Why do people keep saying this as if it were true? The 'version of iOS that allows infinite attempts at the password' is to loaded onto the phone in question via DFU mode. An iPhone will not load arbitrary software that way. It must have a valid signature and only Apple can do that. Furthermore, the software can (and by court order must) include the specific UUID of the target phone. Therefore even if this patch got out of Apple's hands, was disassembled and the UUID changed, it would fail to load on any iPhone because it would fail the signature check. To further ensure security the phone is allowed to remain in Apple's possession for the entire time it is running the altered software. As a final condition of the court order, the entire patch must be RAM resident. No flash memory on the phone can be altered. Therefore the patch will be erased from memory as soon as the target phone is unpowered.
What we have here is a procedure for producing a key for any specific phone, not a skeleton key. The difference is fundamental.
Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.
You are technically correct about how Apple signature works, but wrong on the big picture because there are vulnerabilities that have been explored that don’t require Apple signature to change the system. Once others understand what Apple did in this tool they will try to replicate it while using those vulnerabilities for their benefit and that will work on many other phones, capable of unlocking those with bad passwords, hence being compared to a skeleton key
But this makes absolutely no sense to me. If you don't trust Apple's signing system you have bigger problems than the FBI. Any 3rd party capable of spoofing the signature could mount a man-in-the-middle attack during a software update. Poof...all your data is now in the hands of the Russian mafia. So you pretty much have to trust that Apple has control over its signing keys.
As for others understanding the approach -- they already understand it. There's no mystery or difficulty in modifying iOS to do what the DOJ has asked for. The only thing stopping hackers, jailbreakers or governments from doing it now is that they can't get the software to load.
You're right. I knew about the 80ms delay between attempts but I accidentally did the math for an 8 digit NUMERIC password instead of ALPHA-numeric. (It worked out to about 3 months.)
If you switch to alphanumeric - even without any punctuation, you have 62 possible values for each of the 8 characters instead of 10. Unless my math is still wrong, that would be about 553,000 years to iterate through all possible combinations. 7 characters would take 8,900 years, 6 characters - 144 years, 5 characters - 2.3 years and 4 characters - 13.7 days. So I guess the only thing that works in my original example would be to say that "the FBI could go after legislation that would force Apple to limit passphrases to 4 characters so that they can be able to unlock them in a reasonable amount of time!l
Thanks for pointing out my mistake.
exactly. Even if you assume only 36 possible values (lower case and numbers) for speedier typing, it would still be something like 7 thousand years to go through all the combinations.
Why do people keep saying this as if it were true? The 'version of iOS that allows infinite attempts at the password' is to loaded onto the phone in question via DFU mode. An iPhone will not load arbitrary software that way. It must have a valid signature and only Apple can do that. Furthermore, the software can (and by court order must) include the specific UUID of the target phone. Therefore even if this patch got out of Apple's hands, was disassembled and the UUID changed, it would fail to load on any iPhone because it would fail the signature check. To further ensure security the phone is allowed to remain in Apple's possession for the entire time it is running the altered software. As a final condition of the court order, the entire patch must be RAM resident. No flash memory on the phone can be altered. Therefore the patch will be erased from memory as soon as the target phone is unpowered.
What we have here is a procedure for producing a key for any specific phone, not a skeleton key. The difference is fundamental.
Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.
Thanks for that. Still, no nation should be asking for this in the modern world. With hundreds of encryption programs available (most based outside the US) for iOS and Android should Apple customers be forced to act like terrorists and criminals in the way we protect our data in order to be safe from government intrusion (rhetorical question)? It reminds me of gun laws here in Canada. We are limited to 5 round magazines for centre fire semi autos and 10 for handguns despite our statistically excellent history of generally not being murderers etc. Yet criminals don't have the same limitations. Point being it both punishes the law abiding citizen and is completely ineffective in preventing crime.
Let's not get gun control into this! It's an issue that's even more emotional than this one! If we put them together this entire forum will HACF.
But I struggle to understand the sanctity of the phone versus every other form of information storage. With proper judicial review your personal information has always been searchable. That includes bank accounts, phone records, computer hard drives, tax records, business records, email, written correspondence, photographs -- virtually anything. In the US, the only thing that stands between you and a search of any of these items is the 4th amendment which requires probable cause for the issue of a warrant.
So why is a photo stored on my phone unsearchable under warrant, while the same photo in an old-fashioned slide-carousel in my basement can clearly be searched for cause? The only plausible difference between a phone and other media is that modern phones amalgamate a wide variety of information in the same place. But so does my house and, given probable cause, the government can get a warrant to search that. So why not my phone?
The ability of the government to search -- given probable cause and judicial review -- is not despotism. It's the basis of law enforcement. It's how we catch rapists and killers and financial fraudsters and terrorists too. It's always true that such powers can be seen as targeting the law-abiding as well as the criminal but it's not possible to avoid that. That's why it's always a balancing act between personal privacy and civil society. Advocates for absolute privacy in the digital domain seek to fundamentally alter that balance in ways that are unprecedented.
You are technically correct about how Apple signature works, but wrong on the big picture because there are vulnerabilities that have been explored that don’t require Apple signature to change the system. Once others understand what Apple did in this tool they will try to replicate it while using those vulnerabilities for their benefit and that will work on many other phones, capable of unlocking those with bad passwords, hence being compared to a skeleton key
But this makes absolutely no sense to me. If you don't trust Apple's signing system you have bigger problems than the FBI. Any 3rd party capable of spoofing the signature could mount a man-in-the-middle attack during a software update. Poof...all your data is now in the hands of the Russian mafia. So you pretty much have to trust that Apple has control over its signing keys.
As for others understanding the approach -- they already understand it. There's no mystery or difficulty in modifying iOS to do what the DOJ has asked for. The only thing stopping hackers, jailbreakers or governments from doing it now is that they can't get the software to load.
Nothing of what I said is related with man-in-the-middle attacks or not trusting Apple and its signature. There are people who have developed ways to jailbreak a device without needing a password and consequently can change the system without an install signature. How do you know there is no mystery? One thing is to have an abstract idea about the demands made, another thing is to actually know how to do it and keep the encryption system functional specially with the part where they want a programmable electronic input for the password and remotion of time limits.
Thanks for that. Still, no nation should be asking for this in the modern world. With hundreds of encryption programs available (most based outside the US) for iOS and Android should Apple customers be forced to act like terrorists and criminals in the way we protect our data in order to be safe from government intrusion (rhetorical question)? It reminds me of gun laws here in Canada. We are limited to 5 round magazines for centre fire semi autos and 10 for handguns despite our statistically excellent history of generally not being murderers etc. Yet criminals don't have the same limitations. Point being it both punishes the law abiding citizen and is completely ineffective in preventing crime.
Let's not get gun control into this! It's an issue that's even more emotional than this one! If we put them together this entire forum will HACF.
But I struggle to understand the sanctity of the phone versus every other form of information storage. With proper judicial review your personal information has always been searchable. That includes bank accounts, phone records, computer hard drives, tax records, business records, email, written correspondence, photographs -- virtually anything. In the US, the only thing that stands between you and a search of any of these items is the 4th amendment which requires probable cause for the issue of a warrant.
So why is a photo stored on my phone unsearchable under warrant, while the same photo in an old-fashioned slide-carousel in my basement can clearly be searched for cause? The only plausible difference between a phone and other media is that modern phones amalgamate a wide variety of information in the same place. But so does my house and, given probable cause, the government can get a warrant to search that. So why not my phone?
The ability of the government to search -- given probable cause and judicial review -- is not despotism. It's the basis of law enforcement. It's how we catch rapists and killers and financial fraudsters and terrorists too. It's always true that such powers can be seen as targeting the law-abiding as well as the criminal but it's not possible to avoid that. That's why it's always a balancing act between personal privacy and civil society. Advocates for absolute privacy in the digital domain seek to fundamentally alter that balance in ways that are unprecedented.
Beyond the sanctity of my data is the fact I have full confidence in the security of my iPhone. I do not have to fear theft of my private data. Moreover, I store passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc. It is more than just securing a few photos.
Your personal information has always been searchable with a warrant because it was in plain site (on paper, etc) but now it can be stored in an electronic vault that can not be opened. They still can subpoena records from the phone company, bank, etc.
The 4th amendment may allow them to perform the search, but the 5th says I do not have to assist them.
Your analogy is incorrect. - the lock company makes and sells tens of millions of this model of lock - the FBI asks them to make a skeleton key to open the one basement door, only due to the technical nature of the lock the key, if made, would be capable of opening every single one of the tens of millions of locks sold, many of which are used to keep our sons and daughters safe.
Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.
So naive. Today it's terrorism, tomorrow it's protestors. The FBI can call anyone a terrorist or anarchist group.
Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.
Haha. The FBI would just stop using the tool? Only a fool would believe that. One this tool exists, the FBI would keep using it and lower the threshold to use it for.
Saying you will quit if x happens is very easy. Quiting when x happens is a different proposition especially when it means giving up a job with benefits etc
They are high demand workers. Someone will hire them.
Let's not get gun control into this! It's an issue that's even more emotional than this one! If we put them together this entire forum will HACF.
But I struggle to understand the sanctity of the phone versus every other form of information storage. With proper judicial review your personal information has always been searchable. That includes bank accounts, phone records, computer hard drives, tax records, business records, email, written correspondence, photographs -- virtually anything. In the US, the only thing that stands between you and a search of any of these items is the 4th amendment which requires probable cause for the issue of a warrant.
So why is a photo stored on my phone unsearchable under warrant, while the same photo in an old-fashioned slide-carousel in my basement can clearly be searched for cause? The only plausible difference between a phone and other media is that modern phones amalgamate a wide variety of information in the same place. But so does my house and, given probable cause, the government can get a warrant to search that. So why not my phone?
The ability of the government to search -- given probable cause and judicial review -- is not despotism. It's the basis of law enforcement. It's how we catch rapists and killers and financial fraudsters and terrorists too. It's always true that such powers can be seen as targeting the law-abiding as well as the criminal but it's not possible to avoid that. That's why it's always a balancing act between personal privacy and civil society. Advocates for absolute privacy in the digital domain seek to fundamentally alter that balance in ways that are unprecedented.
Beyond the sanctity of my data is the fact I have full confidence in the security of my iPhone. I do not have to fear theft of my private data. Moreover, I store passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc. It is more than just securing a few photos.
Your personal information has always been searchable with a warrant because it was in plain site (on paper, etc) but now it can be stored in an electronic vault that can not be opened. They still can subpoena records from the phone company, bank, etc.
The 4th amendment may allow them to perform the search, but the 5th says I do not have to assist them.
My house has all those items too (passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc.). And they're not in plain sight. But it's still searchable under warrant. So what's the difference with the phone? Why should data on your phone be beyond the reach of a legal search when that same data is in scope if it's stored elsewhere?
Thanks for that. Still, no nation should be asking for this in the modern world. With hundreds of encryption programs available (most based outside the US) for iOS and Android should Apple customers be forced to act like terrorists and criminals in the way we protect our data in order to be safe from government intrusion (rhetorical question)? It reminds me of gun laws here in Canada. We are limited to 5 round magazines for centre fire semi autos and 10 for handguns despite our statistically excellent history of generally not being murderers etc. Yet criminals don't have the same limitations. Point being it both punishes the law abiding citizen and is completely ineffective in preventing crime.
Let's not get gun control into this! It's an issue that's even more emotional than this one! If we put them together this entire forum will HACF.
But I struggle to understand the sanctity of the phone versus every other form of information storage. With proper judicial review your personal information has always been searchable. That includes bank accounts, phone records, computer hard drives, tax records, business records, email, written correspondence, photographs -- virtually anything. In the US, the only thing that stands between you and a search of any of these items is the 4th amendment which requires probable cause for the issue of a warrant.
So why is a photo stored on my phone unsearchable under warrant, while the same photo in an old-fashioned slide-carousel in my basement can clearly be searched for cause? The only plausible difference between a phone and other media is that modern phones amalgamate a wide variety of information in the same place. But so does my house and, given probable cause, the government can get a warrant to search that. So why not my phone?
The ability of the government to search -- given probable cause and judicial review -- is not despotism. It's the basis of law enforcement. It's how we catch rapists and killers and financial fraudsters and terrorists too. It's always true that such powers can be seen as targeting the law-abiding as well as the criminal but it's not possible to avoid that. That's why it's always a balancing act between personal privacy and civil society. Advocates for absolute privacy in the digital domain seek to fundamentally alter that balance in ways that are unprecedented.
None of those things had its inherent security compromised by any law in order to be searchable under warrant. And you are mistaken about hard drives, if it’s encrypted it also becomes unsearchable, the same thing could be said about ciphered paper documents.
Beyond the sanctity of my data is the fact I have full confidence in the security of my iPhone. I do not have to fear theft of my private data. Moreover, I store passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc. It is more than just securing a few photos.
Your personal information has always been searchable with a warrant because it was in plain site (on paper, etc) but now it can be stored in an electronic vault that can not be opened. They still can subpoena records from the phone company, bank, etc.
The 4th amendment may allow them to perform the search, but the 5th says I do not have to assist them.
My house has all those items too (passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc.). And they're not in plain sight. But it's still searchable under warrant. So what's the difference with the phone? Why should data on your phone be beyond the reach of a legal search when that same data is in scope if it's stored elsewhere?
People store those things in their brains and our thoughts aren't searchable either.
But this makes absolutely no sense to me. If you don't trust Apple's signing system you have bigger problems than the FBI. Any 3rd party capable of spoofing the signature could mount a man-in-the-middle attack during a software update. Poof...all your data is now in the hands of the Russian mafia. So you pretty much have to trust that Apple has control over its signing keys.
As for others understanding the approach -- they already understand it. There's no mystery or difficulty in modifying iOS to do what the DOJ has asked for. The only thing stopping hackers, jailbreakers or governments from doing it now is that they can't get the software to load.
Nothing of what I said is related with man-in-the-middle attacks or not trusting Apple and its signature. There are people who have developed ways to jailbreak a device without needing a password and consequently can change the system without an install signature. How do you know there is no mystery? One thing is to have an abstract idea about the demands made, another thing is to actually know how to do it and keep the encryption system functional specially with the part where they want a programmable electronic input for the password and remotion of time limits.
Saying you will quit if x happens is very easy. Quiting when x happens is a different proposition especially when it means giving up a job with benefits etc
I'm thinking PayPal, Amazon,Micrsoft,will hire them immediately
Nothing of what I said is related with man-in-the-middle attacks or not trusting Apple and its signature. There are people who have developed ways to jailbreak a device without needing a password and consequently can change the system without an install signature. How do you know there is no mystery? One thing is to have an abstract idea about the demands made, another thing is to actually know how to do it and keep the encryption system functional specially with the part where they want a programmable electronic input for the password and remotion of time limits.
My house has all those items too (passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc.). And they're not in plain sight. But it's still searchable under warrant. So what's the difference with the phone? Why should data on your phone be beyond the reach of a legal search when that same data is in scope if it's stored elsewhere?
Just to make it clear. I do not think that data in an iPhone should be out of the reach of law enforcement, but the search warrant should go to the rightful owner or user of the phone and afterwards, whomever can give access readily. This way there is no question who can unlock the phone. The San Bernardino County did not have the enterprise software needed in the phone and they cannot access the contents in the phone, the FBI screwed up the password, and Apple is unable to access the contents in the phone. At this stage, the FBI should write it off and let it go instead of twisting Apple's arm to write a compromised OS. If the FBI truly cared about the data in the phone and not about undermining Apple's data security, all those involved in the password mistake including Comey should be terminated immediately for incompetence. I do not see that happening, so Apple and American people should not have to help with the case and sacrifice an inch of security.
But I struggle to understand the sanctity of the phone versus every other form of information storage. With proper judicial review your personal information has always been searchable. That includes bank accounts, phone records, computer hard drives, tax records, business records, email, written correspondence, photographs -- virtually anything. In the US, the only thing that stands between you and a search of any of these items is the 4th amendment which requires probable cause for the issue of a warrant.
So why is a photo stored on my phone unsearchable under warrant, while the same photo in an old-fashioned slide-carousel in my basement can clearly be searched for cause? The only plausible difference between a phone and other media is that modern phones amalgamate a wide variety of information in the same place. But so does my house and, given probable cause, the government can get a warrant to search that. So why not my phone?
The ability of the government to search -- given probable cause and judicial review -- is not despotism. It's the basis of law enforcement. It's how we catch rapists and killers and financial fraudsters and terrorists too. It's always true that such powers can be seen as targeting the law-abiding as well as the criminal but it's not possible to avoid that. That's why it's always a balancing act between personal privacy and civil society. Advocates for absolute privacy in the digital domain seek to fundamentally alter that balance in ways that are unprecedented.
It is incredibly frustrating to hear people making this specious argument over and over. Search warrants are used to seize property during criminal investigations. They also give judicial permission to the law enforcement agency seizing the property to examine the property and use the property as evidence against a criminal defendant. A search warrant was not even required in this case because the phone is not owned by the criminal...the phone is owned by a government agency. That agency simply consented to the seizure of the property and the search of the seized property. Search warrants are IRRELEVANT to this case.
A photo stored on your phone is NOT unserchable under a warrant (Riley v. California) if the police can access it the police can search it once they have a warrant. However, YOU cannot be compelled to unlock your phone...not even with a search warrant...because that violates the 5th Amendment (the case law is all over the place on why, but lets just say it boils down to the act of entering a password on a phone or any device as being equivalent to making a statement that you own the phone and its contents...which is a statement of self-incrimination you cannot be compelled to make.)
A photo stored on an encrypted phone is not the same as a photo slide stored in a carousel in your basement...the photo carousel is not encrypted. Now, if you had a safe in your basement that was impossible to open under any circumstances without your personal passcode and the photo carousel was inside that safe you start to get equivalent. If you were dead and there was no way to open the safe, then the police can seize the safe they just cannot open it...cause you are dead and the information needed to open it died with you. If they, law enforcement, figure out how to open the safe without the passcode, they are allowed to do so...through what ever means they deem necessary, including destroying the darn thing. What they cannot do is unilaterally force another person, against their will, to open the safe just because the police have a warrant. Warrants do not, and cannot, compel a person to do a thing they do not want to do, warrants are limited to allowing the police to physically collect and inspect evidence.
I simply do not understand why people cannot comprehend that this is not about whether the police can seize the photo in the first place.
Lets put it in more simply terms. You are a terrorist. You want to write secret notes to your co-conspirators that no one but you and they can read. To do this, you devise a wholly new language that no one but you and your co-conspirators know (lets call the new language gibblefritz). You write your diabolical plans down on paper in this new language. You send unencrypted emails in this new language to you co-conspirators. The police figure out you and your co-conspirators are a terrorists and they decide to arrest you, however, during the attempt to arrest you, all of you are killed. When the police search your corpse and your conspiracy hang-out, after getting a search warrant, they find your written diabolical plans in your pockets and in filing cabinets in the hang-out. They also find the emails on your computer.
There ends the power of a search warrant.
The police are desperate to read your missives to learn whether they killed all the terrorists or if there are others they don't know about...but they cannot because everything is in gibblefritz and the police don't read gibblefritz...no one reads gibblefritz. Now the police know that over at the University of Apulosi, Dr. MacIntosh is really really good at deciphering dead languages. So they take your gibblefritz writings to Dr. MacIntosh and they say "Dr. MacIntosh, please help us, please translate these writings." Dr. MacIntosh says "I am so sorry, but I just cannot. I don't have time. I'll have to write a whole new program for my deciphering computer. I don't have resources to do that and it will take a really long time to do. Helping you will sully my reputation. Helping you will undermine all my other work. No one will trust me if I help you. I don't want to learn to read the evil language of gibblefritz, anyway." So, the police go to to court and the beg the judge "Please, you honor, make Dr. MacIntosh help us read these diabolical writings. Don't listen to his excuses. The people are in danger, there may be other terrorists out there. The world will end if we do not find them. The world will end if we don't learn how to read gibblefritz. Give us a Writ to make Dr. MacIntosh do as we want."
This case is not about search warrants. Never has been, never will be. Its about whether a court can order a person (corporations are people too, Citizens United v FEC) to make something, from scratch, that they don't want to. The All Writs Act has never before been used in such a manner and the cases cited by the USDOJ do not support their position that it does (those cases required the phone company -the Bell Telephone Co, i.e. Ma Bell, and later ATT - to given the police the "pin registry" they already had in their possession for billing purposes so the police could see who the criminals were calling, or required the phone company to allow the police to install government owned listening devices on the lines for certain telephone numbers.) Now if the feebs have software in their possession already that they want to install on the phone themselves, but need Apple's help to do so, the AWW *might* reach far enough to force Apple to help, to the best of their ability, with the installation. But the feebs don't have the software, they want to turn Apple in to a slave to their desires that such software be created. If they are allowed to do that with Apple, then every person in the country can be conscripted against their will to do the bidding of the government no matter how much it will harm us personally.
Beyond the sanctity of my data is the fact I have full confidence in the security of my iPhone. I do not have to fear theft of my private data. Moreover, I store passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc. It is more than just securing a few photos.
Your personal information has always been searchable with a warrant because it was in plain site (on paper, etc) but now it can be stored in an electronic vault that can not be opened. They still can subpoena records from the phone company, bank, etc.
The 4th amendment may allow them to perform the search, but the 5th says I do not have to assist them.
My house has all those items too (passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc.). And they're not in plain sight. But it's still searchable under warrant. So what's the difference with the phone? Why should data on your phone be beyond the reach of a legal search when that same data is in scope if it's stored elsewhere?
The data is not beyond the reach of the police...the ability to read the data is. Search warrants do not make something that is unreadable suddenly readable. Further, search warrants do not allow the police to force someone to do anything. If Apple had the data the police wanted, Apple would have to turn it over. And Apple has turned over every piece of data that they do have for this phone, such as backups. But Apple doesn't "have" software to make the phone do what the police want the phone to do, the police want to make Apple make the software for them. Search warrants do not allow that...the All Writs Act doesn't allow the police to do that.
The case is going to the U.S. Supreme Court in the end. If USDOJ wins, by that time all the information on the phone will be useless due to age (as it probably already is), but everyone in the US and lots of people around the world will have been irrevocably harmed. Drug manufacturers will be forced to make death penalty drugs they don't want to make, because lethal execution is legal, but if the government doesn't have the drugs it cannot be carried out. Regular Citizen Joe will be forced to spy on his or her family members or neighbors, because they trust him. Regular Citizen Jane could be forced to prostitute herself to a suspected terrorists to let the feebs get recordings of the guy and they cannot get close but she can cause he fancies her. Heck, I could even see the reach of the AWW under the theory put for buy the USDOJ to require Citizen Joe to kill someone at the behest of the government because Citizen Joe can get close enough to the person the government wants dead.
There is no limit to the reach of the government to force you to do that which you stridently oppose if the USDOJ wins this case.
Saying you will quit if x happens is very easy. Quiting when x happens is a different proposition especially when it means giving up a job with benefits etc
They are high demand workers. Someone will hire them.
Likely before the ink is dry on their resignation letters
Comments
As for others understanding the approach -- they already understand it. There's no mystery or difficulty in modifying iOS to do what the DOJ has asked for. The only thing stopping hackers, jailbreakers or governments from doing it now is that they can't get the software to load.
But it's for the people... But it's for the public good...
But I struggle to understand the sanctity of the phone versus every other form of information storage. With proper judicial review your personal information has always been searchable. That includes bank accounts, phone records, computer hard drives, tax records, business records, email, written correspondence, photographs -- virtually anything. In the US, the only thing that stands between you and a search of any of these items is the 4th amendment which requires probable cause for the issue of a warrant.
So why is a photo stored on my phone unsearchable under warrant, while the same photo in an old-fashioned slide-carousel in my basement can clearly be searched for cause? The only plausible difference between a phone and other media is that modern phones amalgamate a wide variety of information in the same place. But so does my house and, given probable cause, the government can get a warrant to search that. So why not my phone?
The ability of the government to search -- given probable cause and judicial review -- is not despotism. It's the basis of law enforcement. It's how we catch rapists and killers and financial fraudsters and terrorists too. It's always true that such powers can be seen as targeting the law-abiding as well as the criminal but it's not possible to avoid that. That's why it's always a balancing act between personal privacy and civil society. Advocates for absolute privacy in the digital domain seek to fundamentally alter that balance in ways that are unprecedented.
How do you know there is no mystery? One thing is to have an abstract idea about the demands made, another thing is to actually know how to do it and keep the encryption system functional specially with the part where they want a programmable electronic input for the password and remotion of time limits.
Beyond the sanctity of my data is the fact I have full confidence in the security of my iPhone. I do not have to fear theft of my private data. Moreover, I store passwords, credit card info, bank info, personally identifiable data i.e. SSN, Doctor info, etc. It is more than just securing a few photos.
Your personal information has always been searchable with a warrant because it was in plain site (on paper, etc) but now it can be stored in an electronic vault that can not be opened. They still can subpoena records from the phone company, bank, etc.
The 4th amendment may allow them to perform the search, but the 5th says I do not have to assist them.
Jeff, you are a government lapdog.
A photo stored on your phone is NOT unserchable under a warrant (Riley v. California) if the police can access it the police can search it once they have a warrant. However, YOU cannot be compelled to unlock your phone...not even with a search warrant...because that violates the 5th Amendment (the case law is all over the place on why, but lets just say it boils down to the act of entering a password on a phone or any device as being equivalent to making a statement that you own the phone and its contents...which is a statement of self-incrimination you cannot be compelled to make.)
A photo stored on an encrypted phone is not the same as a photo slide stored in a carousel in your basement...the photo carousel is not encrypted. Now, if you had a safe in your basement that was impossible to open under any circumstances without your personal passcode and the photo carousel was inside that safe you start to get equivalent. If you were dead and there was no way to open the safe, then the police can seize the safe they just cannot open it...cause you are dead and the information needed to open it died with you. If they, law enforcement, figure out how to open the safe without the passcode, they are allowed to do so...through what ever means they deem necessary, including destroying the darn thing. What they cannot do is unilaterally force another person, against their will, to open the safe just because the police have a warrant. Warrants do not, and cannot, compel a person to do a thing they do not want to do, warrants are limited to allowing the police to physically collect and inspect evidence.
I simply do not understand why people cannot comprehend that this is not about whether the police can seize the photo in the first place.
Lets put it in more simply terms. You are a terrorist. You want to write secret notes to your co-conspirators that no one but you and they can read. To do this, you devise a wholly new language that no one but you and your co-conspirators know (lets call the new language gibblefritz). You write your diabolical plans down on paper in this new language. You send unencrypted emails in this new language to you co-conspirators. The police figure out you and your co-conspirators are a terrorists and they decide to arrest you, however, during the attempt to arrest you, all of you are killed. When the police search your corpse and your conspiracy hang-out, after getting a search warrant, they find your written diabolical plans in your pockets and in filing cabinets in the hang-out. They also find the emails on your computer.
There ends the power of a search warrant.
The police are desperate to read your missives to learn whether they killed all the terrorists or if there are others they don't know about...but they cannot because everything is in gibblefritz and the police don't read gibblefritz...no one reads gibblefritz. Now the police know that over at the University of Apulosi, Dr. MacIntosh is really really good at deciphering dead languages. So they take your gibblefritz writings to Dr. MacIntosh and they say "Dr. MacIntosh, please help us, please translate these writings." Dr. MacIntosh says "I am so sorry, but I just cannot. I don't have time. I'll have to write a whole new program for my deciphering computer. I don't have resources to do that and it will take a really long time to do. Helping you will sully my reputation. Helping you will undermine all my other work. No one will trust me if I help you. I don't want to learn to read the evil language of gibblefritz, anyway." So, the police go to to court and the beg the judge "Please, you honor, make Dr. MacIntosh help us read these diabolical writings. Don't listen to his excuses. The people are in danger, there may be other terrorists out there. The world will end if we do not find them. The world will end if we don't learn how to read gibblefritz. Give us a Writ to make Dr. MacIntosh do as we want."
This case is not about search warrants. Never has been, never will be. Its about whether a court can order a person (corporations are people too, Citizens United v FEC) to make something, from scratch, that they don't want to. The All Writs Act has never before been used in such a manner and the cases cited by the USDOJ do not support their position that it does (those cases required the phone company -the Bell Telephone Co, i.e. Ma Bell, and later ATT - to given the police the "pin registry" they already had in their possession for billing purposes so the police could see who the criminals were calling, or required the phone company to allow the police to install government owned listening devices on the lines for certain telephone numbers.) Now if the feebs have software in their possession already that they want to install on the phone themselves, but need Apple's help to do so, the AWW *might* reach far enough to force Apple to help, to the best of their ability, with the installation. But the feebs don't have the software, they want to turn Apple in to a slave to their desires that such software be created. If they are allowed to do that with Apple, then every person in the country can be conscripted against their will to do the bidding of the government no matter how much it will harm us personally.
The case is going to the U.S. Supreme Court in the end. If USDOJ wins, by that time all the information on the phone will be useless due to age (as it probably already is), but everyone in the US and lots of people around the world will have been irrevocably harmed. Drug manufacturers will be forced to make death penalty drugs they don't want to make, because lethal execution is legal, but if the government doesn't have the drugs it cannot be carried out. Regular Citizen Joe will be forced to spy on his or her family members or neighbors, because they trust him. Regular Citizen Jane could be forced to prostitute herself to a suspected terrorists to let the feebs get recordings of the guy and they cannot get close but she can cause he fancies her. Heck, I could even see the reach of the AWW under the theory put for buy the USDOJ to require Citizen Joe to kill someone at the behest of the government because Citizen Joe can get close enough to the person the government wants dead.
There is no limit to the reach of the government to force you to do that which you stridently oppose if the USDOJ wins this case.