaving like spoiled brats so I expect them to do this anyway.
The only reason Cook is not making such a counter offer is because he does not want to be involved in solving crimes. Not even if he is paid to do so. Because the world's troubles are not Apple's concern, only PROFIT is Apple's concern.
But even that seems dubious. The code needs to be signed and I think (but I'm not sure) that the signing could be tied to this specific phone's UUID. Apple's real concern is with the precedent and the effect on their image and business in other countries. The rest seems like a smokescreen to me.
You want to be outraged, try the government's multiple points of failure incliding vetting of those murdering scumbags. They not only let in his openly hate-filled, zealot wife, they gave him a job and then also this particular iPhone. They couldn't even properly process public information on her Facebook page, along with their activity.
The government has proven time and time again to be acting in bad faith of both written law and its spirit. Any further requests for more power are also in bad faith.
The government is not interested in this case, this motion is denied to build for a law requiring government supervision of everyone's privacy. They'll ultimately use it for blackmail and leverage. The FBI has a terrible track record, its creation and history are a stain on our country.