Slashdot Mirror
Why Are Apple's Competitors Staying Silent On the iPhone Unlocking Fight?
erier2003 writes: A court order forcing Apple to help the FBI access a terrorism suspect's iPhone has drawn responses from leading tech companies, newspaper editorial boards, and security experts. But one major faction is staying largely silent: the computer and smartphone manufacturers who compete with Apple for business and could be subject to similar orders in the future if the company loses its high-profile case. Silicon Valley software firms have universally backed Apple in its fight against the Justice Department, which won a ruling Tuesday from a California magistrate judge compelling Apple to design custom software to bypass security features on an iPhone used by one of the San Bernardino shooters. But Apple's hardware competitors are staying on the sidelines.
Finally we have a debate on whether or whether not the state should have access to people's personal data. This is what snowden wanted, his goal is reached.
asked phone manufacturers LG, Samsung, and Sony and computer manufacturers Acer, Asus, Dell, HP, and Lenovo (which also owns phone manufacturer Motorola) whether they agreed with the government or Apple in the unfolding legal battle.
None of them also make the OS, they're just the hardware guys. The FBI is asking for a software backdoor.
Google (those guys behind Android) has stood by Apple
What good would it do them? Since Google has taken point on designing, evangelizing, and (recently) mandating strong, backdoor-less crypto -- actions they, along with most of the technologentsia, are firmly in favor of -- they can ride the wave of inevitability, rather than stick their neck out with broad anti-government pronouncements. Sometimes the best PR is no PR.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
If Apple wins, everyone of them win. If Apple loses, and they could, they lose alone.
Listen to the proffered positions of the pretenders to the Presidential nomination. To many non-tech people, Apple's stance is bordering on treason.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Newsweek: Google and Microsoft Back Apple on Encryption Battle With FBI
Because they don't make iPhones, you dumb fuck.
WHOOSH!
Hurr durr. All speculative nonsense. But yea it helps an Apple-hating narrative so Slashdotters will eat it up.
Answer: NSL
case closed.
Yes, that's what the summary said. It's the hardware makers that are quiet.
I just have a question: Is it possible to download and install some software that will do exactly what Apple has done with their [iPhone] devices?
If so, let Apple do as they please then quietly advertise the availability of this software.
There is a backdoor if the device is capable of installing new firmware without unlocking (or destroying the encryption keys) first.
I strongly disagree. As someone who's usually all for eating Apple-hating narrative, this particular one wasn't baked long enough; and I suspect that the ingredients had gone off, judging by all the fish-scented weaksauce used to mask the flavour.
They don't want to get accused that they're "just copying Apple".... again.
AC comments get piped to
Well Microsoft does make phone hardware...but...lol.
...but it's the second mouse that gets the cheese.
They are watching Apple to see if they get hammered by the DOJ or win business due to not selling out their customer's privacy.
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
What's the situtaion with other phones? Hardware manufacturers don't handle Android backups, Google does. And Google seems to encrypt them. And in general, it doesn't seem to be possible to push phone software updates to Android phones without rebooting them, at which point a full pass code is required (of course, if you pick a weak one, that's your problem). In addition, any weakness would be specific to one manufacturer, not to all phones.
I think Apple's biggest problem is that they are a single, juicy target: compromise iOS and you have compromised half the phone and tablet users in the country. So, even if other manufacturers have similar weaknesses, they all require separate efforts to subvert, making life a lot tougher for people trying to invade our privacy.
I second the WHOOSH. Not to say the Feds are smarter right?
My prognostication:
Feds said: Open the device :)
Apple said: We cant do that. I.E even if we could why the hell would we do it for you? BTW you're the damn Feds with all these cool tools right?
Feds said: Errr yeah errr no errrr. You do it
Apple said: Erm no stop trying to privatize surveillance with us you fucksticks now cram it.
They'll will ask again dance around it and forget the discussion happened. Rest assured they already have the data. This is a media spectacle is all about "break the law now based on Legal precedent we'll set in the future" type situation. These guys are just prepping us for the onslaught ...
Getting the new password won't allow them to use the known iCloud backup work around for the encryption. The iPhone has the old iCloud password stored in its keychain. The current iCloud password, even if revealed to the FBI is different. The iCloud encryption work around is due to the iPhone doing an automatic backup sync to the iCloud account. This will not work if the iPhone's stored password doesn't match the current iCloud password. With out being able to unlock the phone, they can't change the iCloud password on it to match the current actual iCloud password. Its also not feasible to change the current iCloud password back to what is stored on the iPhone, as I'm sure the password reset didn't expose the old password.
So go ahead, get the new password from the IT individual who changed it, he would probably give it up with out a warrant, it won't help the FBI get into the phone.
in anima Apparatus
If you bothered to read any of the news articles, Apple currently doesn't have that capability. What the FBI is asking for is to update iOS on the phone with a custom version that removes the time delay between unsuccessful passcode attempts, the 10-try limit before wiping the phone, and a way to enter passcodes via the lightning connector rather than the keypad --- all of this so the FBI can brute-force unlock the phone.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Just a theory but there are some 4000 Android devices from 400 different manufacturers using who knows what version of Android that may or may not be in the original form since it's open source.
They already know how it's going to turn out, because it is all just theatre, Apple will comply again because they already have complied in the past.
Apple just want their consumers to keep believing in the myth of Apple.
"If any question why we died, Tell them because our fathers lied."
Apple knows this, Apple is putting on a big show for their customers "we care about your privacy", they picked this battle to lose, in effect losing allows them to maintain "face" with their customers and comply with the FED's request.
This was planned, this is theatre, and you really shouldn't be buying Apple products.
"If any question why we died, Tell them because our fathers lied."
One of the big reasons to spend $600 on an iphone instead of $100 on an Android is privacy and security. I need a smartphone about $100 worth, but I was just about to bite the bullet and get an iphone because of the phone's built-in encryption and Apple's pro-privacy policy. Now I'm going to wait and see. A backdoor into iphone makes me less likely to fork over the extra money, to the good of Apple's competitors.
They haven't been given a 'lawful order' they've been given a 'strongly worded request'. There is precedent for what Apple is being asked to do and the precedent is they can say 'fuck off'.
They're not being asked to present data they have access to, they're being told to provide a mechanism to extract data. Picture a tech company that specializes in image manipulation and they make cameras. One of their cameras has a security still of a suspect. The government can ask that they turn over the still, they can not compel the company to write new software to manipulate that still.
The govermnent has the phone, in fact there's evidence they borked things up by attempting to change the password. They want the data on it they can knock themselves out. If they succeed in extracting the data then phone manufacturers need to step up their security. If they fail then things are working as intended.
Unless you're a recluse old spinster portrayed by Kathy Bates, how can you force anyone, let alone a corporation, to write something. Will they also maim the guy if the produced work is not up to the expected?
I could understand forcing spec & design disclosure, but *write* something ?
So basically, if Apple can do it at all, then the backdoor already exists, and is already awaiting exploitation.
File under 'M' for 'Manic ranting'
Now, now lets not have any name calling...he's just stating common sense. The other mfrs take the base Android stack and modify it (extensively at a low level) to work with their hardware and make the ROM image and with that (or the hardware itself) you can insert any backdoor you want.
An example we know about is our friend Lenovo using the PC ROM they modified to install their phone home spyware onto your PC after you do a clean install - it was Windows but something similar or worse could be done in Android if the mfrs felt they should (by govt suggestion perhaps):
http://arstechnica.com/informa...
Most of the other smartphone mfrs are keeping quiet because they are friendly with their Governments - Samsung (I have a Galaxy S5) for example is very close to the South Korean Govt (who is a good partner with the USA and in particular its military and intelligence apparatus). Microsoft is very friendly with the U.S. government and a "partner" with the NSA and they certainly won't protest this either. Cause they would line up with their govts not their customers.
It's important to look at the big picture, from a business standpoint it makes sense to work with your govt and their desire to spy on their citizens as they control your market access. Frankly its odd that Apple is doing this from a purely business perspective, from a moral perspective it makes sense - but most companies don't care about moral issues and will faithfully line up with their govts surveilance apparatus when the call comes no matter the consequences for their cutsomers / citizenry. Remember all those German companies that closed up shop and moved out of country in the 30's after the Nazi's were elected? Yeah, most just shrugged and fell in line. That is exactly what is happening (and what would be expected to happen) in this fight over privacy - if the govts want to surveil the population of the planet (which they do), most smartphone companies will ask how they can help.
Hire some ex-Apple employees to hack this phone. It's a job, and the government has every right to crack THAT phone. But Apple shouldn't be the only people in the world who can do it, and shouldn't be forced to. Surely if he government pays someone enough money, they can do whatever Apple would do half-heartedly
Gently reply
If you bothered to read any of the news articles, Apple currently doesn't have that capability.
Too good to be true, I believe is the phrase....
“He’s not deformed, he’s just drunk!”
Let's look at a few good reasons to stay silent if you're an Apple competitor.
1. Apple's competitors are based in South Korea and China. They're going to have a much harder time arguing privacy with the US government.
2. Apple has lots of money and excellent legal counsel. They'll put up a better fight than their competitors possibly could.
3. Staying silent won't piss off any American lobby groups, and it probably won't piss off the American general public.
4. This could be a PR nightmare if someone mis-words something. You don't want to accidentally paint yourself as pro-terrorist.
5. There's no obvious win here. If the corporations win and privacy remains paramount, eventually someone is going to do something awful that involves encrypted communication. At that point, the corporations look bad. If the government wins, things could devolve into 1984 if the wrong people ascend to power.
Is WinZip responsible for cracking passwords that their customers' set on their zip files? No! That's their product and that's what their product does. It's a security and privacy product so naturally the company doesn't "hold the keys" or put in a backdoor. All cellphone makers should leave encryption in the hands of the customer and tell the FBI to fuck off.
What happens if Apple tries to cooperate, attempts to write a version of iOS that will do what the FBI wants, and the result does not work? What if it takes a long time to write? Who compensates Apple for the programmers' time while that tool is being developed, tested, and debugged? What if the code they make accidentally has bugs that cause data loss on the device that simply were not exposed during QA testing?
File under 'M' for 'Manic ranting'
Apple's reputation is riding on their premium hardware and services, for which they charge premium prices. Their competitors are cheaper, and don't have the same quandary of keeping customers based on being better.
Y'all must of missed this one from 3 days ago:
http://www.usatoday.com/story/...
Maybe the rest of them can see that they, and Apple, have all done a lot more for China and they, unlike Apple, don't want to draw too much attention to it only to look like hypocritical oafs that would rather do China's bidding so that political dissidents can be silenced, than to do something where it almost (but not quite) would make sense to do something like this in a free society. Fark Apple, trying to pretend they have a moral high-ground here. Maybe we should just ask China for help hacking the phone, since Apple gave them the source code, back doors, and manufacturing of the device...
Only if that capability has the capability to decrypt the data. A back door is something that bypasses the cryptographic requirements of encrypted data. None such method exists, even if you are capable of loading custom firmware.
Either the encryption is done properly and Apple is not able to decrypt it regardless of any court decision, or it is sham encryption, Apple is able to decrypt it (by say hacking the TPM containing the key) Apple knows it and it avoids the court decision as acknowledging ability do decrypt it would mean confessing to deceiving users about security of Iphones.
That is the reason why competitors are silent - either the court decision is irrelevant, or Apple is cheater.
Ignoring the fact that this is a criminal investigation, Dead people have very little in the way of "rights"
Then they won't mind using the dead guy's finger to unlock the phone without a passcode.
So basically, if Apple can do it at all, then the backdoor already exists, and is already awaiting exploitation.
Absolutely not. To exploit this, you'd first have to write working iPhone firmware. You know, firmware that can boot the iPhone and make it run. Obviously firmware with the passcode security removed. That's difficult. Even say the Samsung engineers that built the firmware for the Samsung phones would have a huge problem doing that, because they can talk to the Samsung hardware engineers but not to Apple's hardware engineers.
Then comes the minor problem that this firmware must be codesigned with Apple's must secretly kept key. How do you get access to that? Let's take again Samsung's firmware engineers, because they are likely among the people in the world most capable of doing this. At this point, they would be stuck. They have no chance to build any firmware that an iPhone would even consider loading, because they lack Apple's firmware signing key.
Now if Apple _builds_ and _signs_ that firmware, then you do have an exploit that just has to find its way in the open.
Why aren't big USERS like banks not freaking out?
Authentication and tamper-proofing are built on encryption, too. Privacy is indisputably very important, but much of the modern world couldn't even exist without trustworthy authentication and communication. Those are built on the same technology (including encryption) as privacy.
For example, when bank computers are talking (between banks, or even just internally), they need to be 100.0000% certain who they're talking to and that the message received is the same as the one that was sent. It's flat-out impossible to do that on a large scale without encryption. Otherwise, they'd end up talking to impostors, or some "man in the middle" could just add a few extra zeros to that bank transfer. The same goes for control centers talking to hydroelectric dams, nuclear reactors, traffic lights, etc.
If we establish precedents that could lead to more encryption backdoors, those will get out sooner or later, as surely as the air in your car's tires eventually escapes. Then you can watch the carnage when traffic lights show green on all sides, floods when dams open all their floodgates simultaneously, and the pandemonium when banks have to turn off credit card readers and ATMs. I'm not ready to go back to standing in line at the bank for cash, or wait for sales clerks to phone in every credit card transaction for authorization.
Really, a "security" organization like the FBI want to roll the dice on this? Newsflash: there are highly-motivated, well-financed bad people out there who will exploit any security weaknesses for financial and political reasons, or just for the hell of it. And they'll spy, bribe, blackmail, extort, kidnap, torture, and threaten families to get those backdoors if they're there to be had.
You mean like all the pedophile engineers at Belgian telecom, or the terrorist copyright-infringer Angela Merkel, or the gangbangers at Anmesty International? They have to be criminals if they're hiding something, right?
In three weeks. Bet Tim Cook got a good chuckle from that.
sigs are for losers (except to point out that sigs are for losers)
That's the same point I've been making for a while now. If you can weaken encryption, then you can often use the same tools to weaken HMAC. That bit is why you can sleep comfortably at night without having to worry about your internet-connected appliances trying to murder you in your sleep; firmware increasingly is digitally signed to prevent forgery. Give one government the ability to turn on the microphone on any smart TV and you give it to all governments who have access to a legal process to compel it. USG couldn't kill the market any quicker if they tried.
Well, I would imagine that Samsung already scrapes all the data they can from their Galaxy phones running their customized versions of Android. You know the Chinese manufacturers already include the government mandated backdoor. So their silence on the matter is no major surprise. It is hard to tell someone you can't give them a cookie when they can see your hand in the cookie jar.
Google's recent statement is nice to see and a bit surprising as we all know they capture every single byte of your data for analysis in order to server you tastier adverts. On the other hand they'll never be asked to unlock a secure phone as they wouldn't need to actually unlock it...
"someone is going to do something awful that involves encrypted communication. At that point, the corporations look bad." What? People do awful things with encrypted communication centuries. Tell me one event that would make general society and the media say "well, ok, the government can listen to all our communications from now on". It can never be justified. Frankly, setting up strong, practically uncrackable communication channels is too easy (and free) to not be the default.
the Error 53 thing has been disabled, and now, as long as you have an electronic copy of someone's fingerprint, you can pretty much unlock their device.
Sorry to burst your bubble, but:
If Touch ID on your device didn't work before you saw error 53, the feature still won't work after you update or restore your device. Contact Apple Support to ask about service options for Touch ID.
https://support.apple.com/en-us/HT205628
Also see virtually every other site that reported the error 53 fix.
TL:DNR: Disabling Touch ID when an unauthorised repair is made was intentional and hasn't changed. Bricking the entire phone so you couldn't even unlock it with your passcode was a bug, which is what has been fixed.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
It's encrypted, but with a very short key length: It's a four-digit pin, only 10,000 possible keys. The security is dependant upon trusting the hardware and firmware to do the auto-wipe after too many failures.
And, since this is an American legal matter, this is not any part of their business.
And, since China mainly wants the same thing as the U.S. government, they are against apple on this.
Voicing that could produce a backlash by some consumers, so they are better off keeping quiet on the subject.
Maurice W. Hilarius Voice: (778) 347-9907
If you bothered to read any of the news articles, Apple currently doesn't have that capability. What the FBI is asking for is to update iOS on the phone with a custom version that removes the time delay between unsuccessful passcode attempts, the 10-try limit before wiping the phone, and a way to enter passcodes via the lightning connector rather than the keypad --- all of this so the FBI can brute-force unlock the phone.
What are you talking about..?
I said:
The fact that Apple even (seemingly) has the capability to assist in the decryption of the phone is appalling. Bad security.
And you say:
Apple currently doesn't have that capability. What the FBI is asking for is to update iOS on the phone with a custom version that removes the time delay between unsuccessful passcode attempts
And that's exactly what i described in my comment. If Apple has the capability to assist in the decryption of the phone. It doesn't mean it would need to be possible with an existing solution, it's enough if there is and/or has always been a known way to do it.
It's bad security when security measures can be bypassed one way or another. The ability to bypass the 10 try limit with the help of Apple effectively renders the encryption of all existing iPhones completely useless. 99.99% of the iPhones out there could be decrypted at will by anyone in the position to mandate Apple to provide assistance in doing it.
One thing is for sure now: Apple's credibility as a secure product has crumbled to dust. If it's not the encryption that's holding the government out of users' data but rather the rulings of rubber stamp courts, that's no secure product.
-SR
Apple is being compelled to create speech in violation of the first amendment. It's not an issue of if they can do it. Unlike previous cases such as the Elayne Photography case when a photographer asserted first amendment rights against photographing a wedding where the couple was gay, the photographer hung out her shingle as a business for photographing weddings. Gays are protected in the state where this happened.
In this case, Apple is in the business of selling iphones, not selling custom firmware for iphones. They can't restrict sale from gays, for example, but forcing them to create custom firmware for random customers is not their business. Not to mention, the FBI isn't exactly a protected class, nor is apple refusing based on the fact they're FBI. They're refusing because they won't do it for anyone.
There were other cases where a 1st amendment defense wouldn't work, such as lavabit where they were handed a piece of equipment and ordered to install it.
Why aren't, for something as important as the loss of 14 innocent people, the people / person responsible for resetting
the password criminally charged?
The people responsible are FBI agents (they did not reset the password, but they requested it to be done). In a police-state, members of the police are never charged with anything, unless it can absolutely not be avoided, e.g. if a policeman murders somebody in cold blood and unfortunately a citizen filmed that and has already posted it online and it has been seen by a lot of people. Other than that, forget about police ever being charged with anything in the US.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It also has a CEO that knows if things get too bad he will be one of those that go to the concentration camps for "sexual deviancy". It always helps if a threat is not only abstract. And yes, Apple does have a soul. Even a dark-gray one is far better than what most corporations and all governments have these days.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Alternatively, they think they have a pretty good chance of showing that this order is not "lawful" at all. We call that a police-state where the police believes not to be bound by laws anymore.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Except it would be assisting ONLY with suppressing the anti-brute-force measures and NOT with the actual decryption as you stated. If the phone is protected by an alphanumeric passphrase instead of an ordinary PIN, it would still take the FBI a while to brute-force it.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
This is the difference between a 'backdoor' and a 'vulnerability'. The system clearly has a vulnerability, which is a bit bad, but then most systems have many vulnerabilities. This becomes a backdoor if Apple deliberately put it there in a way so that they could get in easily. This doesn't seem to be the case.
Apple doesn't claim to protect the rebellion from the government, they claim to not be in the business of hacking phones or writing custom firmware to do so. They claim the data on the phone is very private and nobody can access it without the password, and the data on the cloud is less private but requires a legit government request according to local customs. Of course China can get access to data stored on servers in China. Duh.
Why try to shout BS when you knew you didn't have the details? Oh, right, you're just here to shout "China Scary!"
This person is rather obviously advertising a scam. Stay away.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
No, actually if you read slashdot you'd know that most of us do hate Apple, and yet Apple is in the legal right on this issue. They're still a elitist walled garden that I not only wouldn't be seen in, my stuff wouldn't even work there because I won't use proprietary toolsets.
I can hate Apple at the same time that I point out they're in the right on this case, that the cases the FBI cites actually support Apple if you read the rulings, and that this will get overturned on appeal. I can hate them at the same time I speak out in defense of their right to choose their own stinky speech, they shouldn't have to substitute the FBI's stinky speech for their own. I can hate them at the same time that I acknowledge that software is speech, even if I think that software shouldn't be covered by copyright. I can hate them at the same time that I recognize that they don't write custom firmware to hack phones as part of their business, and that they don't have or want to have the tool for use in their own internal processes.
One of Apple's arguments is that they don't really have the capability but they are being compelled to do so assist anyways. Another point is that if they could do what the government asks, it is not a good thing for a number of reasons.
Well, there's spam egg sausage and spam, that's not got much spam in it.
The question again is whether Apple is technically capable of doing so. That might require Apple to devise a way to update the phone's firmware and software without the consent of Farook. Technically the owner of the phone is San Bernandino county if I remember the details of the case but it was Farook who set the password. Now if Farook set the phone to auto-update, that would far easier. That sets the precedent then that the FBI can ask Apple or anyone to lower the encryption safeguards set by any citizen.
Well, there's spam egg sausage and spam, that's not got much spam in it.
So basically, if Apple can do it at all, then the backdoor already exists, and is already awaiting exploitation.
The difference is the same as the difference between:
The house has a backdoor.
The house has enough space between the support beams to design and install a back door, but you'd have to know where the wiring and plumbing is first.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Your signature is a tad funny in this context. :-)
Here's what I said in my original comment:
If Apple has the capability to assist in the decryption of the phone.
Without Apple's help the FBI would most likely not be able to brute force the passcode. If, however, Apple assists them by providing a custom ROM, they'd be able to bypass a core security feature that prevents brute forcing the passcodes. Brute forcing iPhones' passcode is trivial since who uses a passcode of any meaningful length in their iPhone? They'd have to enter it every 15 minutes or so if they want to use their phone. Entering a 20+ character passcode that often just to read your texts or browse the Internet is a huge nuisance. And iPhone users, after all, have been confident that there is a mechanism that prevents brute forcing passcodes anyway.
If it's possible to bypass the passcode try limit, it's huge. It's bad and it's hugely bad. It doesn't even mean that Apple would have to help the FBI at this point to lose a lot of credibility. Everybody thought it was not possible in any way, but it seems Apple has had this capability since day-1.
Before the iPhone 6 series phones were released, the default passcode length was 4 digits (numbers). I personally have *never* met anyone who uses alphanumeric characters in their iPhone passcodes. If the majority of passcodes in modern iPhones is between 4-10 digits, that'll take a fraction of a second or a few seconds at most to brute force on the phone itself. And if it's somehow possible to extract the passcode hash from the phone, it doesn't matter if you use even 15–16 alphanumeric characters.
Here's what Apple has said in their official statement:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
If this isn't Apple being forced to assist in the decryption of the phone we live in different dimensions.
-SR
Silly rabbit, it wasn't anybody worried about protecting evidence or trained in that, it was a county health worker worried that confidential health department data might be on the phone. The standard practice is to reset the password... so that you can wipe the device, not so that you can preserve it.
This is the statement that MS endorsed:
Just because they support certain government activities doesn't mean they would have to support other ones. Maybe in some countries that seems natural, but it doesn't work that way in the US. Companies, and people, take positions on each issue independently. It is not a requirement to join a team and then be on their side on every issue.
You seem to admit you don't understand the business case; what if customers have choice, and customers like privacy? Does that clarify the business case? Did German customers in the 1930s have lots of choice? Could they simply choose companies that respected their privacy, or was that choice not available?
In chess if your opponent dies during the game, the result is a draw. If you think you're winning and your opponent is trying to commit suicide, it is in your best interests to stop him; it might be his one way to save the game!
Can a court order compell a safe manufacturer to assist the authorities with opening a safe that may contain private papers belonging to the person charged with a crime, in this case a deceased person who can't provide the combination to open it?
According to the cases that the FBI is actually citing, the Court can only compel that action if the safe manufacturer already offers the service requested. If they offer the service, for example to living customers, or as part of a repair or warranty program, or internally for "refurbishing," then the court can compel it. If they didn't already offer the service, then they could not.
That's the NY case that appears to support the FBI... if you only read a one-paragraph short explanation without reading the ruling.
Non-US phone manufactures are not going to upset people by going on record but an Apple loose would be good form them. Sure if Apple is forced to put a back-door in so will the others, but only on USA sold product. Apple would have to back door all phones it sold world wide. The non-US phone companies probably sell more outside the US than they do in the US and on the world market they would have the advantage of being able to offer a secure phone against insecure US models.
Boasting about that advantage before it existed would be bad PR for them. This potential future disadvantage is also probably significant factor in Apple standing against the US government, it could cost then significant sales in future.
Banks don't care about privacy, they care about contracts and liabilities and stuff like that that is not secret.
Customer confidentiality is not privacy; they are expected to protect the customers information from the general public, but it is assumed that it isn't private data and that lots of people at the bank and in the government are reviewing transactions as needed.
I've written code for a (foreign) bank interchange system, and I think you're engaged in magical thinking about the way the network communication is handled. They're way more focused on defining liability and having insurance that covers losses than they are concerned about actually locking down their communications and preventing any theft. ATMs are broken into frequently, and large sums are stolen from banking networks.
The code I was asked to write didn't have any encryption, and they laughed at me when I suggested it. Everything gets audited at both ends later, they can just fix the numbers. The same theft won't happen repeatedly, because it requires inside access, and they have to flee with the money before the ongoing internal audits find the discrepancy. That makes it manageable.
The "backdoor" here is that Apple can push software changes to iphones without the owner's permission or authorisation. That should allow Apple to do what has been asked, i.e. removing the incorrect password limit and delay between attempts. It doesn't mean that Apple can break the encryption but the will definitely make it easily for someone to brute force it. As long as Apple maintains remote access capabilities to customer devices they will be open to this sort of court order.
Unfortunately, Google has similar capabilities with Android which gives them an interest. Most of the Android manufacturers do not have that capability. It is possible to root an Android device and lock it down in a way that blocks Google or install a custom ROM that excludes Google services and apps. Installing strong encryption and using a strong password, not some stupid 4 digit code, would make your device safe. Encrypting without closing the remote access hole is nothing more than the illusion of security.
I think the interesting point is that the FBI is asking Apple. Undoubtedly, other arms of the US government have this ability. NSA's Tailored Access group could do it. The case is explicitly about forcing Apple to do it. And that in itself is interesting. The US Government could do this but it wants to set the precedent that it can bully companies into doing it for them. Witch tells me it has nothing to do with terrorism and everything to do with control.
It's encrypted, but with a very short key length:
So what you're saying is it's user error for net setting up an appropriate length passcode?
To be clear I don't agree Apple should do it. In fact I'm dead set against it. But calling it a backdoor or calling it weakening the encryption is fundamentally incorrect.
It's more a usability limitation: Do you want to have to enter a fifteen-character alpha-numer-symbolic passcode every time you want to use your phone?
The PIN isn't the encryption key.
A "back door" can be many things: it can be a weakness in the cryptographic algorithms, but it can also be a weakness in they keyring or even just failing to clear memory somewhere. Apple's devices appear to have a weak keyring.
No, that's not how it works. The PIN is not the encryption key, it is simply an identifier the user uses to identify himself to the device. The actual encryption key is a 256 bit key that you never see and that's inaccessible and inside the hardware.
PINs are secure as long as the hardware strictly enforces a limit on the number of authentication attempts; after that number of attempts, the system either needs to erase the keyring (and/or device), or it needs to switch to PUK or pass phrase authentication. Some hardware does this (e.g., SIM cards), but on Apple hardware, the limit can apparently be circumvented.
That's a shame, given how much Apple seems to have invested in special hardware to support encryption on their devices. http://www.darthnull.org/2014/...
I could have explained in detail about how the key management works, but I was trying to keep it brief. The important thing is that they have the phone, need the pin to access it, and security is dependant upon the phone being designed only to behave in a certain way.
You said It [the data] is encrypted, but with a very short key length: It's a four-digit pin, only 10,000 possible keys.. That's not "keeping it brief", it's simply wrong. The data is not encrypted with a very short key length. The data is encrypted with a 256 bit key.
That may be the situation in your neck of the woods, but I assure you that most banks do take locking down their communications very seriously. I've informally heard of big messes that all the bank's horses and all the bank's men couldn't untangle.
All that goes double for the people doing SCADA (industrial system control and data acquisition) for hydro dams, power plants and other systems that could kill people or cause major disasters. They weren't always that careful, but they're now getting religion.
If you didn't even read it close enough to know if I was talking about "my neck of the woods" or not, then how do you even know what the "situation" is that you're agreeing to?
I assure you that the banks in my area are much more precise in their communication and security.
I see a lot of proclamations from around the world about the security of dams and power plants, why is it that the security people point out that they are barely secured at all, and always complaining loudly about it?
I wrote what I wrote and not what you appear to think I wrote.
A lot of people, mainly on one side of politics, were calling it treason.
A bit over the top don't you think?
Your bit pretending that I condone his actions is something you made up yourself. What I do not condone is people who want to inflate a chess game to the level of treason.
Please don't let whatever baggage is upsetting you offline spill over in such a way.
The purpose of the example was to show how out of touch and blatantly partisan such screams of "treason" are and had nothing to do with whether Fischer committed any crimes other than treason. The example was obviously not about Fischer but about those railing against him in such an overdramatic way. It's about showing that we cannot trust such overt and inconsistent drama queens.
The rest you have added yourself in a somewhat embarassing argument about an analogy.