Slashdot Mirror
Apple Court Testimony Reveals Why It Refuses To Unlock iPhones For Police (dailydot.com)
blottsie writes: Newly unsealed court transcripts from the U.S. District Court for the Eastern District of New York show that Apple now refuses to unlock iPhones for law enforcement, saying "In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform." “Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now,” Apple lawyer Marc Zwillinger said at the hearing. “A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”
The sad part is, you could probably accomplish the same thing by requiring them to implement data access fire walling, since most will probably buy the canned 'solution' that comes to market cheapest and fastest, with the least amount of code review or thoughtful design.
"I opened my eyes, and everything went dark again"
It takes guts to stand up to government, especially the U.S government.
One U.S. attorney argued that it was "more concerned with public perception" than helping catch criminals.
Duh? No shit? That's not Apple's job, dipshit. They're not here to make your job easier, stop being a bunch of lazy jackasses.
get a warrant, use a snooper, spend a week cracking the data.
haven't the Big Feds said all the terrorist activity is headed into the Dark Web anyway, and Google says best advice is block them from the indexed web?
lazy ass bastards don't have phone books to read and laugh at silly names any more, so they want to randomly hack phones for fun and profit.
if this is supposed to be a new economy, how come they still want my old fashioned money?
For one, I love the fact that Apple is saying "fuck you" to the cops.
On the other hand, it shows the power of multinational corps - they're above the law. Meaning one day, they may do me or others some serious harm and get away free - like Wall Street did.
And as far as my personal privacy is concerned, neither can be trusted.
.. is worth risking a few lives.. including my own.
A government is a body of people notably ungoverned - AC
the government’s requested order would be substantially burdensome, as it would be impossible to perform
That, to me, would seem to be the end of it. It's impossible. Can't be done. Don't even bother asking.
But then the lawyer goes on to image a hypothetical customer asking:
"why is [Apple] continuing to comply with orders that don’t have a clear lawful basis in doing so?"
How is it complying if it's supposed to be impossible to do so?
systemd is Roko's Basilisk.
This whole statement doesn't make sense.
A hypothetical consumer could think...
A hypothetical consumer could think of anything, including that an iPhone will give them god-like powers and cause women to swoon at the mere presence of said iPhone. In fact, the distortion field has people thinking that spending the extra money gives them perceived status.
if Apple is not in the business of accessing my data and...
Okay, so they "don't access your data", but have control to add and remove applications from your iDevice remotely. If they can install/uninstall remotely, how is it they don't have access to my data?
if Apple has built a system to prevent itself from accessing my data,...
How? If the phone is encrypted... that's unlocked at boot, or maybe at a folder level. If they can push stuff, how can they not pull? Not even app version numbers?
why is it continuing to comply with orders
Assuming 'it' is Apple...
that don’t have a clear lawful basis in doing so?
what doesn't have a clear lawful basis? you mean the court-ordered subpoenas for information that could be stored on a phone? Or those search warrants that were legally obtained?
What the hell do they mean "clear lawful basis in doing so?" doing what?
I'm no lawyer, nor do I pretend to be one. I'm also a big advocate for personal privacy and really don't like the idea of reversible encryption. I don't think it should fall on Apple, Microsoft or Google to crack a phone. If the proper legal process was followed, then it should fall to the owner of said phone to decrypt.
So Apple is the lone defender of the free world nowadays?
Weep or laugh, that is the real question.
It will be very interesting to see how Apple's intransigence holds up when China goes through with its threat to prevent the sale of phones that don't contain a back door. It seems they could be painting themselves into a corner.
To avoid seeing this message again, always shut down your computer properly by selecting Shut Down from the Start Menu.
The problem with this of course, is that it will not really stop the really bad guys from using strong security, since they are going ahead and breaking the law anyways, and while it might stop the otherwise too incompetent person who wouldn't know how to use such facilities from getting away with something they might have otherwise, in general, all this does is mean that most of the stuff that law enforcement is able to access is stuff that is entirely benign and wouldn't be of interest to them.
But of course, no matter how well intentioned the government and law enforcement may claim to be, and even if they *COULD* be fully trusted to not abuse such access to the general public's highly confidential and private data (leaving aside the whole matter that they may not be as trustworthy as they claim aside, and suggesting that even *IF* they could be trusted so completely), if they can decrypt it, then so can the bad guys, who will abuse it and invariably cause harm to completely innocent people. And suddenly, law enforcement actually has a harder job than they had before, because while their job may have become slightly easier with respect to catching otherwise incompetent criminals that don't know how to use strong encryption that isn't legally available, and that they might have been able to catch in other ways anyhow, now they *ALSO* have to work harder to protect the public from the new potential attack vector on completely innocent parties that such regulations would give the bad guys.
File under 'M' for 'Manic ranting'
It takes guts to stand up to government, especially the U.S government.
Only for peons. For big mega corps, it takes guts to stand up to them. See, if any cop gets out of line, big mega corp - Apple in this instance - uses their political power to have said cop(s)/entire departments destroyed.
In Heinlein's "Friday", he predicted corporations being the super powers. And they are even getting their own armies! (See, Halliburton and Xe services)
What even is the point in designing security where this is possible? If Apple can just circumvent the security and hand over any data, then who else can? Isn't that just admitting that their security/privacy is flawed?
The Government's argument to force Apple is because Congress has yet to specifically pass a law saying "don't do this" it's all legal and fine.
THE COURT: So short of Congress passing a law prohibiting what you want here, it's fair game? Anything else that Congress may have done in terms of considering legislation one way or the other, because it doesn't result in a statutory prohibition, wouldn't be enough to say, it's off limits for the All Writs Act?
MS. KOMATIREDDY: Yes. Short -- essentially yes
I suspect the additional statements were because this specific case involved an iPhone that was using iOS 7. That version, if I recall, does not feature the same level of default encryption and Apple might have the technical means to unlock it. They're saying that it's confusing to a customer when they say "We can't unlock your phone", but then go back and unlock the phone in this case because it was no a specific version of iOS.
That's only three. Idiot.
I mean, at the very core, a phone is a tool (let's pretend it's a diary in this example) -- it can contain useful or useless information, but ultimately it is a very private thing. It has the power to incriminate someone beyond the investigation at hand. Law enforcement's desire to decrypt first, ask questions later really is equivalent to violating a person's privacy and fifth amendment protections to abstain from revealing information that could potentially incriminate themselves.
C. Griffin
"Can I keep his head for a souvenir?" --Max from Sam 'N Max Freelance Police
Let's look at the request being made of Apple from a 10,000 foot view. In today's day and age, evidence can be planted and manipulated rather easily in a digital device. In my opinion, if investigators are leveraging these devices to influence convictions in the absence of real evidence, they are doing the individual an injustice. This, to me, is shoddy detective work at best, and at worst just plain laziness.
So for whatever reason, Apple - a global company being pressured by a hundred different legal requests around the world is pushing back.
Asserting themselves as an global organization.
And saying "Do real police work and investigate the individual. This doesn't mean investigating and manipulating the companies they chose to do business with."
Why are the cultures and rules built into a company such as Apple being ripped apart and the company victimized to satisfy the demands of lazy detectives?
Clearly you did not read the article. The two sentences have different contexts.
I've worked in a few corporate environments where they were extremely paranoid about e-discovery (back when this was a new thing.) Almost always, the answer was to set the retention policy to 30 days, as in, no email backups older than 30 days, no (sanctioned) way to archive email, and everything older than 30 days was purged from mailboxes. This allowed the company to say with a straight face, "I'd love to give you the messages relevant to such-and-such business deal gone bad 5 years ago, but I simply cannot."
It sounds a lot like what Apple's doing -- they purposely built the encryption system with no way to bypass it so they can push it right back on the police and courts -- "Sorry, can't help you!" That gets them tons of great customer PR, as opposed to Google/Android, so it makes sense.
But then the lawyer goes on to image a hypothetical customer asking:.......How is it complying if it's supposed to be impossible to do so?
You are implying that the lawyers are making an illogical argument (of course, lawyers are always perfectly logical, right? um.....)
Imagine if the court case escalated and went to the supreme court, where the supreme court decided, "you must change your software to make this possible." That is the scenario the lawyers are trying to avoid.
The trick to understanding legal arguments is to remember they happen in context of the law, and are only vaguely related to reality.
"First they came for the slanderers and i said nothing."
Mechanics of "why not" here: http://blog.cryptographyengine...
Math of "why not" good introduction here: http://www.eetimes.com/documen...
Even if it is possible, there is the question of cost effectiveness. If it takes millions of CPU-hours to crack -- or, worse, days or weeks of some expert's time to take the cap off a chip, peer with an electron microscope, and poke with an electron beam -- then the nation-state will probably limit attacks to cases where they have exceptionally high expectations of return.
Or the police will break out the $5 wrenches and rubber hoses, which runs into its own set of problems.
So much this. I don't know much about how iPhones work, but how complex is the average person's password? Surely they must use a key derivation function during authentication. I doubt it has something even as sophisticated as a chip that holds the private key or a symmetric key and only performs encryption operations without sharing that key.
Back when I used to hang out with the local uni computer club, we used to crack passwords for fun using John the Ripper on a cluster of various old hard like 386s and 486s. I started watching Mr. Robot recently and had a laugh at the sad but true nature of passwords people pick.
This is simply law enforcement being unnecessarily intrusive into everybody's lives. Power-tripping authoritarian assholes. If they had an iPhone that had data of life or death importance, I refuse to believe that the sucker wouldn't be decrypted in under 24 hours.
As an official from the Department of Homeland Security had previously testified, law enforcement had a device to easily run through every possible passcode to unlock an iPhone. But Feng’s phone was configured to erase all its data if someone unsuccessfully tried 10 times in a row to unlock it.
I think I see the problem. Law enforcement views iPhones as magical palantirs powered by waldos and doesn't know how to back up the raw contents of the filesystem before running a distributed brute force. Incompetence.
And the public is so fucking ignorant we're debating whether government should have a back door into magical palantirs powered by waldos instead of debating why cops and elected officials are so fucking stupid when it comes to technology and what we need to do to send them all to the unemployment line.
There may be some actual technical brilliance here on Apple's part like the crypto chip I mentioned above. Even then it should be possible to hook that chip up to some other device and feed it the ciphertext along with a decode command. But we'll never know for sure because computers are sufficiently advanced technology and therefore indistinguishable from magic.
(Also interesting trying to separate out the Apple reality distortion field from the normal reality distortion that makes computers magical palantirs powered by waldos.)
Captcha: tyranny
I think the statement reads oddly out of context because the case is about an iOS7 phone, where it's not 'impossible' (only burdensome) yet warning them that it will be impossible in the future. They're afraid that un-encrypting it now, just because it's not 'impossible' will mean that in the future they might be forced (by law) to make it possible, so they're arguing that they shouldn't have to do it, even now that it's only 'burdensome'.
Seriously folks. Is there a way to encrypt my non-rooted phone that does not rely on anything the manufacturer provided and won't kill performance? If we can't trust the manufacturer to leave out backdoors, what's the alternative?
Because it is still possible in some cases.
Until everyone is running iOS 9, there will still be perfectly good, though crufty, iPhones out there running unencrypted. If the cops bring Apple one of those, then encryption is not a technical barrier to retrieving data from the device.
If I've got a working phone that I spent $$$ on and Apple wants $$$$$ for the latest incarnation, as long as my old phone does everything I need, there's no incentive to lay out a ton of cash. As long as that's the case, crufty, old, unencrypted phones will be used and, if the cops confiscate one, Apple could technically get at the data for them.
One of the reasons Apple can do this is that its dependency on government contracts is very, very low. Cell carriers are pretty dependent on the Feds and have a lot of revenue/relationships at risk.
That's not saying what Apple is doing isn't great, it's that it's easier for Apple to do that because the cost of doing it is relatively low.
some contempt of court / accessory changes will change there tune or maybe some GITMO time.
They are talking about encryption. It is impossible in the sense that it would take too damn long to crack.
Court: "I order you to crack the encryption!"
Apple: "Understood."
~Week later~
Court: "Why don't we have the information yet?"
Apple: "We are only through 0.026% of possible keys."
Court: "How long is this going to take?"
Apple: "We have a 50% chance to find it within 15 years. Could take up to 30 testing all possibles."
Court: "Can't you speed up the process?"
Apple: "We can speed it up by a few years, but the chance of finding it within a reasonable time is mathematically prohibitive with current technology and would put unreasonable burden on our finances."
There is just too much magical thinking.
Apple has built a device and market that gathers money in large ...... all must be secure enough.
and small chunks from millions heck billions of people to the
tune of billions.
Cash into iTunes must be secure enough.
Cash to pay for that phone swiped coffee in the morning must be secure enough.
Connection to HealthCare.Gov must be secure enough.
Connections to Amazon commerce must be secure enough.
These collectively mandate a secure design foundation.
If Apple installed a side door to security in all their products as per these
requests and dreams and that side door was to be hacked the liability to Apple
could make the airbag recall and regulatory fines seem small.
Heck Kafka just called to remind me that a class action involving
all 700 million iPhones would need a secure payment system
to disburse the judgement. iPads, MacBooks.... too. iTunes
runs on WindowZ... so iTunes must have its own methods and policy
because Windows is so fragile.
The law enforcement goobers that want access via a side door simply
to make their job easier today FAIL to understand that if the keys to
the side door were to be stolen they could not keep up with the
flood of crime that theft enables. CSI is fiction but some magical
thinking wonks accept it as fact.
Wonks like this forget that great fiction works because suspension of disbelief
or willing suspension of disbelief happens and allows the author to explore
a fictitious story line.
Watch a TV show then watch the credits. The fantasy is that a couple .....
of guys like Jamie and Adam can just do what they want to entertain us.
Finance, sponsors, writers, production, a support team that scrolls on the
screen in tiny print permits from fire departments, ATF and more.
Product placement
Extra points for Cognitive estrangement ....
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
It's long, but that transcript is really worth a read. First the judge thoughtfully skewers every argument the government presents, and tries to get to the fundamental principles involved. Then he thoughtfully skewers every argument Apple presents and tries to get them to throw away all of the marketing nonsense and just say what they think the actual issues are. Then he takes it all into consideration and says he'll go try to find the proper balance in his ruling.
No matter how that case comes out, that's one judge who is doing his job.
The only way you can trust your phone is if there are no security flaws in the code, the software has been security audited by someone with the source code and tools to do the job properly, the hardware has been security audited by someone with the full hardware design and the tools to verify it, and you trust both people not to lie to you.
Agreed, but that is a delicate argument, since if a person is already a suspect, then a diary is fair game in a search warrant. However, if someone says "papers please..." and then thumbs through your diary, the search is illegal because they had no cause to search. It's important to point out the difference for those who see it more like a web-blog than a diary.
Which has more power: the hammer, or the anvil?
No, you're going to have to root the phone, unlock the bootloader, and install a custom ROM if you want to do that. And there will be a performance impact, just not as much as you think.
Different rulings from different courts in the US. Let's just say the answer is not clear at this point. See https://en.wikipedia.org/wiki/...
By publishing deliberately malicious software on the App store to circumvent their own device security in select cases. Because the data is encrypted in storage doesn't mean it's encrypted while in RAM. This something which has been attempted before, although I doubt Apple themselves were responsible in that case.
Except for any pictures you've taken, everything on your phone has come from the internet (tracked by ISP and web servers) or is tracked by the phone company (tower pings for location data). All of it can already be uncovered. Why bother encrypting?
It became Apple's job when they took a public stance of advertising that they protect criminals from discovery.
VoIP over wireless. Which essentially is what VoLTE is. So the choice is to either provide customers with the privacy they need, or watch your billion dollar investment in packet voice go up in smoke because everyone is using an open source alternative.
Correct, you do not know much about how iPhones work but it didn't seem to stop you from speculating.
If you want to learn how the encryption works, see this explanation.
Yes, it does use dedicated cryptography hardware. Yes, the key is protected from the rest of the OS.
Good plan. Send Apple to Gitmo. Your 401k will thank you.
What's the US gonna do, tell them to pack up all their factories and go to China? :-)
You're dealing with lawyers. Given enough time and argument, in their world this, is possible:
0 = 1
The encryption question applies equally to the diary and the phone, the level of technology is irrelevant. There is no way to Constitutionally mandate that diaries must use no, or easily broken, encryption. Furthermore, decrypting a diary is a testimonial act. The form and intelligibility of an individual's speech is not subject to governmental requirements. From what cesspool of idiocy emerges the idea that all personal data be readable by any government?
You are a special kind of moron to claim "Except for any pictures you've taken, everything on your phone has come from the internet ...".
A smart phone is capable of storing any files that could be saved and many people used them for general storage of files that have never been on a public network of any kind. That often includes confidential business documents or personal documents.
Because all versions of software are not the same.
Previous to iOS 8 and iPhone 5, the crypto key was escrowed, thus Apple had access. With iOS 8 and iPhone 5, the key is stored within a crypto chip in the device itself, and never is exposed to anything.
How is it complying if it's supposed to be impossible to do so?
The short answer to your question is that the phone in this court case is an iPhone 5s that's still running iOS 7, and thus it predates the safeguards in iOS 8 and 9 that prevent Apple from decrypting it. The lawyer is arguing that even though Apple is technologically capable of decrypting it, law enforcement cannot compel Apple's assistance, since doing so would put an onerous burden on Apple by forcing them to undermine their own business.
To go into a bit more detail, Apple markets itself as being incapable of decrypting their own devices. Which is true...for everything sold in the last two years. But that's a distinction that is lost on most customers, so the lawyer is arguing that if Apple is compelled to assist law enforcement in this case, it would cause direct harm to its business by resulting in exactly the sort of confusion you're having. After all, how would a typical customer reconcile the conflicting information? If Apple is seen decrypting this guy's iPhone while advertising that it's outright incapable of doing so, customers won't buy their products because customers won't believe what's being advertised.
The long and short of it is that Apple is telling law enforcement that if they want the phone decrypted they should do it themselves, since Apple is under no obligation to assist, nor can it be compelled to assist, any more than, say, a bottled water company could be compelled by law enforcement to tarnish their own product by putting a pollutant in the water.
What you call a flaw, the government would call a feature.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
What is so hard to understand about the legal term "substantial burden". Companies build consumer products for consumer, not government designs. Jumping into the way back machine, to remember the Soviet Unions Apple II design by government mandate. Yeh, that worked Greeeeaaaaaaaaaat! "Substantial Burden" happens at the very instant that government design spec begins.
... magical palantirs powered by waldos.
I never even found one waldo... how the heck do you get a set of them?
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
The trick is to RTFA. Those two sentences are from different contexts but the summary shoved them together. One is talking about the latest iOS, the other is talking about older versions that aren't end-to-end encrypted.
Yeah, excited cop.
Thanks to well placed news like this users, people, city and state law enforcement will still have faith in US brands.
... " ..."SMS data", "pictures", calendar ... "into one report"
A flood of sock puppets to contain the topics surrounding the ability of a US company to look after its brand more than follow the color of US telco laws.
Keep using that cell phone, sending images with gps, carrying a live mic with a battery thats built in.
All the brand can secure is the transit from a user level in the phone to another user.
All other hardware and software functions are open to federal law enforcement, mil as sold in the US or UK.
The security services now like voice prints as been one of the few low cost ways to get total coverage of a city to look of people they have on file.
No telco or company is going to get to lock out data recovery or a malware push down or a national hunt for voice prints due to its branding.
"Superspy in the sky could soon be patrolling over British cities to search for hidden terror cells" (26 April 2010 )
http://www.dailymail.co.uk/new...
"The aircraft are able to identify suspects using 'voice-prints'
Leaked catalogue details US surveillance hardware ( 18 December 15 ) has more on the dirt boxes.. and other devices
http://www.wired.co.uk/news/ar...
"sound files"
Would any US brand be able to block collect it all?
Domestic spying is now "Benign Information Gathering"
"The last company that makes lethal injection drugs, decides to stop doing it. In fact Justice Alito referred to this in recent cases - guerrilla warfare by these companies. Right. So the last company that has been providing drugs for execution, says to the Government, we are no longer going to help you out when it is time to execute somebody in Terre Haute. Can -- are they thwarting a lawful death sentence by doing that, and can they therefore be compelled under the All Writs Act to re-import something that is held abroad or release something from existing stock or actually manufacture the drug anew?"
hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don’t have a clear lawful basis in doing so?”
Is this some sort of Red herring argument? If those requests are not lawful, perhaps there should be a "police law" defining lawful requests, as it is in here in the evil, socialist Europe. Or should Apple just go into business of accessing your data and solve the whole dilemma at once?
You can't, they are encrypted too.
Website Just Down For Me? Find out
Someone from Apple can jump in and correct me, but as I understand thing, Apple's iPhone iOS security features are as follows:
0) Apple has turned on device encryption for iPhones, iPads and iPod running iOS 9, by default.
1) Apple iPhones, iPads and iPods running iOS 9 have a six digit unlock master code, recently updated from a four digit code. The six digit unlock code largely prevents brute force attacks because there are way to many finger smudge patterns to figure out. Four digits of smudge patterns could be logically determined evidently.
2) iMessage which handle text messaging and FaceTime, encrypts "End to End". The "End to End" encryption generates an public private key pair where the private key never leaves the senders phone and which can't be determined by Apple engineers even if Apple has thousands of years and unlimited CPU cycles. "End to End" scares lawenforcement at the very highest and lowest levels. iMessage appears to be U breakable, to such a degree that Apple's lawyers feel perfectly comfortable walking into any court anywhere in the world and telling the judges, sorry, can't help you. Stunning is all I can say.
3) Apple CEO has made Apple's unbreakable iOS encryption top priority and he's not backing down. Google and others are doing the same. Apple's powerful position is backed by the "substantial burden" legal rule. Companies can not be forced into changing something that would be a "substantial burden" to change.
Maybe, just maybe, because that backdoor provides a vulnerability that can be hacked. One less complication in the system means at least one less vulnerability to be exploited.
Maybe Apple will now figure out how to have the newer iOS installed and running on the older hardware, assuming that the older hardware has the necessary encryption support.
More specifically politicians but most often that is just a longer spelling of lawyer.
The same cesspool that claims that people have only the rights granted to them by their government. Yeah, many here on slashdot subscribe to that theory.
The last thing that Apple wants is another incident that inconveniences people of more-than-modest means.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
Is everyone not seeing the sarcasm, or am I mis-imputing it?
To me the parent post was clearly sarcasm, but the moderators and every other respondent seems not to have read it that way.
I think we've pushed this "anyone can grow up to be president" thing too far.
I don't know much about how iPhones work, but how complex is the average person's password?
I hear you, brother.
It is complying with the orders when they _try_ to do it (which has no result as it is impossible). What they want to do is to be able to reject the orders outright, and that is the only sane thing to do.
Of course "sane" is not something most in the legal profession can do, as they are all living in their own little fantasy world where they are kings and define what reality is.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It's AES 256. Try "we have a 50% chance to find it sometime before the heat-death of the universe".
Apple has addressed this as part of the way the iOS encryption system works. The encryption system creates it's own temporary encryption key each boot that it uses to encrypt everything it stores in RAM.
Apple should be allowed to charge a large sum, say a few thousand dollars for unlocking each phone. That would deter most of the casual requests and provide financial incentive to companies to aid in law enforcement.
2) iMessage which handle text messaging and FaceTime, encrypts "End to End". The "End to End" encryption generates an public private key pair where the private key never leaves the senders phone and which can't be determined by Apple engineers even if Apple has thousands of years and unlimited CPU cycles. "End to End" scares lawenforcement at the very highest and lowest levels. iMessage appears to be U breakable, to such a degree that Apple's lawyers feel perfectly comfortable walking into any court anywhere in the world and telling the judges, sorry, can't help you. Stunning is all I can say.
You're envisaging RSA when you say "public private key pair". Given what we know, it's probably Diffie Hellman, which is a public key establishment protocol that establishes a shared symmetric secret key. There is no key pair.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
of your slippery slope. "if the government ever gets a warrant to search your house" does not, and should not, imply that you need to hand them keys when you purchase your house just in case.
Here is an idea for you. See that homeless guy on the street? Hand him your wallet, car keys, and everything else in your pocket. He "might" rob you and hurt you in the process. Can't take any chances right?
Or the police will break out the $5 wrenches and rubber hoses
More like cold temperatures, solitary confinement and sleep deprivation. The Israelis are said to be masters of these techniques. If they can break hardened militants this way, how much more easily would they break you or I?
So thats exactly what A7 and later devices (pretty much the ones with TouchID) do have: "Secure Enclave" is a separate processor running _may_ be a provably secure kernel, and may be anti-tamper (other implementations are, its just not clear if Apple's is or is not) that acts as a hardware keystone and oracle for application processor running iOS.
Have a look at their Security Guide. They've had a really decent go at making things very robust against attack, with their more recent features. (i.e. probably nation state resources and a clean room).
And the public is so fucking ignorant we're debating whether government should have a back door into magical palantirs powered by waldos instead of debating why cops and elected officials are so fucking stupid when it comes to technology and what we need to do to send them all to the unemployment line.
But we'll never know for sure because computers are sufficiently advanced technology and therefore indistinguishable from magic.
You have no idea what you're talking about. It's akin to someone seeing a knife in person once or twice and then saying: "Brain surgery isn't so hard. It's just that people are too stupid to do it! I doubt they even thought to try sharper scalpels!". Except you know, there are plenty of neurosurgeons and only a few people at any given time clever enough to create or find an exploit to an effective encryption scheme.
Back when I used to hang out with the local uni computer club, we used to crack passwords for fun using John the Ripper on a cluster of various old hard like 386s and 486s.
Using a program created by someone smart (based on math discovered by even smarter people) doesn't make you smart, anymore than driving a car means you could create one from scratch or reverse engineer one given to you.
Yeah, if Mossad isnt letterbombing old men, they're kidnapping and torturing people.
http://i.cubeupload.com/T6cyLu.png
Or the police will break out the $5 wrenches and rubber hoses, which runs into its own set of problems.
They should have a Obligatory xkcd upmod...
A smart phone is capable of storing any files that could be saved and many people used them for general storage of files that have never been on a public network of any kind. That often includes confidential business documents or personal documents.
True, but that's often done through an app. And those apps are either pre-installed or downloaded off the net. You haven't audited those and mobile apps have a history of sending data home, so much so that desktop applications are starting to mimic them.
That said, I don't use a smart phone so maybe I am taking out my ass.