In Tim Cook's words, from his latest letter to the employees:
"Some advocates of the government’s order want us to roll back data protections to iOS 7, which we released in September 2013. Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user’s passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure. We all know that turning back the clock on that progress would be a terrible idea."
The last released non-beta iOS is 9.2.
Bill Gates still owns some 13 billions in Microsoft stocks.
Your Cook quote is DH3 on the disagreement hierarchy.[1] I agree with it, but it doesn't engage with any arguments for or against the court order.
> Bill Gates still owns some 13 billions in Microsoft stocks.
Do you really think Gates would dissemble, throw privacy under a bus, and draw the ire of his peers... just for a potential bump in net worth? I think it's far more likely that he believes what he says he believes.
As much as the HN crowd likes to side with Apple on this matter, reasonable people can disagree about what's best. I hope Gates's position causes people to reflect on why they have the opinion they do. Gates doesn't have some shady ulterior motive. He's simply stating his opinion on the matter, and using some hastily-conceived analogies to explain it to the general public. That's all.
> > Bill Gates still owns some 13 billions in Microsoft stocks.
> Do you really think Gates would dissemble, throw privacy under a bus, and draw the ire of his peers... just for a potential bump in net worth?
Check which companies sided with Apple this time and which didn't, then compare with some other older cases, for example after Snowden's revelations, then you tell me how you see the current state this time.
Almost certainly the phone doesn't contain anything relevant: it was just a business phone of the killer who actually took care to destroy his private phone and computer, the backup data out of the phone is already owned by the FBI and they just clumsily locked themselves out.
Even if I can imagine Gates believes what he says the context matters and shouldn't be left unmentioned. Interests and affiliations of somebody influential making the public statement are certainly important to mention. Also to compare, Cook was almost presented guilty for trying to preserve the products of his company.
>"It is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records,” he said. “Let’s say the bank had tied a ribbon round the disk drive and said ‘don’t make me cut this ribbon because you’ll make me cut it many times’."
Seriously? It's absolutely different (not to mention his ribbon analogy makes no sense at all). I see all of this more a question of "can Americans actually have anything remain private on a commercial device?". I don't want anyone but me to have unfettered access to my data, regardless of if it's phone records, bank info, or my phone's contents.
Here's hoping that the iPhone 7 has a secure enclave that either 1.) deletes keys on firmware flash, or 2.) doesn't allow it to be upgraded ever.
The reality is that Apple already has unfettered access to this device: they left themselves a backdoor to which only they have the key, in the form of a "secure" update mechanism that is so "secure" that even the user can't control it, only Apple can. To me the actual question here is whether the FBI should be allowed to ask and then force Apple to use the backdoor Apple built into their product; Apple painting this as if they are being asked to build a backdoor instead of use an existing one is them being nothing more than dishonest in an attempt to twist the story and shift the blame. So yes: I think it is fair to describe the security of this device, from the perspective of Apple, as nothing more than a ribbon, as Apple already has "unfettered access to [your] data". Apple trusts users so little that they don't give users control of the hardware they own... this is frankly a good lesson on them that this is responsibility they should never have hoarded. "Here's hoping that the iPhone 7 no longer has a backdoor that is controlled by Apple."
I don't think this is a fair assessment. Apple is being asked to create a firmware version without brute force rate-limiting. With a sufficiently complex passphrase, the FBI is still SOL. They're not being asked to create a firmware version that would decrypt the disk - which would be impossible due to the iPhone's security architecture. The fact that only Apple is in a position to sign firmware that could do this is a positive thing in this context. The only alternatives are no firmware signing at all (so everyone could run this attack), no updates at all, or enforcing the rate-limiting in a HSM (which is what they're doing on the latest generation iPhones).
> Apple is being asked to create a firmware version without brute force rate-limiting.
This is a one line of code change for Apple and would take them a few minutes. FWIW, there are people in the iOS jailbreaking community who could do this without the source code rather quickly. I'll even go so far as to say that we actually already have all the tools for this lying around for the iPhone 4, and with only minimal changes made by even less qualified engineers they would probably work on the iPhone 5C.
> With a sufficiently complex passphrase, the FBI is still SOL.
Most people use the 4- or 6- digit PIN number. One presumes that in this case the user did so (and you can tell, as the UI is different depending on the kind of passphrase used), or the FBI wouldn't be quite so excited to bother here. It takes mere minutes to crack a 4- digit PIN code on the iPhone 4.
> The fact that only Apple is in a position to sign firmware that could do this is a positive thing in this context. The only alternatives are no firmware signing at all (so everyone could run this attack), no updates at all, or enforcing the rate-limiting in a HSM (which is what they're doing on the latest generation iPhones).
You have conveniently removed "allow the user to lock everyone out from firmware updates except themselves" from the list of possible options :/. While I am perfectly happy with the idea that some people might want to allow Apple to update the firmware on their device, I would much rather no one be able to do that unless they go through me, and as I own the hardware and it is my data that is on the line, I should have the right to make that decision. Apple is selling locks, claiming them to be secure, while not only sitting on a master key but now claiming that it isn't really a master key, which is not just disingenuous but outright dishonest at this point.
I think there are a lot of conflating issues in this discussion.
Firmware signing and how updates are delivered are one thing. I would argue that having only one possible adversary is preferable to everyone being able to create firmware that runs on your device. If there's a practical and secure approach that would allow users to install only firmware updates they approve of, I'd be all for that[1]. In the end - please correct me if I'm wrong - this would require a user-generated key or passphrase of some sort, and then we're back at a brute-force problem and the question of how secure is that passphrase and how are rate-limits enforced.
The iPhone's disc encryption, however, does not rely on this so-called master key. That's why I think calling this a backdoor isn't a fair assessment. It's entirely reliant on the complexity of your passphrase. The iPhone's security architecture, including the firmware signing and in newer versions the secure enclave, make attacks against this significantly harder (or next to impossible, if the secure enclave firmware is actually read-only ... something that definitely needs to be clarified). Compare this to your typical desktop full-disk encryption, where you usually have no countermeasures whatsoever against this kind of thing.
[1]: Speaking as a developer. I'm not qualified to answer this for sure, but my gut feeling is that such a feature in the hands of typical end-users might actually be a bad thing for security.
> Speaking as a developer. I'm not qualified to answer this for sure, but my gut feeling is that such a feature in the hands of typical end-users might actually be a bad thing for security.
I think users should be allowed to make the security tradeoffs they consider relevant. Many people leave a key to the door of their house somewhere outside but nearby, yet I don't think the people who build locks should decide that that is never acceptable and decide to play parent and come up with a solution to this problem: I would prefer people to be informed about the tradeoffs they are making, but they should be allowed to do what they want. Meanwhile, this enables the people who want more security than "I trust Apple, all of Apple's employees, Apple's security from hostile third parties, and the government under which Apple does business" to go "above and beyond".
> That's why I think calling this a backdoor isn't a fair assessment.
I am using this term because Apple is using this term: they said "They [the FBI] have asked us [Apple] to build a backdoor to the iPhone." when what the result would be would still require brute forcing a passcode to get the data in question. They make it sound extremely hard, but in fact it is really easy for them to do this: it is a single line of code changed; what makes it possible for them to do this is not that they haven't bothered to build it, it is that they are moral enough to not want to do it, and they are the only people with the key... but the key, fundamentally, is equivalent to the power the FBI wants. The FBI could "build" this backdoor for themselves if Apple handed them that key.
> I'll even go so far as to say that we actually already have all the tools for this lying around for the iPhone 4, and with only minimal changes made by even less qualified engineers they would probably work on the iPhone 5C.
Then there's even less reason to use All Writs to make Apple do it, unless it's to make the precedent to force the device makers to backdoor their products.
Just do it, for all of us, make that tool for 5C. But don't support FBI using this case to make "All Writs able to change products" precedent.
You seem to still fundamentally misunderstand the situation, as you seem to be challenging me to build the tool today and get Apple off the hook, as if that was all that mattered.
I can build the tool. What I can't do is sign the result. The only thing any of us are missing is the 4096-bit RSA encryption key used to sign the firmware. The way we load this tool onto the iPhone 4 is using a vulnerability in their bootloader that lets us bypass the signature check. There is only 512 bytes of data at question here, not some insurmountable amount of work.
Fair points, though to be fair the iOS platform is by and large the most secure mobile platform we have (please correct me if I'm wrong, you absolutely know better than I). Still, as long as the backdoor remains, it will always be possible to carry out malicious updates like this.
As far as I understand the secure enclave has been updated a couple times since it's introduction, so I legitimately hope this was a v1, with secure enclave v2 (without update functionality) waiting to be released in Sept.
As a side-note - one of the things I struggle with is I'm not convinced that Apple really had a tangible reason to make it as secure as it is, especially when their main competition was android, which is fairly laughable with security thanks to the OEMs.
I think Apple in general and Tim Cook in specific are highly moral people: I think they are truly looking at security as a way to make the world a better place; in discussions I have had with employees at Apple, they truly do attempt to build systems where even they don't have access to your information... only at the same time, but somehow from the other side of their mouth, when questioned about their ability to do things that are evil when they do have that ability, they just say "well, we'd never do that", and refuse to discuss scenarios where "we" is difficult to define (as it only takes a finite number of disgruntled employees to decide to do something bad) or they are forced by external parties (such as the United States government). I'm honestly kind of glad to see that latter scenario actually play out, and particularly to see it play out so publicly, so we can see how they react as "well, we'd never do that" even has the possibility of turning into "fuck, we were forced to do that".
Doesn't the secure update mechanism simply permit access to the system partition? This late in the game, how can that possibly give Apple user filesystem keys? Those require the PIN or password. An OS update at this point can only permit rapid brute force iteration. Obviously "unfettered access to the device" is really useful to steal user keys while the device is unlocked, but it's not so helpful after the fact.
> Obviously "unfettered access to the device" is really useful to steal user keys while the device is unlocked, but it's not so helpful after the fact.
Exactly: the ability for Apple to send a specific user a different firmware update than they send everyone else is extremely brutal and there is absolutely no way the user (no matter how intelligent) could even tell that they were being targeted as the only person who has even remotely powerful access to the firmware being loaded is Apple themselves.
> This late in the game, how can that possibly give Apple user filesystem keys? Those require the PIN or password.
You just brute force this. On the iPhone 4 it took minutes to brute force a 4- digit PIN code, and clearly it wouldn't be a challenge to brute force a 6- digit PIN code (this is still less than a day). If the user has a password, it might take a while (depending on how good it is), but it is still a guaranteed attack. You can quibble with me on the definition of "unfettered", but I maintain that "will take (maybe) some time but almost no effort to get a 100% success rate, and which will complete almost certainly before the statute of limitations expires on the crime" is not usefully "fettered".
No: it is a backdoor that everyone in the world knows of, including the FBI, which is why this is even a question. Apple is the only party allowed to change the software running on the device, using their software update encryption key: this is a backdoor into at least this device (an iPhone 5C).
More or less correct if fully trusting any signed code by a third party (Apple) is a backdoor. For what it's worth, signed code imparts security benefits to Apple and Android users who indeed can't be trusted to not screw up their own phones.
Thing is, this entire system is based off of trust. If people lose trust in Apple, then they lose trust product. While even Apple can't decrypt the data, existence of malicious signed code means you can't trust signed code.
FBI would have done better to ask Apple in secret. Apple really made the only possible choice when faced with a public request.
What Apple possesses is the somewhat unique ability to design a system that is actually secure by burning the key into the secure enclave and not allowing it to be updated. The only way someone would be able to get to it then is by attacking the physical hardware itself (which I'm sure an NSA-level attacker could do), but it would render this entire thing moot, as even Apple wouldn't be able to unlock the phone if it wanted.
I say unique because they can bake security into the actual hardware design, and tightly control how the entire thing works, which android & windows simply can't do. In order to trust your OS (and in turn, your signed software), you have to trust your hardware first. The security of the entire system falls apart if you can't trust your hardware.
> FBI would have done better to ask Apple in secret. Apple really made the only possible choice when faced with a public request.
I agree. I will go further and say that I hope Apple would make the same decision in secret. I believe Apple in general and Tim Cook in particular to be not just moral, but "principled", in that I feel like he's unlikely to back down from a moral argument without being beaten into submission. I hope Apple fights this one to the death.
> Thing is, this entire system is based off of trust. If people lose trust in Apple, then they lose trust product. While even Apple can't decrypt the data, existence of malicious signed code means you can't trust signed code.
The question at hand is whether it makes sense to trust a company when their government wants them to do something and may technically have the law (as broken as you or I or even "almost everyone" feels that law is) on their side. This is the same discussion about putting data on servers in other countries run by companies that might bow to the will of some oppressive totalitarian regime, only the server is in your pocket and the regime is the United States through the FBI.
This is completely upside down. Can all Apple haters for once put down their haters' hat and try and be reasonable for the good of everybody?
You phrased all that just to get to the conclusion that Apple is an over-controlling company imposing rules on otherwise super tech savvy users. Well sorry to break the news for you, but people decide on their own which smartphone to buy.
Globally, most of the time, it's an Android phone. Globally, most of the time, it's an OLD and cheap Android phone, with firmwares so old and so full of holes that calling it insecure would be an euphemism.
But hey, I suppose they're much better off, since they can DECIDE what phone to buy, right? It's certainly not their income deciding for them...
Better, they can even root it! Make it even more insecure! Install pirated software that hides malware and will steal their ids or their money! Now THAT's choice and power to the user!
As long as you don't care if someone can attempt to pull the data from your phone like this, then sure: go ahead and buy that phone. The people generally in these threads, however, and apparently the opinion of Apple itself, is that the FBI should not be able to get the data off of this device; as it stands, Apple can guarantee their eventual success.
> Better, they can even root it! Make it even more insecure! Install pirated software that hides malware and will steal their ids or their money! Now THAT's choice and power to the user!
This makes no sense. Sure: someone can make their device less secure if they want. I absolutely support you doing that. They can also try to use vulnerabilities to take back control of their device and make it more secure (though with an iPhone there are some serious issues with this, due to how almost impossible it is to lock Apple out). But what does this have to do with the conversation at hand? Can you connect any of this back with the FBI discussion?
> This makes no sense. Sure: someone can make their device less secure if they want. I absolutely support you doing that.
Well yeah, I guessed so. People in Cupertino probably think that's basically your mission :D (I don't, though).
What I wanted to say is that building a security platform that completely locks you out of the device you're building is 1) Hard 2) full of political and legal implications.
Even then, Apple is the only manufacturer with such a clear roadmap in that.
Why are they the only one to be held so strongly accountable for building this king of security while Google Android phone can be snooped upon in an extremely easy way? When they're less secure by design?
> People in Cupertino probably think that's basically your mission :D (I don't, though).
Good, because anyone who thinks that even casually is either completely uninformed or an idiot :/. (I vaguely apologize for the bluntness, but this is an insinuated attack even with the statement that you don't believe it, at which point one would question why you brought it up in the first place.)
> Why are they the only one to be held so strongly accountable for building this king of security while Google Android phone can be snooped upon in an extremely easy way?
You clearly have never been to one of my talks; I outright told an entire audience of people at DragonCon, most of whom used Android devices, that they should not use an Android device if they even remotely cared about security, and sat there and took it as they boo'd me: I am extremely vocal about the flaws in Android devices.
Only today, we are talking about Apple. And today, Apple is being disingenuous: they are making it sound like it would be some herculean effort to build some massive crowbar to defeat their otherwise impenetrable device, when in fact what the FBI wants can be accomplished by Apple in a matter of hours, and that the underlying security of this device comes down to something Apple would rather people believe is a good thing--that they have more access to the hardware you own than you do--than ever even momentarily consider to be a flaw.
Don't pigeon-hole yourself, most people just want a phone that can load facebook and is cheap. The number of people who care about security is definitely rising, but they're still in a fairly small minority.
Also I'd venture that Saurik is quite the opposite of an "Apple hater", as he created cydia (https://cydia.saurik.com/), and contributed arguably the most to the iphone jailbreak community to date.
> from the perspective of Apple, as nothing more than a ribbon, as Apple already has "unfettered access to [your] data"
No! Since iOS8 Apple intentionally encrypts the user's data on the phone in a way that even they don't have access to them.
They have access to the hardware, to be able to reconfigure it, but not the encrypted data on the phone. Because the data is encrypted, intentionally so.
And they have access to the iCloud backup data and they gave that data to the FBI. Then FBI actually locked their access to the phone by changing the iCloud password.
This is an iPhone 5C, which does not have the "secure enclave" feature, and it isn't even clear helps as Apple has stated to reporters that it is possible to do what the FBI wants, so we know the software on that component must be mutable. If it was actually impossible to do the thing the FBI wanted them to do then we would not even be having this discussion today: Apple would just say "can't, sorry" and the FBI would be forced to move on with their lives as nothing Apple could do would help them get access to the device.
Secure Enclave is irrelevant here. Even without Secure Enclave the data on iPhone 5C is encrypted with the user's password and Apple doesn't have access to the data as it doesn't have user's password, contrary to your claim that "Apple has the access to the data." No, FBI has access, but only to the encrypted data.
And FBI can't decrypt it. They locked themselves out of the phone, actually. And the phone is not the private phone of the killer, he destroyed that one, and his computer too. And note that he didn't care about this phone.
FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.
It takes mere minutes for us to crack the 4- digit passcode on the iPhone 4 (which I only specify as that's where we were last able to easily do this in the jailbreak community; it might be faster now), and most people likely don't use terribly strong passwords; the FBI might also have "leads" on what the password is, but not good enough ones that they feel confident dealing with ten attempts. This is a backdoor to the lock: you can quibble with me over the definition of "unfettered" (I do not consider "it will take some time, but I absolutely have a 100% chance of getting access without fail" terribly "fettered", but it definitely is more than the people who are frustrated with this situation seem to want the FBI to have).
> FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.
... and we should be thankful the FBI didn't simply demand the 4096-bit key Apple uses to sign firmwares, because that's all they actually need--nothing more than 512 bytes of data--in order to accomplish the thing everyone is upset about here.
"(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction."
Note it's not any kind of law that regulates any form of encryption or communication security, a lot of laws with such topics were fought through the years! It's just "we can demand anything we want."
Then consider how long such Secure Enclave will last if this precedent on such use of this Act is now to be made.
I agree that it would be upsetting if precedent was made, but I believe it is technically feasible to build a device whose keys are only known by an end user. The FBI is basically asking to go down legitimate update channels to brute force their pass-code, and while that's still a feasible option, of course the FBI is going to ask to use it. Updating the security model of the secure enclave to either destroy keys on flash or disable the flashing mechanism all-together would render the ability outside of even apple's reach, then it goes back down to a question of if you can be compelled to give up your encryption pass-phrase, which I believe precedent has already been set on (please correct me if I'm wrong).
As an aside it bugs me to a fairly large degree that we still attempt to apply very old laws to something they were never designed to address the things we put in front of it. It feels very akin to trying to jam a square peg in a round hole.
Ever play with a wifi pineapple? Ever build one yourself? Congrats! You broke a federal wiretapping statute!
The age of the law should not be an indicator of how applicative it is. Consider that the All Writs Act was written at essentially the same time as the fourth ammendment. Similarly, it appears to be written broadly with the very intent that it can be applied in many circumstances.
What has changed in the past 2 centuries is the way the law is interpreted by the courts. And if this case keeps going it will probably be another that defines what the limits of that law.
If there is something you should be concerned about with All Writs it is not its age but its scope. Unless Congress provides a more specific legal framework (which we have seen in a number of other technical cases, for good or, often, ill), it will continue to be decided by judges and justices.
> I see all of this more a question of "can Americans actually have anything remain private on a commercial device?".
It's Americans now, but if Apple gives in, investigators from other big markets might pressure Apple to do the same for them. I think that's what's meant with cutting the ribbon many times.
This debate is global. Why is it so hard to understand for most politicians? It's a matter of national security because the matter is not strictly national, and could have reverberation all over the world, especially in very sensitive markets like China.
I do not understand why Bill Gates would take a contrary position to Silicon Valley / tech community on this issue. Any insight into why he is taking this stance?
What I have found even more confusing is why the FBI hasn't asked the NSA for help. The NSA's thousands of skilled hackers simply can't break into an old iPhone?
Gates is not in charge of Microsoft anymore... and hasn't been for a long while.
Actually, my best hypothesis is that, remembering that the Gates Foundation, which is the organization Gates is actually involved with now, works a lot in government/policy circles, Bill himself might have views that are more common within that circle that within the tech community. Whether that means that he is taking this point because he has more information, less information or just different priorities, I do not know. I don't even remember if Gates took any position on the original crypto wars.
I personally find that the balance of arguments weights much heavier on the side of security and privacy, versus surveillance, and that creating this tool and setting this particular precedent would do more harm than good. I can still imagine a world in which Gates disagrees with that without being knowingly evil, though.
Actually, when it comes to Gates in particular, I admit that when I was younger I spent a long time thinking of him as "knowingly evil" (or at least selfish to a extreme degree) for completely different reasons. Later I realized that he might have simply put priority on different ethical axioms than my high-school self did... and in the balance of things might end up having been a higher positive force in the world than a negative one, by far, see e.g. https://en.wikipedia.org/wiki/Malaria#Eradication_efforts . This doesn't mean I agree with him on the issue at hand, though.
He's not in charge of, but still holds at least $12bn of MS stock, on which a lot of his wealth is leveraged and predicated, which would certainly give him a vested interest in defending microsoft's interests, which are the government's interests.
You may well be right however that the circle he runs in has influenced his stance on this too, however he has historically taken a pro-government anti-knowledge stance - see http://www.rollingstone.com/culture/news/bill-gates-the-roll... for instance in which he trots out the "Snowden is a traitor who needs to come home for a fair trial" rhetoric.
Because people are allowed to have their own opinion? I don't agree with him, but I certainly don't base my opinion on this matter on the general sentiments in Silicon Valley.
Regardless of the outcome of this case, the best thing that Apple, Google, and everyone else can do is to make sure that it's impossible for them to comply with future versions of the OS.
Bill Gates is well aware that people will take this, not as his personal opinion, but as the opinion of Microsoft. He could have made it it clear that this was his personal opinion and not related to the Microsoft position, but he did not.
Most people outside the tech industry don't pay attention to what Bill Gates, Tim Cook, or anyone else in the tech industry says. Those in the industry are hopefully smart enough to recognize that Bill Gates saying something doesn't mean that Microsoft is necessarily in agreement with it.
But the likes of Bill Gates will get quoted on the news headlines - most people don't care but will hear "Bill Gates says..." and think "well, if the experts think that"
Even the NSA don't have a magic wand for braking cryptographic security. Designing well engineered, secure cryptographic systems that are not hackable is a thing people can do and it appears Apple have done it.
Most of the NSA hacking has nothing to do with cracking cryptographic keys anyway, it's exploiting weaknesses in systems so you don't even need the keys at all. In this case, it appears they would need the keys.
That's not how the NSA operates. The NSA is not a tech support hotline for the Feds. The NSA has its own mission set which its resources go towards. If it doesn't fall within that mission set, then NSA don't care. This iPhone doesn't fall within that mission set.
And what about when authorities in the UK also have cases where they "need" phones to be unlocked? And how about China? And every other government in the world that may want to have phones unlocked?
In an interview with Rolling Stone's Jeff Goodell, the Microsoft co-founder and richest man in the world did not mince words when asked if he considered whether Snowden is a hero or a traitor.
"I think he broke the law, so I certainly wouldn't characterize him as a hero," Gates said. "If he wanted to raise the issues and stay in the country and engage in civil disobedience or something of that kind, or if he had been careful in terms of what he had released, then it would fit more of the model of 'OK, I'm really trying to improve things.' You won't find much admiration from me."
Gates said that there "has to be a debate" about government snooping, but indicated that some aspects of government surveillance are best left a secret.
Microsoft has seen quite a bit of controversy regarding its alleged cooperation with the NSA. Last July, the Guardian reported that Microsoft had aided both the NSA and FBI in accessing user data, including providing video and audio conversations from Skype, Microsoft's video chat service. A Der Spiegel report in December also found that the NSA would use fake Windows error messages to spy on people.
I disagree with Gates on this one, I think in the US that has common law legal systems, setting the precedent by unlocking (if possible) the iphone in question would be disastrous.
Isn't there a court case opened against Apple on this one? Sorry my legal knowledge is very limited but I think the official FBI request goes through a court. Maybe I am wrong, if somebody has the details I would love to read about it more.
So why is Microsoft fighting us.gov regarding access to data stored in another country? Isn't that, to the layman, just another variety of ribbon-wrapped box. Gates should know that, just like extra-jurisdictional data retrieval, signed malware data retrieval is dangerous, bad business and awful precedent. He must publicly set the record straight for his company's stance to have any credibility.
The reason Microsoft isn't releasing information stored in other countries is because doing so would break the law in those other countries. It would open Microsoft and its employees to prosecution in those countries.
I disagree with Bill on phone security and agree with Apple's stance, but even so it's pretty clear to me that Microsoft has a stronger case and literally has no choice but to deny the US DOJ access to records held abroad.
Bill Gates isn't in charge at Microsoft. Sure, he's still on the board, but he's not even the chairman anymore. It's possible that he disagrees with Microsoft fighting the government regarding access to data stored overseas, but is staying silent because he doesn't want to be seen as badmouthing current management.
well, what a coincidence, I guess MS phones aren't selling well, so let's undermine competition a bit.
not for a second do I suspect mr gates to be stupid or not comprehending situation in full detail, with all possible consequences. and here I thought that he went from most hated IT guy on this planet in '90s to somebody actually concerned about good of the mankind. can somebody shed some light what would be his true motivations for these statements?
Bill Gates: "Let's say the bank had tied a ribbon round the disk drive and said 'don't make me cut this ribbon because you'll make me cut it many times'"
...Well, that sums up his understanding of the the encryption technology. Then what are we to expect of the general public, when even Bill Gates sees a "ribbon around a disk drive"?
I thought it was quite clear that Gates was making an analogy for non-technical readers. He doesn't really think of encrypted devices that way.
Unfortunately, there's no way Gates can win here. If he uses technical language, journalists and/or readers won't understand. Or worse: they'll misunderstand his views. If he uses simplistic analogies, he invites mockery from technical readers.
Yes, but in the second case he'll win the sympathy of the laymen who will think "hey, if even bill gates says they're wrong, maybe they're wrong. The guy's a genius". These people are less vocal than tech readers, but they vastly outnumber them.
I doubt Gates has any hidden motive behind his statements. He's just saying something he believes to be true, while trying to make sure others understand him. Why would he care about getting sympathy from laymen? He's the richest person on the planet. He's got more important stuff to do, like sparing millions of people from disease, poverty, and hunger.
No, Mr. Gates, cutting this ribbon would mean that all the other ribbons are cut by default. Not just by your allies, but by your not-so-friends in North Korea.
It's not about cutting a ribbon. It's about putting a hard drive in a box that self destructs when you try to open it. What your friends are asking is not to cut a ribbon, but to make the box open safely with a master key. Your government could not even stop wikileaks and your own employee to turn against you -- how do you expect the world to trust them with master key?
Overreaching beyond means and have it blow up in the face is quickly becoming an American virtue in the 21st century.
Wasn't MSFT the first company to hand over all data to a three letter agency? Yes it was. So no surprise. Win10 was born in this context too. And he still owns billions worth of its stock.
Can anybody explain why unlocking just this specific phone is bad? Can't we decide on a case-by-case basis? It's not like Apple is being asked to backdoor all Iphones so FBI can read everyone's data. Just this specific one ordered by court. What am I missing?
First of all, it sets a precedent that companies can be forced to create software that willfully compromises their security mechanisms. This is very much different from your typical data dump ordered by a judge. It's quite likely that the FBI and other law enforcement agencies would use such a precedent in many future cases.
Second, it's unclear how easy it would be to create firmware that only works on a specific device. What if there's a bug, or what if someone finds a way to spoof the device ID that would probably be checked? It could very well end up being a backdoor for all iPhones after all (or, at least, for all iPhones without a Secure Enclave).
Let's say that Apple crafted an update that does what the FBI wants. That in itself wouldn't put other iPhones at risk, as long as a signed copy of that malicious update didn't leave Apple's custody. The FBI hasn't even asked for that. They say that Apple could do all the work in house. Furthermore, it's unlikely that this malicious update would work on newer iPhones.
my understanding - there is currently no software package created to allow this (ie modified kernel or whatever is necessary). government doesn't have resources/knowledge to do it on its own, otherwise they would already have it.
once this is created, apple would pressed HARD by all authorities to re-use it for all iphones captured. these days we know damn too well that people in CIA, aNSA etc don't hold any reasonable moral values when it comes to privacy of about anybody on this planet.
plus it could be taken from this specific phone and very probably copied anywhere, without any apple approval or court order.
if government was playing mr nice guy till now, there would be at least some hope and faith. currently, there is simply none.
Wow. Just wow. I keep thinking there is some huge cavet missing from the story, but if there isnt, that is massivly disconnected from reality.
Call and message info, okay maybe, but full access? There is no way you can say thats fine.
I have said it in an earlier comment and ill say it again, i think they are inly doing this, on this case, to make a precedent, and only on this case, as few people will want it to be on record, that they are 'siding' with terrorists.
Gates does some great things but he's not thinking far enough into the future here.
If our law enforcement cannot understand that terrorists will simply switch to use another encryption tool, then we have a much bigger problem than unlocking a single iPhone. Our security force does not know how to keep us safe. I'd rather they figure that out sooner than later.
Bill Gates led a company that shipped products with poor security for decades just to maintain their first mover advantage. He actively and deliberately took part in abusing the fact that security is not the first thing assessed in a product.
He might be a brilliant man, but he clearly doesn't have the vision when it comes to security and privacy.
Is anyone doubting apple unlocked the iPhone? I don't understand B Gates stance. of course they did unlock and give it to the police. of course they will never say it in a PR and we all know why. Is anyone doubting that we are now living in a world where EVERY one of us is a potential suspect being processed in a set of crappy ML algorithms and stats where our faces, fingersprints, RFID cards are being captured at every instant of our lives? and don't worry IOT is coming. Alexa is already the premise of HAL except that the AI that controls the world will never happen. Much worse will happen. People that do not care about mankind or freedom will listen to our every moves, every instant of our lives.
"Some advocates of the government’s order want us to roll back data protections to iOS 7, which we released in September 2013. Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user’s passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure. We all know that turning back the clock on that progress would be a terrible idea."
The last released non-beta iOS is 9.2.
Bill Gates still owns some 13 billions in Microsoft stocks.