Data encryption is readily available. There are at least 60 software applications that provide military grade (256bit AES) encryption, many of them free. These are not controllable by the Chinese or any government. This is the same encryption method that the NSA uses to keep our secret data secret. If Apple were forced to build a back-door into their encryption, users who want their data and financial info secure would likely switch their encryption to one of these others. Apple's approach using the Secure Enclave adds some defense to brute force attacks. Basically this is what the FBI wanted from Apple. They wanted Apple to eliminate the iPhone's ability to erase the data after a certain number of failed attempts. They also wanted a method to speed up the brute-force hack attempts. How long is your encryption key? Using the fastest super computers to attempt a brute-force crack on an encryption key could take years if you have chosen a very long key. The number of possible keys goes up exponentially with each added character in your key. Of course, if you are in China and choose not to give up your encryption key to the government, you may disappear forever.
- Last Active
A quick google search for encryption software turned up 101,000,000 results. These governments may want (or order) cellphone and computer makers to provide a back door to their products encryption but the internet is rife with encryption software products without backdoors from developers all around the world. This is like them trying to push toothpaste back into the tube. Data encryption is here worldwide and is not going away. Sure, they could try to pass a law that would attempt to put you in jail for not giving them the passkey but this has been litigated here and for now the SCOTUS has said they can't do that. Users who encrypt their data with very long alpha-numeric keys can be quite confident that these governments or hackers best supercomputers will not hack your passcode in your lifetime.
Lets look at the math:
There are typically ~192 possible options for each passcode character. So the formula is 192 to the nth power where n is the number of characters in the passkey.
4 character passkey would make 1,358,954,496 possible combinations. (192x192x192x192)
6 character passkey would make 50,096,498,540,544 possible combinations. (192x192x192x192x192x192)
8 character passkey would make 1,846,757,322,198,610,000 possible combinations. (192x192x192x192x192x192x192x192)
12 character passkey would make 2,509,659,166,022,730,000,000,000,000 possible combinations. (192x192x192x192x192x192x192x192x192x192x192x192)
Ok, lets assume you set a 12 character passkey and a government or a hacker would get lucky and hack the passkey after testing only half the possible combinations, that is still 1,254,829,583,011,360,000,000,000,000 possible combinations to test. I know of no law enforcement group or hacker with a bunch of super computers in their garage but for the sake of argument lets assume they bought a bright shiny new $100,000,000 supercomputer that would be able to test 125,000 passkeys a second and be lucky enough to hit the passkey after only 50% of the possible attempts, In this case the passkey may get hacked in 318,323,080,418,915 years. Ok, say they apply 100 bright shiny new $100,000,000 supercomputers to the task that means 3,183,230,804,189.15 years.
You can see this brute force approach is futile for users who set reasonably long passkeys.
Here are some typical hack times for these various passkey lengths:
4 characters - 1.5 days to test 50% and up to 3.0 days for 100%.
6 characters - 6.4 years to test 50% and up to 12.7 years for 100%.
8 characters - 234.2 years to test 50% and up to 468.5 years for 100%.
12 characters - 318,323,080,418,915 years to test 50% and up to 636,646,160,837,830.5 years for 100%.
Easy to see why they (government or hackers) might want a back door.
If an iPhone owner had used a long passcode of say 12-16 characters to encrypt the data on an iPhone 6/6+, and had enabled the phone to erase the contents after 10 failed attempts, it would be a bit more difficult to believe that the data was compromised. The claim that the data was compromised is only the owners "suspicion" at this point and no proof has been offered. Unless the owner can prove that the data was compromised, this part of the complaint will likely be tossed. What is of concern is under what circumstances a phone can be taken from the owner and not returned for 130 days. There is obviously a clear defined set of circumstances under which this can or cannot legally occur.
I'd like to hear the case.
Why was the phone taken from the owner? Under what rule and regulation?
Was there a reasonable suspicion of a potential crime?
Who took the phone and what was the ascribed reason?
What specific agency(s) had possession off the phone during the 130 days?
What was done to the phone over the course of 130 days?
I could imagine scenarios where this action might be proper as easily as I could imagine scenarios where this would not.
Wanting to hear more.
There are a ton of encryption applications freely available via the internet. A Google search of "Free encryption applications" turned up 93,700,000 hits. If the Australian officials attempt to force Apple to create a backdoor into Apple's encryption, they also would need to secure backdoors to all of these applications, many of which are developed in countries that would give Australia the middle finger.
Apple has a reputation of being one of the staunchest supporters of user data privacy among the technology companies. Sort of a red line so to speak. Everyone with even a half of a brain knows a backdoor would be hacked or leaked within months, maybe weeks, of release as would all your banking, purchasing and privacy. Really, without privacy, I have little use for a smart phone.
As mentioned by another poster, removal of Apple tech from the Australian market would very likely result in the removal of the officials responsible. Australia, how is it you are electing such low IQ officials?
Fact: No company in the world controls their contractors and holds them to strict safety standards better than Apple. But sub-contractors under contract to a third party supplier? Here is a novel idea, why not put that responsibility where it belongs, with those companies who are purchasing and using these chemicals in an unsafe manner? It is really the component makers who have choices to make in their companies; to either make the components in a manner that is safe for their employees, or not. Instead you have hacks who are using the attention generated by large brand recognized companies to garner their 15 minutes of fame and attention.
I recall that was one of Steve Job's aims. If any company were to design or improve a product that would take away from their design leadership, he wanted that company to be Apple. Unsure if that principle is still alive and well at Apple but time will tell. Their R&D budget is huge and their secrecy surrounding their research is pretty tight. But we do know of some areas being looked into like flexible/foldable phone displays, AI, AR, autonomous vehicles, etc. and for what little we do know, there remains a ton of stuff that we can only guess what they are up to. Besides making a lot of money for it's shareholders, Apple has proven they are not a one innovative concept and done company.