Whether Apple’s argument makes or not sense is not the issue. The whole style is Trumpesque. In my opinion we have to analyze what is in the best interests of the different parties involved.
Apple is a multinational company operating in a multitude of jurisdictions. Apple’s revenue in China plus Europe significantly exceed the revenue in the Americas (North, Central and South).
Apple is in no position to (at least openly) offer different legal redress to different countries in which it is operating. One particularly thorny area is China (projected revenues of $18 billion in Q1/2016). China insists (and Apple agrees AFAIK) that Chinese citizens cloud data stay in China and is open to Gov’t requests.
Now just imagine that China arrests a US journalist under some charge, impounds his phone and a Chinese judge (or whatever) orders Apple China to break into his phone. What Apple will do ? Remember that this persons’ cloud data resides in the US, and China has really no alternative.
What happens if a US judge orders the phone of a Swiss banker searched for customers allegedly involved in tax fraud ?
So Apple wants out of this circus by saying that the have no access to the data, and making sure that indeed they have no access to the data. The answer to everyone is we can’t. We provide a good tool and that’s all.
Now look at it from still another side. What about Android ? Google closely follows Apple’s policy on these matters, but wait, there is a twist. The final image burned on the phone is heavily customized by the manufacturer, which can insert whatever security or non-security for the initial load of Android. What do you know of Samsung’s policies, or worse, Xiaomi or any other Chinese manufacturer ?
So my viewpoint is that in the interests of both the US citizens and the US Government, there should be a law prohibiting companies to aid in any way the hacking of their own phones. I believe, that in that scenario, the US agencies will be able to gather the required information incomparably better than the “competition” without the aid of the manufacturers.
Did this scenario ever happen with iOS7 and earlier, and if it did, what did Apple do then? It seems to me that it would be the same now as then, except Apple’s customers (the journalist in this case) has the option of using strong encryption and a good password to ensure that China can’t get his data.
ETA: Does anyone know how Apple encrypts cloud data? They can’t just copy the encrypted files from the phone, because it takes the phone’s hardware to decode them. If your phone breaks and you have to get a new one, you need to get the cloud info onto your new phone. I would think that Apple would have a way of ensuring strong encryption with cloud data, but I don’t know how that works.
I found an answer to my iCloud question. Apple by default keeps a copy of your secure keychain, backed up to their servers. Apple could use this keychain to decode your iCloud data. However, you can disable backing up your keychain to their servers, in which case Apple can’t decode your data. Your keychain will be shared among all your devices, so if you lose one, you still have access and can then get your data onto a new phone. But if you lose all your devices that have the keychain, abandon all hope of seeing your data again.
First, regarding Android, there’s another wrinkle: ROMs. I have two Samsung phones and a Nexus tablet that aren’t running on the images provided by the manufacturer. There are literally dozens of variations on Android OS out there, and many offered full drive encryption before it was the default in Android.
Second, I agree with the principle of not requiring manufacturers to compromise the security of their own devices, but the way it’s worded above is far too broad and would prevent companies from rewarding “white hat” hackers and internal security testing. Governments should not be able to compel the manufacturers to compromise their devices, but a company trying to break into their own device is good practice.
I can’t help but say it: Amy Zegart is a non-expert. When her writings are not thoroughly uninformative, they are worse than that. They can actually suck a little bit of knowledge out of your head.
Example: Zegart says that the Senate Intelligence Committee’s report that investigated whether torture on terrorists worked was basically an uninformed piece of junk. Fortunately, the report’s author responded to set the record straight. Read those two articles and see who you think is right.
That may well be, but I’m not sure she claimed to rely on any expertise in the post I linked. I thought her post raised one simple and important point: this isn’t solely privacy vs. security, but also security vs. security. In my view, the threat posed by lone wolf terrorists is much much lower than the threat posed by people against whom unbreakable encryption is our best defense. I don’t see that this framing relies on any particular expertise.
Similarly, Julian Sanchez is not really a technology or legal expert. But on it’s own merits he had a lot of useful and enlightening things to say in that post.
I’m not saying that she isn’t a technology or law expert. I’m saying that very little of what she writes has any insight or value. Such as: “If the government compels tech companies to weaken encryption in ways that make their products and the Internet substantially less secure, U.S. tech companies stand to lose. How much, we don’t yet know. But this much we do know: the more that U.S. tech companies lose, the more U.S. economic clout declines.”
Well, all of that is aside from the damned point that nobody is trying to compel Apple to weaken encryption. One would think a fellow at a prestigious university like Stanford would have a little better sense than to sum up the issue with a red herring.
Her other point is that the U.S. has two long-term views: one based on keeping the state secure from terror attacks; the other to maintain economic strength and presence here and abroad. By softening Apple’s encryption, how quickly would other countries limit Apple’s ability to grow?
The different long-term interests in play here are beyond complex.
I disagree that this is established. In my view, the whole debate here is about what the technological and legal consequences of this order are. According to some, complying with this order would weaken Apple’s encryption. Sanchez’s post explains that argument in more detail than I’ve seen, and I’m not aware of a convincing rebuttal of his points.
“Weaken encryption” is not anywhere near a fair description of what is at stake. Sanchez at least characterizes the issue fairly – that the question is whether or not a company can be compelled to write code that they find to be risky. (Though I’ll point out that he glosses over the important point that the code, under the court order being debated, would almost certainly never leave Apple’s premises in Cupertino, though I’ll gloss over this because it’s possible that other, future court orders might not be so limited in scope.)
Also, in his point that Apple might become consumed with endless tasks of outwitting their own security, it seems quite likely that this cost would also be shouldered by the government, since they are likely to pay whatever costs to develop such software. It would seem to me that if the FBI had to pay increasingly exorbitant sums to search for harder to find ways to execute legal search warrants, they aren’t going to do so as often.
Sanchez’s article was well-done, and I agree that he’s not saying that Apple is being asked to weaken the encryption. If that were the case, there would be no significant debate.
Sanchez makes the point that the FBI is asking for access to this phone just this one time, when they know that if they get their way, they have lots more requests right behind it. Apple, knowing this, recognizes the security weaknesses of having a whole slew of iOS images out there that are designed for specific phones - it makes it much more likely that something will go wrong.
My support for the feds in this case has been based on the “just this one time” idea. However I am reconsidering, given the news we’ve already heard this week about all the other phones the police and FBI have that they’d like to try to brute force attack the encryption.
Meh. “Weaken the extent to which encrypted systems are in fact protected against outside attack” is not substantially different from “weaken encryption.”
He doesn’t gloss over it at all. He spends most of the post addressing it. Here’s what he writes:
I thought the first piece was excellent… until he not only referenced The Smiths, he linked to their fucking video.* :rolleyes:
The second piece brought another topic into the discussion about this particular court order and even tho I didn’t think it was particularly insightful, it was fairly concise and IMO a topic worth at least keeping in the peripheral of the overall discussion.
*Full disclosure: I loathe The Smiths. With the exception of one song (How Soon Is Now), I hate them with the burning fire of a thousand suns. YMMV
Lessons in bad timing: Tim Cook called members of Congress yesterday to ask for progress in a tax bill that would allow Apple to repatriate a few hundred million dollars in overseas cash under dramatically reduced tax rates. If an oil company acted like this – rejecting court orders while asking for tax breaks – I think this message board would be howling.
Richard Parker, I saw your post and I have a response that I’ll get to later. Not ignoring your point.
They haven’t “reject[ed] court orders.” Because they weren’t a party to the application or hearing on the subject of the order, the magistrate judge rightly gave them 5 days to weigh in. They are now proceeding with that legal process, in which the judge has an opportunity to consider their arguments for the first time. They aren’t pulling a Roy Moore here. If a final judgment is entered against them, they’re gonna follow it.
I assume if a post goes unresponded to that it’s because the poster had something better or more interesting to do. Will look forward to your further thoughts.
Not if the court order was to sell watered down gasoline. As long as the federal government refuses to hold James Clapper responsible for his crimes against the American people, they do not deserve the benefit of the doubt - they will abuse this power if they can establish the precedent.
I just totally disagree that he addressed in any substantive way what I’m saying seems to be the intent of the court order. (And again, we don’t know if future court orders would be written the same way, so the future, stunningly, is uncertain.)
The court order essentially orders Apple to deliver a phone with certain work having been performed on it, presumably in the secure spaces the author talks about. But what comes in and out of those secure spaces? An iPhone with an old iOS, and the same one with a new iOS. The author is arguing that the key is therefore going to escape because, uh, a comparatively small number of devices go in and out of Apple’s secret room? Because Apple’s employees can’t be trusted? Because spies are going to break in?
It’s a vague allusion to a huge risk without explaining it in any kind of context. When the FBI talks about murderers, terrorists and rapists not being caught because Apple won’t cooperate any longer, we’ve seen posts in this very thread that such arguments shouldn’t even be listened to because the Gummit is trying to scare us. And yet, when threats of total economic collapse due to the end of encryption, or the death of the iPhone through espionage, is vaguely explained, we’re supposed to swallow that at face value? Nuh-uh.
I forgot what the Wikileaks-sponsored hysterical thought of the day is – you’re referring to James Clapper framing heroic Julian Assange of sexual assault, right?
Will look forward to your further thoughts.