The Reducing Over-Classification Act of 2010 allows government agencies to pay cash awards to employees who accurately classify government documents consistently...
So it is down to paying government employees bribes to actually do the job they are hired to do... Why not fine the ones that over classify the information instead...
If the candidates were open and transparent AND if voters only cared about ability to govern, then no one could influence the election. But that isn't going to happen. But labor unions by far and away have the largest influence vector for elections, followed by large corporations. Large corporations by the amount of money they contribute, usually have more influence on a continuing basis, but often hedge their bets by donating to both sides in the election. Lately though some large entities (I'm looking at you Facebook!) have stopped any pretense of neutral news reporting and might as well be looked upon as strictly aligned with particular candidates. Labor unions strongly influence elections by the sheer number of their Sheeple following the edicts of their labor union "bosses". Not to say all do, but a large enough number to sway some elections. If all candidates where required to be open and transparent and there was a mechanism to expose when they weren't and if so called fact finding organizations where unbiased and not supportive of any particular candidate, and news organizations were actually news organizations, not thinly veneered arms of entities with a political agenda then the voters would be presented with a neutral view that was unbiased to choose from. Foreign governments influence on American elections is a "red" herring. The domestic influencers actually do influence the outcome.
Separate IMDB into the promotional site and the informational site; spin the informational site off as a 501(c(3)) non-profit. Make the for profit promotional site a permanent trustee and committed donor to the informational site, while IMDB-Pro operates as a for profit site. Even if denied federal non-profit status, they'd still be separate and exempt from the California law, IMNALO (In My Not A Lawyer Opinion)... They might consult some lawyers to see if that's viable. Alternately do what other corporations do when presented a hostile environment by a state. Move and that the jobs out of state.
Not to mention he is representing Apple, who built the iOS App store mainly on free content and content where Apple drove the market cost to new lows for software. And for content with a price, took an unprecedented 30% of gross revenue. Apple set the stage for lowering the bar and abuse of content providers. Now, I actually like Apple. And they opened the door for many software projects that would not otherwise have been done. Much as You Tube opened the door for many starting artists. If this yipping dog artist has a copyright complaint, better to voice it to You Tube administration and get it taken down. But... statistics have shown that leaked free content results in larger sales. So complain about the "piracy" all the way to the bank.
This ranks up there with the most idiotic statement recently made by someone in the music industry.
Not so limited as you might think. Just knows all of them. iPhone 4S is still supported with the current iOS as is the iPad 2. So iPhone 4S 5 5S 5C 6 6S 6+ and 6S+ plus iPad 2 3 Air Air2 Pro(12) Pro(9). So 14 models not counting CDMA and market variants which add more sub variations. Oh and on the iPad side, with cellular and without. So in some cases the base model could have 4 variants, or more.
The Android problem is low margins to get market share, and no incentive for the diverse manufacturers to update beyond the peak sales repurchase cycle. And some makers are just pitiful. Amazon Fire Phone comes to mind, my Android mobile device test rig with so much promise, and next to no delivery. When updates were produced they lagged a full major Android release.
Don't train your replacements. If unionized, strike. maybe strike anyway.
Second immediately go to competing media and take out ads advising the public what is happening. write editorials for other media.
Talk to your government representatives about the American press being outsourced to India.
Then explain to management about a cable equipment supplier in Pennsylvania that was going bankrupt. At the last moment a "White Knight" appeared. During the phase of doing do diligence they discovered that there IT and IT development was outsourced to India. The White Knight who was bailing them out, they dropped the offer as the little cable company in trouble actually owned very very little at that point that they had control over... And the WK didn't want to be dependent on outsourced IT were they no longer even had the current source or databases in the US.
The information is the real value, hold it in a third parties hands overseas, and you court disaster. This is not to say that overseas outsourcing is inherently bad, just non tech companies do a horrible job providing for contingencies and keeping domestic...
Well, some powerful legal scholars and the court cases they describe disagree and state that in this exact predicament the 5th does apply. The so called Fischer test fails on point 3 and the burden is on the government. They warn that if this were not the case one could be jailed for contempt, and that is exactly what happened in this case. Likely the incarcerated lawyer did not push this hard enough, or the judge chose to ignore it. But without all the details we may fall short of the understanding needed to make an argument one way or the other. But understanding this person may not know, may have forgotten, or some other individual may have applied the FileVault passphrase, or may just be such a willful person (and two years makes that self evident) that he will never reveal the passphrase if he knows it; he should be released. The current zeal the courts are using to make encryption a worthless technology is unwarranted. Least people think this is a new problem, read the paper from the above link. Thomas Jefferson invented an encryption for mailed messages that was not broken for 100 years apparently. this problem is not modern at all and has been tested in courts since the beginnings of the U.S.A.
Consider if this hard drive contains emails between this defendant and his lawyer, thus privileged communications. Or contains material related to confidential informants. Disclosure in open court could be disastrous... and in the former would violate the defendants rights in yet another way.
We have lost sight of the American concept that it is better to let a dozen guilty people go free that to jail one innocent man. Our prisons have uncounted numbers of innocents, some lucky enough to have people interested in freeing them to preserver until they are vindicated. Some innocents die having exhausted all appeals and they are executed. It is very sobering to look at The Innocence Project and understand many of these people lost decades behind bars while innocent.
The privilege of not testifying against a family member is only extended to the spouse. The feeling is that because of the intimate relationship they are likely to share all aspects of their life, so are for this purpose the same entity. They may however voluntarily testify against their spouse, unlike lawyers and doctors whose privilege is based on professional ethics. But, say, someone's brother is called to testify, they can be compelled to do so.
I suggest that a higher court does not release him, but rather orders the lower court judge to withdraw the contempt charge as inappropriate. Then if the lower court judge fails to comply, that judge will be in contempt and they can share a cell. Interesting test of the lower court judge's conviction.
We'll be watching you Every breath you take and every move you make Every law you break, every browser you take (We'll be watching you) Every single day and every suit you lay (We'll be watching you)
This company makes so many wrong moves and has set such precedent for losses I would hope every wrongfully blocked browser results in punitive damages in the hundreds of thousands for willfully violating the law and violating the computers integrity of those wrongfully blocked. There is federal law to turn on them for a change. They will have 'damaged' the affected computers without due process or service. and the demand for money puts them in the category of racketeering subject to RICO in my opinion.
if your answering machine required a passphrase to access the recordings, you could not be compelled to give up that passcode. But is is more convoluted than that. They are compelling your neighbor who built the answering machine, to give up the means to bypass the mechanism that "mission impossible's" the tape (held in a illicit way access to the tape destroys it). The FBI presumes it is possible. The FBI is pretty sure there is no useful information on the phone. The FBI booted one when the lawful owner was asked to change the Apple password associated with the phone. (They could have put the phone in a faraday cage on a charger as another person here suggested). And the FBI lied saying it would only apply to this one phone, and that it was no seeking a precedence setting rule. And one federal judge has already ruled in a similar case the Writs Act doesn't apply and Apple can't be compelled.
Apple US will become a design studio for Apple (insert best tax benefit country). All sales revenue will then go through that country. And considering some jurisdictions treatment of security is more sacrosanct than that of the US, given the incentives that having Apple development take place there would bring said country, Apple would move development there as well. Apple US would have a skeletal staff. The cost in US taxes and jobs would be substantial. Then Apple offshore profits then would be in part from US phone sales.
Court orders in these area are usually specific in that they release any and all tools to build the target software. They also frown on shenanigans like stripping all the comments and randomizing the variable and class names. But they do allow that it be accessed in a secure manner. So the DOJ could be required to have staff work in a locked room where Apple controls entry and exit, and that no electronic devices are allowed in that room. Only paper and pencil for notes and copies of those (since this is protective rather than adversarial) could be compelled to be allowed to be copied by Apple. It could be so strict that an Apple employee might be the only one to access the built image and convey it to a separate testing lab. I've been in such a restrictive environment and even my electronic watch (with no i/o, but marked "electronic" for the movement) stayed in a bag outside my work area.
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
First, they have to prove in court they have a legal right to seize the code and then show there is no other way, and that they can prevent it from being leaked absolutely, or post bond that if it is leaked Apple is compensated. Well, they can use an existing jailbreak for the level of iOS on the target phone. Then they can analyze and patch the iOS image to disable the check for number of attempts. And away they go... problem solved. Then they have to destroy the code after it is loaded onto the phone. Per the court order that this applies to one phone. So they really don't need Apple after all, do they.
Second, if Apple is compelled to hand over the crown jewels as it were, they should stipulate that the DOJ staff can only have access on Apple's campus on a computer secured against tampering and USB or other access, disable everything wireless but bluetooth (or use a USB mouse and keyboard with extra ports filled with epoxy, and disable all wireless) or withdrawal of any files except the Govt OS image. So a non-network connected computer preloaded by Apple, and in a shielded room with wireless keyboard and trackpad. Computer in a locked box. Apple should be allowed to monitor them, and scheduled access only. And Apple can of course get access to the changes they are making. The signing cert never leaves the computer in the high security zone. Even with those precautions Apple should immediately invalidate the signing cert and reissue a new one and new images for all the previously signed OS images. App images. etc. Anything signed by that cart should have an upgrade. Create new cert, Create new app and os images, Suggested Strongly that people accept the updates for security reasons. Then give the FBI access if required to do so.
If Britain drops the EU, then they can become a Schengen country (if the others agree) or adopt Schengen like rules and make agreements as needed. Add that to custom tailored rules that incentivize the talent they need and want coming to Britain and they could adopt rules like Australia with benefits for those immigrating with needed skillets and "discouraging" others from permanent immigration. The EU is not the pinnacle of European governmental success. It is an experiment with socialism on a wide scale in many aspects and has adversely affected the more prosperous countries that are well managed. Much like some divisions of a company that constantly lose money, but have the prestige of public presence (aka, Greece and promotion of Greek tourism), the company would benefit from propping up these divisions until they look attractive then spinning them off.
Apple has the ability to upload the operating system, is an assumption that may or may not be valid, while preserving the encryption. Essentially you force the phone into a state where a firmware update can be loaded. This is a given (DFU mode used for jailbreaking). What the government wants may or may not be feasible. Apple doesn't need a zero day exploit. They just sign the payload like any other update. But what the government wants makes assumptions that are not absolutely founded in reality. They assume Apple can make a new version of the OS that allows password attempts from a computer, and that they can disable the ability of the phone to wipe itself without having logged in previously. It is not clear those assumptions are accurate. The presumed protection to the general public is Apple can limit the custom OS version to one particular phone. This is the weak point in the governments court order. Given that modification of the custom iOS image would break the signature check and disallow it from being loaded on a different phone, it on glance seems secure enough, however, the ability of the hacking community to continually find jailbreak points of entry release after release pretty much signifies that the custom iOS payload could be modified for another iPhone, resigned or have the signature removed, and then loaded with the normal jailbreak means. So the reality is that Apple can attempt to restrict it to a single phone, but between the hacking community and government resources you'll see a new tool for breaking into iPhone in the governments catalog. And it will open Apple to liability suits, and further it will cost quite a lot to create the custom software version.
One possible deterrent is for apple to license the tool, and in the license prohibit modifications. Get the court order modified to bless that, and then also charge something like 250,000 dollars or more for doing the development. Each time it is requested. It is not unprecedented as cell carriers charge quite a bit in some cases just for records that exist on their systems. Phrase the cost / expense for the court order as requiring the FBI to pay $10 per line of code in all effected parts of the operating system, and $10 per line of code for testing. Not lines written. Each line, in the whole os. Which has to be tested. And each line in any apps or frameworks on the phone used to access the data. It could run into millions per phone. And all for a fishing expedition as they are unsure there is any useful information on the phone.
Did the pollsters add the information that the court limits it to this phone, and apple would have to create and test a new version of the iOS operating system code at the expense of potentially hundreds of thousands of dollars and likely a possibility of having to specifically hire additional people to make up for the diversion of resources internally in Apple to comply, as well as potentially delay the release of new versions of the iOS software in the normal flow, as well as potentially ripple the delay to delaying new products?
People seem to think this requires no effort or expense on Apple's part to comply with the request, where the reality is it affects the iOS family devices as a whole, and carries a considerable expense.
Additionally it is to cover for the sloppy government handling of the iCloud account associated with the phone in the first place.
And the open liability issue if their one of a kind OS version, tied to a single device and no other, fails catastrophically. Testing alone would be a nightmare as you'd have to duplicate the essential elements of the target phone on a test device, and then test against it...
Tim Cook is correct in denying compliance. It opens a huge can of worms (read liability) on Apple. And Tim's job is not to give the government free services and incur liability that can be avoided. It is to protect the fiduciary rights of the stockholders.
I think if the pollsters included a scale of what amount of money Apple should spend on compliance, as well as what amount of delay is acceptable for Apple's product shipment dates given as multiple choice questions, the results would be very different. You could be talking about delaying the next releases over a significant time period where apple not only losses expenses related to the compliance directly, but losses due to product delays and loss of market share as unencumbered companies have a DOJ wedge edge created.
Considering that the update must be signed by apple, and the phone needs to be in DFU to force the update, the simple solution is to reset the security chip on DFU update, and put the attempts counter on the security chip, independent of the OS. That eliminates the ability of any backdoor. The data is already secured in flash, they just want to enable the security silicon and retrieve the key. Make it so that a DFU update still doesn't grant access, make the security counter hardware on the same silicon, sort of a security baseband, only no security firmware updates allowed without the correct access granted to allow it. So no DFU security payload for this hypothetical extra chip. ARM cores are small and cheap. Just needs more processor power isolated from the rest of the system. Already done for the cell modem, just do it for security but even more isolation, all resources memory, flash, processor on the same isolated silicon. And make the JTAG/I2C testing have a fused link so no JTAG post manufacturing test acceptance.
You can actually lockup the boot on EFI macs so it requires a password to do anything. Even then the passcode is more discoverable as it isn't in secure silicon.
The backdoor is a future possibility. The iPhone they want to break into is in the present. Under the conditions that the iPhone in question has hardware encryption capabilities (3G or later) and is running iOS 8.x or later, which is likely, the cryptography key(s) needed are stored and used on a piece of silicon meant to be secure. Apple from outside that chip still has no means to extract the keys. If the iPhone is set to wipe itself after numerous failed attempts all it need do to accomplish this is wipe out the key itself stored on the secure silicon. What the court is asking is that Apple provide a means to go backwards in time. Apple cannot using conventional hardware technology or software technology recover the encryption key... What they could attempt to do is grind the secure chip casing and try to probe the silicon directly. Good luck with that.
Commercial companies charge for such services. Apple can just say that it requires a brute force attack to accomplish then charge per hour for trying to break into it. I'd put a mac mini on the job and just let it churn. Charge $280 an hour for the computer and other technical equipment use, hire a contractor to watch the monitor, and charge $300 an hour for the operators time. Oh and charge $250,000 to develop the software you'll need to develop to brute force it. Present this proposal to the court and request the invoicing information. Don't negotiate on price. In fact point out the pricing commonly used in the industry for fortune 500 companies providing consultants. I was billed out at $700 an hour (not making even 1/10 that myself) in the 80s. IBM has charged over $1100 an hour for their consultants in the past. Let the court know results are not guaranteed in a timely manner, or if ever, cite the probable nature of timing the solution such that a LEO or the sun going nova are possible interruptions to the task beyond Apple's control.
The court may then understand that based on the current mathematics and computer resources it is not a feasible solution by any means. Then if they are mercenary state that of course the solution may be discovered in the first hour or sooner, though statistically very unlikely.
I have done some forensics work in software. The most secure setup was a room with cameras, the computers in a locked box, PS/2 keyboard and mouse with attached cords that go into the locked box, VGA only monitor, and a printer filled with pre-numbered sheets of paper. I emptied all my electronics including watch, no calculator, no phone, etc. Allowed items were a pen/pencil and notepad. I was escorted into the room (roughly 1500 miles from my office) the paper was loaded by the escort. When I wanted to leave the room I pressed a buzzer button. The escort collected the printouts, and the paper supply. briefly looked to see if there were obvious missing pages. They can't see my notepad, and my instructions were to write small, though the cameras were not supposed to see the monitor or desk surface. After their side examined the pages I printed out, they allowed a lawyer to pick up the copies, as I had to review the printouts in the lawyers offices and not personally ever posses them. Under those conditions with a 10 hour work day (8 onsite, 2 writing up the days notes onto a computer at the hotel room) it is amazing how little code can be reviewed in a day. They did allow tools of our choice to be installed on the computers at their expense. And they installed the software versions we said were suspect in source form.
Under these conditions, if you forced them on developers, you'd be paying them what I was paid for forensic investigation, somewhere around $250-300 an hour if you want top quality people. And they will burnout in short order, so keep a queue filled with replacements. I could do that for only short bursts at a time.
Even then, I could have copied the code onto paper line by line. And in some cases did for short segments that showed infringement.
In even the harshest of conditions code can still leak. But your biggest weak point is if your network is not air gapped and you use source code control, keeping the social engineering aspect in check so you aren't hacked. For contractors and employees, only hire ones you trust and depend on NDAs and integrity. And a VPN that is appropriately encrypted is like working in the office. Supply the computers and you can install monitoring software on them, and USB management software to provide gentle no-no-no reminders as they try to work they way they normally would.
Slashdot Mirror
So it is down to paying government employees bribes to actually do the job they are hired to do ... Why not fine the ones that over classify the information instead ...
And such plans actually don't work.
If the candidates were open and transparent AND if voters only cared about ability to govern, then no one could influence the election. But that isn't going to happen. But labor unions by far and away have the largest influence vector for elections, followed by large corporations. Large corporations by the amount of money they contribute, usually have more influence on a continuing basis, but often hedge their bets by donating to both sides in the election. Lately though some large entities (I'm looking at you Facebook!) have stopped any pretense of neutral news reporting and might as well be looked upon as strictly aligned with particular candidates. Labor unions strongly influence elections by the sheer number of their Sheeple following the edicts of their labor union "bosses". Not to say all do, but a large enough number to sway some elections. If all candidates where required to be open and transparent and there was a mechanism to expose when they weren't and if so called fact finding organizations where unbiased and not supportive of any particular candidate, and news organizations were actually news organizations, not thinly veneered arms of entities with a political agenda then the voters would be presented with a neutral view that was unbiased to choose from. Foreign governments influence on American elections is a "red" herring. The domestic influencers actually do influence the outcome.
Separate IMDB into the promotional site and the informational site; spin the informational site off as a 501(c(3)) non-profit. Make the for profit promotional site a permanent trustee and committed donor to the informational site, while IMDB-Pro operates as a for profit site. Even if denied federal non-profit status, they'd still be separate and exempt from the California law, IMNALO (In My Not A Lawyer Opinion)... They might consult some lawyers to see if that's viable. Alternately do what other corporations do when presented a hostile environment by a state. Move and that the jobs out of state.
Just remember that the rule before Save the Passenger or Save the Crowd is the very most important rule:
Save the Cheerleader; Save the World.
Not to mention he is representing Apple, who built the iOS App store mainly on free content and content where Apple drove the market cost to new lows for software. And for content with a price, took an unprecedented 30% of gross revenue. Apple set the stage for lowering the bar and abuse of content providers. Now, I actually like Apple. And they opened the door for many software projects that would not otherwise have been done. Much as You Tube opened the door for many starting artists. If this yipping dog artist has a copyright complaint, better to voice it to You Tube administration and get it taken down. But ... statistics have shown that leaked free content results in larger sales. So complain about the "piracy" all the way to the bank.
This ranks up there with the most idiotic statement recently made by someone in the music industry.
Not so limited as you might think. Just knows all of them. iPhone 4S is still supported with the current iOS as is the iPad 2. So iPhone 4S 5 5S 5C 6 6S 6+ and 6S+ plus iPad 2 3 Air Air2 Pro(12) Pro(9). So 14 models not counting CDMA and market variants which add more sub variations. Oh and on the iPad side, with cellular and without. So in some cases the base model could have 4 variants, or more.
The Android problem is low margins to get market share, and no incentive for the diverse manufacturers to update beyond the peak sales repurchase cycle. And some makers are just pitiful. Amazon Fire Phone comes to mind, my Android mobile device test rig with so much promise, and next to no delivery. When updates were produced they lagged a full major Android release.
Since they now will publish vulnerabilities they know, and which have been fixed, and how they determine what is important to fix!!!
Don't train your replacements. If unionized, strike. maybe strike anyway.
Second immediately go to competing media and take out ads advising the public what is happening. write editorials for other media.
Talk to your government representatives about the American press being outsourced to India.
Then explain to management about a cable equipment supplier in Pennsylvania that was going bankrupt. At the last moment a "White Knight" appeared. During the phase of doing do diligence they discovered that there IT and IT development was outsourced to India. The White Knight who was bailing them out, they dropped the offer as the little cable company in trouble actually owned very very little at that point that they had control over... And the WK didn't want to be dependent on outsourced IT were they no longer even had the current source or databases in the US.
The information is the real value, hold it in a third parties hands overseas, and you court disaster. This is not to say that overseas outsourcing is inherently bad, just non tech companies do a horrible job providing for contingencies and keeping domestic...
Well, some powerful legal scholars and the court cases they describe disagree and state that in this exact predicament the 5th does apply. The so called Fischer test fails on point 3 and the burden is on the government. They warn that if this were not the case one could be jailed for contempt, and that is exactly what happened in this case. Likely the incarcerated lawyer did not push this hard enough, or the judge chose to ignore it. But without all the details we may fall short of the understanding needed to make an argument one way or the other. But understanding this person may not know, may have forgotten, or some other individual may have applied the FileVault passphrase, or may just be such a willful person (and two years makes that self evident) that he will never reveal the passphrase if he knows it; he should be released. The current zeal the courts are using to make encryption a worthless technology is unwarranted. Least people think this is a new problem, read the paper from the above link. Thomas Jefferson invented an encryption for mailed messages that was not broken for 100 years apparently. this problem is not modern at all and has been tested in courts since the beginnings of the U.S.A.
... and in the former would violate the defendants rights in yet another way.
Consider if this hard drive contains emails between this defendant and his lawyer, thus privileged communications. Or contains material related to confidential informants. Disclosure in open court could be disastrous
We have lost sight of the American concept that it is better to let a dozen guilty people go free that to jail one innocent man. Our prisons have uncounted numbers of innocents, some lucky enough to have people interested in freeing them to preserver until they are vindicated. Some innocents die having exhausted all appeals and they are executed. It is very sobering to look at The Innocence Project and understand many of these people lost decades behind bars while innocent.
The privilege of not testifying against a family member is only extended to the spouse. The feeling is that because of the intimate relationship they are likely to share all aspects of their life, so are for this purpose the same entity. They may however voluntarily testify against their spouse, unlike lawyers and doctors whose privilege is based on professional ethics. But, say, someone's brother is called to testify, they can be compelled to do so.
I suggest that a higher court does not release him, but rather orders the lower court judge to withdraw the contempt charge as inappropriate. Then if the lower court judge fails to comply, that judge will be in contempt and they can share a cell. Interesting test of the lower court judge's conviction.
We'll be watching you
Every breath you take and every move you make
Every law you break, every browser you take (We'll be watching you)
Every single day and every suit you lay (We'll be watching you)
This company makes so many wrong moves and has set such precedent for losses I would hope every wrongfully blocked browser results in punitive damages in the hundreds of thousands for willfully violating the law and violating the computers integrity of those wrongfully blocked. There is federal law to turn on them for a change. They will have 'damaged' the affected computers without due process or service. and the demand for money puts them in the category of racketeering subject to RICO in my opinion.
Or if an update while locked was not able to be forced on the phone, and also wiped the secure key.
if your answering machine required a passphrase to access the recordings, you could not be compelled to give up that passcode. But is is more convoluted than that. They are compelling your neighbor who built the answering machine, to give up the means to bypass the mechanism that "mission impossible's" the tape (held in a illicit way access to the tape destroys it). The FBI presumes it is possible. The FBI is pretty sure there is no useful information on the phone. The FBI booted one when the lawful owner was asked to change the Apple password associated with the phone. (They could have put the phone in a faraday cage on a charger as another person here suggested). And the FBI lied saying it would only apply to this one phone, and that it was no seeking a precedence setting rule. And one federal judge has already ruled in a similar case the Writs Act doesn't apply and Apple can't be compelled.
Apple US will become a design studio for Apple (insert best tax benefit country). All sales revenue will then go through that country. And considering some jurisdictions treatment of security is more sacrosanct than that of the US, given the incentives that having Apple development take place there would bring said country, Apple would move development there as well. Apple US would have a skeletal staff. The cost in US taxes and jobs would be substantial. Then Apple offshore profits then would be in part from US phone sales.
Court orders in these area are usually specific in that they release any and all tools to build the target software. They also frown on shenanigans like stripping all the comments and randomizing the variable and class names. But they do allow that it be accessed in a secure manner. So the DOJ could be required to have staff work in a locked room where Apple controls entry and exit, and that no electronic devices are allowed in that room. Only paper and pencil for notes and copies of those (since this is protective rather than adversarial) could be compelled to be allowed to be copied by Apple. It could be so strict that an Apple employee might be the only one to access the built image and convey it to a separate testing lab. I've been in such a restrictive environment and even my electronic watch (with no i/o, but marked "electronic" for the movement) stayed in a bag outside my work area.
"For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
First, they have to prove in court they have a legal right to seize the code and then show there is no other way, and that they can prevent it from being leaked absolutely, or post bond that if it is leaked Apple is compensated. Well, they can use an existing jailbreak for the level of iOS on the target phone. Then they can analyze and patch the iOS image to disable the check for number of attempts. And away they go ... problem solved. Then they have to destroy the code after it is loaded onto the phone. Per the court order that this applies to one phone. So they really don't need Apple after all, do they.
Second, if Apple is compelled to hand over the crown jewels as it were, they should stipulate that the DOJ staff can only have access on Apple's campus on a computer secured against tampering and USB or other access, disable everything wireless but bluetooth (or use a USB mouse and keyboard with extra ports filled with epoxy, and disable all wireless) or withdrawal of any files except the Govt OS image. So a non-network connected computer preloaded by Apple, and in a shielded room with wireless keyboard and trackpad. Computer in a locked box. Apple should be allowed to monitor them, and scheduled access only. And Apple can of course get access to the changes they are making. The signing cert never leaves the computer in the high security zone. Even with those precautions Apple should immediately invalidate the signing cert and reissue a new one and new images for all the previously signed OS images. App images. etc. Anything signed by that cart should have an upgrade. Create new cert, Create new app and os images, Suggested Strongly that people accept the updates for security reasons. Then give the FBI access if required to do so.
If Britain drops the EU, then they can become a Schengen country (if the others agree) or adopt Schengen like rules and make agreements as needed. Add that to custom tailored rules that incentivize the talent they need and want coming to Britain and they could adopt rules like Australia with benefits for those immigrating with needed skillets and "discouraging" others from permanent immigration. The EU is not the pinnacle of European governmental success. It is an experiment with socialism on a wide scale in many aspects and has adversely affected the more prosperous countries that are well managed. Much like some divisions of a company that constantly lose money, but have the prestige of public presence (aka, Greece and promotion of Greek tourism), the company would benefit from propping up these divisions until they look attractive then spinning them off.
Apple has the ability to upload the operating system, is an assumption that may or may not be valid, while preserving the encryption. Essentially you force the phone into a state where a firmware update can be loaded. This is a given (DFU mode used for jailbreaking). What the government wants may or may not be feasible. Apple doesn't need a zero day exploit. They just sign the payload like any other update. But what the government wants makes assumptions that are not absolutely founded in reality. They assume Apple can make a new version of the OS that allows password attempts from a computer, and that they can disable the ability of the phone to wipe itself without having logged in previously. It is not clear those assumptions are accurate. The presumed protection to the general public is Apple can limit the custom OS version to one particular phone. This is the weak point in the governments court order. Given that modification of the custom iOS image would break the signature check and disallow it from being loaded on a different phone, it on glance seems secure enough, however, the ability of the hacking community to continually find jailbreak points of entry release after release pretty much signifies that the custom iOS payload could be modified for another iPhone, resigned or have the signature removed, and then loaded with the normal jailbreak means. So the reality is that Apple can attempt to restrict it to a single phone, but between the hacking community and government resources you'll see a new tool for breaking into iPhone in the governments catalog. And it will open Apple to liability suits, and further it will cost quite a lot to create the custom software version.
One possible deterrent is for apple to license the tool, and in the license prohibit modifications. Get the court order modified to bless that, and then also charge something like 250,000 dollars or more for doing the development. Each time it is requested. It is not unprecedented as cell carriers charge quite a bit in some cases just for records that exist on their systems. Phrase the cost / expense for the court order as requiring the FBI to pay $10 per line of code in all effected parts of the operating system, and $10 per line of code for testing. Not lines written. Each line, in the whole os. Which has to be tested. And each line in any apps or frameworks on the phone used to access the data. It could run into millions per phone. And all for a fishing expedition as they are unsure there is any useful information on the phone.
Did the pollsters add the information that the court limits it to this phone, and apple would have to create and test a new version of the iOS operating system code at the expense of potentially hundreds of thousands of dollars and likely a possibility of having to specifically hire additional people to make up for the diversion of resources internally in Apple to comply, as well as potentially delay the release of new versions of the iOS software in the normal flow, as well as potentially ripple the delay to delaying new products?
...
People seem to think this requires no effort or expense on Apple's part to comply with the request, where the reality is it affects the iOS family devices as a whole, and carries a considerable expense.
Additionally it is to cover for the sloppy government handling of the iCloud account associated with the phone in the first place.
And the open liability issue if their one of a kind OS version, tied to a single device and no other, fails catastrophically. Testing alone would be a nightmare as you'd have to duplicate the essential elements of the target phone on a test device, and then test against it
Tim Cook is correct in denying compliance. It opens a huge can of worms (read liability) on Apple. And Tim's job is not to give the government free services and incur liability that can be avoided. It is to protect the fiduciary rights of the stockholders.
I think if the pollsters included a scale of what amount of money Apple should spend on compliance, as well as what amount of delay is acceptable for Apple's product shipment dates given as multiple choice questions, the results would be very different. You could be talking about delaying the next releases over a significant time period where apple not only losses expenses related to the compliance directly, but losses due to product delays and loss of market share as unencumbered companies have a DOJ wedge edge created.
Considering that the update must be signed by apple, and the phone needs to be in DFU to force the update, the simple solution is to reset the security chip on DFU update, and put the attempts counter on the security chip, independent of the OS. That eliminates the ability of any backdoor. The data is already secured in flash, they just want to enable the security silicon and retrieve the key. Make it so that a DFU update still doesn't grant access, make the security counter hardware on the same silicon, sort of a security baseband, only no security firmware updates allowed without the correct access granted to allow it. So no DFU security payload for this hypothetical extra chip. ARM cores are small and cheap. Just needs more processor power isolated from the rest of the system. Already done for the cell modem, just do it for security but even more isolation, all resources memory, flash, processor on the same isolated silicon. And make the JTAG/I2C testing have a fused link so no JTAG post manufacturing test acceptance.
You can actually lockup the boot on EFI macs so it requires a password to do anything. Even then the passcode is more discoverable as it isn't in secure silicon.
The backdoor is a future possibility. The iPhone they want to break into is in the present. Under the conditions that the iPhone in question has hardware encryption capabilities (3G or later) and is running iOS 8.x or later, which is likely, the cryptography key(s) needed are stored and used on a piece of silicon meant to be secure. Apple from outside that chip still has no means to extract the keys. If the iPhone is set to wipe itself after numerous failed attempts all it need do to accomplish this is wipe out the key itself stored on the secure silicon. What the court is asking is that Apple provide a means to go backwards in time. Apple cannot using conventional hardware technology or software technology recover the encryption key ... What they could attempt to do is grind the secure chip casing and try to probe the silicon directly. Good luck with that.
Commercial companies charge for such services. Apple can just say that it requires a brute force attack to accomplish then charge per hour for trying to break into it. I'd put a mac mini on the job and just let it churn. Charge $280 an hour for the computer and other technical equipment use, hire a contractor to watch the monitor, and charge $300 an hour for the operators time. Oh and charge $250,000 to develop the software you'll need to develop to brute force it. Present this proposal to the court and request the invoicing information. Don't negotiate on price. In fact point out the pricing commonly used in the industry for fortune 500 companies providing consultants. I was billed out at $700 an hour (not making even 1/10 that myself) in the 80s. IBM has charged over $1100 an hour for their consultants in the past. Let the court know results are not guaranteed in a timely manner, or if ever, cite the probable nature of timing the solution such that a LEO or the sun going nova are possible interruptions to the task beyond Apple's control.
The court may then understand that based on the current mathematics and computer resources it is not a feasible solution by any means. Then if they are mercenary state that of course the solution may be discovered in the first hour or sooner, though statistically very unlikely.
I have done some forensics work in software. The most secure setup was a room with cameras, the computers in a locked box, PS/2 keyboard and mouse with attached cords that go into the locked box, VGA only monitor, and a printer filled with pre-numbered sheets of paper. I emptied all my electronics including watch, no calculator, no phone, etc. Allowed items were a pen/pencil and notepad. I was escorted into the room (roughly 1500 miles from my office) the paper was loaded by the escort. When I wanted to leave the room I pressed a buzzer button. The escort collected the printouts, and the paper supply. briefly looked to see if there were obvious missing pages. They can't see my notepad, and my instructions were to write small, though the cameras were not supposed to see the monitor or desk surface. After their side examined the pages I printed out, they allowed a lawyer to pick up the copies, as I had to review the printouts in the lawyers offices and not personally ever posses them. Under those conditions with a 10 hour work day (8 onsite, 2 writing up the days notes onto a computer at the hotel room) it is amazing how little code can be reviewed in a day. They did allow tools of our choice to be installed on the computers at their expense. And they installed the software versions we said were suspect in source form.
Under these conditions, if you forced them on developers, you'd be paying them what I was paid for forensic investigation, somewhere around $250-300 an hour if you want top quality people. And they will burnout in short order, so keep a queue filled with replacements. I could do that for only short bursts at a time.
Even then, I could have copied the code onto paper line by line. And in some cases did for short segments that showed infringement.
In even the harshest of conditions code can still leak. But your biggest weak point is if your network is not air gapped and you use source code control, keeping the social engineering aspect in check so you aren't hacked. For contractors and employees, only hire ones you trust and depend on NDAs and integrity. And a VPN that is appropriately encrypted is like working in the office. Supply the computers and you can install monitoring software on them, and USB management software to provide gentle no-no-no reminders as they try to work they way they normally would.