I couldn't be more impressed by this. No matter how much money and influence a company has, standing up to the government on behalf of their customers is a very big deal.
I applaud the stance, it's absolutely right. Weakening encryption is the most idiotic idea ever.
Anyone know anything about this All Writs Act of 1789 though? It seems ludicrous that something from such a long time ago and effectively a different world could be in any way leveraged in modern communication law.
Weakening encryption is the most idiotic idea ever.
Especially when you realise bad actors will simply avoid encryption that has backdoors, meaning the only people harmed are the general public. Weakened encryption is effectively no encryption.
It seems ludicrous that something from such a long time ago and effectively a different world could be in any way leveraged in modern communication law.
that's how america rolls though.
That's the case in most countries with a legal system which goes back more than a few years, it's not unique to the USA.
For example, in the UK there is a law from 1313 which prohibits the wearing of armour in parliament. https://en.wikipedia.org/wiki/Statute_forbidding_Bearing_of_Armour
That's how many laws in many places roll. Much of what structures our lives was crafted by people who are long since gone.
The All Writs Act came about in 1789, but has changed many times, and really changed in 1911 (If i remember correctly). since then it has been appended many times, and now it seems it is exclusively used for mobile device security leverage. It allows the court to use all the writs, which I am still confused on but apparently Its a big deal
There's another document created in 1789 that is extremely relevant to everyday life in America, and is leveraged every single day in courts across the US...
I'm not arguing the merits of leveraging the All Writs Act in this case, but the argument that something written in 1789 is immediately irrelevant to modern times is a dangerous and ignorant thought.
I can't count the times people are talking about privacy and data mining models and someone says something in the line of "they're all the same anyway, Google, Apple, Facebook, etc.".
It's not true, some companies are actually fighting FOR their customers on this subject and I'm glad Apple is one of them.
Oh totally. Security has been one constant driver of loyalty to Apple in the past few years.
A crucial difference between Google/Facebook et al. and Apple is that Google and Facebook have absolutely no defense from a court order. They're ad-supported companies. They need to have the ability to read your private data, because they're parsing it for ad targeting.
Apple can say "we don't have the keys." Google/Facebook cannot. Further, Google/Facebook can't restructure their systems to defend against this. Given that ads are their only revenue streams and they're publicly traded companies with a legal obligation to their shareholders, they could also get in trouble for trying to fix this.
You're certainly familiar with the tiresome "if you're not paying for the product, you are the product." I'd contend that we actually are paying for the product – just with our privacy and security instead of with money.
Great discussion by our friends over at Hacker News: https://news.ycombinator.com/item?id=11116274
Even before knowing, I read it in Tim Cook's voice.
old lady, crusty voice?
Looks like this story is escalating... FBI have shown up at Apple's doorstep
I have a newfound respect for Tim Cook.
This is a great follow up read - written by a security firm about how Apple could technically go about bypassing iOS security, and how they wouldn't be able to, if the phone in question was newer than a 5C.
Again in plain English, the FBI wants Apple to create a special version of iOS that only works on the one iPhone they have recovered.
pretty big detail that's being overlooked. the court order is about accessing ONE iPhone. i don't see why Apple can't do this without hellfire and brimstone raining down.
if they do it for the ONE iphone, than it can be done for all. once a wall is down, you can't go back.
another important detail:
The FBI will send Apple the recovered iPhone so that this customized version of iOS never physically leaves the Apple campus.
each instance would need a specific court order and Apple's compliance.
Right up until the FBI asks them to do it for one that Apple does not want to comply with. The danger here is all in the precedent.
Currently, Apple's defense has mostly been "we have no technical ability to decrypt users' phones." This is what protects them from being held in contempt of court when denying court orders to do as such.
If they say "yes he's a terrorist anyways, we can do it just for this one instance," it proves that they can also do it for drug dealers, drug users, political dissidents, journalists – politicians even. You might say "well they'd need a court order, so that wouldn't happen for dissidents/journalists/politicians" and you'd be right... if you were talking exclusively about American dissidents or politicians. Foreign people are offered no such protection, and if Apple creates the ability to target them, you'd be naive to think the FBI/CIA wouldn't leverage it every chance they got.
That's all still under the assumption that every court order is a valid one (a stretch, these days).
This is a bad thing for everyone. Apple should be praised for this stance, it takes serious spine to stand up to both the federal government as well as a population that wants nothing more than to rid itself of terrorism.
The danger here is all in the precedent.
Yes × 1,000,000.
This case is a very big deal, and it deserves the attention it’s getting.
I think the biggest concern is precedent. If Apple complies here, then it creates precedent that may allow other judges in other cases to order Apple to do the same, but for a different UDID.
as long as it's a warranted search, as this is, i don't see the issue.
A warrant is meaningless in the modern age. Government agencies can get any warrant for anything they want, whether the search is legitimate or not.
See also: FISA court and NSA.
First they ask for a back door, then they ask for a direct NSA stream, then FBI... ya never know.
It's called setting a precedent.
Oh God... encryption debates on DN... I can't escape from this subject anywhere today ... (- _ - ) <-- my depressed face
Maybe because data encryption concerns everyone?
This isn’t really an encryption debate though. It’s a debate about non-government entities being forced to undermine the protections they’ve created for their customers. The encryption portion of the discussion is a side show.
Yeah, I know Marc. It's just that I write security news for a living. This got boring last December.
I honestly thought that the whole encryption debate was a sideshow so the intelligence agencies and defense lobby groups could push CISA past the Senate last year.
This whole Apple encryption debate is just silly to me, since Apple collaborated with the US agencies in the past to unlock many devices. I smell some "We luv 'Mericah!" PR (and hypocrisy) from Apple's part TBH.
There many articles citing low-level government sources that say that encryption backdoors are the stupidest idea ever. The only ones pushing for this are FBI/NSA/etc. bosses, in an obvious power move. I actually don't believe they plan to do so.
The other country where there's a hard government push for encryption backdoors is the UK, who took a page out of the US book. They are using the encryption backdoor push to keep pushing an invasive version of their Investigatory Powers Bill. For now, it's not really working.
So yeah, the whole encryption debate is just stupid for me, and only a PR shill from Apple polluting my RSS feeds. They should just unlock that damn phone like they did so many times before and stop waving the 'Mericah flag like this is something new for them.
Yeah, I know Marc. It's just that I write security news for a living. This got boring last December.
Oh, right. You definitely know what’s at stake then. Surely the future of privacy of the entire planet isn’t that boring?
This whole Apple encryption debate is just silly to me, since Apple collaborated with the US agencies in the past to unlock many devices.
Maybe they have spotted a trend, and maybe that trend triggered them to develop Touch ID/Secure Enclave. Maybe they’ve had enough? If nothing else, at some point it’s going to be very bad PR for Apple if they don’t do what they can to ensure their encryption isn’t defeatable?
A similar battle is playing out in Australia as well. We have some draconian metadata storage laws that have passed and been implemented, and now every single government agency and organisation is trying to get access, including local councils. The only way these laws and abilities are going to be reigned in is if there’s constant debate and citizen outrage, don’t you think?
With that in mind, I’m happy talking about it every single day until it is resolved.
It's amazing but not surprising to see that Apple deeply cares about their customers and respects their fundamental rights and privacy. Unfortunately that makes them one of not so many companies that don't just cop out and sell/give away customer data. Not everybody stands up against the pigs.
Why not just hand over the device to Apple, have their engineers build this back door "extremely secretly" with measures to destroy it once used, unlock the phone and send it back to the FBI?
In my mind these encryption experts at Apple already have an idea of how a backdoor could be built, and I bet there are ways of destroying a piece of code after it is used. It makes sense that this should happen via the device distributor as it is their proprietary property anyway.
I'm all for the FBI fighting terrorism, but this seems like a lot more than that. I get a funny feeling like I did when all the NSA surveillance info was leaked.
I do feel we need a way to combat terrorism, especially if there is sensitive information on the device that can lead to the apprehension of more terrorists, but just giving the FBI the keys to the most popular device in the US is not the answer. The FBI should send terrorist devices to Apple and have them unlock the devices, end of story.
If they do it once, they wont have a chance to destroy it. The next request will be right around the corner. You can't set the precedent that invading privacy is sometimes OK. Before you know it, sometimes turns into always. I really admire Apple for taking this stand.
Completely agree with your statement and after reading into further details throughout the day now see clearly how this can become a huge privacy issue. They are doing the right thing here, even if it is just talk!