[dogma1138]

Depending on how it's done if the signing key is delivered to the USG yes, if Apple only delivers on-demand software updates then the security remains pretty much the same - anyone within apple who has access to the current signing key / authority to push software updates to apple devices.

Handing out the signing key to the USG will probably be quite disastrous as they more likely than not offload it to any 3rd party in the private sector which will offer to make them the next best phone scrapping kit or spyware.

If Apple is compelled and goes trough the software route then it's will be bombarded by 1000's of requests to unlock phones, and worse in the future to potentially install "wiretaps" on phones of suspects not in custody who haven't been charged with anything yet which will be quite a costly operation for Apple.

[nickik]

In the house meeting the security expert said this pretty well. As soon as the process becomes routine its going to be in a huge amount of danger.

[dogma1138]

That one I don't really buy sorry, wiretaps have been around for ages and while they have been misused by law enforcement I haven't heard about too many cases in which criminals actually exploit them.

While cyber criminals are sophisticated it's just not going to be worth the effort for them, most large cyber crimes were pretty low tech.

Foreign intelligence agencies is another deal, but then again they could just as easily penetrate Apple now.

So while there will be some technical risk its really not substantial, the privacy implications however are going to be very severe.

[nickik]

You attack the weakest aspect of a system and with traditional phones that was not the interface to the state.

Apple having a well such a key now is problematic but it is necessary. As long as apple only signs individuel versions that is hardcoded to one perticular phone, the danger is not that large. These keys are protected with lots of effort and access to it is limited.

If apple is forced to unlock hundreds of phones they will not sign a version for each phone individually, the will have a version that runs on all phones. This software is way more problematic then the key itself.

This is by the way exactly what the securty expert said in front of the house:

https://judiciary.house.gov/hearing/the-encryption-tightrope...

[dogma1138]

Apple doesn't and as far as I can tell cannot sign a version for an individual phone a signed binary by apple that removes the security settings for a phone lock/wipe will be valid for any other apple phone as long as you can trigger an update which you can using iTunes you should be able to deploy it on any device you want.

There are no individual singing keys for phones that would be unmanageable there are probably a handful (or even a single one) singing keys that apple has which are valid on their devices and that's it.

[nickik]

That is wrong. The phones have hardware ids and those can be checked in code. They can sign a binary blob that runs on one phone only.

[dogma1138]

No its not, phones have hardware ID's that are used to generate the encryption key (on phones with a secure enclave, this isn't even one) I have seen no evidence that there is any specific per phone signing of apple software.