Silly rabbit, it wasn't anybody worried about protecting evidence or trained in that, it was a county health worker worried that confidential health department data might be on the phone. The standard practice is to reset the password... so that you can wipe the device, not so that you can preserve it.
So basically, if Apple can do it at all, then the backdoor already exists, and is already awaiting exploitation.
The difference is the same as the difference between: The house has a backdoor. The house has enough space between the support beams to design and install a back door, but you'd have to know where the wiring and plumbing is first.
Wait, you thought that violating sanctions against Serbia during crimes against humanity is only about not having "permission?" Wow.
People reading this should be aware that he is trying to say that Bobby Fischer was only charged with doing financial business in violation of sanctions, during a military conflict, because he didn't "get permission." No, it is because he was materially supporting crimes against humanity. Those crimes are not based on "permission." They are not crimes relating to contempt of cop, which is what you want to reduce it to.
As a rated tournament chess player, your attempt to re-write history disgusts me.
For people wondering, "WTF" this is what this is about:
United States District Court for the District of Columbia
Holding a Criminal Term
Grand Jury Sworn on October 29, 1991
UNITED STATES of AMERICA
vs.
ROBERT JAMES FISCHER
Criminal No. Grand Jury Original
Violation 50 USC 1701, 1702, and 1705
(International Emergency Economic Powers Act )
INDICTMENT
The Grand Jury Charges that:
From on or about July 11, 1992 to on or about November 5, 1992, within the jurisdiction of the District of Columbia and elsewhere, the defendant ROBERT JAMES FISCHER, a United States person, did knowingly and willfully perform a contract in support of a commercial project in the Federal Republic of Yugoslavia (Serbia and Montenegro), in that the defendant ROBERT JAMES FISCHER did enter into and perform a contract between the defendant, the Jugoskandic Company of Belgrade, Yugoslavia and Boris Spassky to participate in the "World Chess Championship Match" in the Federal Republic of Yugoslavia (Serbia and Montenegro), for a cash purse of $5 million in United States currency and a percentage of revenues from the commercial gain as a result of the performance of the aforementioned contract.
( In violation of Title 50 USC 1701, 1702, and 1705 and Executive Order 12810)
How is violating sanctions somehow patriotic? Also note that we ended up going to war with Serbia, because the sanctions were not effective. This was a real conflict, and the sanctions were real sanctions. And they were clearly violated materially, it is not some innocent technicality.
False, it is legally well-established that when Congress authorizes money for a military action, that is the "declaration" that the War Powers Resolution and other documents talks about. There is not, and never was, a Declaration of War Form that gets filled out. Congress doesn't like to use the word, but they still authorize wars.
As an example, the Authorization for use of Force against Terrorists of 2001 specifically says that it satisfies the declaration of war requirement, even though it doesn't use the term. Here is the type of language Congress uses when it explicitly declares war:
(1) SPECIFIC STATUTORY AUTHORIZATION- Consistent with section 8(a)(1) of the War Powers Resolution, the Congress declares that this section is intended to constitute specific statutory authorization within the meaning of section 5(b) of the War Powers Resolution."
Law has to be learned by reading. It can't be learned by listening to complainers in a tavern.
The situation in Korea is that the UN declared war, not the US, and there was never a formal resolution at that level. US soldiers who fought in the Korean War were not fighting on the side of the US, or South Korea, they were fighting under the banner of the UN. It is hilarious that people not only bungle the status of US wars, but their one claimed exception doesn't even apply. It seems to be rooted in this mythical belief in a war declaration long form.
A bit off-topic, but I'm going to love the debates in the general election when those candidates have to debate this against the backdrop of Snowden. Right now the Republican candidates are having a shouting contest over this only in the context of terrorism. In the general election, the broader issue of rights will be discussed, and they're going to have a hard time reconciling this standing across from somebody arguing that it violates people's rights. So far both the Democrats are refusing to "take a side" in the legal issue, but their response is also to talk about believing in privacy and supporting encryption rights. So as the shouting dies down, and the case matures a little, this is going to get more interesting than it is now.
No, actually if you read slashdot you'd know that most of us do hate Apple, and yet Apple is in the legal right on this issue. They're still a elitist walled garden that I not only wouldn't be seen in, my stuff wouldn't even work there because I won't use proprietary toolsets.
I can hate Apple at the same time that I point out they're in the right on this case, that the cases the FBI cites actually support Apple if you read the rulings, and that this will get overturned on appeal. I can hate them at the same time I speak out in defense of their right to choose their own stinky speech, they shouldn't have to substitute the FBI's stinky speech for their own. I can hate them at the same time that I acknowledge that software is speech, even if I think that software shouldn't be covered by copyright. I can hate them at the same time that I recognize that they don't write custom firmware to hack phones as part of their business, and that they don't have or want to have the tool for use in their own internal processes.
Apple doesn't claim to protect the rebellion from the government, they claim to not be in the business of hacking phones or writing custom firmware to do so. They claim the data on the phone is very private and nobody can access it without the password, and the data on the cloud is less private but requires a legit government request according to local customs. Of course China can get access to data stored on servers in China. Duh.
Why try to shout BS when you knew you didn't have the details? Oh, right, you're just here to shout "China Scary!"
Yeah, if you wiggle hard enough while you read it, it almost looks like the words are wiggling. I kinda see your point. I guess I'd have to view it while riding in a bouncy truck to misconstrue the rest.
It's more like asking a safe manufacturer to unlock one of their customers' safes.
To which, of course, the correct response is "Why the hell does the safe manufacturer have the ability to unlock the safe in the first place?".
It is exactly like that, because there is a service for opening safes, and it is called a "locksmith," and not all safe manufacturers offer locksmithing services. Some do, some do not. The manufacturer is usually hired to help the locksmith determine where to drill, but they don't actually do the work.
This is the same; there are companies that offer services to write custom firmware; Apple isn't one of those companies, and the firmware in question is not a tool that they have and use internally. Furthermore, the FBI admits that it knows that if Apple got into this line of work it would affect their public image; they can't accuse Apple of PR without implying that they know there is a market affect on them.
In the NY pen register case that the FBI cited, the tool that the phone company was asked to use already existed, and was being used by the company for similar purposes; and further, the company already used the tool to provide (paid) services to law enforcement at other jurisdictional levels where it was clearly allowed. The company was happy to "lose" the case; they only said "no" because they thought they weren't allowed to say yes. If Apple was already using the tool internally, this would be a different case; it would be the case the FBI is claiming it is.;)
That is without even getting to the part where firmware is copyrighted speech and Apple doesn't want to say those things.
American hw and sw is already a hard sell outside of US.
Export data begs to differ.;)
It turns out that pundits writing anti-American stuff in foreign media is not the same thing as lost sales. Who knew?! Oh, right, the marketing people. Turns out they did know something, even if it wasn't what the product features are.;)
Gosh, if it is so hard to sell American software and hardware, why is the demand so high? Oh, right, there are people who disagree with you even in your own country, but you pretend they don't exist. It might turn out, they even have money and are the ones choosing which software and hardware to buy.
Not all foreign business people are more scared of the US Government than their own Government, did you consider that? Lets say, just as example, that it is possible an audit would come up with a different tax amount than the company had claimed. Which Government cares, the US Government, or their own local Government? Which government presents a real risk of corrupt or coercive demands for payouts? Which government's corruption would potentially expose them to local organized crime, with local wrenches? It may be that even the magazines publishing breathless anti-American conjecture about lost hardware sales are still going out of their way to buy US networking hardware. And that factories in countries that are US allies prefer to buy US factory equipment rather than equipment from a nearby company that is more likely to have information stolen by competitors. We have corruption in the US, but of a different sort than many places in the world. This is a whole country where offering bribes will land you in jail, it is not an accepted practice. This is a country where the sugardrink companies call the police when somebody tries to sell them their competitor's recipe. Foreign companies often care more about that than they do about breathless blahblahs.
This is absolutely the wrong case to fight that other fight, but this fight might be more important.
That said, I don't really care what some hardware companies have to say. They might not even have a strong record as any sort of moral or legal authority.;)
The debate that matters here is the legal debate that lawyers are having. Congress is incapable of action on either side of this, and Joe Schmoe's opinion is irrelevant. And, most Schmoes don't understand the difference between opinions and analysis, or how it affects the type of analysis that is useful to do in cases where nobody is going to ask your opinion because you're not a professional in the relevant field.
The EFF's involvement is a lot more meaningful than the opinions of hardware companies.
That is still just hand-waving, though. Those are secret details, without a published datasheet we can't claim them to be secure. It is just an impossible promise. It isn't a technical impossibility to use it on another device; it rests on promises and unknowns. You can't base a guarantee on an unknown. All the FBI can say that is actually true would be, "we promise to try to keep anybody from stealing it." I actually believe them on that part, I might be in the minority there. But they can't enforce it; government computers get broken into all the time, government facilities get broken into, valuable evidence goes missing during trials, even when the evidence was collected by the FBI.
People making impossible promises are not being honest about what they have the capability to promise.
You don't know it can't be exploited without Apple's key. The existence of the key suggests at a minimum that it is harder to exploit without the key, but that is all we really know. There are multiple hardware chips that have to communicate, and it is all proprietary black boxes. There are multiple black boxes. We also know that later models have improved security; why would they have improved it, if there was already no way to bypass? The most obvious answer is that the iPhone 5 is less secure than you claim, and that the public does not currently know the details of the weaknesses.
As far as the bigger issue, most people aren't even aware of what a "magistrate" judge is, and if they even are intended to have the authority to create precedent.;) This has almost no chance of being sustained on appeal. It will be tossed out, and the funny part is that the legal analysis (check legal blogs for that) is that even the cases the FBI is citing don't actually support their claims. Their main one is the NY pen register case, but the thing there is that the company was already installing the tech for the pen register internally for fraud prevention and service monitoring. They also were also installing it for law enforcement, and getting paid a normal profit for it. So it was their normal business, they just didn't think they were legally allowed to say "yes" in that case until the SCOTUS said it was OK. The key to it being OK is that similar searches were already being done, there just wasn't a specific statute that covered that case at the Federal level. The Court found it to be a fairly normal search, just using new technology. The specific features that the court pointed to in that case could easily lead a person to believe that it helps Apple here. Actually, it rather obviously helps Apple, as they don't normally do this work or install this sort of equipment. The court specifically took up the concern of it being used more broadly, and made clear that it wasn't intended to. The whole thing is slam-dunk for Apple. The FBI is playing a PR game, even while accusing Apple of it; but Apple is the one with a solid case, just going by the cases that the FBI cited.
Feynman called it Baubleology or something like that, holding up baubles (pretty pictures at a different scale than humans normally see) and pretending that it is part of science. The purpose mainly seems to be to provide entertainment that gives the viewer the illusion of participating in science, but without having to participate in anything or learn anything. All you have to do is see the beauty in the picture, and gush, "isn't science awesome?!"
That said, all I cared about was the actual depth of the features comparative to Earth, and the false-color altitude image gave me exactly the data that is useful to me because I often work with GIS software and elevation maps. I was curious if the feature is comparable to Earth scarps and valleys, or if it is a gimmicky measurement that is really just a fissure that isn't fully fused, or whatever. And it is comparable, and impressive. The false color image makes clear the scale of the ridge compared to the curvature of the planet; it really does improve the visualization of the data.
As an aside, you might want to consider how being very lazy in your writing and not even using capitalization and punctuation might affect the connections you form in your brain when you communicate. You could be causing literal brain damage to yourself, at least in comparison to the alternative. Does it serve any purpose?
Is a dwarf human a human? OK, so is a dwarf planet a planet?
Pluto didn't "lose status," dwarf planets have the same rights as other planets. They are simply not in the same sub-group on every trait. It doesn't mean they're not planets.
Right, if you just presume that the banks can't afford computers, or don't have large budgets for that, or don't upgrade equipment... wow, you also haven't worked in the field, and don't know about the subject. And yet, you opened your keyboard anyways.
Yeah, just wave your hands and talk smack, that will cause you to magically be better at security programming than engineers at teh bank! Yeah, that's the ticket. Derpy-derp!
You're making assertions about Apple's security model that you can't support. You don't know the implementation details, and you can't promise that there are no other ways to make the change. You key in a specific technical detail without understanding the point; you can't audit something that is secret. You have to have complete knowledge of a system to even make those types of arguments. There is just no way for you to know how easy it is to make the hardware think it is a different phone. If you make an argument for security, but based on simply being ignorant of the details of a possible crack, that is just dishonesty. There is no way you can just promise your way out of not knowing. The FBI being really-awesome and you trusting them implicitly is fine, but they're not magical super-heros that can prevent theft by not knowing about the details of available cracks.
If you alter the binary file to replace the ID, it will not match the signature anymore and will not be allowed to run.
Maybe. We both know you won't have a citation that explains the actual conditions needed. You fail to recognize that that uncertainty works against you; it precludes the restrictive claims that certain things can't happen. We don't know what conditions are needed to trick that chip on that model to think it is on a different phone.
If this was an open protocol of some sort that is well documented and works the way you imagine, and has no unknown or unexpected attack vectors, then it would be true. But none of those are true. We don't know, and conjecture is not a transparent security audit of the hardware.
If you approach information that says a different thing than you expected, the first response should probably be to ask what you don't know, not just wave your hands and presume it is "silly." Worse, you should avoid embarrassing yourself with the claim that it is "plain" silly, because actually it is a mainstream argument that is a standard, traditional corollary to the point you did hear about that mention.
Yes, over time bugs are better known. That means they've already been mitigated. The new bugs that you don't know about, haven't been mitigated. In old-school *nix, it was normal to have ancient bugs in software specifically because it was very important to the security of the system and the known holes all had mitigation strategies.
It is still applicable. The reason a lot of youngsters these days are confused by the whole situation is that general purpose workstations that are frequently updated because they have applications that get updated, well those systems aren't locked down in the way a server is; those systems have poor security practices generally, because of the tradeoff between security and convenience. A person who doesn't care about the app updates can use the old system, and will likely be more secure even with the old bugs, if they're mitigating the ones that need mitigation.
If you ever meet a BOFH who manages secure routers, you should bring this up and ask them about it. You'll find out that the theory is well established, very strict, and has a great track record.
This is why many banks still have important code written in cobol running on `70s minicomputers. It isn't because they can't afford the upgrades, or don't like upgrading equipment; it is because the code is too important to introduce uncertainties, including the ones that fix bugs. Now, maybe you think that mainstream engineering practices that banks use is just silly stuff, not suited for serious professionals, but I would have to insist on differing.
Apple's ID isn't per-phone. Signing with that ID allows it to be used with all the iPhones, it doesn't lock it to a device.
Apple doesn't publish technical information about exactly how the firmware signing works. You can't assert details about how much protection is provided. It may be that the phone ID is transmitted unencrypted between the chips, and could be easily changed by a hardware man-in-the-middle.
You made assertions of "misinformation" that you can't back up, and instead of apologizing for going overboard and making person attacks, you just double down and try to defend the accusation. But differences of opinion or analysis are not misinformation; your accusation is not only that you think I'm wrong, but that you think I'm knowingly wrong. That is a serious accusation, and it is obviously false. You should admit you were wrong to make false claims about my motivations, and recognize that I'm presenting a real view that real professionals hold.;) You're ready to trust something as impossible simply because you didn't find the work-around yet. I believe claims of impossibility require very, very strong proof, and might still be suspect.
To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
No, it was the iCloud password that was changed, not the password for the phone. Had that not been changed, the Apple engineers who were assisting the FBI would likely have been able to get the phone to sync to iCloud, which may or may not have provided evidence, depending on the phone settings.
Details matter, even when talking about evidence custody chains.;)
Also, real world evidence handling is not as strict as represented by the CSI shows, and in this case whatever mishandling was done was not done by the prosecutors. When the prosecutors mishandle evidence, it gets thrown out as a punishment to the prosecutors and a brake on abuse. That is what the "fruit of the poison tree" is all about; punishing prosecutors for ignoring processes and procedures that were put in place to prevent legal abuses that were common in the pre-Constitution period. It is not done out of a broad belief that any evidence that went out of sight after a crime is inadmissible. That would be silly; a murder weapon might change hands numerous times on the black market before being recovered by law enforcement. It is still evidence. In this case some moron from IT at the County level did something bad, not the prosecutors. The person doesn't even work in law enforcement, they work in the health department. The Court isn't going to punish the prosecutors for the mistake of the health worker, so instead the Court would look at if the evidence has a real flaw; is there a reasonable accusation that it was altered, either by the health worker or by Apple? The Court would not worry about a chain of evidence here; that would cover the handling of the evidence after it was collected by law enforcement or prosecutors. This would be before that, so they would look at the material details of any accusation of tampering.
Also, the user of the phone is dead, and so not a suspect. This would be used against other speculative suspects, and so those people wouldn't be able to ask the court to throw it out based on prosecutorial misconduct that happened before they were a suspect. There wouldn't be anybody with standing to make that complaint. They could only challenge it by a material claim that there was a real problem, not just that the procedure hadn't been followed, unless the failure to follow procedure happened later in the process. This is similar to the situation where the police do a warrantless search of your friend, find evidence against you, but your "friend" refuses to challenge the search. Oops, too bad, you can't challenge it for him, and the evidence will be admitted. That happens a lot in drug cases, actually.
Conscription has always been allowed by the Constitution specifically giving Congress the right to raise armies. That was the standard method of raising an army at that time. It also balances that power with a 2 year funding limit; the House of Representatives is elected every 2 years, so if the voters don't like how it is being done, they have a chance to elect different reps.
So no, that does not provide any sort of precedent.
Sorry, he's speaking a regional American dialect. Allow me to translate it into Cosmopolitan English:
Waaaaaaaaa the President is black and nobody stopped it from happening waaaaaaaaaaaaaaaaaaaa... death of America... hippies... Carter... Pinko Apple Commies
There would be no showdown, a tax that applies to just one company isn't going to be proposed, can't be enacted by the executive branch, has no support in Congress, and wouldn't be allowed by the Court.
You have some fantasy ideas about how government works, but my advice to you is to listen to less AM radio, and read about civics. And I'm talking about reading an encyclopedia, not a political platform.
Silly rabbit, it wasn't anybody worried about protecting evidence or trained in that, it was a county health worker worried that confidential health department data might be on the phone. The standard practice is to reset the password... so that you can wipe the device, not so that you can preserve it.
So basically, if Apple can do it at all, then the backdoor already exists, and is already awaiting exploitation.
The difference is the same as the difference between:
The house has a backdoor.
The house has enough space between the support beams to design and install a back door, but you'd have to know where the wiring and plumbing is first.
Wait, you thought that violating sanctions against Serbia during crimes against humanity is only about not having "permission?" Wow.
People reading this should be aware that he is trying to say that Bobby Fischer was only charged with doing financial business in violation of sanctions, during a military conflict, because he didn't "get permission." No, it is because he was materially supporting crimes against humanity. Those crimes are not based on "permission." They are not crimes relating to contempt of cop, which is what you want to reduce it to.
As a rated tournament chess player, your attempt to re-write history disgusts me.
For people wondering, "WTF" this is what this is about:
How is violating sanctions somehow patriotic? Also note that we ended up going to war with Serbia, because the sanctions were not effective. This was a real conflict, and the sanctions were real sanctions. And they were clearly violated materially, it is not some innocent technicality.
False, it is legally well-established that when Congress authorizes money for a military action, that is the "declaration" that the War Powers Resolution and other documents talks about. There is not, and never was, a Declaration of War Form that gets filled out. Congress doesn't like to use the word, but they still authorize wars.
As an example, the Authorization for use of Force against Terrorists of 2001 specifically says that it satisfies the declaration of war requirement, even though it doesn't use the term. Here is the type of language Congress uses when it explicitly declares war:
( https://en.wikipedia.org/wiki/... )
Law has to be learned by reading. It can't be learned by listening to complainers in a tavern.
The situation in Korea is that the UN declared war, not the US, and there was never a formal resolution at that level. US soldiers who fought in the Korean War were not fighting on the side of the US, or South Korea, they were fighting under the banner of the UN. It is hilarious that people not only bungle the status of US wars, but their one claimed exception doesn't even apply. It seems to be rooted in this mythical belief in a war declaration long form.
A bit off-topic, but I'm going to love the debates in the general election when those candidates have to debate this against the backdrop of Snowden. Right now the Republican candidates are having a shouting contest over this only in the context of terrorism. In the general election, the broader issue of rights will be discussed, and they're going to have a hard time reconciling this standing across from somebody arguing that it violates people's rights. So far both the Democrats are refusing to "take a side" in the legal issue, but their response is also to talk about believing in privacy and supporting encryption rights. So as the shouting dies down, and the case matures a little, this is going to get more interesting than it is now.
No, actually if you read slashdot you'd know that most of us do hate Apple, and yet Apple is in the legal right on this issue. They're still a elitist walled garden that I not only wouldn't be seen in, my stuff wouldn't even work there because I won't use proprietary toolsets.
I can hate Apple at the same time that I point out they're in the right on this case, that the cases the FBI cites actually support Apple if you read the rulings, and that this will get overturned on appeal. I can hate them at the same time I speak out in defense of their right to choose their own stinky speech, they shouldn't have to substitute the FBI's stinky speech for their own. I can hate them at the same time that I acknowledge that software is speech, even if I think that software shouldn't be covered by copyright. I can hate them at the same time that I recognize that they don't write custom firmware to hack phones as part of their business, and that they don't have or want to have the tool for use in their own internal processes.
Apple doesn't claim to protect the rebellion from the government, they claim to not be in the business of hacking phones or writing custom firmware to do so. They claim the data on the phone is very private and nobody can access it without the password, and the data on the cloud is less private but requires a legit government request according to local customs. Of course China can get access to data stored on servers in China. Duh.
Why try to shout BS when you knew you didn't have the details? Oh, right, you're just here to shout "China Scary!"
Yeah, if you wiggle hard enough while you read it, it almost looks like the words are wiggling. I kinda see your point. I guess I'd have to view it while riding in a bouncy truck to misconstrue the rest.
It's more like asking a safe manufacturer to unlock one of their customers' safes.
To which, of course, the correct response is "Why the hell does the safe manufacturer have the ability to unlock the safe in the first place?".
It is exactly like that, because there is a service for opening safes, and it is called a "locksmith," and not all safe manufacturers offer locksmithing services. Some do, some do not. The manufacturer is usually hired to help the locksmith determine where to drill, but they don't actually do the work.
This is the same; there are companies that offer services to write custom firmware; Apple isn't one of those companies, and the firmware in question is not a tool that they have and use internally. Furthermore, the FBI admits that it knows that if Apple got into this line of work it would affect their public image; they can't accuse Apple of PR without implying that they know there is a market affect on them.
In the NY pen register case that the FBI cited, the tool that the phone company was asked to use already existed, and was being used by the company for similar purposes; and further, the company already used the tool to provide (paid) services to law enforcement at other jurisdictional levels where it was clearly allowed. The company was happy to "lose" the case; they only said "no" because they thought they weren't allowed to say yes. If Apple was already using the tool internally, this would be a different case; it would be the case the FBI is claiming it is. ;)
That is without even getting to the part where firmware is copyrighted speech and Apple doesn't want to say those things.
American hw and sw is already a hard sell outside of US.
Export data begs to differ. ;)
It turns out that pundits writing anti-American stuff in foreign media is not the same thing as lost sales. Who knew?! Oh, right, the marketing people. Turns out they did know something, even if it wasn't what the product features are. ;)
Gosh, if it is so hard to sell American software and hardware, why is the demand so high? Oh, right, there are people who disagree with you even in your own country, but you pretend they don't exist. It might turn out, they even have money and are the ones choosing which software and hardware to buy.
Not all foreign business people are more scared of the US Government than their own Government, did you consider that? Lets say, just as example, that it is possible an audit would come up with a different tax amount than the company had claimed. Which Government cares, the US Government, or their own local Government? Which government presents a real risk of corrupt or coercive demands for payouts? Which government's corruption would potentially expose them to local organized crime, with local wrenches? It may be that even the magazines publishing breathless anti-American conjecture about lost hardware sales are still going out of their way to buy US networking hardware. And that factories in countries that are US allies prefer to buy US factory equipment rather than equipment from a nearby company that is more likely to have information stolen by competitors. We have corruption in the US, but of a different sort than many places in the world. This is a whole country where offering bribes will land you in jail, it is not an accepted practice. This is a country where the sugardrink companies call the police when somebody tries to sell them their competitor's recipe. Foreign companies often care more about that than they do about breathless blahblahs.
This is absolutely the wrong case to fight that other fight, but this fight might be more important.
That said, I don't really care what some hardware companies have to say. They might not even have a strong record as any sort of moral or legal authority. ;)
The debate that matters here is the legal debate that lawyers are having. Congress is incapable of action on either side of this, and Joe Schmoe's opinion is irrelevant. And, most Schmoes don't understand the difference between opinions and analysis, or how it affects the type of analysis that is useful to do in cases where nobody is going to ask your opinion because you're not a professional in the relevant field.
The EFF's involvement is a lot more meaningful than the opinions of hardware companies.
That is still just hand-waving, though. Those are secret details, without a published datasheet we can't claim them to be secure. It is just an impossible promise. It isn't a technical impossibility to use it on another device; it rests on promises and unknowns. You can't base a guarantee on an unknown. All the FBI can say that is actually true would be, "we promise to try to keep anybody from stealing it." I actually believe them on that part, I might be in the minority there. But they can't enforce it; government computers get broken into all the time, government facilities get broken into, valuable evidence goes missing during trials, even when the evidence was collected by the FBI.
People making impossible promises are not being honest about what they have the capability to promise.
You don't know it can't be exploited without Apple's key. The existence of the key suggests at a minimum that it is harder to exploit without the key, but that is all we really know. There are multiple hardware chips that have to communicate, and it is all proprietary black boxes. There are multiple black boxes. We also know that later models have improved security; why would they have improved it, if there was already no way to bypass? The most obvious answer is that the iPhone 5 is less secure than you claim, and that the public does not currently know the details of the weaknesses.
As far as the bigger issue, most people aren't even aware of what a "magistrate" judge is, and if they even are intended to have the authority to create precedent. ;) This has almost no chance of being sustained on appeal. It will be tossed out, and the funny part is that the legal analysis (check legal blogs for that) is that even the cases the FBI is citing don't actually support their claims. Their main one is the NY pen register case, but the thing there is that the company was already installing the tech for the pen register internally for fraud prevention and service monitoring. They also were also installing it for law enforcement, and getting paid a normal profit for it. So it was their normal business, they just didn't think they were legally allowed to say "yes" in that case until the SCOTUS said it was OK. The key to it being OK is that similar searches were already being done, there just wasn't a specific statute that covered that case at the Federal level. The Court found it to be a fairly normal search, just using new technology. The specific features that the court pointed to in that case could easily lead a person to believe that it helps Apple here. Actually, it rather obviously helps Apple, as they don't normally do this work or install this sort of equipment. The court specifically took up the concern of it being used more broadly, and made clear that it wasn't intended to. The whole thing is slam-dunk for Apple. The FBI is playing a PR game, even while accusing Apple of it; but Apple is the one with a solid case, just going by the cases that the FBI cited.
Feynman called it Baubleology or something like that, holding up baubles (pretty pictures at a different scale than humans normally see) and pretending that it is part of science. The purpose mainly seems to be to provide entertainment that gives the viewer the illusion of participating in science, but without having to participate in anything or learn anything. All you have to do is see the beauty in the picture, and gush, "isn't science awesome?!"
That said, all I cared about was the actual depth of the features comparative to Earth, and the false-color altitude image gave me exactly the data that is useful to me because I often work with GIS software and elevation maps. I was curious if the feature is comparable to Earth scarps and valleys, or if it is a gimmicky measurement that is really just a fissure that isn't fully fused, or whatever. And it is comparable, and impressive. The false color image makes clear the scale of the ridge compared to the curvature of the planet; it really does improve the visualization of the data.
As an aside, you might want to consider how being very lazy in your writing and not even using capitalization and punctuation might affect the connections you form in your brain when you communicate. You could be causing literal brain damage to yourself, at least in comparison to the alternative. Does it serve any purpose?
Wow, what are you, some sort of nazi?
Is a dwarf human a human? OK, so is a dwarf planet a planet?
Pluto didn't "lose status," dwarf planets have the same rights as other planets. They are simply not in the same sub-group on every trait. It doesn't mean they're not planets.
Right, if you just presume that the banks can't afford computers, or don't have large budgets for that, or don't upgrade equipment... wow, you also haven't worked in the field, and don't know about the subject. And yet, you opened your keyboard anyways.
Yeah, just wave your hands and talk smack, that will cause you to magically be better at security programming than engineers at teh bank! Yeah, that's the ticket. Derpy-derp!
You're making assertions about Apple's security model that you can't support. You don't know the implementation details, and you can't promise that there are no other ways to make the change. You key in a specific technical detail without understanding the point; you can't audit something that is secret. You have to have complete knowledge of a system to even make those types of arguments. There is just no way for you to know how easy it is to make the hardware think it is a different phone. If you make an argument for security, but based on simply being ignorant of the details of a possible crack, that is just dishonesty. There is no way you can just promise your way out of not knowing. The FBI being really-awesome and you trusting them implicitly is fine, but they're not magical super-heros that can prevent theft by not knowing about the details of available cracks.
Fighting new expansive precedent that points at an old law that had never been interpreted that way is not called "PR," it is called an "appeal."
It is part of the process in this country. Sorry you've never heard of it. I hope you have access to more rights in the future.
If you alter the binary file to replace the ID, it will not match the signature anymore and will not be allowed to run.
Maybe. We both know you won't have a citation that explains the actual conditions needed. You fail to recognize that that uncertainty works against you; it precludes the restrictive claims that certain things can't happen. We don't know what conditions are needed to trick that chip on that model to think it is on a different phone.
Can't prove it, can't cite it? Can't believe it secures you.
If this was an open protocol of some sort that is well documented and works the way you imagine, and has no unknown or unexpected attack vectors, then it would be true. But none of those are true. We don't know, and conjecture is not a transparent security audit of the hardware.
If you approach information that says a different thing than you expected, the first response should probably be to ask what you don't know, not just wave your hands and presume it is "silly." Worse, you should avoid embarrassing yourself with the claim that it is "plain" silly, because actually it is a mainstream argument that is a standard, traditional corollary to the point you did hear about that mention.
Yes, over time bugs are better known. That means they've already been mitigated. The new bugs that you don't know about, haven't been mitigated. In old-school *nix, it was normal to have ancient bugs in software specifically because it was very important to the security of the system and the known holes all had mitigation strategies.
It is still applicable. The reason a lot of youngsters these days are confused by the whole situation is that general purpose workstations that are frequently updated because they have applications that get updated, well those systems aren't locked down in the way a server is; those systems have poor security practices generally, because of the tradeoff between security and convenience. A person who doesn't care about the app updates can use the old system, and will likely be more secure even with the old bugs, if they're mitigating the ones that need mitigation.
If you ever meet a BOFH who manages secure routers, you should bring this up and ask them about it. You'll find out that the theory is well established, very strict, and has a great track record.
This is why many banks still have important code written in cobol running on `70s minicomputers. It isn't because they can't afford the upgrades, or don't like upgrading equipment; it is because the code is too important to introduce uncertainties, including the ones that fix bugs. Now, maybe you think that mainstream engineering practices that banks use is just silly stuff, not suited for serious professionals, but I would have to insist on differing.
Apple's ID isn't per-phone. Signing with that ID allows it to be used with all the iPhones, it doesn't lock it to a device.
Apple doesn't publish technical information about exactly how the firmware signing works. You can't assert details about how much protection is provided. It may be that the phone ID is transmitted unencrypted between the chips, and could be easily changed by a hardware man-in-the-middle.
You made assertions of "misinformation" that you can't back up, and instead of apologizing for going overboard and making person attacks, you just double down and try to defend the accusation. But differences of opinion or analysis are not misinformation; your accusation is not only that you think I'm wrong, but that you think I'm knowingly wrong. That is a serious accusation, and it is obviously false. You should admit you were wrong to make false claims about my motivations, and recognize that I'm presenting a real view that real professionals hold. ;) You're ready to trust something as impossible simply because you didn't find the work-around yet. I believe claims of impossibility require very, very strong proof, and might still be suspect.
That is silly, if you even understand what parallel construction is.
The terrorists are dead. It is not useful here.
That it is an attempt at a precedent is obvious. But it clearly has nothing to do with parallel construction.
If you don't know what it is, how do you know to worry about it? Did somebody say the word while wringing their hands, or something?
To put this in perspective, that change in password would make anything found on the phone inadmissible in any trial as it indicates the chain of custody was broken.
No, it was the iCloud password that was changed, not the password for the phone. Had that not been changed, the Apple engineers who were assisting the FBI would likely have been able to get the phone to sync to iCloud, which may or may not have provided evidence, depending on the phone settings.
Details matter, even when talking about evidence custody chains. ;)
Also, real world evidence handling is not as strict as represented by the CSI shows, and in this case whatever mishandling was done was not done by the prosecutors. When the prosecutors mishandle evidence, it gets thrown out as a punishment to the prosecutors and a brake on abuse. That is what the "fruit of the poison tree" is all about; punishing prosecutors for ignoring processes and procedures that were put in place to prevent legal abuses that were common in the pre-Constitution period. It is not done out of a broad belief that any evidence that went out of sight after a crime is inadmissible. That would be silly; a murder weapon might change hands numerous times on the black market before being recovered by law enforcement. It is still evidence. In this case some moron from IT at the County level did something bad, not the prosecutors. The person doesn't even work in law enforcement, they work in the health department. The Court isn't going to punish the prosecutors for the mistake of the health worker, so instead the Court would look at if the evidence has a real flaw; is there a reasonable accusation that it was altered, either by the health worker or by Apple? The Court would not worry about a chain of evidence here; that would cover the handling of the evidence after it was collected by law enforcement or prosecutors. This would be before that, so they would look at the material details of any accusation of tampering.
Also, the user of the phone is dead, and so not a suspect. This would be used against other speculative suspects, and so those people wouldn't be able to ask the court to throw it out based on prosecutorial misconduct that happened before they were a suspect. There wouldn't be anybody with standing to make that complaint. They could only challenge it by a material claim that there was a real problem, not just that the procedure hadn't been followed, unless the failure to follow procedure happened later in the process. This is similar to the situation where the police do a warrantless search of your friend, find evidence against you, but your "friend" refuses to challenge the search. Oops, too bad, you can't challenge it for him, and the evidence will be admitted. That happens a lot in drug cases, actually.
Conscription has always been allowed by the Constitution specifically giving Congress the right to raise armies. That was the standard method of raising an army at that time. It also balances that power with a 2 year funding limit; the House of Representatives is elected every 2 years, so if the voters don't like how it is being done, they have a chance to elect different reps.
So no, that does not provide any sort of precedent.
Sorry, he's speaking a regional American dialect. Allow me to translate it into Cosmopolitan English:
There would be no showdown, a tax that applies to just one company isn't going to be proposed, can't be enacted by the executive branch, has no support in Congress, and wouldn't be allowed by the Court.
You have some fantasy ideas about how government works, but my advice to you is to listen to less AM radio, and read about civics. And I'm talking about reading an encyclopedia, not a political platform.