Apple Refuses FBI Demand to Build a "Backdoor" For iPhones

[Gorrath]

Yes, it does. I added source info in my post which I assume you replied to while I was still editing.

This entirely goes against what I saw before, so it seems I have no choice but to admit my mistake. If this is the demand I am slightly more concerned, but even now I don't think it is an entirely bad idea. A phone can tell you a lot about a person, and if you can get a warrant to search a home or a trunk, you should be able to get one to search a phone, whether or not a suspect or victim provides a passcode.
So if the FBI can get a warrant they should be able to unlock someones phone, heck, it seems reasonable that they should be able to remotely access a phone in case it is dumped anywhere. A reasonable stipulation would be that any intrusion leave a clear message, visible to anyone in possession of said phone.

And what the heck, here's a little comic to drive home my point on the liberty and safety issue
http://smbc-comics.com/index.php?id=3005

Well there's two huge problems with what you're suggesting from where I'm sitting.

1) Giving the FBI the ability to remotely access any phone and hoping they get a warrant before they do it seems like a bad system. I would not at all trust the FBI to handle that kind of power responsibly because of a lack of transparency and trust issues with the power they already do have.

2) Having the phone tell the person the FBI just looked through it would be hell for the FBI itself! It'd be like having a rule that says the FBI can tap your home phone if they get a warrant but they have to tell the suspected drug lord what day and time the service guy will show up to install it. If the FBI does have a good reason and a warrant to get into someone's phone, I don't want the guy they are after to know.

 

[Janaschi]

Those who would sacrifice liberty for security deserve neither.

This particular statement truly irks me, sacrificing liberty for safety is literally what society is about, we construct systems and rules to protect ourselves from whatever is out there. We would literally have to abolish every single law, and let the world descend into complete anarchy in order to regain the liberties we've "sacrificed". If you'd used a term like "essential liberty" or something to that effect I might agree, but as it stands it is nothing more than a poorly understood, indefensible slogan to yell at others.

In this case Apple might be in the right, but since neither I, nor anyone else in this thread, knows the exact demands of FBI or the court order we can't really know.

You say that as if it is inherently a bad thing. Any society, along with its norms and laws, is nothing more than a man-made construct; and, as such, are flawed systems that reflect our flawed existence. Such constructs are how we strive and thrive as a species, but we are not doing ourselves any favours if we willingly blind ourselves in the process, and become little more than a statistic to be watched after, and coddled.

 

[dreng3]

I took a cryptology course, alright? And one thing that kept coming up was the mathematical truth of: "If a backdoor exists for the government, the backdoor ALSO exists for the criminal hackers".

Any exploit is a total exploit, not entirely wrong, but you can make it so that the exploit is hard enough to access that most won't bother.

And even IF you managed to create a backdoor that literally only the FBI could access because you found a way to make the key a billion characters long and had no accidental security holes...What happens if there's a corrupt official or a double agent or someone else who either sells or copies that key for their own purposes, or just some idiot that uses their personal email to send it to a colleague instead of the secure FBI server email? BAM, suddenly, the entire Iphone network is open to people other than the FBI, most likely criminals.

That's like saying "We should give the cops a special key that unlocks all the doors in the city" and the key is duplicate-able. At that point if one of those cops goes rogue or what-have-you, then it's only a matter of time before the mafia are opening all the doors in the city to steal shit.

The cops do have a key that opens every door, it's called a boot, or a battering ram if you're feeling medieval, but cops don't just smash every door, why? Simple, it is traceable, if you make the backdoor into the phone traceable and include a notification it becomes less of an espionage tool and more of an investigative tool. heck, you could keep it on a separate drive that needs to be locked up when not in use. Sure, it might go wrong at some point, but everything could. I think it would be an excellent tool for investigators, but it should require warrants and suspects should be informed.

 

[EndlessSporadic]

I'd be supportive of government backdoors if our government hasn't proven time and time again that they are complete idiots who are completely out of touch with the software scene. Doesn't help that our population is also stupid enough to vote these people in to begin with, but that's another issue. I don't trust our government who has, for the last 50+ years, bent over backwards and taken it in the ass by massive corporations and completely screwed over the common people. Our government has proven time and time again that they no longer support the interests of the mass population, only those who line their pockets.

 

[dreng3]

Well there's two huge problems with what you're suggesting from where I'm sitting.

1) Giving the FBI the ability to remotely access any phone and hoping they get a warrant before they do it seems like a bad system. I would not at all trust the FBI to handle that kind of power responsibly because of a lack of transparency and trust issues with the power they already do have.

2) Having the phone tell the person the FBI just looked through it would be hell for the FBI itself! It'd be like having a rule that says the FBI can tap your home phone if they get a warrant but they have to tell the suspected drug lord what day and time the service guy will show up to install it. If the FBI does have a good reason and a warrant to get into someone's phone, I don't want the guy they are after to know.

Wait, what? Isn't your first point that if they have the tool they can do it with impunity and you don't trust them with the power, while your second point is that they would be unable to do it with impunity?

 

[Lightknight]

I mean, hypothetically forcing a back door is equivalent to forcing the individual to willingly incriminate themselves.

Don't get me wrong, I want them to be able to catch bad guys who are really doing something wrong, but ultimately we have a right to not self incriminate.

Well no, I don't quite think that's right. Wouldn't you agree that this is closer to wire tapping? The protection against self incrimination is quite specific in that you cannot be compelled to say anything that would incriminate you but in this case you aren't being compelled to say anything, you're saying what you want, sans coercion and they are merely tracking it. I view this like I would a locked file cabinet. I would support the FBI being given the key if they have a warrant and anything they find in the cabinet is fair game. It's not self incrimination if the FBI cracks your file cabinet and finds your money laundering books. I would oppose the FBI having a universal file cabinet key that it promises it will totally only use once it has a proper court order, totes we swear! But either way, not seeing how this equates to self incrimination in the way the 5th amendment is structured and what it's meant to do.

It's moreso that they demand you keep all your documentation or "incriminating evidence" in a readily accessible location.

If they track communication then they are catching you in the act. But if they demand that you leave all potential evidence out in the open and then provide that to them later then that does have potential 5th amendment qualms. Encrypting your HDD is basically pleading the 5th.

It is almost like them requiring you to wear a shirt cam and to store your daily activities in an unlocked box under your bed.

 

[crimson5pheonix]

They are asking for Apple to make the means to allow for the FBI to circumvent protective measures against precisely what they are doing. Not only is that intentionally making a vulnerability within their own software, it's making it available to the FBI at their beck and call. Not even mentioning what the altered OS existing in the hands of the FBI could do.
Considering this is the FBI, I'd say there is quite a bit of liberty to be lost here.

Which part of the order includes incorporating a weakness in the software? Being able to turn off the auto-erase? Being able to enter the passcode without having to tap the screen? Or is it perhaps ensuring that entering a code without tapping the screen doesn't mess up the phone?
All of these are reasonable,

Uhhhh, you do realize that is exactly the list of features you need to be able to bring a laptop to a Starbucks, crack every iPhone there, and eat all the data?

 

[Gorrath]

Well there's two huge problems with what you're suggesting from where I'm sitting.

1) Giving the FBI the ability to remotely access any phone and hoping they get a warrant before they do it seems like a bad system. I would not at all trust the FBI to handle that kind of power responsibly because of a lack of transparency and trust issues with the power they already do have.

2) Having the phone tell the person the FBI just looked through it would be hell for the FBI itself! It'd be like having a rule that says the FBI can tap your home phone if they get a warrant but they have to tell the suspected drug lord what day and time the service guy will show up to install it. If the FBI does have a good reason and a warrant to get into someone's phone, I don't want the guy they are after to know.

Wait, what? Isn't your first point that if they have the tool they can do it with impunity and you don't trust them with the power, while your second point is that they would be unable to do it with impunity?

I'm not sure how you came to that conclusion based on what I'm saying. Point one is that I don't trust them with impunity because they have, on many occasions, given us reasons not to trust them with that kind of power. Point two is that your suggestion about having to inform the person they are gathering evidence from that they are gathering evidence from them would ruin the investigation. These are two non-competing ideas. The FBI could get a warrant to have a specific phone unlocked and collect evidence from that phone. I would be fine with that. The FBI should not have the ability to backdoor their way into any phone at any time with the understanding that they'll totally only do it when it's justified, they promise. Should they be granted a proper warrant to gather evidence, they shouldn't have to let the subject of the investigation know this via pop-ups on the phone they are monitoring.

That make more sense?

 

[Steve the Pocket]

Nice to see Tim Cook has at least a little of the defiance that characterized Jobs, even if the company has reversed course on a lot of the things he set in motion (whatever happened to FaceTime being an open standard that lets you communicate with non-Apple devices, huh?) Still, it's hard not to see this as Apple wanting to keep it a secret just how much of your privacy their devices already violate by recording every single thing you do and keeping it on file. Remember when someone found out that iPhones keep track of everywhere you take them, even when they're turned off?

This is all well and good on Apple's behalf, i commend this greatly. What is worrying though, is the silence from Microsoft, which leads me to believe they not only comply with the FBI, they lay down on their backs for tummy rubs and cuddles too. The xbone owners must be prized US free-range citizens.

Not sure what Microsoft has to do with this; do we know for a fact that one of the terrorists had a Windows phone? That would surprise me, mainly because I wasn't aware that anyone anywhere had a Windows phone.

 

[Gorrath]

I mean, hypothetically forcing a back door is equivalent to forcing the individual to willingly incriminate themselves.

Don't get me wrong, I want them to be able to catch bad guys who are really doing something wrong, but ultimately we have a right to not self incriminate.

Well no, I don't quite think that's right. Wouldn't you agree that this is closer to wire tapping? The protection against self incrimination is quite specific in that you cannot be compelled to say anything that would incriminate you but in this case you aren't being compelled to say anything, you're saying what you want, sans coercion and they are merely tracking it. I view this like I would a locked file cabinet. I would support the FBI being given the key if they have a warrant and anything they find in the cabinet is fair game. It's not self incrimination if the FBI cracks your file cabinet and finds your money laundering books. I would oppose the FBI having a universal file cabinet key that it promises it will totally only use once it has a proper court order, totes we swear! But either way, not seeing how this equates to self incrimination in the way the 5th amendment is structured and what it's meant to do.

It's moreso that they demand you keep all your documentation or "incriminating evidence" in a readily accessible location.

If they track communication then they are catching you in the act. But if they demand that you leave all potential evidence out in the open and then provide that to them later then that does have potential 5th amendment qualms. Encrypting your HDD is basically pleading the 5th.

It is almost like them requiring you to wear a shirt cam and to store your daily activities in an unlocked box under your bed.

Encrypting your HDD isn't really pleading the 5th because they are welcome to try and crack that encryption where as you have no obligation to speak, including having no obligation to provide them with the passcode. Encrypting your HDD is more like locking your file cabinet except you don't have to give up the key. They are still welcome to cut the thing open with a blow torch and the cabinet maker's help.

I'm not sure how your second analogy works. NO one's requiring anyone to keep criminal activity stored on their cell phone, or on their person or even requiring anyone to carry a cell phone. If you shoot someone with your gun, you don't have to tell the FBI what your gun's serial number is, because that might incriminate you. But they can and should be able to find your gun and trace the serial number to figure out it's your gun that shot the guy.

Again, I don't agree with the whole unlimited backdoor to every phone idea. No way I would trust the FBI with that kind of tool. But I just don't see a compelling 5th amendment issue here. And to be precise, we're talking about this one specific line of the 5th amendment, yes? ";nor shall be compelled in any criminal case to be a witness against himself;". Your phone or other personal effects are not yourself and are not self-incriminating.

 

[Neurotic Void Melody]

Not sure what Microsoft has to do with this; do we know for a fact that one of the terrorists had a Windows phone? That would surprise me, mainly because I wasn't aware that anyone anywhere had a Windows phone.

Heh...hey, i didn't mean to buy a windows phone. It was merely an unfortunate series of events. Anyhow, to the first point, a bit of deduction was needed; is this the first terrorist attack that the perpetrators owned a phone? Is the the first time the FBI has ever thought to check any phones? How great is Microsoft's track record for respecting customer's privacy? How entwined are large US corporations with US politics? Granted, there are other phone companies out there who also have never spoken up. But MS first sprung to mind as the Xbone reveal was a very memorable moment for their willingness to force a constant prying technology as a pro-consumer move.

 

[Deathlyphil]

I think people are missing the point of this. Encryption is mathematics. Very advanced mathematics, but still follows the basic rules of mathematics. It is impossible to create an algorithm that is both incredibly strong, and incredibly weak.

What the FBI are asking for (and every other government too. The eminently punchable David Cameron waffled something about this earlier) is a mathematical impossibility.

If a backdoor code or software exists, then it exists for everyone.

 

[dreng3]

I'm not sure how you came to that conclusion based on what I'm saying. Point one is that I don't trust them with impunity because they have, on many occasions, given us reasons not to trust them with that kind of power. Point two is that your suggestion about having to inform the person they are gathering evidence from that they are gathering evidence from them would ruin the investigation. These are two non-competing ideas. The FBI could get a warrant to have a specific phone unlocked and collect evidence from that phone. I would be fine with that. The FBI should not have the ability to backdoor their way into any phone at any time with the understanding that they'll totally only do it when it's justified, they promise. Should they be granted a proper warrant to gather evidence, they shouldn't have to let the subject of the investigation know this via pop-ups on the phone they are monitoring.

That make more sense?

Right-o, makes a lot more sense, I figured that a message would, by definition prevent the feds from using the tool with impunity, makes it significantly harder to decide whether or not they should just invade every phone.

 

[dreng3]

I think people are missing the point of this. Encryption is mathematics. Very advanced mathematics, but still follows the basic rules of mathematics. It is impossible to create an algorithm that is both incredibly strong, and incredibly weak.

What the FBI are asking for (and every other government too. The eminently punchable David Cameron waffled something about this earlier) is a mathematical impossibility.

If a backdoor code or software exists, then it exists for everyone.

In my opinion this is analogous to saying that a good lock cannot be created. A lock will by definition be weak since you must be able to unlock it, but like locks require keys encryption requires code, or codes, finding the right code is quite an issue for most hacker/cracker types. And on the note of math, even astrophysics is math, just doesn't mean that anyone can do it. The NSA isn't hacked every tuesday, google isn't constantly brought to its knees. I probably wouldn't be easy, but don't tell me that it couldn't be made.

 

[Schadrach]

I think people are missing the point of this. Encryption is mathematics. Very advanced mathematics, but still follows the basic rules of mathematics. It is impossible to create an algorithm that is both incredibly strong, and incredibly weak.

What the FBI are asking for (and every other government too. The eminently punchable David Cameron waffled something about this earlier) is a mathematical impossibility.

If a backdoor code or software exists, then it exists for everyone.

Yes, it does. You could build an encryption system that would otherwise be very strong, except that they key is also stored with the encrypted data, encrypted using the same or a different algorithm under a standardized key provided to law enforcement. The LEO key makes available the "real" key which in turn grants access.

It would actually be fairly difficult to tell that was going on without access to source, even then it might be non-obvious. Look at the hidden volume feature available in some disk encryption software, where you have two passwords which reveal different plaintext data on the same encrypted volume (this tech requires the "hidden" volume be smaller than the "obvious" encrypted volume, and typically will corrupt the "hidden" volume if too much data is written to the "obvious" encrypted volume). The intent is to be used in cases where one puts comparatively harmless data on the obvious volume and the stuff you need to hide from LEO [and would risk destroying over revealing] on the hidden volume, as it's supposed to be all but impossible to determine if there *is* a hidden volume and thus make it difficult to compel revealing the hidden volume password, which one can plausibly deny exists in the first place.

A similar technique could be used where the "hidden volume" contains nothing but the key for the "obvious volume", creating a comparatively simple backdoor for LEO, and being simple enough to change in an update if it gets leaked. It could then be an incredibly strong algorithm, except for that one tiny incredibly weak spot. Fucking Death Stars and their vents.

 

[nickpy]

I think people are missing the point of this. Encryption is mathematics. Very advanced mathematics, but still follows the basic rules of mathematics. It is impossible to create an algorithm that is both incredibly strong, and incredibly weak.

What the FBI are asking for (and every other government too. The eminently punchable David Cameron waffled something about this earlier) is a mathematical impossibility.

If a backdoor code or software exists, then it exists for everyone.

Yes, it does. You could build an encryption system that would otherwise be very strong, except that they key is also stored with the encrypted data, encrypted using the same or a different algorithm under a standardized key provided to law enforcement. The LEO key makes available the "real" key which in turn grants access.

It would actually be fairly difficult to tell that was going on without access to source, even then it might be non-obvious. Look at the hidden volume feature available in some disk encryption software, where you have two passwords which reveal different plaintext data on the same encrypted volume (this tech requires the "hidden" volume be smaller than the "obvious" encrypted volume, and typically will corrupt the "hidden" volume if too much data is written to the "obvious" encrypted volume). The intent is to be used in cases where one puts comparatively harmless data on the obvious volume and the stuff you need to hide from LEO [and would risk destroying over revealing] on the hidden volume, as it's supposed to be all but impossible to determine if there *is* a hidden volume and thus make it difficult to compel revealing the hidden volume password, which one can plausibly deny exists in the first place.

A similar technique could be used where the "hidden volume" contains nothing but the key for the "obvious volume", creating a comparatively simple backdoor for LEO, and being simple enough to change in an update if it gets leaked. It could then be an incredibly strong algorithm, except for that one tiny incredibly weak spot. Fucking Death Stars and their vents.

That is actually a really clever system. Obviously, you'd have to use public key cryptography to protect the stored key otherwise it'd be trivial to reverse engineer the software to find the symmetric key. You'd encrypt the password with the Gov'ts public key and they can gain access gained with the private key. However, it doesn't solve the political/human issues of the Gov't abusing this key, or of what happens if this key gets leaked.

 

[Qizx]

who's to say that some things I do/have done won't become illegal in the future?

To be fair, things you did prior to laws changing making said previous acts illegal cannot adversely affect you. They basically can't arrest you for doing something that wasn't illegal when you did it after they make it illegal. Its a fundamental of the way the legal system in the US works. If that aspect changes, guaranteed you won't be worried about privacy anymore, because it will have ceased to exist along with the entire concept of freedom in general as the system will be akin to a dictatorship/police state.

I understand that what I DID won't be getting me in trouble legally, however most of what I do I rather enjoy, so I would like to continue doing so. As to the dictatorship/police state situation, I honestly don't believe this would happen but things like this ARE how they start. It starts innocently enough with "Well you should have nothing to hide, you're not doing anything illegal." and slowly moves on and on. Dictatorships/police states don't start overnight, they take time and incremental steps. I would say that giving up my privacy to review a few bad apples (no pun intended) phones is not worth it. I highly doubt that apple giving the FBI a backdoor to all phones would actually stop any attacks. We already have the technology that COULD be used ideally to stop them, it's a matter of actually managing to use it.

 

[OldNewNewOld]

Nice to see Apple cares more about 'customer privacy' than helping protect against terrorism. But hey, apparently most people can't quite grasp the fact the government doesn't give a shit about your info, provided you are not doing illegal.

Yeah, totally.
It's not like the "government" isn't just people. And it's not like those people didn't already give enough proof to distrust them.
"If you have nothing to hide, then you have nothing to fear"... whenever I see some equivalent of this I can't feel anything else besides seeing the person who said it as some naive child or the person that's trying to abuse the information.

Also just because you aren't doing something illegal doesn't mean what you're doing is acceptable. Cheating isn't illegal. Having a fucked up fetish isn't (always) illegal. Being freaking gay isn't illegal. Yet any of those things can literally ruin your life if it gets exposed in some situations. Go on, put a web cam in your bathroom and stream it on the internet. Pretty much the same as having the government look at it. It's people. Not a single difference. Do you seriously believe that the people in power are some honorable kind souls and not some idiotic assholes pulling all the strings they can in order to stay in power?

Who guarantees that your information will stay with the government? At this point I trust Google more with my information than my government.

And that's completely ignoring how idiotic a backdoor is. There is absolutely nothing preventing the "bad" guys from abusing it as well. It's impossible to make a backdoor that only someone can use.

 

[Imperioratorex Caprae]

who's to say that some things I do/have done won't become illegal in the future?

To be fair, things you did prior to laws changing making said previous acts illegal cannot adversely affect you. They basically can't arrest you for doing something that wasn't illegal when you did it after they make it illegal. Its a fundamental of the way the legal system in the US works. If that aspect changes, guaranteed you won't be worried about privacy anymore, because it will have ceased to exist along with the entire concept of freedom in general as the system will be akin to a dictatorship/police state.

I understand that what I DID won't be getting me in trouble legally, however most of what I do I rather enjoy, so I would like to continue doing so. As to the dictatorship/police state situation, I honestly don't believe this would happen but things like this ARE how they start. It starts innocently enough with "Well you should have nothing to hide, you're not doing anything illegal." and slowly moves on and on. Dictatorships/police states don't start overnight, they take time and incremental steps. I would say that giving up my privacy to review a few bad apples (no pun intended) phones is not worth it. I highly doubt that apple giving the FBI a backdoor to all phones would actually stop any attacks. We already have the technology that COULD be used ideally to stop them, it's a matter of actually managing to use it.

Its a combination of factors. One is interdepartmental cooperation, something that rarely if ever happens with any effectiveness. Too much of the government is compartmentalized and does not want to cooperate with the other team, despite being on the same side. Its not limited to political party lines, its all over. The bigger things are the worse they communicate with each other.
If the various LEO/Watchdog type departments were to cooperate without rivalry, there'd be a lot more efficiency and a lot less need for over reliance on tossing the weight of the courts around to get their way.

 

[Leg End]

No, but some people definitely do. One guy at my old high school was busted for plagiarism and his dad defended him by going "What? EVERYONE fucking does it. The only problem is that he got caught".

Well, he's certainly braindead and I'm glad they caught his son for it.

There are a lot of sociopath-inclined people in the world who would indeed commit murder if they knew they could get away with it.

Which is why automated defense turrets on private property needs to become a thing sooner rather than later.

Pretty much. I don't think that I can emphasize this enough but...

We currently live in a world where Donald Trump is a viable presidential candidate.
Where presidential candidates can brag about how they would torture our enemies even if it doesn't provide any actual intelligence.
Where the idea of barring entry to the country and registering people based on their religion is a popular idea with a chunk of the electorate.
Where we're actually having a discussion about whether or not we should take in refugees trying to flee a war-torn hellscape with whatever family hasn't been murdered yet.
Where the president of the United States himself can order indiscriminate killings via flying death-robots inside the borders of countries we aren't actually at war with.
Where the US accounts for 60% of all military spending IN THE WORLD, but we're still helpless, and terrified and always allegedly on the cusp of being destroyed by a bunch of wanna-be warlords who couldn't even beat Iran in a proper, stand-up war.

It's crazy to see how far off the rails things have gone since 9/11. We're the wealthiest, most powerful nation in the history of humanity, but goddamned are we also an insecure and myopic one too.

Spoiler

On a related note, I'm happy with most people people incredibly pissed at this.