[Amezarak]

> They don't overly care about access to this particular iPhone. They're taking this case through the courts so that they can establish a precedent that allows them to force manufacturer cooperation to unlock any phone.

This is an analysis, not an objective and demonstrable fact.

I could just as well argue that yes, the FBI really does care a lot about this particular iPhone, and that's why the asked-for update is to be keyed to this iPhone and only this iPhone.

At the same time, even assuming that is true, we're talking about the FBI going through a legal process, reviewed by a judge, to get the data off one phone at a time. If that's how it works every time, I don't see a problem; that is how the system is supposed to work. I am kind of baffled as to why we're cheerleading the fact that Apple is refusing to perform what appears to be a perfectly reasonable request that is being made in accordance with the law. If you are operating under the presumption that the government is always a bad-faith actor, then we have much, much bigger problems.

Also, apparently this 'precedent' has already been set; according to a link in the article, Apple had previously offered custom firmware images to law enforcement after a court order that bypassed the lock screen on earlier iPhones.

http://www.cnet.com/news/how-apple-and-google-help-police-by...

[oxymoron]

US law enforcement has an impressive track record of extending their authority through unilateral reinterpretation of the US code. Once it's been established that Apple are able to extract data, what's to prevent agencies from slapping Apple with gag orders and forcing them to comply under completely opaque proceedings, that may not even have a way of appeal? I think Apple is right in resisting while it's still in the open. For all we now, this might really be about forcing them to demonstrate the technical capability to cooperate for use with in one or several secret cases we do not now.

[rconti]

Every comment I've read so far has said that Apple should help in this instance, so I don't see the cheerleading-- yet. Except now I may provide it. I just read Apple's letter to customers, and now I agree with them that the very creation of backdoor software -- even if it's only meant to help in specific instances -- is a dangerous thing. Applying specialized knowledge that Apple has about iOS and iPhones, plus Apple's engineers, to creating an innovative backdoor that does not exist today, means that it can never be un-designed. It will never have fewer people aware of it, unless you kill them after they create the software. The knowledge will only spread. The software can only leak. The engineers can only get conveniently hired by a competitor or foreign government or our own government. I agree, it is troubling.

[uxp]

> creating an innovative backdoor that does not exist today, means that it can never be un-designed

Wasn't it just yesterday a story was published about an upcoming documentary about the STUXnet virus that claims that the US and Israel developed it in secret together and had a very successful, but very limited use for it. Only when Israel allegedly went off on their own to modify and deploy it did it spread wide and far, popping up on the radar of anti-malware companies and getting researched and publicized.

Like what you said, after the exploit/backdoor/software is designed, it can never be un-designed. It will exist as a tool that can only be mitigated, but not destroyed.

[sliverstorm]

The knowledge will only spread. The software can only leak.

Then why don't we have Apple's private keys yet?

Plenty of companies keep a lot of things very secret, including things like powerful debug modes, for a long time. At least long enough that everybody forgets the details and the software has long since rotted away.

[dottedmag]

Because it's Apple who keeps them, not FBI.

Nobody in FBI would give a damn about leaking the patched OS image: it's Apple's reputation on stake, not FBI's.

[pilif]

But. The FBI doesn't want the keys in this case. They not even want a build that works for on any phone but the one in question.

There is nothing of value for the FBI to leak.

This is the huge difference between this order (which I can live with) and blanket encryption backdoors using key escrow or other crap (which I'm absolutely vehemently against and willing to fight to the teeth)

[st3v3r]

"They not even want a build that works for on any phone but the one in question."

That is completely not true. There is no way to make such a thing that can only work on one particular phone. There will be some point at which the compromised firmware image checks to see if it's that device, at which point it would be possible to change that to whatever device you want.

"This is the huge difference between this order (which I can live with) and blanket encryption backdoors using key escrow or other crap (which I'm absolutely vehemently against and willing to fight to the teeth)"

No, there is absolutely no difference between those two.

[Amezarak]

If Apple hands the FBI a signed, compiled firmware image that say, checks the serial number of the phone, how does it make the jump to 'whatever device' they want? Why were Leos previously filing for multiple court orders for each older iPhone requiring a backdoored image?

[otterley]

> That is completely not true. There is no way to make such a thing that can only work on one particular phone

The technique that makes this possible is described in Apple's iOS Security White paper, page 6 ("System Software Authorization"): https://www.apple.com/business/docs/iOS_Security_Guide.pdf

This mechanism explains why you can't take an old release of iOS off a different phone and copy it to yours.

[NZGumboot]

Yes, there is. Firmware updates must be digitally signed using Apple's private key. That means no one except Apple can edit out the device check, or indeed modify the firmware in any way.

[tertius]

The original argument is that if an bruteforcy firmware were created that there are now more people who have knowledge and they (Apple employees) are at great risk of exposing the capability in a real way.

Not LEOs.

[jljljl]

If Apple rotates their keys, that means that their private keys can be unlearned, whereas a method to backdoor iPhones could not be unlearned in the same way.

[yorwba]

If the backdooring method uses a special firmware update that needs to be signed by Apple, rotating their keys means that it could be unlearned as well.

[eli]

The court order specifically requests a firmware update that can only be used with that particular device ID.

[ec109685]

Replying to the reply: the FBI doesn't want this leaked because it would jeopardize their own agent's apple devices.

[chishaku]

> This is an analysis, not an objective and demonstrable fact.

No. You don't have to assume that law enforcement or intelligence agencies are bad faith actors to see they are constantly seeking to expand their powers.

http://thehill.com/policy/cybersecurity/235910-fbis-hacking-...

https://www.eff.org/issues/national-security-letters

http://www.latimes.com/nation/nationnow/la-na-nn-fbi-using-d...

https://epic.org/foia/fbi/lpr/

[scott_s]

Amezarak is not (necessarily) assuming they are bad faith actors. Amezarak is pointing out, I think correctly, that the parent poster is inferring intent of an organization from its actions. Without specific documents from that organization spelling out that intent, I agree that such inference is analysis and not fact. It may be reasonable or even probable analysis, but that does not make it fact.

[themartorana]

Also we don't have to assume it because we know it for a fact - they are bad faith actors.

[rfrank]

> If you are operating under the presumption that the government is always a bad-faith actor, then we have much, much bigger problems.

Given what we know about government surveillance programs, why would one assume the government is a good faith actor when it comes to encryption?

[settsu]

> If you are operating under the presumption that the government is always a bad-faith actor, then we have much, much bigger problems.

It needn't be "always", just (perceived as) too often. It seems fair to say the broad sentiment is that the national security arms of U.S. government have broached that barrier.

[gozur88]

>At the same time, even assuming that is true, we're talking about the FBI going through a legal process, reviewed by a judge, to get the data off one phone at a time. If that's how it works every time, I don't see a problem...

And how will we ensure that's the case? Once they have the firmware they need they can install it on other phones.