tenly

CMA102DL said:

Peter H said:

I have a question:  why not let the FBI create the software they want, and then apple signs it software with the key?  That way Apple doesn't get involved with making something they don't want to, and their keys never make it to the FBI. 

No. It is never going to happen. The Apple source code is intellectual property the Government is not entitled to have. Plus Apple would voluntarily cease operations  rather than turning over any intellectual property to the US gov. This is worse than letting Apple develop GovOS.

This is a perfect example of the exaggeration coming from some people in the pro-Apple camp.  This poster starts off with a valid point but then he ruins his credibility by claiming that "Apple would voluntarily cease operations rather than turning over intellectual property".  They can't and they won't cease operations.  They have a responsibility to their shareholders and the shareholder would have to vote on such a proposal.  That motion would never pass.  Investors would have to be willing to take massive losses essentially burning their existing shares which would be nearly worthless.

JeffA2 said:

OttoReverse said:

No Jeff that is not the case at all.  The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password.  If such a version were created and subsequently stolen/leaked it could be used on any other iPhone.  Hence the "skeleton key" that opens all the locks analogy.

The other issue Apple has is where does this end?  At first the FBI said this is just for this one phone but them Comey (spelling?) admitted they would want to use such a compromised version many many times.  So that would compel Apple to constantly maintain a compromised version of iOS in perpetuity.  

Why do people keep saying this as if it were true? The 'version of iOS that allows infinite attempts at the password' is to loaded onto the phone in question via DFU mode. An iPhone will not load arbitrary software that way. It must have a valid signature and only  Apple can do that. Furthermore, the software can (and by court order must) include the specific UUID of the target phone. Therefore even if this patch got out of Apple's hands, was disassembled and the UUID changed, it would fail to load on any iPhone because it would fail the signature check. To further ensure security the phone is allowed to remain in Apple's possession for the entire time it is running the altered software. As a final condition of the court order, the entire patch must be RAM resident. No flash memory on the phone can be altered. Therefore the patch will be erased from memory as soon as the target phone is unpowered. 

What we have here is a procedure for producing a key for any specific phone, not a skeleton key. The difference is fundamental.

Your second point that Apple will be asked to do this over and over is probably correct. However, even the FBI admits that the utility of this approach is short-lived. All Apple has to do render it obsolete is require a PIN during DFU. I would expect them to add this to upcoming iOS update very soon.

Your first paragraph is absolutely correct - but you'll get flamed for posting anything that even gives the slightest appearance that you're adding legitimacy to the FBI's position - no matter how true it might be.

I don't think that a PIN during DFU can be done - or that any mechanism can be created that would render it impossible for Apple to replace the boot firmware.  The code that boots up the phone, displays your wallpaper, prompts you for your passcode, keeps track of the number of failed attempts and the software that actually wipes your phone all has to be unencrypted in order for it to run.  Sure - all of your data is safely encrypted and can't be unlocked until the correct passcode is entered - but all of that pre-login stuff I just listed HAS to run PRIOR to the user logging in and therefore cannot be made secure.  It's protected by Apple signing the code - so it can't be replaced by just any old hacker - but I think that Apple will always have the capability to replace or update that code - if they had physical access to the device.  What I don't quite understand though is - *IF* Apple created the modified code that disables the auto-wipe - and codes it in such a way that it ONLY will execute on the phone with this exact UUID - and signs it (because they have to sign it for the phone to execute it)..,,  Why wouldn't they just be able to invalidate the signature after a couple of days pass rendering that code useless forever after - even on that one phone it was written for?

I think that both sides are lying and exaggerating.  The pro-FBI side is claiming that it's only one phone - which we all know is bullshit.... But the pro-Apple side is exaggerating the risk of this code escaping into the wild.  It may not be possible to keep it from escaping - but it is possible to make it completely useless to anyone that does manage to steal a copy of it.

I'm definitely pro-Apple in this argument - but not because I'm scared of this one little piece of code.  I'm scared about the precedent it sets and all the future little bits of code the FBI demands be written with ever increasing scopes and durations of validity!

OttoReverse said:

JeffA2 said:

Your analogy is also incorrect. Apple is not being asked to create a skeleton key. They are being asked to create a procedure for unlocking phones. The software itself -- the 'key' in your parlance -- only fits a single lock. But the procedure could be used to create other keys for other phones. But -- and here's the big difference -- each of those new keys must be separately authorized by a warrant and a subsequent court order. Then that specific 'key' must signed by Apple before it will open the lock. That means there is judicial review for each individual case. That's exactly the type of protection guaranteed by the US constitution.

No Jeff that is not the case at all.  The FBI are asking Apple to create a version of iOS that allows infinite attempts at the password.  If such a version were created and subsequently stolen/leaked it could be used on any other iPhone.  Hence the "skeleton key" that opens all the locks analogy.

If *that* was all they wanted and it was going to end there it wouldn't be then end of the world at all.  It would mean bye-bye to 4-digit passcodes that can be cracked in 30 minutes - but a well chosen passphrase would take thousands of years to brute force.  The problem is that it *won't* end there.  The FBI would quickly learn that it's *not* the skeleton key they hoped for and go back to court claiming the software "is broken" and demanding a "fix" that would let them get into the phone faster - perhaps forcing Apple to not allow passphrases longer than 8 characters or worse building the back door - and citing that this first case sets the precedent that they are legally entitled to the data and that Apple is legally required to write whatever software we need.

Disabling the auto-wipe to allow unlimited attempts isn't the issue at all.  It's the precedent that it would set - that the government can force Apple to compromise their own product at the whim of the government that we're fighting against.  If the government gets this precedent, there will be a non-stop flow of demands from the government that invade our privacy further and further until one day in the not so distant future people will think of privacy as a myth or a legend and not be able to comprehend that it ever existed.