|
|
|
|
|
|
by geographomics
3749 days ago
|
|
|
Nonetheless, if Apple had designed the update mechanism to require both a signed firmware image, and authentication by the user, then the FBI's request would not be possible. Such a design would also help to mitigate the end-user effects of an insider attack at Apple, where a rogue employee signs malicious firmware, or leaks the signing key to some adversary. |
|
|
While that may be a good design for various practical reasons, the technical properties of Apple's security design are not very relevant. This is a political issue about how far Apple (and eventually, any of us) has to go in creating access for law enforcement.
Right now the FBI is being reasonably diplomatic and "asking" (formally, through the court) to create this backdoor. If the situation were as you suggest and no update capability existed, they would simply skip the current step and move on to the next step: forcing Apple to include explicit "lawful intercept" capabilities. It is very important for us to win this earlier stage of the fight, because it will be much harder to fight a law.
In case you've forgotten, the traditional telcom industry already lost that fight (CALEA).