Apple employees threaten to quit if forced to build GovtOS, report says

1356789

Comments

  • Reply 41 of 164
    JeffA2JeffA2 Posts: 82member
    JeffA2 said:
    Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.
    No Jeff that is not the case at all.  The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password.  If such a version were created and subsequently stolen/leaked it could be used on any other iPhone.  Hence the "skeleton key" that opens all the locks analogy.

    The other issue Apple has is where does this end?  At first the FBI said this is just for this one phone but them Comey (spelling?) admitted they would want to use such a compromised version many many times.  So that would compel Apple to constantly maintain a compromised version of iOS in perpetuity.  
    Why do people keep saying this as if it were true? The 'version of iOS that allows infinite attempts at the password' is to loaded onto the phone in question via DFU mode. An iPhone will not load arbitrary software that way. It must have a valid signature and only  Apple can do that. Furthermore, the software can (and by court order must) include the specific UUID of the target phone. Therefore even if this patch got out of Apple's hands, was disassembled and the UUID changed, it would fail to load on any iPhone because it would fail the signature check. To further ensure security the phone is allowed to remain in Apple's possession for the entire time it is running the altered software. As a final condition of the court order, the entire patch must be RAM resident. No flash memory on the phone can be altered. Therefore the patch will be erased from memory as soon as the target phone is unpowered. 

    What we have here is a procedure for producing a key for any specific phone, not a skeleton key. The difference is fundamental.

    Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.
    tenlyOttoReverse
  • Reply 42 of 164
    1) Consumers refuse to update iOS on their devices once we know FBI is tapping in.
    2) Consumers also refuse to buy any new devices which have the new OS baked in
    3) FBI works with service providers to create a scenario which requires we update the OS "for improved quality of service due to bug in your current OS and new communications bandwidth yada yada yada"
    4) We all start to look back at flip-phones as a means to make calls only.
    5) Apple and others start to close up shop
    6) Society collapses
    7) FBI wins.
  • Reply 43 of 164
    ElspethElspeth Posts: 13member
    Though I hope that there is no GovtOS, would these employees be charged with "Contempt of Court"? 
    The court order is against Apple. The court presently has no jurisdiction over individual employees.  That could be established, but then the USDOJ would be fighting the case on multiple fronts because the individuals have rights in addition to those pled by Apple (namely the constitutional ban against slavery and indentured servitude). Further, once they are no longer employees it would violate U.S. law for the coders to unilaterally use trade secret information without consent of the owner of that trade secret (and a court could not lawfully order otherwise because the prohibition is a statutory one that Congress would have to override first.)

    that the feebs are finally saying "well then give us the source code and keys" indicates that someone on their legal team finally understands the All Writs Act. Apple can only be compelled to turn over that which it has. It has the original source code and security authenticate codes. Apparently, the feebs don't employ or contract with any hackers who can reverse engineer the source code which would moot the first part but not the second part. 
    radarthekatration al
  • Reply 44 of 164
    dougddougd Posts: 292member
    We are in an age of Draconian government. A government that expects the people to serve it rather than the government serving the people.  It's a dark age we are in
    designrtallest skilElspethstevehpalomine
  • Reply 45 of 164
    ElspethElspeth Posts: 13member
    netrox said:
    The government CANNOT compel companies to do something that they did not commit. Apple did not commit a crime.
    The government can and does...all the time. It's called a subpoena. Those are issued all the time against people who have done no wrong but have information the government needs(either in documentary form or in their heads...a subpoena compels you to turn over documents and things or compels you to testify or both)

    What the government cannot do is make someone a slave or indentured servant...which is what an order against the employees would amount to (and yes, the draft is involuntarily compelled service, as is jury duty, but both are identified in the constitution). The government cannot simply hold a gun to your head and order you to code (well some of the thugs making up government could, but it would be unlawful).
    hlee1169
  • Reply 46 of 164
    radarthekatradarthekat Posts: 3,842moderator
    JeffA2 said:
    sflocal said:
    JeffA2 said:

    Quit spinning an agenda.  I'm not sure if you're just yapping and/or ignorant.  Look at the bigger picture of what the government is trying to do, and will certainly do in the near future.  Apple is not in the business of doing the work of law enforcement.  To my knowledge, all attacks happened regardless of what was on someone's phone.
    Ignorant in what way? If I've said anything factually inaccurate, point it out and I'll be happy to retract it when shown the error. Many, many statements on this forum about the technical details of this issue are simply and provably wrong. 

    As for the philosophical argument we all have a different view of the 'bigger picture'. Mine (and my 'agenda') is that we are a nation of laws, protected by a constitution, a system of checks and balances and a system of judicial review. Nowhere in that system does a private corporation get to dictate matters of law. Ceding the rule of law to a corporation is far more dangerous than the contents of a phone.

    Would you be as happy if it were IBM or Samsung hiding behind a privacy argument to defend their business model? Or General Motors? How about GE? Or Citibank? Just because we all like Apple products doesn't mean that they get to determine the law. Bernie Sanders entire political movement is based on the idea that private companies have usurped democratic powers. And that, I agree with.

    Just to be clear, the previous two paragraphs are opinions, not facts. Feel free to disparage them. But if you bring up technical issues make sure you do enough research to get them right. If you don't understand the technology, don't make stuff up or just repeat what you read elsewhere. The signal to noise ratio on this forum is poor enough as it is.
    You clearly haven't read the Apple response where they point out the exact opposite of what you contend; that it is the government who is attempting to hijack the law to their ends, in instance after instance that Apple's lawyers clearly and precisely point out.  You are uninformed on the legal aspects of this case, and that casts serious doubt on your further contentions that you are an able judge of whether or not those here speaking to the technical aspects know of what they speak.  You clearly do not.
    edited March 2016 designrhlee1169fracpscooter63stevehration alsessamoid
  • Reply 47 of 164
    tallest skiltallest skil Posts: 43,388member
    An awesome new company has just invented an encrypted physical key to a physical encrypted door to some child molesters creepy basement.
    FINK UDDA CHILLUNS!
    Impervious to any locksmith and of course any court orders to open it with a warrant to search for your missing son or daughter that the government believes might be inside or might contain clues as to the whereabouts of your child. Now do you get it?
    Yes: we get that you have no fucking clue what you’re talking about. IT’S NOT A PHYSICAL KEY. This is the equivalent of a company selling hundreds of millions of doors, all of which open with the same key. NOT GOING TO HAPPEN
    Simpletons
    Irony.
  • Reply 48 of 164
    ElspethElspeth Posts: 13member

    JeffA2 said:
    Though I hope that there is no GovtOS, would these employees be charged with "Contempt of Court"? 
    No, no individuals are named in the court order. Apple is named and therefore Apple would be cited as in contempt. It's up to them to manage their employees. 
    Apple cannot be cited for contempt if the thing becomes impossible...but that would probably require more than a handful of people quiting. Now if Apple fires them all you'd have yourself some juicy contempt. 
    sessamoid
  • Reply 49 of 164
    ElspethElspeth Posts: 13member
    Like anyone is going to quit and if they do they'll regret it. Do they wear monkey suits over at Apple ? 
    I imagine quite a few of them are likely to quit. Maybe after a wink and a nod, but these people are incredibly employable, so quitting is a decent option. (Like Google wouldn't hire the lot in a heartbeat.)
    Sir_Turkey
  • Reply 50 of 164
    JeffA2JeffA2 Posts: 82member
    Elspeth said:
    Though I hope that there is no GovtOS, would these employees be charged with "Contempt of Court"? 
    The court order is against Apple. The court presently has no jurisdiction over individual employees.  That could be established, but then the USDOJ would be fighting the case on multiple fronts because the individuals have rights in addition to those pled by Apple (namely the constitutional ban against slavery and indentured servitude). Further, once they are no longer employees it would violate U.S. law for the coders to unilaterally use trade secret information without consent of the owner of that trade secret (and a court could not lawfully order otherwise because the prohibition is a statutory one that Congress would have to override first.)

    that the feebs are finally saying "well then give us the source code and keys" indicates that someone on their legal team finally understands the All Writs Act. Apple can only be compelled to turn over that which it has. It has the original source code and security authenticate codes. Apparently, the feebs don't employ or contract with any hackers who can reverse engineer the source code which would moot the first part but not the second part. 
    I think your interpretation of the AWA is suspect but that's a matter for others. Your conclusion, however, is alarming. While I support the DOJ's original court order, I would be opposed to Apple turning over its encryption keys. Doing so places every current phone at risk of a man-in-the-middle attack. I would be surprised (and horrified) if a court found that risk acceptable. The DOJ's original approach is far short of that and they have cited relevant (so they think) precedent for using the AWA to compel the creation of code. That's where the court fight will play out.
  • Reply 51 of 164
    ElspethElspeth Posts: 13member


    And a year from now, a whole slew of third-party options will be available to encrypt your data and communications, and then what? 
    And Apple would probably help those third-parties in ways they currently do not help third parties to make certain encryption becomes an immovable object. 
  • Reply 52 of 164
    radarthekatradarthekat Posts: 3,842moderator
    JeffA2 said:
    Let's put this in terms you Apple sympathizers will understand.
    An awesome new company has just invented an encrypted physical key to a physical encrypted door to some child molesters creepy basement.
    Impervious to any locksmith and of course any court orders to open it with a warrant to search for your missing son or daughter that the government believes might be inside or might contain clues as to the whereabouts of your child. Now do you get it? Simpletons
    Apple helps terrorists!

    Your analogy is incorrect.
    - the lock company makes and sells tens of millions of this model of lock
    - the FBI asks them to make a skeleton key to open the one basement door, only due to the technical nature of the lock the key, if made, would be capable of opening every single one of the tens of millions of locks sold, many of which are used to keep our sons and daughters safe.

    Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.
    You have just hoisted yourself by your own petard.  You see, if you want Apple to follow the law, then Apple could do just that.  The company could, in a few months, introduce a version of iOS that REQUIRES the user to sign in before an iOS update can be installed, even if plugged into a computer.  This new version of iOS would subvert the FBI's desire for that key that could be signed for any iPhone, because the key itself would not be able to be installed on an existing iPhone for which the passcode is not already known.  So you can see that this matter is not one for law enforcement or the courts to pursue, because there is a clear roadblock to the FBI's plan that Apple can throw up at any time.  This is a matter for congress to debate, and ultimately Apple will force that debate if the courts don't (by throwing out the current court order).  Once congress has the debate and encodes the results into law, then Apple, and every other technology company, will eillingly abide by the law.  But until that time, Apple has every right to legally resist what it believes to be an unlawful order.
    edited March 2016 hlee1169pscooter63
  • Reply 53 of 164
    JeffA2JeffA2 Posts: 82member
    Elspeth said:


    And a year from now, a whole slew of third-party options will be available to encrypt your data and communications, and then what? 
    And Apple would probably help those third-parties in ways they currently do not help third parties to make certain encryption becomes an immovable object. 
    Actually, Apple has a far easier path to disabling this type of attack in future versions of iOS. I don't think it will take them long to implement a PIN requirement to load software via DFU. 
  • Reply 54 of 164
    radarthekatradarthekat Posts: 3,842moderator
    NemWan said:
    In the worst case that government gets to seize source code and signing keys, Apple's obligation to its customers' security would be to make what was seized obsolete. Apple would have to treat it exactly as though their keys and code had been stolen by hackers. It would take time for outside experts to study and make use of the source code. By then, Apple could (hopefully) replace and revoke their old keys so that all devices not already under government control can be updated to no longer accept updates using the old key. Then release a new version of iOS.
    Apple can regain control of their product because they also design the only hardware their software runs on. Future iOS devices would not accept GovtOS. So what does the government do then? Demand permanent access to all future OS source code and keys? This insanity would just increase until Congress either shuts it down with laws that limit law enforcement from doing this, or at the opposite extreme creates laws that explicitly obligate tech companies to conduct mass surveillance of their customers which would be stored on behalf of the government — which would be beyond the pale and comparable to telling phone companies they had to record every call.
    Once companies like Apple have designed best-practices for privacy and security that deny the company any knowledge of customer data, there is no reason for the company to ever again have that knowledge except for government mandated surveillance.
    Perfectly stated.  This is exactly the path forward.  Which branch we all walk must be determined by informed debate.  I'm confident that, in the end, this whole matter will be resolved in much the same manner and for the same reasons that the government's Clipper chip initiative was defeated two decades ago.  Simply because nobody outside the U.S. is required to play along, thus data security and privacy will, in the end, be weakened only for U.S. citizens, to the great cheer of all terrorists, hackers, rouge governments, and other bad actors worldwide.
    edited March 2016 ration al
  • Reply 55 of 164
    JeffA2JeffA2 Posts: 82member
    JeffA2 said:
    Your analogy is incorrect.
    - the lock company makes and sells tens of millions of this model of lock
    - the FBI asks them to make a skeleton key to open the one basement door, only due to the technical nature of the lock the key, if made, would be capable of opening every single one of the tens of millions of locks sold, many of which are used to keep our sons and daughters safe.

    Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.

    ---

    You have just hoisted yourself by your own petard.  You see, if you want Apple to follow the law, then Apple could do just that.  The company could, in a few months, introduce a version of iOS that REQUIRES the user to sign in before an iOS update can be installed, even if plugged into a computer.  This new version of iOS would subvert the FBI's desire for that key that could be signed for any iPhone, because the key itself would not be able to be installed on an existing iPhone for which the passcode is not already known.  So you can see that this matter is not one for law enforcement or the courts to pursue, because there is a clear roadblock to the FBI's plan that Apple can throw up at any time.  This is a matter for congress to debate, and ultimately Apple will force that debate if the courts don't (by throwing out the current court order).  Once congress has the debate and encodes the results into law, then Apple, and every other technology company, will eillingly abide by the law.  But until that time, Apple has every right to legally resist what it believes to be an unlawful order.
    That's not much of a revelation since I've been posting that likely outcome (requiring a PIN in DFU) on these very boards for weeks. I assume that's what Apple will do. It's what I would do. But it has no bearing on the present case. 
  • Reply 56 of 164
    ElspethElspeth Posts: 13member
    Let's put this in terms you Apple sympathizers will understand.
    An awesome new company has just invented an encrypted physical key to a physical encrypted door to some child molesters creepy basement.
    Impervious to any locksmith and of course any court orders to open it with a warrant to search for your missing son or daughter that the government believes might be inside or might contain clues as to the whereabouts of your child. Now do you get it? Simpletons
    Apple helps terrorists!

    Oh do go away. The child molester argument is BS. It's about as lame as the Hitler argument. 

    If Apple ALREADY HAD THE SOFTWARE IT COULD BE FORCED TO TURN IT OVER BUT SINCE THE SOFTWARE DOESNT EXIST THE AWA IS NOT APPLICABLE. shouting is necessary because your to thick to get it otherwise. 

    If the safe manufacturer had the key they could be forced to give it over. But if they make the safe and then let the owner make the impossible to hack key (which is what the passcode/password does) then the manufacturer cannot be forced to make a new key that it never made in the first place. The AWA doesn't reach that far

    and the case law the feebs are relying on, the pin registry and eavesdropping cases, are not applicable. In those cases Ma Bell was not being forced to make new technology for the feebs. They were being forced to turn over existing information, the pin registry, and allow the feebs to install GOVERNMENT equipment on the line to wiretap. Neither set of cases does what this moron judge did, require a business to create a new product against their will which would undermine their business. 

    Apple supports terrorism about as much as the Pope does. The U.S. Government does support terrorists and has done so for the better part of 50 years (giving guns to the drug cartels in Mexico, giving guns and money to the South American cartels in the 80s, supporting Saudia Arabia, the list is endless.)
    hlee1169tallest skilration al
  • Reply 57 of 164
    SpamSandwichSpamSandwich Posts: 33,407member
    “Independence is the recognition of the fact that yours is the responsibility of judgment and nothing can help you escape it—that no substitute can do your thinking—that the vilest form of self-abasement and self-destruction is the subordination of your mind to the mind of another, the acceptance of an authority over your brain, the acceptance of his assertions as facts, his say-so as truth, his edicts as middle-man between your consciousness and your existence.” ― Ayn RandAtlas Shrugged 

    There is a rational conversation to be had regarding the balance between security and freedom. However, when the DOJ threatens to take Apple's source code, the conversation is over. Before surrendering a thing to our would-be overlords, I would liquidate, pay off the stockholders and burn anything left to the ground. NO ONE has the right to another's property, intellectual or otherwise.
    Just like the owner of that secure email service Ed Snowden used, Lavabit.
  • Reply 58 of 164
    JeffA2JeffA2 Posts: 82member
    Elspeth said:
    Let's put this in terms you Apple sympathizers will understand.
    An awesome new company has just invented an encrypted physical key to a physical encrypted door to some child molesters creepy basement.
    Impervious to any locksmith and of course any court orders to open it with a warrant to search for your missing son or daughter that the government believes might be inside or might contain clues as to the whereabouts of your child. Now do you get it? Simpletons
    Apple helps terrorists!

    If Apple ALREADY HAD THE SOFTWARE IT COULD BE FORCED TO TURN IT OVER BUT SINCE THE SOFTWARE DOESNT EXIST THE AWA IS NOT APPLICABLE. shouting is necessary because your to thick to get it otherwise. 


    Then I wonder why the DOJ cites not one but two prior precedents where Federal circuit courts found that companies could be compelled to write code under the AWA? Neither of those rulings has ever been overturned. I'm no lawyer and I'm not shouting in caps (and I'm not "to [sic] thick" either). Just wondering.
  • Reply 59 of 164
    ElspethElspeth Posts: 13member


    Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.
    Warrants be damned. No one with the intelligence of a gypsy moth believes the government will seek warrants. Snowmen proved that. The only reason the government would ever seek a warrant is because they want to introduce the evidence in court...

    the feebs went court order this time because they cannot crack the system on their own. But if they could you and I (unless you are a jackbooted feeb) would have ever heard that the feebs had hacked the phone...cause they don't want to submit evidence in a trial. Further, had the feebs had the ability already they WOULDNT NEED A WARRANT IN THIS CASE ANYWAY since this phones owner would simply consent. We would never have even heard about this issue. And in terrorism cases in the future, if they get their way, we won't again because they will get to admit the evidence in trial in secret claiming national security...or they will just kill the suspected terrorists.  Oopsy. Not like we go after feebs who murder publicly now anyhow. No defendant no trial no public knowledge. 

    Mother governments brief is ludicrous in that it asserts that the government should be allowed to decide what is best for you...not you decide. The founders are ALL spinning in their graves. We the People are supposed to decide not We the Despot Government. 

    It feels awful lot like new revolution is in the air. The government is overreaching too often and that is what got King George bitch slapped off this continent. 
  • Reply 60 of 164
    ElspethElspeth Posts: 13member
    tenly said:
    Apple should incorporate a new sister company - in another country.  Sell iOS to this new company and have the new, foreign company manage all aspects of iOS development which they would then license back to Apple.  

    If Apple transferred all software development to the new, foreign company - they'd have no programmers left working for Apple USA that could be court-ordered to create something.  Apple USA would of course still control the roadmap for iOS and OSX - but the actual development would be done by people working for the foreign entity and beyond the reach of US law.

    Apple USA could keep R&D, Hardware Design and Services while the foreign based sister company handles all software development.

    Except that violates existing anti-export laws. 
Sign In or Register to comment.