[froo]

It's not about the government getting access to a tool like this, Apple specifically doesn't want to create a tool that can easily defeat its own security, to then hand over to the FBI. The government has, on numerous occasions, shown it has some pretty horrible practises in securing information, and this kind of tool being let out into the wild is bad for For everyone (not just Apple).

Why risk opening that Pandora's box? If the tool doesn't exist, it can't be exploited by bad actors

[jondubois]

What tool? Apple can just give the government the private key for that specific phone. Done.

Everyone else is still safe. Safer, I might add. So long as there is a clear process for the government to get access to specific keys for specific phones.

If Apple is CAPABLE of building such a tool (and use it for themselves), then I think the government should have access to it too.

[snowwrestler]

Apple does not have the key for that phone. No one does.

What the FBI is asking Apple to do is write software that will turn off the "wipe after 10 wrong passcodes" feature of iOS, so that the passcode can be brute-forced.

Setting aside the government's interest in such a tool, imagine the interest from hackers.

Consider that in 2011, someone hacked into RSA to steal info about their tokens, just so that they could then hack in Lockheed to steal top-secet info.

Now imagine someone hacks into Apple (very possible to happen) and steals the security-defeating software code to install on other iPhones.

[jondubois]

If what you say is true, then I agree with you.

Though I find it hard to believe that Apple doesn't already keep some sort key(s) to unlock individual phones or to turn off this "wipe after 10 wrong passcodes" feature.

Facebook (and pretty much every other internet company on earth) keeps password hashes and salts in their databases - So in theory, the government could already brute force the vast majority of our personal data from these websites.

At least with a phone, the government has to physically get a hold of it in order to brute force the phone and read the data.

[snowwrestler]

No need to brute force Facebook or most other hosted services, because very few of them store user data encrypted at rest.

Passwords control access to features of the web application, but employees of the company can just go around that and get the data off the server directly.

iPhones running iOS 8 or higher are different--they do encrypt data at rest, and create the key by combining device-specific info with the passcode that the user creates. So without that passcode, no chance to decrypt without brute forcing.

[cmurf]

If you're asking what tool FBI wants (special weakened version of iOS), and suggesting Apple hand over a non-existent private key, then you don't understand the basics of the dispute.