[p01926]

> Should the government be able to access citizen's digital data with a court order? And if so, how can that be enabled without compromising the general security of the device?

No. And that's both impossible and a massive compromise.

This case helps us tackle that first question. Here the murderer's personal phone and computer hard drives were destroyed — rendering them "above/beyond the law". Just because some data is digital doesn't place it in some special legal realm more important than shreddable/burnable paper or the air secret conversations were spoken into. There are fundamental limits to recoverability. If technology companies are to be forced to maintain vulnerabilities because governments see all their customers as potential terrorists, the industry is doomed.

The real problem here is although terrorism will never touch the average citizen anywhere near the extent of other tragedies like illness, accidents or natural disasters, the media treat it like it's the single most important issue — making people fear for their lives is good business. I'd die before sacrificing freedom of speech every time, but the news business just seems too like racketeering. We need to fight the fear.

[rayiner]

> terrorism will never touch the average citizen anywhere near the extent of other tragedies like illness, accidents or natural disasters

This argument ascribes zero weight to the injustice of terrorist attacks. Your logic--that a death is a death--does not admit distinguishing between someone dying in a freak accident, someone being killed by a drunk driver, and someone being murdered in cold blood. It's all the same.

You're ignoring a very fundamental aspect of human psychology: people view a death very differently based on the intent of those doing the killing. Unlike murder, terrorism isn't just an attack on one person. It's an attack on the values, religion, economy, and lifestyle of a whole society. That's why people weigh it so heavily.

[rustynails]

Possibly. An individual murder means it is unlikely to have an impact to you. A serial killer will often impact a demographic in a city. A mass murderer will often impact a demographic in a large area or country. A terrorist will usually target a demographic in many countries, but on a much smaller scale than a mass murderer.

I currently think a mass murderer would be a greater threat to the world collectively, but the terrorist triggers the fear that any location might be attacked. Hence, while much less destructive, has the "me" factor that pulls heart strings of society at large.

[andrepd]

Why not? Police can search your house or seize your mail with a court order. Why can't they search your phone or computer?

[matwood]

They can search my phone and computer with a court order. What they should not be able to do is force companies to compromise proper encryption so they always have the ability to find something.

[sliverstorm]

That's not the only angle here. Apple was asked to aide the FBI in attacking a phone, not to design bad crypto. (They may have also been asked to design bad crypto, but that's not what is happening here)

[developer2]

Except that the authorities do want companies to use bad crypto. The only reason they've had to fall back on demanding an attack vector is because they haven't yet been able to force their preferred solution (bad crypto) to be implemented.

Demanding an attack vector should be seen as the same concept as demanding bad crypto, because the intent behind the request is the same. They're trying to convince us that these are different requests, but the end result is the same. A workaround to attack good security is the same as having bad security to begin with. I can't imagine why anybody would think that "bad crypto" and "attack vector" are not very nearly the same thing.

[Chefkoochooloo]

But what you are forgetting is that Apple has been fully compliant and cooperative throughout this investigation. The problem with building a backdoor into a highly encrypted security system gives pathways for others to find the same backdoor. If other hackers knew there is a for-sure way to gain access and hack an iPhone, they will find that path. With today's plethora of technology, a line needs to be crossed in order to protect our privacy. We hold so many personal details inside of our phones and if by some chance the backdoor were to be released, chaos and panic would run ramped. I can understand completely why Apple deems this process "too dangerous".

[sliverstorm]

The pathway is obvious- build a signed image that lets you guess unlimited passwords at maximum speed. Apple doesn't have to do it to make it apparent it would work. The avenue is already in use:

As many jailbreakers are familiar, firmware can be loaded via Device Firmware Upgrade (DFU) Mode. Once an iPhone enters DFU mode, it will accept a new firmware image over a USB cable.

The special "backdoor" Apple has access to:

Before any firmware image is loaded by an iPhone, the device first checks whether the firmware has a valid signature from Apple. This signature check is why the FBI cannot load new software onto an iPhone on their own — the FBI does not have the secret keys that Apple uses to sign firmware.

http://blog.trailofbits.com/2016/02/17/apple-can-comply-with...

As for "the attack firmware could leak"- well, so could the signing keys.

[EdHominem]

Because they can't. A court order can't let them fly. Nor can it compel you to build them wings. (Though you may have to buy them a can of Red Bull.)

The police were already searching you and your house so we enacted rules to try to control that. Those rules didn't enable the searching - they placed restrictions on the applicability of evidence to reduce the desire to search improperly.

[1024core]

If they can get in. Suppose your house is made of some material (10' thick steel?) which cannot be broken into without a use of a nuke (bear with me....). Is the government allowed to nuke that neighborhood just to get into the house?