The real problem is that if the FBI establish this precedent, next it will be the Chinese Government demanding the same for the phone of a US Embassy employee they suspect of being a CIA agent (upon pain of Apple being disallowed from further business in China).
Actually Apple has some leverage. China wants iPhones, iPads, Macs, etc to be made in China.
Also Apple could get a US court to order them not to comply, making it a gov't v gov't problem.
It's worth reading what Apple's lawyers wrote, it;'s quite insightful.
Frankly like most stuff written by lawyers when they are trying to influence perception its a bit of "exaggeration".
They would need to put a lot of effort into development.
Two weeks they say, fine, bill the FBI for the time.
A bug could wipe or otherwise damage the phone, so it needs to be carefully tested.
That's already part of the two week estimate. And frankly such bugs are the FBI's problem not Apples. The FBI needs to do testing and sign off on it, the FBI has the technical expertise to do so.
They would have to interface with the FBI's cracking software, or write it for them.
Again, already part of Apple's two week estimate. And writing it for the FBI is actually Apple's moral obligation to Apple customers **if** this software must be written. That way Apple can put in the code that will limit this updated iOS/firmware to running on only this device. If the FBI is left to write the code no such safeguard will be present.
Once it exists, other law enforcement agencies will want to use it.
The real problem.
Apple has a choice: keep the source code around, in which case it is at risk of being stolen by various hackers and state agencies, or delete it and start from scratch for the next request.
That is BS. (1) The FBI and black hats could patch iOS or firmware themselves. Apple is only really needed for digitally signing the code so it will be accepted and run by the hardware. (2) The FBI and black hats could disassemble and read any code changes made by Apple without access to source code, source code is simply a convenience. (3) Keeping the source code "secure" is no more difficult than keeping "secure" the encryption key used for signing all approved software/firmware. Its the same problem. (4) Other requests could be fulfilled by Apple even without the source code. Apple, or law enforcement, could patch the binary to change the ID used to limit the code to a single particular device, to allow it to run on a new court designated target of investigation. Again, the only thing Apple is strictly needed for is to digitally sign new software/firmware.
It's true that the firmware would be limited to a specific device, and the precedent is far more dangerous than the code itself. However no system is perfect. There is at least some chance that some exploit could be derived from the custom firmware that helps break the security of other devices. A (not perfect) analogy would be giving out the combination to your home safe because, since your doors are locked, you assume no one will get a chance to access the safe.
I doubt there is any shortage of people working for the FBI, or any shortage of black hats, that could develop exploits by disassembling the current passcode code and studying it. I think these folks would probably come up with changes similar to Apple's on their own. Apple does not have more technical skill in this regard, the source code a convenience. All Apple really has is the digital signature that the hardware is expecting to see on the code. And of course the ability to move functionality from software/firmware to silicon, to embed it into the processors themselves where it is unpatchable.
Since Apple does not want to do the work for the government... how about the court order Apple turn over all source code to the Government and then the government recompile the firmware?
No. The FBI would not limit this modified version of the code to a single device. **If** this modified version is to be created it is Apple's duty to its customers to do so to ensure that his modification runs only on a single phone.
They could, but that's not what the FBI is asking for. They're asking for a tool that could open any door, without the landlord's help, not this one specific door.
Apple could limit the updated code to this one particular phone. Such an addition by Apple would be just as untamperable as the passcode entry code today. Untamperable due to Apple's digital signature. So no, it is quite easy for Apple to limit their tool to one and only one door.
The real problem is that if one court on one case can order such technical assistance from Apple then any court on any case can do so as well. The government's claim that this is a one time thing is bogus. I don't see how they can limit a judge's ability to issue such an order.
Frankly, his quotes are him backing the FBI. He disputes Apple, says that they can unlock just THIS phone. He's absolutely siding with the FBI on this.
There is a difference between saying that the FBI is technically correct that Apple could provide updated signed software/firmware to get past the passcode on this one specific phone, and saying that the FBI should have Apple do this. The former is likely a technical fact. On the 5C the passcode delay is likely implemented in patchable software/firmware, as is enabling the wipe on too many passcode failures. Apple could add code to the software/firmware delivered to the FBI to lock this update to this one particular phone. There would be no general purpose tool to unlock any 5C or similar phone. Apple's digital signature would prevent FBI tampering with this restriction, just as Apple's digital signature prevents the FBI from tampering with the passcode software/firmware in the first place.
The court order asks apple to produce the compromised firmware, load it on the phone and then hand the phone to the fbi. From there the fbi will extract the firmware and use it on any other 5c or compatible they want to crack. And it will leak.
It Apple hacks up the passcode code they can also add code to limit the firmware to this one particular phone. Once digitally signed the FBI and black hats could no more make this work on a different phone than they could have hacked up the passcode code themselves. Apple's digital signature prevents any tampering at all. There need not be any threat to any other 5c.
The real problem is that if one judge in one case can compel Apple to provide such technical assistance then any judge in any case can also do so. The government's claim this is a one-time thing is bogus.
Keep in mind that this case may be unique in that the murderer may not be the owner of the phone. His employer may be the actual owner and his employer may have given the FBI permission to search the phone.
What is more: the current line of products with their "secure enclave" chip and so, are already supposedly unbreakable by Apple themselves. So is this an admission that Apple can actually break into the current iPhone 6 line? Or do I miss something here?
More secure in the sense of defeating the encryption since part of the key is embedded in silicon and "unreadable"? Which is something quite different from your passcode which is normally all that prevents one's data from being decrypted by all this fancy hardware. Unless the passcode retry delay is burned into silicon, part of a processor, it would seem to be software that is patchable. If so the only thing the FBI needs is for Apple to digitally sign a tampered iOS or firmware.
On a positive note if Apple provides the modified firmware/iOS then they could make this modification only run on the one iPhone in question. Their digital signature would prevent the FBI from altering this code, just as the FBI is prevented from altering any of the current code.
The real problem is that if one court can compel Apple to do this than any court on any case can likewise compel them. Any claim that this is a one time thing seems false, in what way is any court so limited?
The only "vulnerability" is this case is that Apple potentially has the ability to push new firmware onto this model of iPhone (the 5c) using its own signed certificate, even if the phone is locked. The FBI wants this new firmware to do two things: (1) bypass the "10 wrong tries on the unlock code and the iPhone erases itself" routine and (2) reduce the time interval between unlock code entries.
Note that Apple can introduce code to this modified firmware/iOS so that it only runs on this one particular phone. The FBI would be no more able to remove this restriction than they can remove the current passcode delay. Apple's digital signature can prevent this code from being used on any device.
Also note that making the firmware unpatchable in unlikely. More likely is that the passcode entry delay, and maybe the encryption key destruction after too many failures, would be moved into the hardware, permanently embedded into the silicon. Unpatchable.
If the lack of security--due to government mandated back doors--allows for state sponsored persecution of innocents, enemy state or NGO attacks, etc.
There is no back door. There is only Apple digitally signing a modified version of iOS. That's it, just like with every patch for iOS that goes over the wire.
What the FBI needs is for a modified version of iOS that skips the delays between passcode entry attempts and destroying the encryption key currently used if there are too many failed passcode attempts. Apple could add code that limits this version of iOS from running on any other iPhone. Apple's digital signature would prevent the FBI from using this version on any other phone, exactly the same way the FBI can not hack around and change iOS themselves today. Apple could unlock this phone without giving the FBI a tool that could be used on any other phone.
The real problem is that the government's claim that this is a one time event is bogus. I don't see why any judge on any case could not order similar technical assistance from Apple.
As for this supposed unhackable phone. All it would require is that the passcode delays and encryption key destruction after too many failed passcodes be moved into the hardware and not be in iOS where it is "patchable".
Slanted journalism has always been around, its not a last 40 years thing. However there has also been newspapers, and in more recent history nightly news TV shows, where there was an honest attempt at being more professional, at fairly showing multiple sides, at being *truer* to the ideals of journalism. However in the 1960s these ideals fell out of favor and we have drifted even farther from the ideals of journalism.
The price on the front of the newspaper is cream for the publisher, their bread and butter used to come from classified (and inline) ads. Before the internet if you wanted to buy a car, house, find a job, find a plumber, etc, you either bought a newspaper or cracked open the phone book. Some people still buy newspapers (especially in my age bracket) but they are no longer forced to buy them to find what they need, they buy them out of habit or just for the entertainment value.
I guess I'm arguing that quality information and news is a "need". If the current system fails, we have a workable model to fall back on. Car dealers, plumbers, etc could pay the web pages to deliver their ads in certain geographical zones. The system is less efficient without user tracking and targeted advertising delivery but the old system was efficient enough to pay for the newspaper business of old.
Advertisers would contract directly with the publisher who would lay out ads amongst content as they did in the days of paper. That is the centuries old proven model.
It doesn't really take much away from your point, but I feel it's worth noting that newspapers do contract out advertising with 3rd parties. A company can employ an advert agency to place their advertisement in multiple newspapers (dozens, or even hundreds). That's similar to me employing Google to run my advert on hundreds (or, more likely thousands) of web sites.
Yes and no. First of all there is the tracking actions of google but that is sort of tangential. I think the more relevant difference is that the newspapers see the ad beforehand. They could reject it, they could require modifications, and most of all they insert it into the content channel. The publisher publishes the ad.
Hmmm... I wasn't very clear, apologies. I should have specified "web based 3rd party / targeted ad supported news". I am referring only to ads delivered by third parties, i.e. google, most likely targeted ads. Basically two channels, one for content, one for ads. That is the newish and possibly failing model.
There would of course still be ads, as there was in print newspapers, but there would be a single channel for both content and ads. No third party such a google. Advertisers would contract directly with the publisher who would lay out ads amongst content as they did in the days of paper. That is the centuries old proven model. Hopefully one less likely to watch you and engaged in targeted ads.
... Better pay for every single other viewpoint...
Believe it or not, it is entirely possible for a single source to offer multiple perspectives on an issue. Once upon a time this was known as journalism.
... The web is now a bookstore, not a library...
Not a problem. Once upon a time people bought newspapers. They were generally also available at the library but it was more convenient to have them delivered to your home.
**If** our current two decade'ish experiment with web based ad supported news fails its not the end of the world. We had a system that worked well for centuries. That old system's economic model may work with pixels as well as it worked with dead trees.
my understandibg is the count is kept by the encryption hardware itself and the OS has no way to reset or overide the count. The OS just reports back what it gets from readonly status registers. modifyiing it is useless and wont provide the results requested.
On the iPhone 5C? Which is the model in question. That might be something new for the iPhone 6 and 6 Plus.
Because it is impossible to modify a program written for a specific device to run on any device that runs the same OS?
For the FBI, yes. Once they modify the program they need Apple to reapply the digital signature. The FBI can not move the software from one device to another on their own.
Is that what you are claiming? Because that is the most technically ignorant thing I have read in a while.
Modifying the code to bypass the count and delay is equivalent to modifying the code that checks for a particular device's UDID. If the FBI can not do the former then they can not do the later. Any change invalidates the digital signature. Without a valid digital signature the phone will not run that version of iOS.
Legislation is unnecessary. If this is an order from a Judge, then failure to comply means they're in contempt of court, for which there isn't much legal recourse. The Judge can simply have corporate officers jailed until they comply.
Or levy a fine. Say a daily fine until compliance. The judge can choose a fine amount that hurts financially. In short, corporations can be compelled.
Re-using a "backdoor" is preventable. All the FBI needs is a version of iOS that skips the passcode count limit and the delay between passcode entry attempts. Quite trivial modifications. The FBI could certainly make such changes. What is needed from Apple is to digitally sign that updated iOS so that the hardware will accept it and run it. Furthermore if Apple makes such changes they could add code to limit the modified iOS to only run on the device in question. The FBI would be unable to alter this new device limitation as they are unable to alter the passcode retry limit and delays. Any alteration of the code breaks the digital signature. Such an updated iOS from Apple could not be run on any other phone.
The real problem is that the government's claim this is a one-time event is BS. There is no limitation preventing another judge on any other case from issuing a similar order to Apple.
And being asked to tear down the security mechanisms in your proprietary operating system comes quite close in comparison.
Apple is being asked to do no such thing. All the FBI needs is a version of iOS that skips the passcode count limit and the delay between passcode entry attempts. Quite trivial modifications. The FBI could certainly make such changes. What is needed from Apple is to digitally sign that updated iOS so that the hardware will accept it and run it. Furthermore if Apple makes such changes they could add code to limit the modified iOS to only run on the device in question. The FBI would be unable to alter this new device limitation as they are unable to alter the passcode retry limit and delays. Any alteration of the code break the digital signature. Such an updated iOS from Apple could not be run on any other phone.
The real problem is that the government's claim this is a one-time event is BS. There is no limitation preventing another judge on any other case from issuing a similar order to Apple.
Third, I don't see how treason plays into any of this. Article III, section 3 defines treason as "levying War against them, or in adhering to their Enemies, giving them Aid and Comfort."
I'm playing devil's advocate here, not actually accusing Apple of anything, certainly not treason. That said, if the San Bernardino murderers declared loyalty to ISIS and the government suspects the phone contains unknown information related to ISIS (say a contact) then prohibiting access to that information could arguably be providing aid to ISIS. Additionally it could be argued that ISIS is by its own declaration at war with the USA and thereby be considered an enemy. I wouldn't be so sure that a charge of treason could not somehow be constructed. Now of course that is a political step I doubt any government official would be willing to take, yet it seems technically plausible.
Keep in mind that all the FBI needs Apple to do is to digitally sign a modified version of iOS so that the phone's hardware will accept and run it. Failure to digitally sign this version of iOS could conceivably be argued to aid to ISIS. I am not saying such an accusation is wise or just, merely that it is conceivable that a government lawyer may make such a claim in court.
If you are documenting your intent then you are doing it wrong.
The "two character comment" that I am referring to is a pair of parenthesis. The parenthesis are functional, they affect the parsing of expressions. They have a dual role of documenting intent and manifesting that intent in the code. Parenthesis, even when strictly unnecessary and just there for readability (a comment if you will), is "doing it correctly".
There are variables corrupted because operator precedence was misunderstood.
One of my favorite (not) type of bugs. Because a "two character comment", a pair of parenthesis, would just be awful. Two character to document your intent, which hopefully matches your implementation, but if not may just save you.
you're looking at spending about $5k for the product, unless you are a large development team, cost benefit ratio is low
Why? One month of developer time is one month of developer time regardless of the size of the team. Either the product saves that much or more or it does not. If it does it is worthwhile.
As for whether a developer can afford the cost that again is not the function of the team size, rather the popularity of the dev team's product, the number of users. With a sufficiently sized market the revenue or donations would cover the cost regardless of the size of the team.
Slashdot Mirror
The real problem is that if the FBI establish this precedent, next it will be the Chinese Government demanding the same for the phone of a US Embassy employee they suspect of being a CIA agent (upon pain of Apple being disallowed from further business in China).
Actually Apple has some leverage. China wants iPhones, iPads, Macs, etc to be made in China.
Also Apple could get a US court to order them not to comply, making it a gov't v gov't problem.
It's worth reading what Apple's lawyers wrote, it;'s quite insightful.
Frankly like most stuff written by lawyers when they are trying to influence perception its a bit of "exaggeration".
They would need to put a lot of effort into development.
Two weeks they say, fine, bill the FBI for the time.
A bug could wipe or otherwise damage the phone, so it needs to be carefully tested.
That's already part of the two week estimate. And frankly such bugs are the FBI's problem not Apples. The FBI needs to do testing and sign off on it, the FBI has the technical expertise to do so.
They would have to interface with the FBI's cracking software, or write it for them.
Again, already part of Apple's two week estimate. And writing it for the FBI is actually Apple's moral obligation to Apple customers **if** this software must be written. That way Apple can put in the code that will limit this updated iOS/firmware to running on only this device. If the FBI is left to write the code no such safeguard will be present.
Once it exists, other law enforcement agencies will want to use it.
The real problem.
Apple has a choice: keep the source code around, in which case it is at risk of being stolen by various hackers and state agencies, or delete it and start from scratch for the next request.
That is BS. (1) The FBI and black hats could patch iOS or firmware themselves. Apple is only really needed for digitally signing the code so it will be accepted and run by the hardware. (2) The FBI and black hats could disassemble and read any code changes made by Apple without access to source code, source code is simply a convenience. (3) Keeping the source code "secure" is no more difficult than keeping "secure" the encryption key used for signing all approved software/firmware. Its the same problem. (4) Other requests could be fulfilled by Apple even without the source code. Apple, or law enforcement, could patch the binary to change the ID used to limit the code to a single particular device, to allow it to run on a new court designated target of investigation. Again, the only thing Apple is strictly needed for is to digitally sign new software/firmware.
It's true that the firmware would be limited to a specific device, and the precedent is far more dangerous than the code itself. However no system is perfect. There is at least some chance that some exploit could be derived from the custom firmware that helps break the security of other devices. A (not perfect) analogy would be giving out the combination to your home safe because, since your doors are locked, you assume no one will get a chance to access the safe.
I doubt there is any shortage of people working for the FBI, or any shortage of black hats, that could develop exploits by disassembling the current passcode code and studying it. I think these folks would probably come up with changes similar to Apple's on their own. Apple does not have more technical skill in this regard, the source code a convenience. All Apple really has is the digital signature that the hardware is expecting to see on the code. And of course the ability to move functionality from software/firmware to silicon, to embed it into the processors themselves where it is unpatchable.
Since Apple does not want to do the work for the government... how about the court order Apple turn over all source code to the Government and then the government recompile the firmware?
No. The FBI would not limit this modified version of the code to a single device. **If** this modified version is to be created it is Apple's duty to its customers to do so to ensure that his modification runs only on a single phone.
They could, but that's not what the FBI is asking for. They're asking for a tool that could open any door, without the landlord's help, not this one specific door.
Apple could limit the updated code to this one particular phone. Such an addition by Apple would be just as untamperable as the passcode entry code today. Untamperable due to Apple's digital signature. So no, it is quite easy for Apple to limit their tool to one and only one door.
The real problem is that if one court on one case can order such technical assistance from Apple then any court on any case can do so as well. The government's claim that this is a one time thing is bogus. I don't see how they can limit a judge's ability to issue such an order.
Frankly, his quotes are him backing the FBI. He disputes Apple, says that they can unlock just THIS phone. He's absolutely siding with the FBI on this.
There is a difference between saying that the FBI is technically correct that Apple could provide updated signed software/firmware to get past the passcode on this one specific phone, and saying that the FBI should have Apple do this. The former is likely a technical fact. On the 5C the passcode delay is likely implemented in patchable software/firmware, as is enabling the wipe on too many passcode failures. Apple could add code to the software/firmware delivered to the FBI to lock this update to this one particular phone. There would be no general purpose tool to unlock any 5C or similar phone. Apple's digital signature would prevent FBI tampering with this restriction, just as Apple's digital signature prevents the FBI from tampering with the passcode software/firmware in the first place.
The court order asks apple to produce the compromised firmware, load it on the phone and then hand the phone to the fbi. From there the fbi will extract the firmware and use it on any other 5c or compatible they want to crack. And it will leak.
It Apple hacks up the passcode code they can also add code to limit the firmware to this one particular phone. Once digitally signed the FBI and black hats could no more make this work on a different phone than they could have hacked up the passcode code themselves. Apple's digital signature prevents any tampering at all. There need not be any threat to any other 5c.
The real problem is that if one judge in one case can compel Apple to provide such technical assistance then any judge in any case can also do so. The government's claim this is a one-time thing is bogus.
Keep in mind that this case may be unique in that the murderer may not be the owner of the phone. His employer may be the actual owner and his employer may have given the FBI permission to search the phone.
What is more: the current line of products with their "secure enclave" chip and so, are already supposedly unbreakable by Apple themselves. So is this an admission that Apple can actually break into the current iPhone 6 line? Or do I miss something here?
More secure in the sense of defeating the encryption since part of the key is embedded in silicon and "unreadable"? Which is something quite different from your passcode which is normally all that prevents one's data from being decrypted by all this fancy hardware. Unless the passcode retry delay is burned into silicon, part of a processor, it would seem to be software that is patchable. If so the only thing the FBI needs is for Apple to digitally sign a tampered iOS or firmware.
On a positive note if Apple provides the modified firmware/iOS then they could make this modification only run on the one iPhone in question. Their digital signature would prevent the FBI from altering this code, just as the FBI is prevented from altering any of the current code.
The real problem is that if one court can compel Apple to do this than any court on any case can likewise compel them. Any claim that this is a one time thing seems false, in what way is any court so limited?
The only "vulnerability" is this case is that Apple potentially has the ability to push new firmware onto this model of iPhone (the 5c) using its own signed certificate, even if the phone is locked. The FBI wants this new firmware to do two things: (1) bypass the "10 wrong tries on the unlock code and the iPhone erases itself" routine and (2) reduce the time interval between unlock code entries.
Note that Apple can introduce code to this modified firmware/iOS so that it only runs on this one particular phone. The FBI would be no more able to remove this restriction than they can remove the current passcode delay. Apple's digital signature can prevent this code from being used on any device.
Also note that making the firmware unpatchable in unlikely. More likely is that the passcode entry delay, and maybe the encryption key destruction after too many failures, would be moved into the hardware, permanently embedded into the silicon. Unpatchable.
If the lack of security--due to government mandated back doors--allows for state sponsored persecution of innocents, enemy state or NGO attacks, etc.
There is no back door. There is only Apple digitally signing a modified version of iOS. That's it, just like with every patch for iOS that goes over the wire.
What the FBI needs is for a modified version of iOS that skips the delays between passcode entry attempts and destroying the encryption key currently used if there are too many failed passcode attempts. Apple could add code that limits this version of iOS from running on any other iPhone. Apple's digital signature would prevent the FBI from using this version on any other phone, exactly the same way the FBI can not hack around and change iOS themselves today. Apple could unlock this phone without giving the FBI a tool that could be used on any other phone.
The real problem is that the government's claim that this is a one time event is bogus. I don't see why any judge on any case could not order similar technical assistance from Apple.
As for this supposed unhackable phone. All it would require is that the passcode delays and encryption key destruction after too many failed passcodes be moved into the hardware and not be in iOS where it is "patchable".
Slanted journalism has always been around, its not a last 40 years thing. However there has also been newspapers, and in more recent history nightly news TV shows, where there was an honest attempt at being more professional, at fairly showing multiple sides, at being *truer* to the ideals of journalism. However in the 1960s these ideals fell out of favor and we have drifted even farther from the ideals of journalism.
The price on the front of the newspaper is cream for the publisher, their bread and butter used to come from classified (and inline) ads. Before the internet if you wanted to buy a car, house, find a job, find a plumber, etc, you either bought a newspaper or cracked open the phone book. Some people still buy newspapers (especially in my age bracket) but they are no longer forced to buy them to find what they need, they buy them out of habit or just for the entertainment value.
I guess I'm arguing that quality information and news is a "need". If the current system fails, we have a workable model to fall back on. Car dealers, plumbers, etc could pay the web pages to deliver their ads in certain geographical zones. The system is less efficient without user tracking and targeted advertising delivery but the old system was efficient enough to pay for the newspaper business of old.
Advertisers would contract directly with the publisher who would lay out ads amongst content as they did in the days of paper. That is the centuries old proven model.
It doesn't really take much away from your point, but I feel it's worth noting that newspapers do contract out advertising with 3rd parties. A company can employ an advert agency to place their advertisement in multiple newspapers (dozens, or even hundreds). That's similar to me employing Google to run my advert on hundreds (or, more likely thousands) of web sites.
Yes and no. First of all there is the tracking actions of google but that is sort of tangential. I think the more relevant difference is that the newspapers see the ad beforehand. They could reject it, they could require modifications, and most of all they insert it into the content channel. The publisher publishes the ad.
... web based ad supported news ...
Hmmm ... I wasn't very clear, apologies. I should have specified "web based 3rd party / targeted ad supported news". I am referring only to ads delivered by third parties, i.e. google, most likely targeted ads. Basically two channels, one for content, one for ads. That is the newish and possibly failing model.
There would of course still be ads, as there was in print newspapers, but there would be a single channel for both content and ads. No third party such a google. Advertisers would contract directly with the publisher who would lay out ads amongst content as they did in the days of paper. That is the centuries old proven model. Hopefully one less likely to watch you and engaged in targeted ads.
... Better pay for every single other viewpoint ...
Believe it or not, it is entirely possible for a single source to offer multiple perspectives on an issue. Once upon a time this was known as journalism.
Not a problem. Once upon a time people bought newspapers. They were generally also available at the library but it was more convenient to have them delivered to your home.
**If** our current two decade'ish experiment with web based ad supported news fails its not the end of the world. We had a system that worked well for centuries. That old system's economic model may work with pixels as well as it worked with dead trees.
my understandibg is the count is kept by the encryption hardware itself and the OS has no way to reset or overide the count. The OS just reports back what it gets from readonly status registers. modifyiing it is useless and wont provide the results requested.
On the iPhone 5C? Which is the model in question. That might be something new for the iPhone 6 and 6 Plus.
Because it is impossible to modify a program written for a specific device to run on any device that runs the same OS?
For the FBI, yes. Once they modify the program they need Apple to reapply the digital signature. The FBI can not move the software from one device to another on their own.
Is that what you are claiming? Because that is the most technically ignorant thing I have read in a while.
Modifying the code to bypass the count and delay is equivalent to modifying the code that checks for a particular device's UDID. If the FBI can not do the former then they can not do the later. Any change invalidates the digital signature. Without a valid digital signature the phone will not run that version of iOS.
Legislation is unnecessary. If this is an order from a Judge, then failure to comply means they're in contempt of court, for which there isn't much legal recourse. The Judge can simply have corporate officers jailed until they comply.
Or levy a fine. Say a daily fine until compliance. The judge can choose a fine amount that hurts financially. In short, corporations can be compelled.
Re-using a "backdoor" is preventable. All the FBI needs is a version of iOS that skips the passcode count limit and the delay between passcode entry attempts. Quite trivial modifications. The FBI could certainly make such changes. What is needed from Apple is to digitally sign that updated iOS so that the hardware will accept it and run it. Furthermore if Apple makes such changes they could add code to limit the modified iOS to only run on the device in question. The FBI would be unable to alter this new device limitation as they are unable to alter the passcode retry limit and delays. Any alteration of the code breaks the digital signature. Such an updated iOS from Apple could not be run on any other phone.
The real problem is that the government's claim this is a one-time event is BS. There is no limitation preventing another judge on any other case from issuing a similar order to Apple.
And being asked to tear down the security mechanisms in your proprietary operating system comes quite close in comparison.
Apple is being asked to do no such thing. All the FBI needs is a version of iOS that skips the passcode count limit and the delay between passcode entry attempts. Quite trivial modifications. The FBI could certainly make such changes. What is needed from Apple is to digitally sign that updated iOS so that the hardware will accept it and run it. Furthermore if Apple makes such changes they could add code to limit the modified iOS to only run on the device in question. The FBI would be unable to alter this new device limitation as they are unable to alter the passcode retry limit and delays. Any alteration of the code break the digital signature. Such an updated iOS from Apple could not be run on any other phone.
The real problem is that the government's claim this is a one-time event is BS. There is no limitation preventing another judge on any other case from issuing a similar order to Apple.
Third, I don't see how treason plays into any of this. Article III, section 3 defines treason as "levying War against them, or in adhering to their Enemies, giving them Aid and Comfort."
I'm playing devil's advocate here, not actually accusing Apple of anything, certainly not treason. That said, if the San Bernardino murderers declared loyalty to ISIS and the government suspects the phone contains unknown information related to ISIS (say a contact) then prohibiting access to that information could arguably be providing aid to ISIS. Additionally it could be argued that ISIS is by its own declaration at war with the USA and thereby be considered an enemy. I wouldn't be so sure that a charge of treason could not somehow be constructed. Now of course that is a political step I doubt any government official would be willing to take, yet it seems technically plausible.
Keep in mind that all the FBI needs Apple to do is to digitally sign a modified version of iOS so that the phone's hardware will accept and run it. Failure to digitally sign this version of iOS could conceivably be argued to aid to ISIS. I am not saying such an accusation is wise or just, merely that it is conceivable that a government lawyer may make such a claim in court.
If you are documenting your intent then you are doing it wrong.
The "two character comment" that I am referring to is a pair of parenthesis. The parenthesis are functional, they affect the parsing of expressions. They have a dual role of documenting intent and manifesting that intent in the code. Parenthesis, even when strictly unnecessary and just there for readability (a comment if you will), is "doing it correctly".
There are variables corrupted because operator precedence was misunderstood.
One of my favorite (not) type of bugs. Because a "two character comment", a pair of parenthesis, would just be awful. Two character to document your intent, which hopefully matches your implementation, but if not may just save you.
you're looking at spending about $5k for the product, unless you are a large development team, cost benefit ratio is low
Why? One month of developer time is one month of developer time regardless of the size of the team. Either the product saves that much or more or it does not. If it does it is worthwhile.
As for whether a developer can afford the cost that again is not the function of the team size, rather the popularity of the dev team's product, the number of users. With a sufficiently sized market the revenue or donations would cover the cost regardless of the size of the team.