Apple employees threaten to quit if forced to build GovtOS, report says

1235789

Comments

  • Reply 81 of 171
    dinoonedinoone Posts: 69member
    - Can a government compel a pharmaceutical company and its researchers, who took Hippocrates oath to save lives of all, to create or facilitate the creation of a poison necessary to execute a death penalty?
    - Can a government compel an innocent woman to engage in unwanted romance and sex with a suspected terrorist to extract critical info from him?
    - Can a government trick an innocent activist into getting married with an undercover cop and have a baby with him just for investigation purposes? www.bbc.com/news/magazine-29743857
    This is getting really Orwellian...

    frac
  • Reply 82 of 171

    According to a report published Thursday, a number of high-level Apple employees would rather quit their jobs than comply with a court order compelling the creation of an intentionally flawed version of iOS, currently being sought by the FBI in its investigation into the San Bernardino shootings.


    Or, lest we forget ... the employees could do what they are told -- then each could justify the act by claiming:  "I was only following orders".  

    https://en.wikipedia.org/wiki/Superior_orders

    edited March 2016
  • Reply 83 of 171
    dinoonedinoone Posts: 69member
    JeffA2 said:
    JeffA2 said:
    Ignorant in what way? If I've said anything factually inaccurate, point it out and I'll be happy to retract it when shown the error. Many, many statements on this forum about the technical details of this issue are simply and provably wrong. 

    As for the philosophical argument we all have a different view of the 'bigger picture'. Mine (and my 'agenda') is that we are a nation of laws, protected by a constitution, a system of checks and balances and a system of judicial review. Nowhere in that system does a private corporation get to dictate matters of law. Ceding the rule of law to a corporation is far more dangerous than the contents of a phone.

    Would you be as happy if it were IBM or Samsung hiding behind a privacy argument to defend their business model? Or General Motors? How about GE? Or Citibank? Just because we all like Apple products doesn't mean that they get to determine the law. Bernie Sanders entire political movement is based on the idea that private companies have usurped democratic powers. And that, I agree with.

    Just to be clear, the previous two paragraphs are opinions, not facts. Feel free to disparage them. But if you bring up technical issues make sure you do enough research to get them right. If you don't understand the technology, don't make stuff up or just repeat what you read elsewhere. The signal to noise ratio on this forum is poor enough as it is.

    ---

    You clearly haven't read the Apple response where they point out the exact opposite of what you contend; that it is the government who is attempting to hijack the law to their ends, in instance after instance that Apple's lawyers clearly and precisely point out.  You are uninformed on the legal aspects of this case, and that casts serious doubt on your further contentions that you are an able judge of whether or not those here speaking to the technical aspects know of what they speak.  You clearly do not.
    I've read it, I just don't agree with it. But I don't claim to be a lawyer.

    I do know more than a little about computers. Nothing I've said is factually incorrect, to the best of my knowledge. If I've made a technical error, point it out. 
    It is not a matter of being just a nation of law: we are citizens of this world together with other nations. So the perspective does not necessarily end within "this nation". This is particularly relevant because of one of Apple's main arguments in this case: if the US court wins this case, then the Chinese and Russian courts will easily win their forthcoming mirror cases too. And that will threat the security and survival of innocent citizens around the world, including the many US citizens abroad. Therefore this main issue cannot be dealt just with the argument of being "a nation of law".
  • Reply 84 of 171

    ...

  • Reply 85 of 171
    singularitysingularity Posts: 1,328member
    Saying you will quit if x happens is very easy. Quiting when x happens is a different proposition especially when it means giving up a job with benefits etc
    Sir_Turkey
  • Reply 86 of 171
    lightknightlightknight Posts: 2,312member
    Still waiting for Russia to demand iOS source code. As a global trade partner for America, and of course a democracy sitting at the United Nations, it's not like Apple can give the source code to the US Government and not Russia :)
  • Reply 87 of 171
    lightknightlightknight Posts: 2,312member
    Between a rock and a hard place...

    And it's not just about iOS....

    - OS X
    - tvOS
    - watchOS

    If Apple loses this battle, the FBI could theoretically tap into your heartbeat at any time.

    And a year from now, a whole slew of third-party options will be available to encrypt your data and communications, and then what? 
    Who would not want a spy in their home. Hello, Alexa.
  • Reply 88 of 171
    ppietrappietra Posts: 283member
    JeffA2 said:
    ppietra said:
    Sorry but the cases the DOJ cites actually didn’t require any computer programming like in this case, they didn’t create new software. Those companies already had the equipment necessary to do what was ordered and had already done those things to serve costumer requests. The programming was something like defining the phone number to monitor and took less than a minute.
    I'm not sure that's a qualitative difference. They were compelled to write software they did not have. The court seemed only to be concerned with the question of 'undue burden.' But even Apple concedes that the software modifications are not complex or costly to do. Well, that's why the specifics of this are going to be heard by judges who know more about the law than I do -- probably all the way to the supreme court.
    It seems like you didn’t understood what I said. They didn’t write software or used something they hadn’t already used on other circumstances. Consumers didn’t write software when they programmed VCR’s back in the day, etc. Programming doesn’t only mean to write software.
  • Reply 89 of 171
    tenlytenly Posts: 710member
    CMA102DL said:
    Peter H said:
    I have a question:  why not let the FBI create the software they want, and then apple signs it software with the key?  That way Apple doesn't get involved with making something they don't want to, and their keys never make it to the FBI. 
    No. It is never going to happen. The Apple source code is intellectual property the Government is not entitled to have. Plus Apple would voluntarily cease operations  rather than turning over any intellectual property to the US gov. This is worse than letting Apple develop GovOS.
    This is a perfect example of the exaggeration coming from some people in the pro-Apple camp.  This poster starts off with a valid point but then he ruins his credibility by claiming that "Apple would voluntarily cease operations rather than turning over intellectual property".  They can't and they won't cease operations.  They have a responsibility to their shareholders and the shareholder would have to vote on such a proposal.  That motion would never pass.  Investors would have to be willing to take massive losses essentially burning their existing shares which would be nearly worthless.
    singularity
  • Reply 90 of 171
    JeffA2 said:
    Why do people keep saying this as if it were true? The 'version of iOS that allows infinite attempts at the password' is to loaded onto the phone in question via DFU mode. An iPhone will not load arbitrary software that way. It must have a valid signature and only  Apple can do that. Furthermore, the software can (and by court order must) include the specific UUID of the target phone. Therefore even if this patch got out of Apple's hands, was disassembled and the UUID changed, it would fail to load on any iPhone because it would fail the signature check. To further ensure security the phone is allowed to remain in Apple's possession for the entire time it is running the altered software. As a final condition of the court order, the entire patch must be RAM resident. No flash memory on the phone can be altered. Therefore the patch will be erased from memory as soon as the target phone is unpowered. 

    What we have here is a procedure for producing a key for any specific phone, not a skeleton key. The difference is fundamental.

    Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.
    Thanks for that.  Still, no nation should be asking for this in the modern world.  With hundreds of encryption programs available (most based outside the US) for iOS and Android should Apple customers be forced to act like terrorists and criminals in the way we protect our data in order to be safe from government intrusion (rhetorical question)?  It reminds me of gun laws here in Canada.  We are limited to 5 round magazines for centre fire semi autos and 10 for handguns despite our statistically excellent history of generally not being murderers etc.  Yet criminals don't have the same limitations.  Point being it both punishes the law abiding citizen and is completely ineffective in preventing crime.
  • Reply 91 of 171
    Like anyone is going to quit and if they do they'll regret it. Do they wear monkey suits over at Apple ? 

    Umm... I worked with several Americans at a leading edge (smaller) consulting company, and when they were told they had to dress more professionally for certain customers..... several quit...  so yes, some people will take the change serious enough to quit.
    Sir_Turkey
  • Reply 92 of 171

    JeffA2 said:
    Given a choice between signing their own software and handing over the signing key to the FBI, Apple would be insane to do the latter. Losing control of the signing key is tantamount to losing control of the entire system.

    The next update will replace the key with a new one.
  • Reply 93 of 171
    tenlytenly Posts: 710member
    dinoone said:
    - Can a government compel a pharmaceutical company and its researchers, who took Hippocrates oath to save lives of all, to create or facilitate the creation of a poison necessary to execute a death penalty?
    Not if they have insurance - but from what I see, the Hippocratic oath only applies when the patient has insurance and a drug plan....  Withholding care from someone that will die without it is pretty much the same as administering a lethal poison in the same way that a lie of omission is still a lie.
    edited March 2016 singularitypalomine
  • Reply 94 of 171
    tenlytenly Posts: 710member
    JeffA2 said:

    tenly said:
    If *that* was all they wanted and it was going to end there it wouldn't be then end of the world at all.  It would mean bye-bye to 4-digit passcodes that can be cracked in 30 minutes - but a well chosen passphrase would take thousands of years to brute force.  
    Well an 8-digit numeric code would take only a few weeks. Your right for a 8 character mixed-case alphanumeric code though.
    You missed my point.  If you read my whole message, you'd see i said it takes 30 min or less to crack a 4 digit passcode, but thousands of years to crack a well-chosen passphrase.  8 characters does not constitute the "well chosen passphrase i was referring to".  There are a number of ways to create a well-chosen passphrase and its not as easy as people think - mostly because it has to be easy enough to be memorized and typed occasionally but should be long (>32 characters), not contain any names, dates or words from the dictionary or even any acronyms based upon famous quotes or popular song lyrics - because those things are already built into some of the better brute force attack tools.  The best passphrase would be to join together 3 or 4 good passwords - each of which are a meaningless mix of numbers, letters and special characters - but this is hard to remember and hard to type accurately.  The context that I mentioned 8 characters in was to suggest that 8 characters might be the longest passcode/passphrase that the FBI would be "okay" with since they could brute force it in a "reasonable" amount of time.
  • Reply 95 of 171
    tenly said:
    dinoone said:
    - Can a government compel a pharmaceutical company and its researchers, who took Hippocrates oath to save lives of all, to create or facilitate the creation of a poison necessary to execute a death penalty?
    Not if they have insurance - but from what I see, the Hippocratic oath only applies when the patient has insurance and a drug plan....  Withholding care from someone that will die without it is pretty much the same as administering a lethal poison in the same way that a lie of omission is still a lie.
    The hippocratic oath is generally speaking that they will do no harm (though that phrase is not part of it) to their patient.  There is nothing about being a slave to whoever may be sick - without regard for payment etc. etc.  A doctor does not sign up to lose his right of association or to become indentured to the poor and huddled masses.
    radarthekat
  • Reply 96 of 171
    jcs2305jcs2305 Posts: 1,261member
    Blah1221 said:
    Not sure why the FBI didn't think to search the shooter's computer if they had one 
    Because they destroyed their personal computers and cell phones prior to the attack. 
    icoco3
  • Reply 97 of 171
    dysamoriadysamoria Posts: 3,430member
    “Independence is the recognition of the fact that yours is the responsibility of judgment and nothing can help you escape it—that no substitute can do your thinking—that the vilest form of self-abasement and self-destruction is the subordination of your mind to the mind of another, the acceptance of an authority over your brain, the acceptance of his assertions as facts, his say-so as truth, his edicts as middle-man between your consciousness and your existence.” ― Ayn RandAtlas Shrugged 

    There is a rational conversation to be had regarding the balance between security and freedom. However, when the DOJ threatens to take Apple's source code, the conversation is over. Before surrendering a thing to our would-be overlords, I would liquidate, pay off the stockholders and burn anything left to the ground. NO ONE has the right to another's property, intellectual or otherwise.
    Yet our corporate overlords are doing just that, every day of the week, to almost every employee, and somehow libertarians think that's ok because they see themselves as the dominant agents in that arrangement (even when they're not, and are merely hoping to ride the coattails of others to a position of their own elitism), and the will of the corporate entity is legally and socially elevated to the position of being superior to the will of the individual worker in this country.

    im fully with Apple on this subject, but quotes of Ayn Rand's selfishness against society isn't something I'll ever get behind; that's just more arrogant elitism and sociopathy.


  • Reply 98 of 171
    ppietrappietra Posts: 283member
    tenly said:
    JeffA2 said:

    Well an 8-digit numeric code would take only a few weeks. Your right for a 8 character mixed-case alphanumeric code though.
    You missed my point.  If you read my whole message, you'd see i said it takes 30 min or less to crack a 4 digit passcode, but thousands of years to crack a well-chosen passphrase.  8 characters does not constitute the "well chosen passphrase i was referring to".  There are a number of ways to create a well-chosen passphrase and its not as easy as people think - mostly because it has to be easy enough to be memorized and typed occasionally but should be long (>32 characters), not contain any names, dates or words from the dictionary or even any acronyms based upon famous quotes or popular song lyrics - because those things are already built into some of the better brute force attack tools.  The best passphrase would be to join together 3 or 4 good passwords - each of which are a meaningless mix of numbers, letters and special characters - but this is hard to remember and hard to type accurately.  The context that I mentioned 8 characters in was to suggest that 8 characters might be the longest passcode/passphrase that the FBI would be "okay" with since they could brute force it in a "reasonable" amount of time.
    To brute force the password it has to be done on the iPhone and its hardware takes a minimum of 80 mili-seconds between attempts. That means that it could take thousands of years to break a 8 character alphanumeric password.
    ration al
  • Reply 99 of 171
    ppietrappietra Posts: 283member
    JeffA2 said:
    No Jeff that is not the case at all.  The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password.  If such a version were created and subsequently stolen/leaked it could be used on any other iPhone.  Hence the "skeleton key" that opens all the locks analogy.

    The other issue Apple has is where does this end?  At first the FBI said this is just for this one phone but them Comey (spelling?) admitted they would want to use such a compromised version many many times.  So that would compel Apple to constantly maintain a compromised version of iOS in perpetuity.  
    Why do people keep saying this as if it were true? The 'version of iOS that allows infinite attempts at the password' is to loaded onto the phone in question via DFU mode. An iPhone will not load arbitrary software that way. It must have a valid signature and only  Apple can do that. Furthermore, the software can (and by court order must) include the specific UUID of the target phone. Therefore even if this patch got out of Apple's hands, was disassembled and the UUID changed, it would fail to load on any iPhone because it would fail the signature check. To further ensure security the phone is allowed to remain in Apple's possession for the entire time it is running the altered software. As a final condition of the court order, the entire patch must be RAM resident. No flash memory on the phone can be altered. Therefore the patch will be erased from memory as soon as the target phone is unpowered. 

    What we have here is a procedure for producing a key for any specific phone, not a skeleton key. The difference is fundamental.

    Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.
    You are technically correct about how Apple signature works, but wrong on the big picture because there are vulnerabilities that have been explored that don’t require Apple signature to change the system. Once others understand what Apple did in this tool they will try to replicate it while using those vulnerabilities for their benefit and that will work on many other phones, capable of unlocking those with bad passwords, hence being compared to a skeleton key
    ration al
  • Reply 100 of 171
    jidojido Posts: 118member
    JeffA2 said:
    Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.
    No Jeff that is not the case at all.  The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password.  If such a version were created and subsequently stolen/leaked it could be used on any other iPhone.  Hence the "skeleton key" that opens all the locks analogy.

    The other issue Apple has is where does this end?  At first the FBI said this is just for this one phone but them Comey (spelling?) admitted they would want to use such a compromised version many many times.  So that would compel Apple to constantly maintain a compromised version of iOS in perpetuity.  
    Otto, if the software is signed and includes the phone UUID how can it be reused?

    On the other hand, when the precedent is set it can be reused many times in court which is clearly against the interest of customer privacy. 
Sign In or Register to comment.