| The employer[1]: > The FBI obtained a warrant to search the iPhone, and the owner of the iPhone, Farook's employer > the owner, in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup (the first quote is on page 1 of [1]; the second quote is footnote 7 on page 18 of [1] as pointed out by another commenter[2].) I think — and frankly, the document isn't too clear on it; it'd be great if an iPhone owner could clarify — is that this is the Apple App Store account password, and the phone has a separate and different passcode. The FBI knows the password, and can access the account, but not the phone; the phone I'm guessing won't back up until the passcode is given to it. Supposedly the previous backup on the account is allegedly too old: "nearly one-and-a-half months prior to the IRC shooting incident", and even weirder, "back-ups do not appear to have the same amount of information as is on the phone itself" How can the FBI know this if they can't access the information on the phone? The FBI's point is that this is a one-time use of the software Apple would write, and Apple would maintain possession of the software throughout using it: > Indeed, it is less so because the software requested would not reside permanently on the SUBJECT DEVICE, and Apple can retain control over it entirely. > Moreover, to the extent that Apple has concerns about turning over software to the government so that the government can run the passcode check program, the Order permits Apple to take possession of the SUBJECT DEVICE to load the programs in its own secure location, similar to what Apple has done for years for earlier operating systems, and permit the government to make its passcode attempts via remote access. […] no one outside Apple would have access to the software required by the Order unless Apple itself chose to share it. This eliminates any danger that the software required by the Order would go into the "wrong hands" and lead to criminals' and bad actors' "potential to unlock any iPhone in someone's physical possession." (from page 20 of [1]) Frankly, that sounds rather convincing against the section of Apple's "A Message to Our Customers" headed "The Threat to Data Security" (but I'd love to be proved wrong! why is this a threat to data security given the above?). That said, I'm unsure about the section headed "A Dangerous Precedent" — this does seem like a bad precedent. Are we to now assume that our manufacturer should be included in our threat models for whether our device is secure? Also, has Apple submitted anything to the court detailing their argument as to why they should not be forced to follow the Order? [1]: http://www.politico.com/f/?id=00000152-fae6-d7cd-af53-fafe53... [2]: https://news.ycombinator.com/item?id=11137995 |
This is because said signing generally takes a whole complicated physical process of assembling physically secure separately kept modules that hold different parts of the signing key, and likely takes the sign-off and personal involvement of multiple senior engineers at the company.
This is absolutely necessary, because the security of literally every iPhone depends on there being absolutely no chance that the signing key ever gets into unauthorized hands.
Now think about what happens to the company when more and more judges start issuing writs that require that this complicated process happens, and when a judge unhappy with the increasingly long processing time for every "software created for a specific device" instance instead issues a writ that demands an insecure version of iOS that can be installed on any iPhone.