[qb45]

Well, that's the overhead of selling closed-source devices.

If you think about it, consulting vendors is probably a better use of taxpayer money then RE-ing every stupid crypto system on the market.

They contacted Apple, did their homework and came up with specific and generally sane demands. They even went as far as suggesting to perform the hacking at Apple site to ensure that insecure firmware doesn't leak outside.

BTW, this last part looks very much like a response to concerns voiced by Apple, which means that the official statements from both sides are just a tip of the iceberg.

[IncRnd]

>> Well, that's the overhead of selling closed-source devices.

Closed-source may be a pet-peeve of yours, but it has nothing to do with any of this.

[Spivak]

Sure it does. If all the hardware and software associated with iPhones was open-source Apple could tell the FBI to fuck off and write their own firmware. Then the only thing they would need Apple for is signing it once it's complete. And if each user could sign their own firmware updates with a key based on their password or provide their own key then it's game over.

They've put themselves in a weird legal situation because they've made it so that they are the only ones who can actually write and sign the firmware the FBI is demanding. A judge would laugh them out of the courtroom if the FBI was technically capable of writing the firmware and demanded Apple's help because it was too hard.

[cyphar]

> Sure it does. If all the hardware and software associated with iPhones was open-source Apple could tell the FBI to fuck off and write their own firmware. Then the only thing they would need Apple for is signing it once it's complete.

This is an example of a non-free software feature. Why are the keys baked in and can't be disabled. And "write your own firmware" doesn't solve this problem -- they could just pay a developer to do it $X an hour. A better security model should've been used -- where updates have to be confirmed (read: signed) by the user before they are applied.

[djrogers]

> Spivak 1 hour ago Sure it does. If all the hardware and software associated with iPhones was open-source Apple could tell the FBI to off and write their own firmware.

No, not based on the interpretation of the all writs act that the FBI is attempting to use. As far as the FBI is concerned, they could force my Grandma to write a backdoor if they deemed her the best person to do so. Given that she can't answer the phone most days it'd be a lon wait, but I wouldn't put t past them.

--edit to correct auto-correct

[IncRnd]

Closed-source doesn't change the central issue, which is that the FBI does not have Apple's code signing key.

[qb45]

Poor choice of words, I meant general "closedness" of the platform - from undocumented design, through lack of source code up to centralized code signing.

The only reasonable way for law enforcement to deal with even a single one of those factors is to request help from device vendor.