[saurik]

I don't... you just seem really confused here :(. You are conflating the key used to sign the data on the disk with the key used to sign a software update for the system; the FBI here wants firmware for the device, signed to work on this device, that will allow them to brute force the PIN code (or password) used to generate the disk encryption key. I am saying that the actual software is something that many people in the community could build, and would require almost no effort for Apple to produce. The only reason I, in fact, can't do this, is because I don't have a key that Apple is sitting in possession of right now: the key that is used to sign these firmware updates. That one key is the backdoor, as that key is the only thing standing between someone and accomplishing what the FBI wants, and it will let you do not only this but all kinds of other evil things you want to do to anyone's phone.

[acqq]

And "that one key" isn't a few bytes in your mother's basement, it's something with which all the Apple's products, hundreds of millions, are secured and are to be secured and which you should not have, FBI should not have, and should not be misused without proper laws made. This time, instead, All Writs is attempted to be used.

It's wrong and dangerous, not because only the key, but because the way the whole issue is constructed, the demand to Apple is to "just" change the iOS (Apple's product) "because we say so and we can." Dangerous precedent.

It's not "give us the data from the phone." FBI has the data already. They are encrypted, and FBI locked themselves out. Bad luck.

[saurik]

Which is probably why the FBI didn't ask for access to this key (which, FWIW, is stored in an HSM at Apple, and so would have to be "borrowed" rather than copied): instead, they are asking Apple to provide a firmware which can be used "onto the SUBJECT DEVICE" (capitalization is from original text). The firmware update process requires signing a hash of the firmware with at least (depends on the device) the ECID of the specific device in question, and so if Apple complies with the order as written they actually only empower the FBI against this specific device. Again: they make it sound like some herculean task to build the software, but the only actual complexity here is the signing.

[acqq]

The "actual complexity" estimated by a single hobby programmer only at the technical level is not the way this attempt should be evaluated, as I've already pointed. It's the All Writs use to request the change of the product used by hundreds of millions and the precedent of it, that is the main issue here:

In Cook's words:

http://techcrunch.com/2016/02/22/in-employee-email-apple-ceo...

"We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms."

It is far from "just one small thing." As far as I understand you've already made some unauthorized changes to Apple products, and I can understand how you see it as "easy" but your technical experience, even if it's notable, is not the topic.

[saurik]

...which is a complaint with the law, which is fine: you can complain about that law all you want. The problem I have is with stuff like their answer to the question "Could Apple build this operating system just once, for this iPhone, and never use it again?", which essentially is outright lying: the "master key" in question is their signing key, not some piece of trivial software they develop (and then sign) in order to automate this process for the FBI. Apple already has the only master key of relevance: that key already exists; the idea that the master key is something that they need to "build" and then would have to "protect" is them trying to divert attention from what is actually important.

Even if you think I'm wrong (to which I highly recommend you ask some other people, preferably strong developers, as the idea that this is difficult for Apple to build isn't me "estimating" here, it is the kind of idea that should be discarded at the face of it as it is so absurd... this is something they could assign an intern to and it would still be done in a few hours), then we are just talking about some different time period for someone to build the software here: whatever it is, it is fundamentally insignificant in comparison to Apple spending a few minutes to use their key and sign the firmware. The world isn't somehow different once that software exists, even if you think it is hard to build: what is fundamentally different is only that people realize the government might be able to force Apple to use their key.

[acqq]

They still have to develop the different version of the software even if it's just changing some specific statements and recompiling and then signing. Not to mention that it also has to be tested, installed, access controlled etc. So it actually has to be built, tested and protected. What do they "outright lie" can you please quote?

> The world isn't somehow different once that software exists

It is, if it's made by Apple now, since it makes the legal precedent in how All Writs is accepted by Apple to be used. It even makes it a precedent for other companies too. That's why they question it and rightly so.

That's why if FBI or you would have managed to produce some cracking tool now, without Apple's help, it wouldn't matter. It wouldn't affect the development of even more secure phones by Apple.

Technically-hard-or-not-hard, as claimed by an-intern-or-the-Cydia-author is, once again, irrelevant.

> what is fundamentally different is only that people realize the government might be able to force Apple to use their key.

Government already tried to force them and Cook responded, literally: "We feel the best way forward would be for the government to withdraw its demands under the All Writs Act" so people hopefully already realize what is at stake and at least we discuss it.