[acqq]

Secure Enclave is irrelevant here. Even without Secure Enclave the data on iPhone 5C is encrypted with the user's password and Apple doesn't have access to the data as it doesn't have user's password, contrary to your claim that "Apple has the access to the data." No, FBI has access, but only to the encrypted data.

And FBI can't decrypt it. They locked themselves out of the phone, actually. And the phone is not the private phone of the killer, he destroyed that one, and his computer too. And note that he didn't care about this phone.

FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.

[saurik]

It takes mere minutes for us to crack the 4- digit passcode on the iPhone 4 (which I only specify as that's where we were last able to easily do this in the jailbreak community; it might be faster now), and most people likely don't use terribly strong passwords; the FBI might also have "leads" on what the password is, but not good enough ones that they feel confident dealing with ten attempts. This is a backdoor to the lock: you can quibble with me over the definition of "unfettered" (I do not consider "it will take some time, but I absolutely have a 100% chance of getting access without fail" terribly "fettered", but it definitely is more than the people who are frustrated with this situation seem to want the FBI to have).

> FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.

... and we should be thankful the FBI didn't simply demand the 4096-bit key Apple uses to sign firmwares, because that's all they actually need--nothing more than 512 bytes of data--in order to accomplish the thing everyone is upset about here.

[acqq]

> It takes mere minutes for us to crack the 4- digit passcode on the iPhone 4

Please make it then for iPhone 5C. You would do the world a favor.

If you claim you don't have the needed RSA key, then you confirm that the encryption actually works. And you know that your "tool" wouldn't work on the copy of the encrypted data, too. Nice for consumers, isn't it, hardware-dependent functioning encryption by Apple.

[saurik]

I don't... you just seem really confused here :(. You are conflating the key used to sign the data on the disk with the key used to sign a software update for the system; the FBI here wants firmware for the device, signed to work on this device, that will allow them to brute force the PIN code (or password) used to generate the disk encryption key. I am saying that the actual software is something that many people in the community could build, and would require almost no effort for Apple to produce. The only reason I, in fact, can't do this, is because I don't have a key that Apple is sitting in possession of right now: the key that is used to sign these firmware updates. That one key is the backdoor, as that key is the only thing standing between someone and accomplishing what the FBI wants, and it will let you do not only this but all kinds of other evil things you want to do to anyone's phone.

[acqq]

And "that one key" isn't a few bytes in your mother's basement, it's something with which all the Apple's products, hundreds of millions, are secured and are to be secured and which you should not have, FBI should not have, and should not be misused without proper laws made. This time, instead, All Writs is attempted to be used.

It's wrong and dangerous, not because only the key, but because the way the whole issue is constructed, the demand to Apple is to "just" change the iOS (Apple's product) "because we say so and we can." Dangerous precedent.

It's not "give us the data from the phone." FBI has the data already. They are encrypted, and FBI locked themselves out. Bad luck.

[saurik]

Which is probably why the FBI didn't ask for access to this key (which, FWIW, is stored in an HSM at Apple, and so would have to be "borrowed" rather than copied): instead, they are asking Apple to provide a firmware which can be used "onto the SUBJECT DEVICE" (capitalization is from original text). The firmware update process requires signing a hash of the firmware with at least (depends on the device) the ECID of the specific device in question, and so if Apple complies with the order as written they actually only empower the FBI against this specific device. Again: they make it sound like some herculean task to build the software, but the only actual complexity here is the signing.

[acqq]

The "actual complexity" estimated by a single hobby programmer only at the technical level is not the way this attempt should be evaluated, as I've already pointed. It's the All Writs use to request the change of the product used by hundreds of millions and the precedent of it, that is the main issue here:

In Cook's words:

http://techcrunch.com/2016/02/22/in-employee-email-apple-ceo...

"We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms."

It is far from "just one small thing." As far as I understand you've already made some unauthorized changes to Apple products, and I can understand how you see it as "easy" but your technical experience, even if it's notable, is not the topic.